A group of MPs has criticised plans put forward in the Draft Investigatoy Powers Bill after consulting with several top technology firms, including the likes of Apple, Facebook and Google.
The Science and Technology committee has slammed the bill as being vague and confusing, issuing a 43-page report outlining its views on key issues such as encryption and data collection.
The committee's chairwoman, Nicola Blackwood MP, said: “The current lack of clarity in the Draft Investigatory Powers Bill is causing concern among businesses. There are widespread doubts over the definition, not to mention the definability, of a number of the terms used in the draft bill."
"The government must urgently review the legislation so that the obligations on the industry are clear and proportionate."
One of the most contentious aspects of the bill is encryption, with some firms worried that they will have to adopt weaker encryption standards and build backdoors into their products so that data can be accessed. This is especially relevant for companies that use end-to-end encryption, with Apple's iMessage communication being a prime example.
On this area, the report says: “There is some confusion about how the draft bill would affect end-to-end encrypted communications, where decryption might not be possible by a communications provider that had not added the original encryption. The government should clarify and state clearly in the Codes of Practice that it will not seek unencrypted content in such cases, in line with the way existing legislation is currently applied."
Bulk data collection is also raising some serious concerns. Communications providers such as BT and Sky are worried about the prospect of having to keep records on all customers for 12 months, something which raises both ethical and security issues.
"Given the volume of data involved in the retention of ICRs and the security and cost implications associated with their collection and retention ... it is essential that the government is more explicit about the obligations it will and will not place on the industry as a result of this legislation,” the report says.
Antony Walker, deputy CEO of techUK commented: “There are several important recommendations in this report that we urge the Home Office to take on board. In particular we need more clarity on fundamental issues, such as core definitions, encryption and equipment interference. These are all issues that we highlighted to the Committee and can be addressed both in the Bill and in the Codes of Practice which we believe must be published alongside the Bill, and regularly updated, as recommended by the Committee. Without that additional detail, too much of the Bill will be open to interpretation, which undermines trust in both the legislation and the reputation of companies that have to comply with it.
“The draft Bill presents an opportunity for the UK government to develop a world leading legal framework that balances the security needs with democratic values and protects the health of our growing digital economy. But we have to get the details right.”
Photo credit: pzAxe / Shutterstock