Europe News

UK overhauls state internet surveillance

John McDermott, Murad Ahmed and Robert Cookson
Theresa May
Oli Scarff | Getty Images

The police and security services will be able to access records of every UK citizen's internet use without the need for judicial authorisation, under draft legislation that promises to overhaul Britain's state surveillance.

The Investigatory Powers Bill, introduced by Home Secretary Theresa May on Wednesday, for the first time comprehensively codifies the authority of MI5, MI6, GCHQ and police forces to access Britons' communications.

Ms May told the Commons that the draft bill was a "legal framework" adapted to "the realities of today's digital age", more than two years after Edward Snowden revealed the scope of UK and US surveillance of personal data.

The opposition Labour party gave the proposed bill a cautious welcome but privacy groups expressed concern about its scope, with Liberty calling it a "breathtaking attack on internet security".

Migrants: Benefit or burden?

Representatives of tech companies said the legislation had been diluted compared with earlier proposals, but they remained worried about the obligations that would be placed on them.

Under the proposals, if the police and security services want a warrant to intercept the content of communications, they must receive the authority of both the Home Secretary and a new panel of judicial commissioners.

Agencies and law-enforcement officers would not be able to access the full browsing history of citizens without such warrants but they would be able to access details of visits to parent sites with less stringent authorisation.

The draft legislation proposes that UK communications companies, such as BT, Virgin Media and Sky, store internet records for 12 months, though overseas companies would not be under that obligation.

The bill suggests that British companies will also have a legal duty to help the police and agencies to hack devices to acquire information, providing there is a warrant for "equipment interference" signed by a judge.

Contrary to the fears of some tech companies, encryption will not be banned under the plans, though companies will, as at present, be obliged to take "reasonable" steps to help authorities if required to by the terms of a warrant.

More from the FT:

Heathrow resistance to night-flights ban raises fears over expansion
Rangers defeated by Revenue & Customs over offshore trusts
VW told to rip up governance model as emissions scandal deepens

An executive at a US tech company said they were relieved at the draft bill, particularly its details on encryption and that judicial oversight would be required for most law-enforcement requests for data. "We're generally happy because it appears to be toned down," they said.

A spokesperson for Microsoft said any reform "must ensure a strong role for the courts" and that "we will work to ensure that legislation respects these principles and protects the privacy of our customers".

Christian Borggreen, Europe director of the Computer & Communications Industry Association, said: "The bill is a setback for privacy rights and part of a worrisome trend towards more governmental surveillance in Europe while the US is reforming its surveillance practices."

In response to the draft bill, Edward Snowden tweeted: "It is the most intrusive and least accountable surveillance regime in the West."