New anti-terror internet spying laws will not curb or ban encryption

PA
Updated

New spying laws will not include powers to restrict encryption, it has been revealed.

The disclosure came as the first confirmed details of landmark legislation covering the tools available to police and intelligence agencies to fight terrorism and serious crime in the digital age emerged.

It is understood that ministers have ruled out any proposal to restrict encryption or ban it, although security services will retain the capacity to intercept the content of communications after obtaining a warrant.

The emergence of encryption has been identified as a major headache for law enforcement bodies, with suggestions that it risks leaving them locked out of some areas of cyber space.

There has been major growth in the use of encrypted apps which encode messages in a way that makes it harder for a third party to intercept the content.

Earlier this week, MI5 chief Andrew Parker said the "conversations of our adversaries" are happening on a bewildering array of devices and digital platforms, adding: "An increasing proportion of such communications are now beyond our reach - in particular with the growing prevalence of sophisticated encryption."

In a potential area of controversy, measures requiring internet firms to store internet connection records (ICRs) to respond to the increasing use of apps and social media for communication are expected to be included in the draft Investigatory Powers Bill.

However, sources said access to ICRs will be controlled and they will not include a full browsing history or reveal every web page visited, with strict limits on accessing the records.

They insist the powers would not allow authorities to access records of every person's full internet activity.

Under the arrangements a website such as www.newspaper.co.uk would be considered an ICR but www.newspaper.co.uk/sport would be regarded as "content" and would require a warrant before it could be accessed.

Ministers are also expected to propose a radical overhaul of the current oversight regime, including the appointment of a senior judge in a newly created role of Investigatory Powers Commissioner who will hold agencies and law enforcement to account.

No confirmation has yet been given on whether proposals for judges to take over from Secretaries of State in signing warrants for interception operations will be included, however.

Sources sought to distance the new legislation from the abandoned Communications Data Bill, which was labelled the "Snoopers' Charter" after it was drawn up in 2012, saying some of its "more contentious" tactics have been ruled out.

Sweeping powers to demand UK-based communications service providers (CSPs) should capture and store internet traffic from companies based in the US will not be included, while the idea that overseas firms should be forced to meet domestic communications data retention obligations has also been rejected.

The new Bill is seen as an attempt to bring a range of powers under one framework for the first time, with ministers facing the task of balancing security services' needs against privacy concerns that followed the leak of intelligence files by Edward Snowden.

A Government source said: "We're absolutely clear that key parts of the original plans from 2012 will be dropped from the new Bill. We have consulted widely and have listened to the concerns of (Independent Reviewer of Terrorism Legislation) David Anderson, (security think-tank) RUSI and Parliament and we are coming forward with a new approach.

"We know these powers are needed as technology changes and terrorists and criminals use ever more sophisticated ways to communicate.

"But we need to give people the reassurance that not only are they needed, but that they are only ever used in a necessary, proportionate and accountable way. That is what this Bill is all about."

Advertisement