Joint cross-sectoral statement: Concerns Regarding the Investigatory Powers (Amendment) Bill

techUK and a broad range of stakeholders have issued a joint statement on 22 March, expressing our concerns about the Investigatory Powers (Amendment) Bill.

You can download the joint statement directly here, or read below.

Joint Statement: Concerns Regarding the Investigatory Powers (Amendment) Bill
22 March 2024

We, the undersigned, would like to express our joint concerns about the Investigatory Powers (Amendment) Bill. While the Home Office has briefed interested parties on the Bill, the discussion has been limited to the amendments and not the wider operation of the revised regime. This limitation has led to a lack of technical clarity in several definitions within the Act and the Bill, and ambiguity in the application of certain criteria tests.

We believe the rushed passage of this legislation has hindered proper scrutiny. Our shared and substantial concerns have therefore not yet been addressed in a meaningful way.

The IP(A) Bill amends the Investigatory Powers Act (IPA) 2016, which was legislated for after a comparatively lengthy debate on safeguarding national security with individuals’ fundamental rights and embedding safeguards including transparency and judicial authorisation. In contrast, the IP(A) Bill’s passage through Parliament was rushed, limiting opportunities for public engagement and appropriate scrutiny. For instance, the required human rights impact assessment, and evidence from the Equality and Human Rights Commission and the Joint Committee on Human Rights were not available for the Lords’ debate due to the hasty process.

Additionally, it is concerning that the Impact Assessment has failed to produce solid conclusions about the purported costs and benefits of the Bill. This raises questions about transparency and the evaluation process itself. Stakeholders are left unable to effectively assess the overall impact of the legislation, in turn weakening accountability and oversight in the legislative process.

As stressed by the majority of the speakers during the Bill’s second reading in the House of Commons, the current set of reforms aim to deliver a balanced and proportionate approach, to ensure that the operation of the legal framework governing the IPA regime safeguards the legitimate aims of national security and public safety without compromising the privacy, security, or safety of citizens. We believe the Bill in its current form falls short of that standard.

Taking the right approach is crucial to maintaining the UK's international reputation as a jurisdiction that takes a balanced and proportionate approach to regulation that is supported by strong accountability mechanisms.

The government has stated that the changes set out in the IP(A) Bill are necessary to protect the existing capabilities that keep our citizens safe. While we support the legitimate aims of proportionate investigatory powers to keep citizens safe, we are of the view that the proposed reforms raise a number of concerns:

  • Weakened safeguards when intelligence services collect bulk datasets of personal information, potentially enabling the harvesting of millions of facial images and social media data;
     
  • Expressly permitting the harvesting and processing of internet connection records for generalised, mass surveillance;
     
  • Expanding the range of politicians who can authorise the surveillance of parliamentarians;
     
  • Impeding companies’ ability to innovate and advance the data protection, data security, and data minimisation efforts expected by users, governments and regulators globally;
     
  • Severely restricting the use of security enhancing technologies, resulting in the increased government intrusion of citizen confidentiality and privacy – a basic human right;
     
  • Opening the door for indiscriminate, arbitrary interference with users who are not the targets, via the introduction of systemic vulnerabilities that would pose security and privacy risks;
     
  • Making the UK the weak link in the chain of online security, with the UK-developed products and services becoming less appealing, because adopters will fear that they have been designed for Government access, and the UK will become a more appealing target for criminals and hostile nation states;
     
  • Exacerbating and/or creating new conflicts of laws including with the vast body of digital regulation that has been introduced around the world since 2016, without clear mitigation plans. The UK would likely take issue with other countries passing similar laws that would influence the security of products that are used globally.

Additionally, there is a pressing need for greater and more thorough technical support to assist judicial commissioners at Investigatory Powers Commissioner’s Office in reaching decisions and exercising oversight effectively. Notably, the Intelligence and Security Committee and the Investigatory Powers Tribunal possess limited capabilities to conduct independent inquiries, further underscoring the importance of enhanced technical assistance.

Despite the widespread concerns from diverse stakeholders, there has been no holistic debate about the operation and effect of an amended Act. The Bill has seen a rapid passage through the Parliament, lacking substantive amendments to address our shared concerns.

Our overarching worries remain that the significance of the proposed changes is being downplayed. Therefore, we continue reiterating the critical need for rigorous scrutiny, to ensure all concerns are addressed, as is appropriate for a Bill with such significant impacts.

Yours sincerely,

  • Big Brother Watch
  • The Center for Democracy and Technology
  • Committee to Protect Journalists (CPJ)
  • Computer and Communications Industry Association (CCIA)
  • Professor Angela Daly, University of Dundee
  • Dr Benjamin Dowling (Lecturer in Cybersecurity, University of Sheffield)
  • The Global Network Initiative (GNI)
  • Dr Tristan Henderson (School of Computer Science, University of St Andrews)
  • Professor Alice Hutchings, University of Cambridge
  • Information Technology and Innovation Foundation (ITIF)
  • Information Technology Industry Council (ITI)
  • Internet Society
  • Internet Society UK England Chapter
  • Liberty
  • OpenNet Korea
  • Open Rights Group
  • Privacy International
  • Startup Coalition
  • techUK
  • Dr Daniel R. Thomas (Computer & Information Sciences, University of Strathclyde)

Audre Verseckaite

Audre Verseckaite

Policy Manager, Data & Digital Regulation, techUK

 

Related topics