Snoopers' Charter Debrief - All You Need To Know About The Investigatory Powers Bill

Content warning: Terrorism, child neglect, murder.

After months of political to-and-fro Parliament has passed the The Investigatory Powers Bill, more commonly referred to as the "Snoopers' Charter". For those blindsided by this law, the basics are as follows:

  • Web and phone companies (CSPs) will store records of websites visited by every customer for 12 months for access by 48 different entities including police, food regulators, tax officials and security agencies upon issue of a warrant.
  • Security services will have the legal right to bug computers and phones with a warrant.
  • Companies will be legally obliged to assist in the bypass of encryption where possible.

Research conducted by Online Spy Shop suggests that anxiety and confusion around the Bill could actually be playing right into the hands of hackers and nefarious snoopers. We asked 1,000 UK adults about their perceptions of the Bill and their own attitudes to security and privacy now that the Bill has been passed into law. Alarmingly, our study suggests that people, especially older people with less experience and understanding of data and cyber security, are potentially at risk precisely because of the Bill. One in five UK adults (18%) said they'd consider downloading extra security software to protect themselves from Government snooping. Among the over-55s, that figure was significantly higher. Just under half (44%) said they'd consider downloading software to protect themselves from Government snooping, even though no such software exists and never will. This suggests that older, less experienced web users are potentially placing their security and privacy at risk. Steve Roberts of Online Spy Shop warns against downloading any software to protect against Government snooping and to only use products from a trusted source. “Although it’s a draconian and invasive piece of legislation, innocent web users shouldn’t react to the Snooper's Charter by trying to "cover their tracks" in a hurry. Hastily downloading so-called privacy apps without checking them first could actually lead to more problems for your security than it solves.

In fact I imagine data thieves are already working on fake privacy solutions to extract data from concerned web users. "It’s probable that a sudden change in how you use the web, for example by adopting a number of browsing concealment techniques, will be more interesting to the snoopers than whether you searched Google for information on terrorism. It’s relatively unlikely that conventional web use will set alarm bells ringing. "That said, your telephone provider and your Internet service provider will be keeping your call and browsing data on file for a rolling year. My advice would be to exercise the same level of caution you do now and make sure your privacy is protected as well as it can be. "A lot of the steps you can take to protect your privacy will also improve security, so they’re worth considering. For example, encrypted chat and emails are a smart step if you want to protect business or private information from interception. "A non-UK based virtual private network (VPN) or a proxy server can prevent your Internet Service Provider (ISP) from tracking and recording your browsing history. The ISP will know you accessed a proxy server or VPN, but not which sites you visited once connected. Whilst this approach will mean that some sites may not function as they should and loading times may be slower for example, you may struggle to use Netflix and iPlayer properly it will help tackle against an opportunist hacker. "Mobile phones are now fast becoming a financial vulnerability and wherever possible an anti-virus should be installed. There are also specialised protection software for Android and iOS which secures your handset in real-time". The public is assured that the oversight for operations linked to Investigatory Powers Bill includes a “double-lock”, where any warrant acquired for data interception will require both ministerial authorisation and a subsequent panel of judges with the ability to veto. This panel will be overseen by the newly appointed Investigatory Powers Commissioner. The key difference, as we see it, is that this law permits the indiscriminate storage of all of our search histories, phone, and text logs, ‘just in case’ they are needed. Up to this point we have only been subject to interception of data once there is a suspicion of wrongdoing. The government’s stance on the law is that it "ensures powers are fit for the digital age”. The people of Britain, however, have been largely blindsided by the law. Back in June, campaign group Liberty commissioned a poll of 1000 UK adults on the subject of the Investigatory Powers Bills, and 54% had never heard of it. 18% of respondents had heard of the bill but knew nothing about it, and only 28% of respondents knew specifics about the bill. snoopers

Also, of those polled:

38% believe it would only be acceptable for the government to access and monitor records of their emails, texts, phone calls and online browsing history if they are suspected of committing a crime. - 22% believe it would be acceptable only if they have committed a crime. - 30% believe it would never be acceptable. - 8% believe it would be acceptable in all circumstances. How will the Snoopers' Charter

Affect the average British browser?

So, what do Brits have to be afraid of? After all, we only have to worry if we’ve got something to hide, right? Not necessarily. Humans are an inquisitive species, as revealed by our internet search histories and we like to search the web for all kinds of things, for a myriad of reasons. Google’s autocomplete function gives us a window into the most popular searches. As an example, if we pick a random US State and enter “Does State x…” the autocomplete routinely returns “have the death penalty” as a suggestion. Why do we want to know that? Simple curiosity is a more likely reason than staking out the least egregious state to commit a crime, but it could look bad if we were accused of murder in Indiana! Google screen grab of search The situation is similar concerning matters of homeland security. Many interesting topics that we innocently want to educate ourselves on could be damning if we found ourselves in unforeseen legal situations. Who isn’t curious about threats to our security, such as ISIS? As our own research revealed that 67% admitted to being nervous to conduct such searches for fear of unknown repercussions. Google Screen Grab of common public searches

When it goes wrong for you, it goes really wrong

There are many real life examples where a defendant’s search history has proven to be a prosecutor’s best friend. A very real example comes from the United States. In 2014, 22 month old Cooper Harris died tragically in a  swelteringly hot car after his father Justin Ross Harris left him buckled into his car seat in the car park of his work. Justin Ross claims to have forgotten that it was his turn to drop the toddler off at daycare. A study of the father’s mobile phone revealed the text message 'I need an escape, I love my son and all but we both need an escape,' sent to an underage love interest 10 minutes before locking his son in the car. The search history of the home computer revealed that Harris searched ‘How hot does it need to be for a child to die inside a hot car?’ It was later revealed that a video titled ‘How hot does it get inside a parked car?’ appeared on Harris' Reddit homepage and he clicked on it. While it seems damning that such searches were conducted, both parents claimed that they had searched such terms as it was a recurring fear of theirs that such a tragedy could happen. The end result was the murder conviction last week of Justin Ross Harris. The relevance of this case to the recently passed law in the UK is unnerving. Regardless of Harris’ guilt, access to search and phone records, as made available through the law, painted a very grim picture of the defendant which may or may not have been warranted.

should I be worried?

Yes and no. Many feel it is an overreach of the UK government and a slippery slope to further Orwellian oversight. There is, therefore, a niggling fear from that standpoint. For most of us it’s simply impossible to tell whether the utility of a phone call, text or internet search outweighs the unknown risk of it coming back to bite us.