- CSPs being forced to retain internet history data of users should be provided with "whatever technical and financial support is necessary to safeguard the security of the retained data" but the government shouldn't be responsible for 100 percent of the costs.
The Don't Spy On Us coalition, which includes the Open Rights Group and Privacy International, responded: "Proposals to collect the internet connection records (ICRs) of every UK citizen could cost more than £1 billion." This figure is based on a similar scheme which has since been dropped in Denmark due to the cost. The initial Home Office estimate for the storage of these records was just £174m over ten years.
- "Fuller justification" for bulk surveillance: "We believe that that the lack of a formal case for bulk personal datasets (BPDs) remains a shortcoming when considering the appropriateness of this power."
- There should be no power to ask foreign intelligence agencies to undertake surveillance where the UK authorities cannot, for example in the USA.
The revised bill "explicitly bans our agencies from asking foreign intelligence agencies to undertake activity on their behalf unless they have a warrant approved by a Secretary of State and Judicial Commissioner."
- Hacking should be targeted: "Targeted interception and targeted equipment interference warrants cannot be used as a way to issue thematic warrants concerning a very large number of people."
- An annual report that must contain: "Information about the impact, results and extent of the use of powers in the bill so effective public and parliamentary scrutiny of the results of the powers can take place."
Writing for Wired.com, Liberal Democrat MP Lord Strasburger, who sat on the joint committee, said: "This bill is a long way from the finished article. It needs more than mere tweaking, it needs to be fundamentally rethought and rebuilt. The Home Office should stop rushing to push it through and take its time to get it right."
The intelligence and security committee criticised the bill for a lack of clarity and transparency around powers and suggested wide ranging amendments to the bill. Mostly though the committee says that the bill could benefit from starting again, saying: "The draft bill adopts a rather piecemeal approach, which lacks clarity and undermines the importance of the safeguards associated with these powers.
"We have therefore recommended that the new legislation contains an entirely new part dedicated to overarching privacy protections, which should form the backbone of the draft legislation around which the exceptional powers are then built. This will ensure that privacy is an integral part of the legislation rather than an add-on."
The science and technology select committeereport confronted concerns over the impact the legislation could have on the UK's technology sector, equipment interference powers and a lack of clarity when it comes to the issue of encryption.
Nicola Blackwood MP, chair of the science and technology committee said: "It is vital we get the balance right between protecting our security and the health of our economy. We need our security services to be able to do their job and prevent terrorism, but as legislators we need to be careful not to inadvertently disadvantage the UK's rapidly growing tech sector."
The joint committee on the Draft Investigatory Powers Bill was sent 148 sets of evidence raising concerns and views about aspects of the legislation, and May faced questions over these concerns in front of the committee in December.
The politics
There was generally cross-party approval of the bill as first proposed, with Shadow Home Secretary Andy Burnham stating that it was "neither a snooper's charter nor a plan for mass surveillance."
Conservative MP David Davis has been one of the more outspoken critics of the proposed legislation. Talking to The Guardian he said: "In every other country in the world, post-Snowden, people are holding their government's feet to the fire on these issues, but in Britain we idly let this happen […] Because for the past 200 years we haven't had a Stasi or a Gestapo, we are intellectually lazy about it, so it's an uphill battle."
Author and journalist Heather Brooke went one step further. Writing for The Guardian she said: "The spies have gone further than [George Orwell] could have imagined, creating in secret and without democratic authorisation the ultimate panopticon. Now they hope the British public will make it legitimate."
Edward Snowden tweeted: "By my read, #SnoopersCharter [The Draft Investigatory Powers Bill] legitimises mass surveillance. It is the most intrusive and least accountable surveillance regime in the West."
Apple submitted a formal submission to the bill committee, specifically around the issue of encryption, on Monday 21 December, expressing: "We believe it would be wrong to weaken security for hundreds of millions of law-abiding customers so that it will also be weaker for the very few who pose a threat. In this rapidly evolving cyber-threat environment, companies should remain free to implement strong encryption to protect customers," as per The Guardian.
According to YouGov the UK public generally approve of surveillance, with 44 percent of respondents stating it wouldn't bother them to know that they could be spied upon and they don't think they are at this time.
Obligations on communications service providers
The use of investigatory powers relies heavily on the cooperation of so-called 'communications service providers' (CSPs) in the UK and overseas. The draft bill clearly outlined a legal duty on British companies to assist in hacking devices (equipment interference warrants).
On the issue of data retention May told the joint committee in January that: "There have been discussions with providers. CSPs have shown me responsiveness on that matter." However, she avoided giving any detail on how this would work in practice and how much it might cost, saying: "There are no exact figures, I'm happy to provide written evidence of Home Office work in this area."
The science and technology joint committee report pushed the government for greater clarification when it comes to practical concerns around the retention of this data. The report reads: "There seems still to be confusion about the extent to which 'internet connection records' will have to be collected. This in turn is causing concerns about what the new measures will mean for business plans, costs and competitiveness."
The joint committee has pushed the government to provide: "Whatever technical and financial support is necessary to safeguard the security of the retained data" in its report, but suggests that the government shouldn't be responsible for 100 percent of the costs.
A spokesperson for UK internet service provider (ISP) BT responded to this obligation by stating: "National security is a critical issue and everyone needs to play their part, including industry. Parliament has long taken the view that the national interest is best served by allowing security and law enforcement authorities access to certain types of data under certain circumstances. We believe there must be a clear legal framework around this regime, one that ensures adequate checks and balances are in place to weigh up any human rights concerns."
ISP Virgin Media said it "does not monitor or control what customers do online but complies with all lawful requests. It is for Parliament to decide where the balance lies between the needs of law enforcement and citizens' privacy.''
ISPs have been cooperating with requests like this since 1984 under obligations outlined in the Telecommunications Act, if requested by the Secretary of State in the interest of national security. This bill looks to write this power into law for the security and intelligence agencies.
The draft bill also outlined a means for ISPs, telecommunications operators and postal operators to receive appropriate contributions to cover the additional costs of these activities.
These providers can appeal requests for data, but only directly to the Secretary of State.