Who can view my internet history?

Spoiler alert: they already know you visited this site.

Last week, whilst most of us were busy watching the comings and goings at Trump Tower and Ed Balls on Strictly, Parliament quietly passed the Investigatory Powers Act 2016 (a.k.a. the Snoopers’ Charter). It’s been described as the most intrusive system of any democracy in history and a privacy disaster waiting to happen.

The Act makes broad provisions to track what you do online. Amongst a raft of new surveillance and hacking powers, it introduces the concept of an internet connection record: a log of which internet services - such as websites and instant messaging apps - you have accessed. Your internet provider must keep these logs in bulk and hand them over to the government on request, whether you want them to or not.

So long right to privacy, hello 1984.

This is a truly appalling development, but all is not quite lost: there are still legal actions pending against the UK’s mass surveillance powers, and you can visit Don’t Spy on Us to find out more.

In the meantime, read on to find out who exactly will be able to see what you’ve been up to online.

Who can view my stuff?

A list of who will have the power to access your internet connection records is set out in Schedule 4 of the Act. It’s longer than you might imagine:

Metropolitan police force

City of London police force

Police forces maintained under section 2 of the Police Act 1996

Police Service of Scotland

Police Service of Northern Ireland

British Transport Police

Ministry of Defence Police

Royal Navy Police

Royal Military Police

Royal Air Force Police

Security Service

Secret Intelligence Service

GCHQ

Ministry of Defence

Department of Health

Home Office

Ministry of Justice

National Crime Agency

HM Revenue & Customs

Department for Transport

Department for Work and Pensions

NHS trusts and foundation trusts in England that provide ambulance services

Common Services Agency for the Scottish Health Service

Competition and Markets Authority

Criminal Cases Review Commission

Department for Communities in Northern Ireland

Department for the Economy in Northern Ireland

Department of Justice in Northern Ireland

Financial Conduct Authority

Fire and rescue authorities under the Fire and Rescue Services Act 2004

Food Standards Agency

Food Standards Scotland

Gambling Commission

Gangmasters and Labour Abuse Authority

Health and Safety Executive

Independent Police Complaints Commissioner

Information Commissioner

NHS Business Services Authority

Northern Ireland Ambulance Service Health and Social Care Trust

Northern Ireland Fire and Rescue Service Board

Northern Ireland Health and Social Care Regional Business Services Organisation

Office of Communications

Office of the Police Ombudsman for Northern Ireland

Police Investigations and Review Commissioner

Scottish Ambulance Service Board

Scottish Criminal Cases Review Commission

Serious Fraud Office

Welsh Ambulance Services National Health Service Trust

I always wondered what it would feel like to be suffocated by the sort of state intrusion that citizens are subjected to in places like China, Russia and Iran. I guess we’re all about to find out.

Who else can view my stuff?

Bulk surveillance of the population and dozens of public authorities with the power to access your internet connection records is a grim turn of events for a democracy like ours.

Unfortunately, bulk collection and storage will also create an irresistible target for malicious actors, massively increasing the risk that your personal data will end up in the hands of:

People able to hack / infiltrate your ISP

People able to hack / infiltrate your Wi-Fi hotspot provider

People able to hack / infiltrate your mobile network operator

People able to hack / infiltrate a government department or agency

People able to hack / infiltrate the government’s new multi-database request filter

I’d wager that none of these people have your best interests at heart.

Sadly, if the events of the past few years are anything to go by, it won’t take long for one or more of these organisations to suffer a security breach. Assuming, of course, that the powers that be manage not to just lose all of our personal data in the post.

Postscript: What now?

Since I posted this piece, lots of people have been in touch to ask me what they can do. Here are three suggestions:

More than 60k people have already joined the call for the #IPBill to be repealed. Add your name here https://t.co/o3QD99ZFOB #DontSpyOnUs pic.twitter.com/OTwMmaI2Bb — English PEN (@englishpen) November 25, 2016

Our legal team need your help to challenge #IPBill in court. Can you join ORG today to support the fight back?https://t.co/VHetG537bn — Open Rights Group (@OpenRightsGroup) November 19, 2016