The Snoopers' Charter or ‘Investigatory Powers Act 2016’ is a piece of UK legislation originally proposed as the ‘Draft Communications Data Bill’ by Theresa May in November 2015 when she was home secretary. The act was signed into law on 29 November 2016.
For the first time ever, UK authorities are now authorised to hack into peoples’ laptops, desktops and mobile phones.
Internet service providers (Virgin, BT, TalkTalk, etc), internet messaging systems and even postal services will be legally required to store data about their users for one year. That means the government and their agencies have access to information about which websites you are visiting, when you are visiting them and from which device you are browsing the internet.
What are the new powers?
- Internet Service Providers (ISPs) are required to store all user data for one year including the websites and apps you have visited and used. This information can be accessed without a warrant.
- Private companies will be legally obliged to bypass encryption when a warrant is supplied.
- Grants new powers for UK intelligence agencies and law enforcement to intercept and collect any internet communications.
- Allows ‘targeted equipment interference’ such as hacking specific devices or bulk communications tapping.
- Legally requires UK-based ISPs and other communications companies to assist the government and their agencies with interception of user data. This does not extend to foreign companies.
- UK-based companies are legally required to remove encryption when requested.
- It is now a criminal offence for ISPs to reveal the fact that data has been requested or that they have been asked to intercept their customers’ communications.
Who has access to these new powers?
The following authorities can access internet records without the need for a warrant:
- Metropolitan police force
- City of London police force
- Police forces maintained under section 2 of the Police Act 1996
- Police Service of Scotland
- Police Service of Northern Ireland
- British Transport Police
- Ministry of Defence Police
- Royal Navy Police
- Royal Military Police
- Royal Air Force Police
- Security Service
- Secret Intelligence Service
- Ministry of Defence
- Department of Health
- Home Office
- Ministry of Justice
- National Crime Agency
- HM Revenue & Customs
- Department for Transport
- Department for Work and Pensions
- NHS trusts and foundation trusts in England that provide ambulance services
- Common Services Agency for the Scottish Health Service
- Competition and Markets Authority
- Criminal Cases Review Commission
- Department for Communities in Northern Ireland
- Department for the Economy in Northern Ireland
- Department of Justice in Northern Ireland
- Financial Conduct Authority
- Fire and rescue authorities under the Fire and Rescue Services Act 2004
- Food Standards Agency
- Food Standards Scotland
- Gambling Commission
- Gangmasters and Labour Abuse Authority
- Health and Safety Executive
- Independent Police Complaints Commissioner
- Information Commissioner
- NHS Business Services Authority
- Northern Ireland Ambulance Service Health and Social Care Trust
- Northern Ireland Fire and Rescue Service Board
- Northern Ireland Health and Social Care Regional Business Services Organisation
- Office of Communications
- Office of the Police Ombudsman for Northern Ireland
- Police Investigations and Review Commissioner
- Scottish Ambulance Service Board
- Scottish Criminal Cases Review Commission
- Serious Fraud Office
- Welsh Ambulance Services National Health Service Trust
The EU's highest court has recently ruled that “General and indiscriminate retention” of emails and electronic communications by governments is illegal, providing a direct challenge to the new law, however with Brexit on the horizon it's unlikely that the EU's advice will be heeded.