The act, better known as the Snooper’s Charter, has been found to break human rights laws twice. Yet, draft legislation currently seeks to expand the scope of surveillance powers. The proposed amendment of Schedule 4 to IPAct asks that access to masses of personal data be given to an additional 5 government agencies.
A memorandum explaining the expansion of powers says that the agencies “are increasingly unable to rely on local police forces to investigate crimes on their behalf”. However, many are duly concerned that appropriate safeguards are not currently in place to protect against abuses of power.
Defending the decision to expand the number of public bodies who have access to communication data from personal phones and computers, a Home Office spokesperson said: “To protect national security and investigate serious crimes, law enforcement and relevant public authorities need the ability to acquire communications data.
“These powers are only used where it is absolutely necessary and proportionate and are independently authorised by the Office for Communications Data Authorisations, except in urgent or national security cases”.
Further to this, the government’s memorandum outlines its ‘justification’ for introducing a further 5 agencies. The first addition is the Civil Nuclear Constabulary (CNC), a special armed police force for UK nuclear sites. The document notes that despite the threat to nuclear sites being assessed as low, it is difficult to assess risk fully, without the “full information needed”. Therefore, it has been determined that the CNC requires powers to investigate potential threats.
Meanwhile, the Environment Agency is said to have a “significant regulatory and enforcement remit” relating to the UK’s natural environment and investigates over 40,000 potential offences each year. It notes that Michael Gove, former Environment Secretary had previously called for such powers to be given to the agency.
The addition of the Insolvency Service is said to help with its investigations into breaches of company director disqualification orders which may lead to arrests. As a result, it is deemed appropriate that this public body is permitted “to attribute subscribers to telephone numbers and analyse itemised billings” and have access to which IP addresses emails are operating from.
The document also claims that the UK National Authority for Counter Eavesdropping (UKNACE) requires communications data powers to detect “hostile technical espionage activities and eavesdropping activity”.
In the same way, The Pensions Regulator (TPR) has reportedly required communication data powers after it became responsible for enforcing employer automatic enrolment duties. The document outlines that TPR has since seen a dramatic increase in the scale of its enforcement activity. As a result, it has placed more emphasis on prosecution in an effort to “[secure] compliance” and “punish wrongdoing”.
When the Act was first passed in 2016, Whistleblower Edward Snowden called the legislation: “The most extreme surveillance in the history of western democracy”. Further to this, he argued that “It goes farther than many autocracies”.
This is a view shared by many civil liberties groups, including Big Brother Watch, Privacy International and Liberty, who commented: “The UK has the most intrusive mass surveillance regime of any democratic country”. It has been argued by these groups that when a mass of personal data is “hoovered up” there is no guarantee of its security, which means that the Snooper’s Charter infringes on Article 8 of the European Convention on Human Rights (Right to Respect for Private Life and Correspondence) and Article 10 (Right to Freedom of Expression).
As a result, in 2019, civil liberties group Liberty launched a case against the IPAct, citing its breach of human rights as unlawful. However, this was unfortunately rejected by the High Court. Lord Justice Singh and Mr Justice Holgate, stated that the IPAct: “Does not contain sufficient safeguards against the risk of abuse of power, and that, accordingly, it is inconsistent with the requirement that interference with human rights must be ‘in accordance with the law””. Further to this it stated that even if the civil liberties group had won, while the Court could state IPAct’s incompatibility with ECHR, they had: “No power to strike it down, or disapply it”.
Perhaps surprisingly, while the case was on-going, MI5 was accused of “extraordinary and persistent illegality,” when it emerged that it had lost control of its data storage operations. The security service admitted that there were “ungoverned spaces” in MI5’s operations. It was also found that MI5 had been obtaining surveillance warrants based on information that was known to be incorrect. Yet, despite this unlawful conduct, which the judges acknowledged in their ruling, they refuted the claim that IPAct was incompatible with ECHR. This was due to their belief that there are “interlocking safeguards” protecting data.
However, on 15 January in a legal opinion Advocate General (AG) Campos Sánchez-Bordona said that MI5, MI6 and GCHQ had partaken in both “general and indiscriminate retention” of citizen’s data, and called their actions “disproportionate”. His opinion will be considered by European Court of Justice (ECJ) of the European Union (EU) later this year.
Currently, the “double lock” authorisation process for interception warrants means that once a Secretary of State has approved authorisation, a judicial commissioner must then submit approval of this authorisation too.
While Lord Justice Singh and Mr Justice Holgate ruled that this means IPAct contains several “safeguards against the possible abuse of power,” many point to the MI5 scandal as evidence that these safeguards are not sufficient.
On top of this, the Investigatory Powers Commissioner’s Office’s (IPCO) annual report which reviews investigatory powers has since expressed “confidence in the overall system”. All things considered, many subsequently fear that current governmental checks and balances are not adequate.
Another consideration which is yet to be made, highlighted by Kieran McCarthy writing for The Register is whether the new agencies work will be determined as relating to “serious crimes”. If so, they could be provided with millions of people’s personal data.
However, one thing is certain, current safeguards have already systematically failed, and permitting additional authorities access to millions of citizen’s data, when they can not be trusted to guard it, is a potentially huge risk to people’s privacy. It is ultimately both a substantial and unwarranted knock to civil liberties, and human rights.