UK police to be able to track internet use without warrant
Theresa May unveils Bill requiring providers to keep record of websites visited for full year
British home secretary Theresa May making a statement to members of parliament in the House of Commons about the draft Investigatory Powers Bill. Photograph: AFP/Getty Images
New surveillance powers will be given to the police and security services, allowing them to access records tracking every UK citizen’s use of the internet without any need for any judicial check, under the provisions of the draft investigatory powers Bill unveiled by home secretary Theresa May.
It includes new powers requiring internet and phone companies to keep “internet connection records” – tracking every website visited but not every page – for a maximum of 12 months but will not require a warrant for the police, security services or other bodies to access the data. Local authorities will be banned from accessing internet records.
The proposed legislation will also introduce a “double-lock” on the ministerial approval of interception warrants with a new panel of seven judicial commissioners – probably retired judges – given a veto before they can come into force.
But the details of the Bill make clear that this new safeguard for the most intrusive powers to spy on the content of people’s conversations and messages will not apply in “urgent cases” – defined as up to five days – where judicial approval is not possible.
The draft investigatory powers Bill published on Wednesday by the home secretary aims to provide a “comprehensive and comprehensible” overhaul of Britain’s fragmented surveillance laws. It comes 2½ years after the disclosures by the whistleblower Edward Snowden of the scale of secret mass surveillance of the global traffic in confidential personal data carried out by Britain’s GCHQ and the US’s National Security Agency (NSA).
It will replace the current system of three separate commissioners with a senior judge as a single investigatory powers commissioner.
The draft Bill explicitly includes in statute for the first time powers for the bulk collection of large volumes of communications and other personal data by MI5, GCHQ, MI6 and for their use of “equipment interference powers” – the ability to hack computers and phones around the world – for purposes of national security, serious crime and economic wellbeing.
In her statement, Ms May also revealed for the first time that successive governments since 1994 have issued secret directions to internet and phone companies to hand over the communications data of British citizens in bulk to the security services.
She said these secret “directions” had allowed the security services to thwart a number of attacks in Britain, including the plot to attack the London Stock Exchange in 2010.
Ms May revealed that the use of these powers – which show that GCHQ was also engaged in mass surveillance programmes on British citizens using their communications data – under the 1984 Telecommunications Act will be put on a more explicit footing in the new legislation and be subject to the same safeguards as other bulk powers.
Welcoming the Bill as a decisive moment in updating Britain’s surveillance laws, Ms May said: “There should be no area of cyberspace which is a haven for those who seek to harm us to plot, poison minds and peddle hatred under the radar.
“But I am also clear that the exercise and scope of investigatory powers should be clearly set out and subject to stringent safeguards and robust oversight, including ‘double-lock’ authorisation for the most intrusive capabilities. This Bill will establish world-leading oversight to govern an investigatory powers regime which is more open and transparent than anywhere else in the world.”
Ms May told MPs that the introduction of the most controversial power – the storage of everyone’s internet connection records tracking the websites they have visited, which is banned as too intrusive in the US and every European country including Britain – was “simply the modern equivalent of an itemised phone bill”.
She said it could not be used to determine whether somebody had visited a mental health website or even a news website but only for the purpose of finding out whether they had visited a communications website, such as WhatsApp, an illegal website or to link their device to a specific website as part of a specific investigation.
But the detail of the Bill makes clear that the authorisation arrangements for internet connection records will remain exactly the same as the current 517,000 requests for communications data made last year. These requests are made without any kind of warrant and signed off by either a police inspector or superintendent depending on the kind of data.