Powers for the police to access everyone’s web browsing histories and to hack into phones are to be expanded under the latest version of the snooper’s charter legislation.
The extension of police powers contained in the investigatory powers bill published on Tuesday indicates the determination of the home secretary, Theresa May, to get her legislation on to the statute book by the end of this year in spite of sweeping criticism by three separate parliamentary committees in the past month.
The bill is designed to provide the first comprehensive legal framework for state surveillance powers anywhere in the world. It has been developed in response to the disclosure of state mass surveillance programmes by the whistleblower Edward Snowden. The government hopes it will win the backing of MPs by the summer and by the House of Lords this autumn.
May said the latest version reflected the majority of the 122 recommendations made by MPs and peers, including strengthening safeguards, enhancing privacy protections and bolstering oversight arrangements.
She has, in particular, made changes to meet concerns within the technology industry that the surveillance law would undermine encryption. The latest draft makes clear that the government will take a pragmatic approach, and no company will be required to remove encryption of their own services if it is not technically feasible. The likely costs involved will also be taken into account.
But the publication of the detailed bill has also revealed that, far from climbing down over her proposals, May intends to expand the scope of its most controversial new powers – the collection and storage for 12 months of everyone’s web browsing history, known as internet connection records – and state powers to hack into computers and smartphones.
The bill will now allow police to access all web browsing records in specific crime investigations, beyond the illegal websites and communications services specified in the original draft bill.
It will extend the use of state remote computer hacking from the security services to the police in cases involving a “threat to life” or missing persons. This can include cases involving “damage to somebody’s mental health”, but will be restricted to use by the National Crime Agency and a small number of major police forces.
The expansion of police powers to access web browsing history as part of their investigations follows pressure from the police, and the use of these powers does not need the “double-lock” ministerial authorisation.
The home secretary told MPs she had rejected the committees’ recommendations to exclude the use of state surveillance powers for the “economic wellbeing” of the UK. She also resisted their demand to scrap warrants allowing GCHQ to undertake bulk computer hacking, describing them as a “key operational requirement”.
May also underlined the “vital part” played by the security agencies’ “bulk powers” – the mass collection and storage of everyone’s communications data in Britain and the bulk interception of the content of communications of those based overseas to acquire intelligence.
The Home Office has made detailed tweaks to the original draft of the bill, including stronger protections for journalists and lawyers, six codes of practice setting out how the powers will be used, and the use of a “double-lock” authorisation of the most intrusive surveillance methods by a minister backed by the approval of a judicial commissioner.
The Home Office has acknowledged that the initial costing of the bill, at around £247m, is not set, and a final figure will be published after detailed consultations with industry.
May said: “This is vital legislation and we are determined to get it right. The revised bill we introduced today reflects the majority of the committees’ recommendations – we have strengthened safeguards, enhanced privacy protections and bolstered oversight arrangements – and will now be examined by parliament before passing into law by the end of 2016.
“Terrorists and criminals are operating online and we need to ensure the police and security services can keep pace with the modern world and continue to protect the British public from the many serious threats we face.”
As part of the pre-legislative process, the bill was examined by a draft scrutiny committee, the intelligence and security committee and the science and technology committee.
The MPs and peers called for a fundamental rewrite of the draft bill, with the ISC calling for privacy safeguards to be made the backbone of the legislation and the draft scrutiny committee saying the case had not yet been made for the introduction of new powers to store and access everyone’s web browsing history.
Eric King, director of the Don’t Spy On Us coalition, which includes Liberty, Privacy International and other privacy and digital rights groups, called for a rethink of the bill.
“Rather than a full redraft, we’ve been given cosmetic tweaks to a heavily criticised, deeply intrusive bill,” he said. “Reshuffling safeguards without meaningfully improving protections, authorisations or oversight does nothing to address widespread concerns about mass surveillance. The unsettling absence of a robust, technical, detailed evaluation of those bulk powers means the case still hasn’t been made, and parliament won’t have the information it needs to do its job.
“There simply isn’t time for proper scrutiny of all these powers in the timeframe proposed. More than 100 experts called on the Home Office to put on the brakes. The government must think again.”
Shami Chakrabarti, director of Liberty, said: “Less than three weeks ago MPs advised 123 changes to the majorly flawed draft bill. The powers were too broad, safeguards too few and crucial investigatory powers entirely missing.
“Minor Botox has not fixed this bill. Government must return to the drawing board and give this vital, complex task appropriate time. Anything else would show dangerous contempt for parliament, democracy and our country’s security.”