Long before Edward Snowden was a household name, the United Kingdom was already frequently cited as the most spied on country in the world. It’s easy to see why. If you want to sit down for a cream tea outside the watchful gaze of CCTV you could be looking for a long time. But ubiquitous cameras are only the most visible component of this surveillance state, and certainly not the worst.
When the first slides from Snowden’s cache were published by journalists, jaws dropped globally at the scale of the NSA’s collection of data through, among other methods, court orders to phone companies and covert taps of cables linking the data centres of internet giants like Yahoo and Google. For the UK, though, this was not enough.
“They are worse than the NSA,” Snowden said of the British spy agency GCHQ, and his documents make a convincing case. By a huge margin, Britain is the biggest contributor to the all-encompassing surveillance search engine XKeyscore which indexes the planet’s internet activity. A document published by der Spiegel describes GCHQ’s collection site Tempora as containing “more data than all other XKEYSCOREs combined” and “more than 10 times larger than the next biggest”. At Tempora “more than 1000 machines process and make available to analysts more than 40 billion pieces of content per day”. In effect, all internet traffic that transits, enters, or exits the UK is sucked up by this giant surveillance machine. Sitting between European internet users and US tech firms, this makes British surveillance much more than a domestic issue.
How could this possibly get worse? Let’s have a look. During the rare coalition between the Conservatives and Liberal Democrats which came in in 2010, home secretary Theresa May tried repeatedly to introduce a piece of legislation known formally as the Communications Data Bill and informally as the Snoopers’ Charter. It grants yet more sweeping powers to the British secret services and the police, but was blocked by Lib Dem leader Nick Clegg for being too invasive, preventing the bill from entering British law for the duration of their term.
Although the Communications Data Bill was blocked, the Lib Dem-Conservative coalition did manage to extend surveillance powers in July 2014 by rushing through legislation on the grounds of an unspecified emergency. Known as the Data Retention and Investigatory Powers Act, or DRIP, the Act is designed to allow the government to force ISPs to retain data for 12 months despite the EU ruling that doing so for more than one month is a breach of human rights. The good news is that DRIP has a built in “sunset clause” meaning it’s set to expire by 2016. The bad news is that on 7th May 2015, a Conservative majority was voted in and Theresa May has pledged to bring back the Snoopers’ Charter.
So what new powers would the Charter grant and to what extent would it simply encode DRIP’s powers into law on a permanent basis? We don’t yet know what the new Snoopers’ Charter will contain, but we can guess based on the existing drafts. In response to a request for comment on this issue, the British civil liberties organisation Open Rights Group responded: “DRIP forces ISPs to keep data for 12 months or more that they would normally use for business purposes for a much shorter time. The CDB is likely to oblige ISPs and other communications providers to collect and retain a much broader range of data that they would not otherwise create or need. This could include people we communicate with on third party services (e.g. lists of Facebook friends) and when we communicate with them. Powerful analytics tools, to map individuals and their activities, are also likely to be part of the bill. This is likely to be made available to a wide range of public authorities.”
The Open Rights Group wiki clarifies the services on which the Draft Communications Data Bill places obligations. The broad definitions of “apparatus” as including “any equipment, machinery or device and any wire or cable” and “communications” as “anything comprising speech, music, sounds, visual images or data of any description, and signals serving either for the impartation of anything between persons, between a person and a thing or between things or for the actuation or control of any apparatus” means that ISPs or mobile ISPs, VPN providers, website operators, and Tor node operators are all at risk of being swept up by the Bill.
Jim Killock, the Executive Director of ORG condemns the Snoopers’ Charter as follows: “Open Rights Group would oppose any new legislation that would force telecom companies to expand the data they collect and keep from their customers. The Snooper’s Charter was rejected during the last Parliament because it was intrusive and treated all British citizens as suspects. We hope that MPs from all parties, who care about civil liberties, will oppose any further attempt to reintroduce this fundamental threat to our freedoms.”