Internet companies will have to store customer usage data and browsing for up to a year according to a new bill the British government presented to parliament on Wednesday.
Britain’s Investigatory Powers Bill, a renewed attempt to give British security agencies powers to track online communications, will also tackle criticism from privacy campaigners by including assurances that any access of so-called internet connection records would need judicial authorisation.
A debate about how to protect privacy while giving agencies the powers they need in the digital age has raged since former US intelligence contractor Edward Snowden leaked details about mass surveillance by British and US spies in 2013.
Britain’s security chiefs argue they are facing a capability gap because of technological advances, and say that their work has been severely hampered by Snowden’s disclosures. But rights campaigners say that Snowden’s disclosures showed the authorities were not respecting people’s entitlement to privacy.
Home Secretary Theresa May hailed the draft legislation as a “world-leading oversight regime,” but a leading rights group described the proposals as a “breath-taking attack” on Britain’s online security.
“This new legislation will underpin the work of law enforcement and the security and intelligence agencies for years to come. It is their licence to operate,” the interior minister said.
A spokeswoman for David Cameron said on Tuesday the British prime minister saw the bill as “one of the most important pieces of legislation during this parliament because it goes ... to the heart of the government’s duty to keep the British public safe.”
May sought to assuage fears that the new powers would be intrusive, and rejected reports that the bill would ban encryption or force British companies to capture and retain Internet traffic from abroad.
Crucially for companies such as Google and Facebook, the proposals would not force foreign-based companies to meet “domestic retention obligations” for communications data.
However, the security services would be able to access internet communication records, which show which online services were accessed by a suspect and when.
This would show that a messaging service such as Facebook or WhatsApp had been used, but not the content of messages or their recipient.
The bill also allows security officials to see which websites a suspect had accessed, but not which pages were viewed within those sites.
“Some have characterised this power as law enforcement having access to people’s full web browsing These records would have to be held by service providers for 12 months.
The proposals will be scrutinised by a committee of lawmakers, allowing changes to be made before it is formally debated by parliament.
British officials say it was partly due to concerns raised by Snowden that they have updated surveillance legislation, and also because current laws date as far back as 1995, before the rise of the Internet.
The draft bill will reduce three current supervisory bodies -- one on communications interception, one for intelligence agencies and one for law enforcement -- to one body led by a senior judge.
