Concerned experts are asking what plans the government has for meeting its mandate to overhaul Britain’s broad surveillance laws.
The Home Office is legally mandated to reconsider the operation of the Investigative Powers Act (IPA) of 2016, popularly known as the Snooper Charter, after five and a half years.
However, information security and legal experts say they are concerned that the government has shown no plans to reconsider the IPA, despite growing concerns about its validity.
Experts say there is an urgent need to amend the Powers of Investigation Act to make intercepted evidence admissible in criminal prosecution.
They also call for assessing the use of artificial intelligence in surveillance following breakthroughs that have enabled more intrusive information gathering.
There is also an open question as to whether the IPA complies with the legal rulings of the European Court of Human Rights. The ruling requires end-to-end protection against mass collection of communications and protection of journalist privileged information.
Evidence of interception should be admissible in court
Computer forensics expert and expert witness Peter Sommer advised the Joint Senate and House Select Committee in conducting pre-legislative scrutiny of the Investigative Powers Bill in 2015 and 2016.
He told Computer Weekly that after Operation Venetic, the National Crime Agency’s largest investigation into organized crime, it was clear that the IPA needed to change the way it handled interceptions, which could be used as evidence in prosecutions. Said he couldn’t.
“The most obvious amendment needed now would be to treat interception evidence the same as all other types of evidence and change the current position to allow warrants to be obtained for intelligence purposes, but Evidence of interception is inadmissible and should not be used in court,” he said.
The indictment, filed under Operation Venetic, which relies on the content of millions of messages and photos obtained by the French police in 2020 from EncroChat, a supposedly secure encrypted phone network, is based on intercepted evidence. We are facing legal issues over admissibility.
Defense attorneys have filed a series of laws against the National Crime Agency before the United Kingdom, the Court of Appeals, the European Court of Human Rights, and most recently the United Kingdom’s investigative body, regarding the admissibility of material intercepted from tens of thousands of Encrochat phones in the United Kingdom. issued a legal objection. Powers Tribunal.
“The current situation raises major questions in the NCA’s largest investigation, Operation Venetic, where there is considerable suspicion about the status of the EncroChat messages and photos obtained. Admitted or not?” Somers said. .
Doctor Ian BrownInformation security expert said it needs to be clarified whether large-scale device interference operations similar to those against EncroChat will be deployed more frequently by law enforcement in the future.
It is doubtful whether data obtained from real-time interception would be admissible in a criminal trial, as long as it was obtained from digital equipment rather than from analog radio links or telephone lines. do you need?”
Artificial intelligence
Other experts say the government needs to review advances in artificial intelligence that have allowed law enforcement and intelligence agencies to conduct more intrusive bulk surveillance since the Investigative Powers Act went into effect. .
Eric Kind, an expert in surveillance and law and public policy and managing director of the data rights organization AWO, told Computer Weekly that artificial intelligence and its implications for surveillance powers at scale were not in any review. should also be a key priority.
“Artificial intelligence should be one of your top priorities for review because we have seen so many breakthroughs since the IPA passed. We have capabilities, but most notably in terms of bulk authority,” he said.
European Court Decision Affects IPA
Lawyers and privacy groups have also argued that the UK’s previous oversight regime, the Investigative Powers Act 2000 (RIPA), needs to be reconsidered in the light of a European Court of Human Rights decision that found serious flaws in it. I’m here.
For example, the 2020 European Court of Human Rights decisions in Big Brother Watch and other cases in the UK have cast doubt on whether the Investigative Powers Act provides adequate privacy protections during mass surveillance activities. .
Home Secretary Suela Braverman, who was a member of the Joint Task Force that reviewed the draft Investigative Powers Bill from November 2015 to February 2016, is said to have a good understanding of the issue. .
Under section 260 of the Investigative Powers Act, the government is legally obligated to review the Investigative Powers Act five years and six months after it was granted royal assent in November 2016, and to submit a copy of the review to parliament. I’m here.
Bulk interception
In addition to the difficulties posed by the IPA regarding the interception of evidence, Sommer said, it is also difficult to separate legally acceptable communication data from unacceptable content on web-based email and social media services. said.
He said there are strong reasons for the Congressional Information Security Committee to consider the scope and operation of mass interception and retrieval warrants.
“Such warrants necessarily collect information from completely innocent people on the serendipitous occasion that they may be guilty of some crime,” he said.
While the Investigative Powers Act recognizes state-sponsored hacking as “equipment interference,” allowing evidence obtained in this manner to be used as evidence in court, Sommer said other forms of digital evidence and Unlike , he said, “There are no standard operating procedures to ensure integrity and safety.” Reliability of results. “
Government reviews are also expected to assess the performance of the Office for Data Authorizations (OCDA)., Established in March 2019 after the IPA 2016 came into effect, the agency reviews applications by government agencies from telephone and internet companies to access metadata about an individual’s phone, email, and internet usage. .
OCDA makes 200,000 requests annually from 600 public authorities to access communication data, including information such as who sent and received an email, when it was sent, and the first part of the URL of the website visited. established to manage. .
According to the Investigatory Powers Commissioner’s Office (IPCO), the organization employs about 100 people in two offices in Manchester and Birmingham and acts as a point of contact for government agencies seeking communications data seven days a week from 7:00 a.m. to 10:00 p.m. I work until
The Home Office declined to answer questions from Computer Weekly about its legal obligation to review IPAs.