MPs have expressed serious concern about the government’s Investigatory Powers Bill in a critical report. There are concerns that the bill, as it stands, is too vague about key terms, worrying businesses that could be impacted by it.
The report, released by the House of Commons Science and Technology Select Committee, warns that the “cost of the Investigatory Powers Bill could undermine the UK tech sector.”
Announcing the report, Nicola Blackwood, MP said in a statement: “The current lack of clarity within the draft Investigatory Powers Bill is causing concern. There are widespread doubts over the definition, not to mention the definability, of a number of the terms used in the draft bill. The government must urgently review the legislation so that the obligations on the industry are clear and proportionate.”
She added: “There remain questions about the feasibility of collecting and storing Internet Connection Records (ICRs), including concerns about ensuring security for the records from hackers. The bill was intended to provide clarity to the industry, but the current draft contains very broad and ambiguous definitions of ICRs, which are confusing communications providers. This must be put right for the bill to achieve its stated security goals.”
Terms such as “telecommunications service”, “relevant communications data”, “communications content”, “equipment interference”, “technical feasibility” and “reasonably practicable” need to be clarified as a matter of urgency, the report states.
Offering recommendations , the committee notes: “There is some confusion about how the draft bill would impact end-to-end encrypted communications, where decryption might not be possible by a communications provider that had not added the original encryption.”
Concerns raised in the report raises include:
- Definitions of certain terms – terms such as “internet connection records” are not properly defined, causing concern amongst tech companies. “There seems to be confusion about the extent to which ‘internet connection records’ will have to be collected,” the report says. “This in turn is causing concerns about what the new measures will mean for business plans, costs and competitiveness.”
- The government insists it isn’t going to try to weaken encryption, but there are still fears that the wording of the bill could require it. The government should clarify and state clearly in its Codes of Practice that it will not be seeking unencrypted content in such cases, in line with the way existing legislation is currently applied.
- Equipment interference could be viewed as a euphemism for government-sanctioned hacking. Some sectors of the communications industry have concerns that equipment interference could jeopardise their business model, particularly for those producing and distributing open source data.