Content Warning: Terrorism, Child Neglect, Murder
After months of political to-and-fro Parliament passed The Investigatory Powers Bill, more commonly called the "Snoopers' Charter". For those blindsided by this law, the basics are as follows:
- Web and phone companies (CSPs) will store records of websites visited by every customer for 12 months for access by 48 different entities, including police, food regulators, tax officials and security agencies, upon the issue of a warrant.
- Security services will have the legal right to bug computers and phones with a warrant.
- Companies will be legally obliged to assist in the bypass of encryption where possible.
Research conducted by Online Spy Shop suggests that anxiety and confusion around the Bill could be playing right into the hands of hackers and nefarious snoopers. We asked 1,000 UK adults about their perceptions of the Bill and their attitudes to security and privacy now that it has been passed into law. Alarmingly, our study suggests that people, especially older people with less experience and understanding of data and cyber security, are potentially at risk precisely because of the Bill. One in five UK adults (18%) said they'd consider downloading extra security software to protect themselves from government snooping. Among the over-55s, that figure was significantly higher.
Just under half (44%) said they'd consider downloading software to protect themselves from Government snooping, even though no such software exists and never will. This suggests that older, less experienced web users are potentially placing their security and privacy at risk. Steve Roberts of Online Spy Shop warns against downloading software to protect against Government snooping and only using products from a trusted source. Although it's draconian and invasive legislation, innocent web users shouldn't react to the Snooper's Charter by trying to "cover their tracks" quickly. Hastily downloading so-called privacy apps without checking them first could lead to more problems for your security than it solves.
In fact, I imagine data thieves are already working on fake privacy solutions to extract data from concerned web users. "It's probable that a sudden change in how you use the web, for example, by adopting a number of browsing concealment techniques, will be more interesting to the snoopers than whether you searched Google for information on terrorism. Its relatively unlikely that conventional web use will set alarm bells ringing. "That said, your telephone and Internet service providers will keep your call and browsing data on file for a rolling year. My advice would be to exercise the same level of caution you do now and make sure your privacy is protected as well as it can be".
A lot of the steps you can take to protect your privacy will also improve security, so they're worth considering. For example, encrypted chat and emails are a smart step if you want to protect a business or private information from interception. "A non-UK based virtual private network (VPN) or a proxy server can prevent your Internet Service Provider (ISP) from tracking and recording your browsing history. The ISP will know you accessed a proxy server or VPN but not which sites you visited once connected. Whilst this approach will mean that some sites may not function as they should and loading times may be slower, for example, you may struggle to use Netflix and iPlayer properly, it will help tackle against an opportunist hacker. "Mobile phones are now fast becoming a financial vulnerability, and anti-virus should be installed wherever possible. There is also specialised protection software for Android and iOS which secures your handset in real-time".
The public is assured that the oversight for operations linked to Investigatory Powers Bill includes a double-lock. Any warrant acquired for data interception will require both ministerial authorisation and a subsequent panel of judges with the ability to veto. The newly appointed Investigatory Powers Commissioner will oversee this panel. As we see it, the key difference is that this law permits the indiscriminate storage of all of our search histories, phone, and text logs, just in case they are needed. Up to this point, we have only been subject to the interception of data once there is a suspicion of wrongdoing. The governments stance on the law is that it "ensures powers are fit for the digital age.
However, Britain's people have been largely blindsided by the law. In June, campaign group Liberty commissioned a poll of 1000 UK adults on the Investigatory Powers Bills, and 54% had never heard of it. 18% of respondents had heard of the bill but knew nothing about it, and only 28% knew specifics.
Also, of those polled:
38% believe it would only be acceptable for the government to access and monitor records of their emails, texts, phone calls and online browsing history if they are suspected of committing a crime. - 22% believe it would be acceptable only if they have committed a crime. - 30% believe it would never be acceptable. - 8% believe it would be acceptable in all circumstances.
How will the Snoopers' Charter affect the average British browser?
So, what do Brits have to be afraid of? After all, we only have to worry if we've got something to hide, right? Not necessarily. Humans are an inquisitive species, as revealed by our internet search histories, and we like to search the web for all kinds of things for a myriad of reasons. Googles autocomplete function gives us a window into the most popular searches. As an example, if we pick a random US State and enter Does State x The autocomplete routinely returns have the death penalty as a suggestion. Why do we want to know that? Simple curiosity is a more likely reason than staking out the least egregious state to commit a crime, but it could look bad if we were accused of murder in Indiana!
The situation is similar concerning matters of homeland security. Many interesting topics we innocently want to educate ourselves on could be damned if we find ourselves in unforeseen legal situations. Who isn't curious about threats to our security, such as ISIS? Our research revealed that 67% admitted to being nervous about conducting such searches for fear of unknown repercussions.
When it goes wrong for you, it really goes wrong
There are many real-life examples where a defendants search history has proven to be a prosecutors best friend. A very real example comes from the United States. In 2014, 22-month-old Cooper Harris died tragically in a swelteringly hot car after his father, Justin Ross Harris, left him buckled into his car seat in the car park of his work. Justin Ross claims to have forgotten that it was his turn to drop the toddler off at daycare.
A study of the fathers mobile phone revealed the text message 'I need an escape, I love my son and all, but we both need an escape,' sent to an underage love interest 10 minutes before locking his son in the car. The search history of the home computer revealed that Harris searched How hot does it need to be for a child to die inside a hot car? It was later revealed that a video titled How hot does it get inside a parked car? appeared on Harris' Reddit homepage, and he clicked on it.
While it seems damning that such searches were conducted, both parents claimed that they had searched such terms as it was a recurring fear of theirs that such a tragedy could happen. The result was the murder conviction last week of Justin Ross Harris. The relevance of this case to the recently passed law in the UK is unnerving. Regardless of Harris's guilt, access to search and phone records, as made available through the law, painted a grim picture of the defendant, which may or may not have been warranted.
Should I be worried?
Yes and no. Many feel it is an overreach of the UK government and a slippery slope to further Orwellian oversight. There is, therefore, a niggling fear from that standpoint. For most of us, its simply impossible to tell whether the utility of a phone call, text or internet search outweighs the unknown risk of it coming back to bite us.