Britain's internet history law: A new frontier of surveillance?

After months of debate, the British Parliament has passed a controversial law that gives authorities – from police to food regulators, fire officials, and tax inspectors – powers to look at the internet browsing records of everyone in the country. 

This photo illustration shows the web flash pages for GCHQ, the British governments communications and electronic surveillance headquarters, and The Security Service (MI5), the government's internal security service, on a computer and smartphone in London, Friday, Nov. 25, 2016.

Alastair Grant/AP

November 29, 2016

Britain’s new internet law has critics concerned that the government prioritized security over privacy, and ended up compromising both. Some are also concerned about the potential for enhanced surveillance worldwide.

The Investigatory Powers Bill 2016 received royal assent on Tuesday and takes effect immediately. One particularly controversial part of the law requires internet service providers (ISPs) to create a database to track which websites Britons visit and how long they spend on these sites, then retain the data for one year. During that time, a range of agencies – from the police to the Department for Work and Pensions – will be able to access the database. 

Other provisions create a legal avenue for surveillance activities the government is already carrying out, like identifying a journalist’s source or hacking a smartphone to see a target’s messages.

Why many in Ukraine oppose a ‘land for peace’ formula to end the war

This law is the latest in an ongoing global debate over digital security and privacy. Until now, say experts, privacy has largely won out – though the British government’s concern about cyber and terrorist attacks, which Home Secretary Amber Rudd described as the reasoning behind the law, may be a sign of shifting attitudes.

Critics say members of Parliament (MPs) did not comprehend the privacy implications of the Investigatory Powers Bill, nor the security risks it poses.

“MPs were asked to review an incredibly complex bill … in a tight timescale while other seismic political events were unfolding around them,” Sir Tim Berners-Lee, the inventor of the World Wide Web, explained to the BBC, referring to the Brexit debate that has dominated the British political landscape over the past year.

“The fact that most MPs are not technologists likely also played a role – they may simply not have understood just how intrusive the laws they were considering were.”

The bill was first introduced in May 2015 as a replacement to the Data Retention and Investigatory Powers Act 2014, which expires next month. It passed the upper chamber of Parliament, the House of Lords, earlier in November. 

Howard University hoped to make history. Now it’s ready for a different role.

James Blessing, who chairs the Internet Service Providers Association, told the BBC that similar legislation has been repeatedly introduced since 2007. In the past, however, privacy activists have persuaded MPs to defeat the bills.

The Investigatory Powers Bill is intended to protect Britain from threats, according to the home secretary.

“At a time of heightened security threat, it is essential our law enforcement, security and intelligence services have the powers they need to keep people safe,” Secretary Rudd said, adding that the internet “presents new opportunities for terrorists” that the country must now address.

The bill may not reflect public opinion. A petition opposing the bill garnered over 130,000 signatures, which now requires Parliament to debate the issue again, even if only briefly. And rights groups have been outspoken in opposing the measure.

“[These measures] open every detail of every citizen’s online life up to state eyes, drowning the authorities in data and putting innocent people’s personal information at massive risk,” said Bella Sankey, policy director of civil liberties and human rights organization Liberty. Critics have suggested that the database will be a target of increasingly sophisticated hackers.

After Ms. Rudd called the legislation "world-leading," Jim Killock, executive director of the Open Rights Group, expressed his concern that other countries would use the law as a stepping-stone for their own surveillance.

“It is likely that other countries, including authoritarian regimes with poor human rights records, will use this law to justify their own intrusive surveillance powers,” he said.

In the US, no legislators have proposed storing all users’ internet search history, and it is unlikely that any will, says Timothy Edgar, a cybersecurity expert at Brown University, in a phone interview with The Christian Science Monitor.

However, such a move would be “very much in keeping with [President-elect Donald Trump’s] more authoritarian, strongman-style rhetoric,” Mr. Edgar adds.

In an interview during the election campaign, Mr. Trump stated that “a lot of people would be willing to give up some privacy in order to have more safety.”

And the lack of understanding of technical issues identified by Sir Berners-Lee is not uniquely a British problem. 

“There’s not a whole lot of knowledge even after a big debate … of what the law currently allows,” Edgar explains, noting that both technology and privacy law have proven confusing for some members of Congress.

A European court ruling on surveillance could result in some parts of the new law being amended, and the government says other parts require testing before being implemented.