The Government has just passed legislation to store twelve months worth of your online activity.
Look I know you are busy, no doubt knee deep in tinsel, wrapping paper, food preparation and all the other festive delights that go into making the holiday season work. I’m also aware that by any measure it’s been a heck of a year, so many things have changed, so many things that were unthinkable just twelve short months ago are now a stark reality.
With all of that going on you could be excused for not noticing that the government passed a bill at the end of last month allowing them to keep an eye on and store all your electronic communications, just to make sure that you are not up to anything naughty. I’m guessing you’ve put down that tinsel now as that can come as quite a surprise.
By any stretch of the imagination the Investigatory Powers Act 2016, to give it its full title, has not really hit the headlines in a way that it may have done in the past, as other more colourful news has ensured that its has been relatively buried. You may have heard it mentioned in passing by its stage name of ‘The Snoopers Charter’.
What this law means is that Internet service providers and mobile phone companies are to maintain records of each user’s internet browsing activity (including social media), email correspondence, voice calls, internet gaming, and mobile phone messaging services and store the records for 12 months. Yes, folks 12 months of your online activity from any device, on any communications platform is going to be stored and should it be deemed necessary looked at by ‘the powers that be’. That Twitter rant at 3am in the morning – yep, that will be kept. Those vicious txts you have sent off to somebody you feel has wronged you, or disagreed with – stored safely for posterity. How about those embarrassing social media photos taken on a company away day – yep, kept for viewing on a rainy afternoon if required.
You may think, well don’t worry I can delete my ‘stuff’, you can, but backups are made and stored so even if you think it’s gone, it hasn’t really.
Now although it will take a while to put all the necessary pieces in place, this legislation is on one hand being hailed as ‘world leading’ and on the other hand ‘undermines the right to privacy’. You can choose which side of the argument you sit on.
Alongside the storage of data it also provides powers to UK security Services, for the first time, to hack into computers, networks, mobile devices, servers and more. This could include downloading data from a mobile phone that is stolen or left unattended, or software that tracks every keyboard letter pressed being installed on a laptop.
The justification for such measures is to “maintain capability” of law enforcement access to communications traffic data, which to a degree is understandable, that as so much of life is now lived online that the law needs to protect users from harm in the same way that they would in the physical world. But there is no doubt about it the spectre of ‘Big Brother’ is all too easy to see on this issue.
At present, the government is understandably limiting those organisations and agencies that will have access to this stored data to a small list of 48 : Which amongst many others includes, Metropolitan police force, City of London police force, British Transport Police, Ministry of Defence Police, Royal Navy Police, Royal Military Police, Royal Air Force Police, Security Service, Secret Intelligence Service, GCHQ, Ministry of Defence, Department of Health, Home Office, Ministry of Justice, National Crime Agency, HM Revenue & Customs, Department for Transport, Department for Work and Pensions, NHS trusts and foundation trusts in England that provide ambulance services, Criminal Cases Review Commission, Financial Conduct Authority, Food Standards Agency, Health and Safety Executive, Independent Police Complaints Commissioner, Information Commissioner, NHS Business Services Authority, Serious Fraud Office, and many more! Phew! Even that is quite the list isn’t it.
They won’t all be given free rein of course, but will be overseen by new roles being created in the Home Office. The Investigatory Powers Commissioner (IPC), to be appointed by the Prime Minister, will approve warrants and handle issues that arise from these new powers. However security services and police forces will be able to access communications data when it is needed to help their investigations.
So what does this mean in terms of cyber security? Well potentially many things actually, firstly what if all this data that is now stored is compromised? A years worth of everybody’s data will have some rich nuggets for cyber criminals to mine. A years worth of data could be highly useful in legal cases, of both criminal and civil variety. What if some of the online activity accredited to you, your name and your login credentials was not actually you? And those are just off the top of my head.
I personally think that this legislation is a game changer for so many aspects of online life, online privacy, online security in both our personal and professional lives. If you agree then it might be wise to do a bit of background reading on this subject and not get distracted any further by the glittery trinkets of the season or the seismic events of the last year.