Online surveillance laws in the UK should be overhauled and subject to stronger oversight, according to a landmark review out this month.
The report by David Anderson QC, which was commissioned by the government last year, said it was “time for a clean slate” and called for the government to set up a world-class framework for the regulation of surveillance powers.
Here were some of the most significant recommendations in the report.
1. No encryption back doors for security agencies
Security agencies in the UK should not have back doors into encrypted online communications, Anderson said. Doing so would “threaten the integrity of our communications and of the internet itself”, he said. Instead he recommended there should be a “law-based system” where encryption keys are handed over only after properly authorised requests.
2. Think again on ‘Snooper’s Charter’
One of the most controversial parts of the proposed communications data bill, widely known as the Snooper’s Charter, is the power for internet firms to keep data on individuals’ website searches. The review said this should only apply if “a detailed operational case can be made out and a rigorous assessment has been conducted of the lawfulness, likely effectiveness, intrusiveness and cost”.
3. Set up an independent new oversight body
Anderson called for the government to set up the ‘Independent Surveillance and Intelligence Commission’ to replace three existing oversight bodies. The new body would be responsible for issuing warrants, authorising controversial requests for communications data and issuing guidance.
4. One new law to rule them all
Existing internet surveillance laws should be replaced with a new law, “both comprehensive in its scope and comprehensible to people across the world”, Anderson said.
5. Judges, not ministers, sign off warrants
Interception warrants should be assessed by judges rather than ministers, with ministers limited to evaluating warrants required in the interests of national security. Anderson said there should be an assumption of the “maximum possible transparency” by public bodies throughout the process.
6. Keep data retention powers
The report recommended the government keep the Data Retention and Investigatory Powers Act (DRIPA), passed last year. The law requires internet and phone companies to collect their customers’ communication data, keep it for 12 months and give access to police or security agencies on request.
7. ‘Maximum possible transparency’
The report called for the ‘maximum possible transparency’ on surveillance powers by public authorities like the proposed new oversight body the ‘Independent Surveillance and Intelligence Commission’ and the Investigatory Powers Tribunal.