Investigatory Powers Bill

Written evidence submitted by Martin Kleppmann (IPB 11)

[01] I am a researcher in the field of databases and information security. Having followed the debates around the draft Investigatory Powers Bill, and having given evidence to two parliamentary committees, I am concerned that the risks and potential consequences of the technical measures proposed in this bill have still not been fully appreciated.

[02] Much of the debate on the Investigatory Powers Bill has focussed on the question of authorisation: that is, under which circumstances certain powers may be used, who needs to approve their use, and how that approval process works. The often-cited "double-lock" mechanism is an example.

[03] However, lacking in the debate has been a discussion of a much more fundamental question: should the most intrusive powers exist at all? As it stands, the assessment of whether a power is deemed to be proportionate and necessary for a particular case is left mostly in the hands of the Secretary of State and the judicial commissioner who reviews warrants. By asserting that this approval process is sufficient, parliament effectively abdicates any responsibility for making decisions about proportionality, and leaves decisions about proportionality entirely in the hands of the two people who decide on whether to approve a particular warrant.

[04] I call for parliament to re-examine whether the most intrusive powers of this bill are at all appropriate for being on the statute books of a modern democracy. Some of the powers in the proposed bill are no doubt essential for law enforcement services to perform their important work. However, in my opinion, some of the powers are so intrusive that their use should never be considered proportionate, even for the most serious of crimes.

[05] Just because a power is useful for investigation, that does not mean it necessarily must be allowed. For example, perhaps torture is useful for investigatory purposes, but nobody would seriously advocate allowing torture in the UK - thus, torture is unconditionally excluded from the repertoire of tools that is available to law enforcement. Even if the Secretary of State and a judicial commissioner were to authorise its use, torture would still be illegal.

[06] By making torture illegal, parliament effectively decided that its use was never proportionate, no matter what the case. That is, even if it was believed that use of torture against one person may help save thousands of lives, it would still not be permitted, because the risks of abuse of the power are thought to be greater than its benefits for investigatory purposes. Put another way, torture is simply not acceptable in any democracy under any circumstances.

[07] Similarly, perhaps it would be useful for investigatory purposes if a microphone was placed in every room of every building in the country, which preemptively recorded every conversation and stored it for 12 months, to be examined only for the investigation of a crime. Yet, nobody would dare to advocate such a measure, because there would be a public outcry. Thus, preemptive recording of every conversation is also unconditionally excluded from the repertoire of tools available to law enforcement.

[08] However, note that with the proliferation of smartphones and other smart devices, we are rapidly approaching a situation in which there is in fact an internet-connected microphone in almost every inhabited space in the country. Combined with the bulk equipment interference and thematic warrants contained in the proposed bill, which would allow a microphone to be turned on remotely without the owner's knowledge, preemptive recording of every conversation between innocent people in the country is in fact possible. It would be merely up to the Secretary of State and one judge to decide whether to authorise it.

[09] We hope that they would not authorise such a measure, but hope and unlimited faith in the good nature of individuals is not a good basis for legislation. Even though today's government, law enforcement services and judiciary are scrupulous, there is no guarantee that they always will be in future. Just because the UK has been fortunate not to have had an equivalent of the Gestapo or the Stasi in the last 200 years, that does not rule out the possibility of such events in future, and parliament would be wise to not pave the way for such developments.

[10] Some powers are so drastic and intrusive that it is important to have an informed public discussion on whether the power should exist at all. Whether a power already exists or not, and has been exercised in the past, is irrelevant to this discussion: just because something has been done in the past does not mean that we should continue doing it. Torture also used to be accepted as a valid interrogation tool, until it was declared to be illegal.

[11] In the rest of this note I will go into some of the most intrusive powers, for which I believe it is doubtful whether they should exist at all, because their potential for abuse is too great, regardless of their potential investigative value.

[12] 1. Technical capability notices. The government has repeatedly asserted that it does not wish to introduce backdoors into encryption products, or otherwise deliberately undermine the security of computer systems. Similarly, the intelligence services are rumoured not to desire mandatory backdoors in end-to-end encrypted communication systems, because they realise how dangerous they would be (as any backdoor may, for example, be exploited by hostile foreign intelligence services).

[13] And yet, the provisions of sections 217 to 220 in the bill are just that: permission for the secretary of state to order secret backdoors to be introduced. This power is not even subject to judicial review. The government rhetoric is in direct contradiction with the text of the bill.

[14] The current case between Apple and the FBI in the USA is a concrete example: if the USA had the power to serve technical capability notices as proposed in the Investigatory Powers Bill, then Apple could be compelled to do the very thing that it is refusing. Since the notice would be secret and its disclosure punishable, the current public debate would never occur. Anyone who sides with Apple in this case must be strictly opposed to the provisions for technical capability notices in this bill.

[15] As I have explained in my evidence to the Joint Committee and the Science and Technology Committee, any sort of deliberate weakening of the security of computer systems under a technical capability notice would expose innocent citizens to increased risk of cyberattacks. It would also undermine international trust in software and hardware products designed in the UK, harming both the UK economy and its international standing.

[16] 2. The request filter. This mechanism, explained in the communications data code of practice, is claimed to be an additional safeguard. It is nothing of the sort: it is in fact an automated data analysis tool that allows much larger-scale intrusion into the privacy of innocent citizens than any human examination of data could ever achieve. It is functionally equivalent to a single centralised database of all communications data, since the kinds of processing and correlations that the filter can perform are not restricted on a technical level.

[17] For example, the filter allows large-scale data mining of the communication data records and online activity of millions of innocent citizens. It would allow searching for people whose behaviour matches certain patterns - regardless of whether those people are suspected of any crime. As communication data comprises the "who, where, when and how" of all online activities, these analyses are able to make extremely intrusive inferences about innocent people’s lives. It is nothing short of mass surveillance, which would have a serious chilling effect, and probably run afoul of human rights law.

[18] 3. Thematic warrants. Warrants that explicitly name the affected individuals are clearly an important tool for law enforcement, and their inclusion in the bill is acceptable. However, the bill also provides for much broader warrants against "a group of persons who share a common purpose" or even "testing or training activities". Such broadly scoped warrants invite abuse.

[19] For example, all people involved in doctors’ strikes share a common purpose, and a doctors’ strike could be construed as a risk to public health, and thus a risk to national security. Thus, it is conceivable that the tools designed to find terrorists could be deployed against a group of people protesting legitimately against an issue of work contracts. Even if warrants would not be used this way in practice, the risk that they could be used this way in future by a less scrupulous government is a cause for concern.

[20] 4. Bulk interception and bulk equipment interference. Targeted powers for intercepting and interfering with the equipment of specific named individuals are undoubtedly important. However, the bulk powers in the bill extend these measures to entire populations. If the tools that are designed to investigate criminals are deployed against an entire population, that betrays a belief that everybody is a criminal. This is not a healthy relationship between the individual and the state. Thus, it is not surprising that individuals and businesses respond by seeking refuge in technologies that are designed to thwart surveillance attempts.

[21] Bulk equipment interference is especially dangerous, since equipment interference can have unintended side-effects, such as making the equipment defective or vulnerable to external attacks. For example, imagine the UK has a fleet of self-driving cars in several years’ time, and bulk interference on these cars accidentally leads to malfunction as they are driving at high speed. The consequences could be devastating.

[22] In summary: Some of the powers in this bill are extremely dangerous and intrusive, and there has not been sufficient debate as to whether they should exist at all. Like torture, there are some powers that a democratic state simply should not have, regardless of their potential investigative utility, and regardless of their authorisation process. The claim that the powers in the bill are "not new" merely adds insult to injury: if human rights have been violated in the past, that is a mistake to be investigated, not a status quo to be legitimised.

[23] I call on the members of parliament to heed the warning calls from technical experts and human rights groups, and reconsider the repertoire of powers that should be available to law enforcement.

March 2016


Prepared 24th March 2016