Thursday, 5 November 2015

There is no doubt that our police and security services need the Investigatory Powers Bill and I support its implementation

I was in parliament yesterday when the Home Secretary, Mrs May told MPs the proposed powers were needed to fight crime and terror. I have spent two years between 2013-2015 working in the Home Office and I have not a shred of doubt these powers are needed to keep us safe. But the government has used the time prior to the publication of the Bill well - to ensure that there is cross party support, and that the original pre 2015 version of the Bill is new and improved.
Full details of the Bill  are here:
Speaking at Prime Minister's Questions yesterday, David Cameron said the draft bill was "one of the most important this House will discuss", adding: "We must help the police and security and intelligence services to keep us safe."

Opposition approach:
It is noteworthy that Labour support the Bill. The shadow home secretary Andy Burnham backed the draft bill, saying it was "neither a snooper's charter nor a plan for mass surveillance".
Former Lib Dem leader Nick Clegg said it was a "much improved model" of the legislation he blocked during the coalition government.

The threat to the UK:
The threat is clear. In the past twelve months alone six significant terrorist plots have been disrupted here in the UK, as well as a number of further plots overseas. The frequency and cost of cyber-attacks is increasing, with 90% of large organisations suffering an information security breach last year. And the Child Exploitation and Online Protection Centre estimate that there are 50,000 people in this country downloading indecent images of children.
The task of law enforcement and the security and intelligence agencies has become vastly more demanding in this digital age.  It is right, therefore, that those who are charged with protecting us should have the powers they need to do so. But it is the role of Government and Parliament to ensure that there are limits to those powers.
It is not just a threat from terrorism that we face but also that from organised crime. There are today over 5,000 active organised crime groups operating in the UK, comprising over 40,000 individuals. They are engaged in people trafficking, drug smuggling, theft and robbery. The frequency and cost of cyber-attacks is increasing. 

These threats are compounded by the fact that the way in which people choose to communicate has evolved. People are using a telephone less to communicate in the way that they once did and are instead increasingly using a variety of mobile devices to communicate with one another via the internet and to connect to the services they need to live their lives. The means available to organised criminals, terrorists and hostile foreign states to coordinate, inspire and – increasingly – to execute their crimes are therefore also evolving. Communications technologies that cross devices and international borders increasingly allow those who would do us harm the opportunity to evade detection.

This change of communication means that many of the long standing capabilities which have enabled law enforcement and the security and intelligence agencies to detect how serious criminals and terrorists are communicating are becoming less available. Data which was available for traditional forms of communications, such as telephony, is not always held for internet communications because CSPs do not retain all the relevant data for their business purposes (as they might billing data for a phone line).

The draft Bill will do three key things:
First it will replace the existing statutory scheme with one that is comprehensive and comprehensible. It will bring together all of the powers available to the state to access communications. It will do so in a transparent way that leaves no doubt about when and how public authorities acquire, store and access information.
Second, the Bill will ensure consistent, effective statutory safeguards and strengthen our already robust oversight regime. It will remove any doubt or ambiguity about the sufficiency and efficacy of checks and balances. And it will provide world leading oversight arrangements.

Third, the Bill will consolidate existing powers and, only where a strong operational case can be made, will enhance those powers in order to minimise capability gaps.

Our intention is that this Bill should last for many years, future proofing existing powers by ensuring they are clear, technology-neutral and fit for the long-term. It should be a world-leading piece of legislation in terms of transparency, oversight and strength of safeguards.

The wide-ranging draft Investigatory Powers Bill also contains proposals covering how the state can run operations to sweep up large amounts of data as it flows through the internet.
The draft bill's measures include:

Giving a panel of judges the power to block spying operations authorised by the home secretary

Police will not be able to access journalistic sources without the authorisation of a judge

A legal duty on British companies to help law enforcement agencies hack devices to acquire information if it is reasonably practical to do so

Former Appeal Court judge Sir Stanley Burnton is appointed as the new interception of communications commissioner

Mrs May told parliament that the draft bill was a "significant departure" from previous plans, dubbed the "snooper's charter" by critics, which were blocked by the Lib Dems, and will "provide some of the strongest protections and safeguards anywhere in the democratic world and an approach that sets new standards for openness, transparency and oversight".
This duty would include forcing firms to hold a schedule of which websites someone visits and the apps they connect to through computers, smartphones, tablets and other devices.
Police and other agencies would be then able to access these records in pursuit of criminals - but also seek to retrieve data in a wider range of inquiries, such as missing people.
Mrs May stressed that the authorities would not be able to access everyone's browsing history, just basic data, which was the "modern equivalent of an itemised phone bill".
If officers want to mount more intrusive spying operations, including accessing the content of emails, hacking into computers and tapping phones, they will still need a warrant from the home secretary or another senior minister - 2,700 such warrants were signed last year.
But the draft bill proposes giving a new panel of judges, known as the Investigatory Powers Commission, the ability to veto such requests.
The Bill will be subject to the usual parliamentary scrutiny in both Houses but I am strongly in support of it.


  1. As an aside, can we limit use of statistics to those which can be properly substantiated? The "50,000" internet predator statistic is broadly discredited - and calls into question other statistics cited above

  2. Dear Mr Opperman,

    I must confess to being highly disappointed in your support for this bill. I fully understand and appreciated the need to track and potentially intercept communications between persons of interest, however I remain unconvinced of the case to record the online activities of myself and your other constituents as though we were suspect of some possible crime instead of focussing resources onto those people that have been identified as a legitimate cause for concern and building up a view of their communications from there. It is particularly galling to be told that I need to be monitored for my own safety by the security services that were recently revealed to be doing so in secret - I find it most difficult to be told that I should be trusting someone when they have so strongly demonstrated just how untrustworthy they actually are.

  3. In addition to the fundamental privacy concerns, the sheer quantity of data involved does not bear comparison with the telco 'billing' model suggested.
    At a bare minimum, the number of sites that a user might potentially visit over the course of a data is likely to far outstrip the number of calls they could ever physically make and if more than the absolute minimum of data is recorded (as I'm sure a case will be found to shortly) then the volume of requests made by a user to the internet can be surprisingly high - for example, by activating the network tracing function built into modern browsers and recording a visit to the web site, over 350 separate requests are made from the browser to a variety of servers (Belonging to Amazon and to other 3rd parties) - are ISP supposed to be recording this and if not, how are they expected (or be allowed) to filter this down to a manageable level ? and what happens when an enterprising hacker decides that the best way to disrupt an ISP is to overwhelm their tracking system with data to record - which would be a relatively simple attack to automate and spread through a bot-net of compromised machines.

  4. This of course raises additional security concerns - you are probably aware of the recent breakin to the Talk-Talk network where a large volume of customer data was stolen by hackers - this kind of high value data can be used in a variety of scams and crimes, and by adding to the richness and value of the data held by the ISP this will increase the incentive of cyber-criminals to try to obtain this new source of data - it does not take much of a leap of imagination to see these people branching out from fraud and into forms of extortion or blackmail if the victim doesn't want their browsing history to be emailed to all of their friends and co-workers...

    So far of course, this ignores the major elephant in the room, in that all of these monitoring and recording systems rely on the ISP being able to monitor internet traffic passing from their customers to the internet. I would suggest that the majority of serious criminals including terrorists will simply adopt the appropriate technology such as virtual private networks, secure tunnels and the TOR browser network - all of which are designed with the express intention of blocking monitoring and interception and all of which have significant legitimate use in the online world today, and all of which are simple enough that children can be trained to acquire and operate them safely.

  5. Instead of pursuing the current course, surely we should be having a ground-up debate and what threats are we actually facing and what measures we as a society are prepared to adopt in order to meet them as the more freedom we sacrifice in the name of security the more the terrorists and criminals are winning.

    I hope that I can at least persuade you to consider where you stand on this particular bill, but if not, I would like to call your constituents attention to the TOR network ( which will at least allow them some protection from this retrograde legislation.

    Yours Sincerely,

    Jason Banks