A United Kingdom law known as the Investigatory Powers Act, which authorizes mass surveillance, was recently ruled to be unlawful by the Court of Appeals in London. The Investigatory Powers Act is popularly known as the Snoopers Charter. The ruling from the three judge panel strikes down much of the Snoopers Charter. The challenge to the British mass surveillance law originated in 2014 when Tom Watson, a Member of Parliament from the Labour Party, filed a lawsuit to have the Data Retention and Investigatory Powers Act ruled unlawful. The Data Retention and Investigatory Powers Act expired in December of 2016, but the new Investigatory Powers Act renewed much of the previous law and in fact expanded surveillance powers.
Under the Data Retention and Investigatory Powers Act, the British government forced service providers to retain records on customers emails and phone calls for one year. The current Investigatory Powers Act has the same data retention requirements but was also expanded to allow the government to require that internet service providers and telecommunications companies retain a copy of customers browsing history and what apps they are using for one year. The law also makes it a crimes for a service provider to alert a customer that their data has been requested to be retained.
The Snoopers Charter also authorizes law enforcement agencies to access those records without a warrant or even reasonable suspicion. There is no judicial oversight of law enforcement’s access to people’s private information. Other government agencies also have access to this information, such as the NHS, the Food Standards Agency, fire and emergency rescues services, and other government agencies. Access to browsing history, emails, phone calls, apps used, and other private information by government agencies for purposes of tax collection is also authorized by the Snoopers Charter. Government agencies may also conduct searches of the information collected through mass surveillance if it is “in the interests of the economic well-being” of the United Kingdom.
The panel of British judges were in agreement with a ruling from the Court of Justice of the European Union, the highest court in the EU, which in December of 2016 ruled against the Data Retention and Investigatory Powers Act. The Court of Justice of the European Union stated in their ruling that the data retention policies in the British law “cannot be considered to be justified, within a democratic society.” While the mass surveillance program may be unlawful, the government will continue to intercept electronic communications and allow searches of that information, however, the courts have demanded that there be more restrictions placed on searches of information collected through mass surveillance. Both the Court of Justice of the European Union and the British Court of Appeals ruled that such searches should only be conducted in order to fight serious crimes, and with oversight.
“This judgment relates to legislation which is no longer in force and, crucially, today’s judgement does not change the way in which law enforcement agencies can detect and disrupt crimes,” UK Security Minister Ben Wallace said in a statement. The Security Minister went on to say that safeguards had already been put in place in November of last year to stop unrestricted searches of data collected under the Investigatory Powers Act by law enforcement. Privacy rights activist say the British Court of Appeals ruling doesn’t go far enough. The new ruling does not address the Court of Justice of the European Union’s ruling that for the British law to become in compliance with EU human rights laws it would need to inform people that their data had been searched after an investigation has been completed.
Theresa May introduced the Investigatory Powers Act back in 2015 when she was the Home Secretary. Since becoming the Prime Minister in July of 2016, Theresa May has continued to call for more regulation of the internet. The European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs last year proposed requiring end-to-end encryption for electronic communications, which would conflict with the Investigatory Powers Act, as it allows the government to require a service provider to disable end-to-end encryption. It is important to note that Brexit could have important implications on the privacy rights of people living in the United Kingdom.