6th December, 2016

UK: a legalized privacy violation

Tuesday the 29th of November in Great Britain has been approved a new law that extends the online surveillance powers of the government and the police over the citizens. The law, called 'Investigatory Powers Act 2016', obtained the 'royal assent', that means that has been approved by the Queen, therefore it is already active.

While the Home Secretary Amber Rudd said that "The Investigatory Powers Act is world-leading legislation that provides unprecedented transparency and substantial privacy protection", this new law has been hardly criticized by associations and activists who care about online privacy.

This Act will allow to extend the powers of control over the citizens done by the police and by the government as it was never seen in any western democracy.

The Labour Party tried to oppose to this law, but lately, also due to the lack of popularity after the Brexit, they were not able to raise enough their voice to oppose to this new change.

What is it about this law?

The main goal is impose to the Internet Service Providers to memorize for at least 12 months, into a database called "Internet Connection Records", all the websites that will be visited by British citizens.

Government and police will be authorized, without the approval of a judge, to access to this database every time they will want. Their accesses will be only filtered by a functionary that will supervise their credentials.

The collected information will be:
- Visited domain, but not which specific page you visited
- How much time did you spent in the domain
- From which IP and device you connected

Moreover for the smartphones:
- Which applications are you using on your smartphone
- When are you using these applications
- How long are you using these applications

At the moment the only way to elude this surveillance would be using Tor or a VPN, applications used to mask on Internet an identity and a position.

What is the point?

The point is that accepting this law, a British citizen will be in the position where the State will collect his data, it will able to keep a control on his life using the excuse of "collect the evidences before and after capture the criminals". This will be just another step more in the direction of a total control of the citizens preventing him to have access to services without being spied.

This law will also dictate in what way the Government will be able to address informatics actions in foreign countries: it could eavesdrop calls, read SMS, break into computers, but in this case only with the approval of the Government.

For most critical situations, the Government will be also able to track and/or attack also a group of people, block the communication in a cell (isolating the communication in a small city) and/or read and filters all emails regarding a specific topic, but only if the national security will be menaced.

This law will allow to collect a huge amount of data also in foreign countries legalizing any kind of control that could be done by the state or by the police.

Moreover, the IT Companies will be forced to decrypt, in the case of a crime, certain data present into a device (do you remember what happened between FBI and Apple?) but this time it will be considered illegal to disclosure to the big public the request received from the Government, like Apple did.

We should be really worried because step by step many of us will start to accept these abuses that could only literally defined as "legalized privacy violations", but this could not be really the end, what could we expect next?

More information about the "Investigatory Powers Act 2016" at: https://www.gov.uk/government/news/investigatory-powers-bill-receives-royal-assent

Leave a comment

Swiss Identity and Access Management experts

Ask for a Demo