This month, while the U.K. was looking the other way at the fall-out of the U.S. election, Brexit, and cultural appropriation on The X Factor, MPs passed a historic surveillance bill. The Investigatory Powers Bill sets out to legalize some practices that the government already does, following the exposure of state surveillance by whistleblowers like Edward Snowden. But it also introduces new powers. Most significantly, the U.K. government is now going to keep a record of every website that every citizen visits, for up to a year. That includes the apps you visit and communications you send on your phone. As Snowden himself tweeted, the bill introduces “the most extreme surveillance in the history of western democracy.” The Bill was given the official sign-off by the Queen today, November 29, which means it is now law, and will imminently come into effect.
What’s possibly most unnerving about all this is how quietly this legislation came to pass. Earlier this year, civil rights organisation Liberty found that 72% of poll respondents were unaware of the Bill’s existence. And even if you are aware of it, the terminology surrounding it is dense. Another survey — this time with a self-described group of “internet-savvy” respondents — found that only 12% believe the government has properly explained what it’s trying to do.
Basically, this Bill will end your right to online privacy in the U.K. So, if you're someone who lives a pretty substantial amount of their life online — and since you’re reading this on The FADER, you probably do — here’s what you need to know, and what you can do now.
What does the Bill mean?
The biggest headline is that this Bill will mandate your internet provider to keep a record of everything you’ve done online for the past 12 months (including app usage). Your phone provider will do the same with your communications. These records will show your metadata — i.e. which website you visited or who you contacted, at what time, and how long for — and must be handed over to authorities if they give notice. These new measures include everyone, not just those suspected of committing a crime.
Here’s a list of all 48 public bodies that will be allowed access to these internet and communications records, compiled by blogger Chris Yiu. It includes the Metropolitan police force, the Department of Justice, and the Department for Work and Pensions.
The Bill lays out new rules about who can remotely access your computer or your phone, and who can intercept and read your messages. It also gives the government the power to force tech companies to comply if they wish to hack into a device.
Should I be concerned if I'm not doing anything wrong?
If you care about your right to privacy, yes. The Bill is designed to fight terrorism — but the approach of monitoring everyone instead of just monitoring suspects creates a really troubling precedent. Think about everything you’ve Googled in the past 24 hours, as part of a stream of consciousness or a conversation. What impression could be formed about you from that information? Who would you want to see it?
The very fact that all this data will now be on record is worrying. Liberal Democrat peer Lord Strasburger told The Guardian: “We do have to worry about a U.K. Donald Trump. If we do end up with one, and that is not impossible, we have created the tools for repression.”
The UN privacy chief recently warned the U.K. that he has seen no evidence that mass surveillance is “necessary and proportionate.” He referred to the Investigatory Powers Bill as “worse than scary.”
There is also the problem of security. Your data is either securely encrypted against hackers, or it’s not. Once back doors have been created into your devices by law enforcement, you are more vulnerable to snoopers with less noble intentions. Did anyone watch “Hated In the Nation” in the latest season of Black Mirror?
Is there anything I can do to protect my data?
For secure internet browsing on any device you can use a proxy server — or, more dependably, a VPN based outside of the U.K. (Read more on that here.) It’s not a foolproof method, though: some websites block VPN services, and your activity may well be logged anyway, by things like online ads. If you want more protection, you could install the super-secure browser Tor.
When it comes to sending messages on your phone, you could try persuading your friends to sign up to private messaging apps that have end-to-end encryption. This is the only kind of message that can’t be read if it’s intercepted. (WhatsApp has end-to-end encryption, though it won’t protect you if your phone is hacked.) Among the most popular secure messaging apps are Signal (which acts like an alternative to texting) and ChatSecure (which allows you to privately use Facebook Messenger and Google Chat from your phone). Read about more options here. As for the rest of your communications, it’s pretty hard to fully protect your smartphone — you’re better off with a burner — but click here for some tips.
This Bill will imminently become law, but there are still many people making their objections against it heard. Members and affiliates of the campaign Don’t Spy On Us are continuing to raise challenges — read more on their action here. A petition to repeal the Bill is also rapidly gaining support. You can add your voice to it here.