Update: The UK appeal court has ruled that parts of the laws surrounding the Investigatory Powers Act, known more widely as the Snooper’s Charter, are unlawful and must be changed.

In a case brought to court by Labour deputy leader, Tom Watson, and presented by campaign group Liberty, the judges ruled that the powers in the Data Retention and Investigatory Powers Act 2014, which was a precursor for the snooper’s charter legistlations, gave police and other public bodies too much scope and didn’t go far enough in protecting innocent citizens.

In particular, the judges claimed the powers are “inconsistent with EU law”.

Original story continues below

The Investigatory Powers Act, dubbed the Snoopers’ Charter, officially become law in the tail end of 2016, bringing unprecedented levels of online surveillance to the UK.

The controversial law significantly extends police powers over internet data, allowing authorities to access information such as web-browsing records if the case requires it. All interception warrants require judicial approval, but the legislation nonetheless enables unprecedented access to private communications.

The Act is public, and can be read in full online. Here we’ve put together a basic rundown of what the Snoopers’ Charter covers, and what it means for your communications.

Snoopers’ Charter: Main powers

At the heart of the Investigatory Powers Act is an order for internet and phone service providers to store customer communications data for 12 months. This includes the who, what and when of internet activity, from the names of websites to times of sending and receiving messages. The idea is that this builds a resource of information that police, security services and other government agencies can access upon issue of a warrant.

A portion of the Act labeled “Equipment Interference” also outlines powers for security services to remotely hack into devices and servers, to obtain information to aid cases. A warrant is likewise needed for this, and the measures need to be judged as “proportionate to what is sought to be achieved”.

Bulk interception warrants are also covered by the Act for overseas-related communications, as described in Part 6 of the legislation. A Codes of Practice consultation paper claims that such information must be “necessary for the identification of subjects of interest who pose a threat to the UK’s national security”.

Snoopers’ Charter: Commissioners

In terms of checks and balances, the Act created the Investigatory Powers Commission (IPC) to oversee the use of surveillance. This body is built up of former or currently serving judges, who must review warrants for accessing information or conducting equipment hacking. As the government explains, “the IPC will audit compliance and undertake investigations.”

Before going to the judges, the warrants also need to have been authorised by the current Home Secretary of State.

Snoopers’ Charter: Encryption

Encryption is a complicated subject, tapping into arguments that are bubbling beyond the boundaries of the UK government. Officially, the Investigatory Powers Act allows authorities to compel communications providers to remove “electronic protection applied […] to any communications or data”. How this works in practice isn’t as clear-cut.

A draft version of the Investigatory Powers Bill only stipulated that measures to force companies to remove encryption must be “reasonable” and “practicable”, and that an advisory board must be consulted beforehand. After a major backlash against these measures from technology experts, this was tweaked to clarify that companies would not be forced to remove electronic protection if it was not “technically feasible”.

What does that mean? Well, it’s ambiguous.

In the wake of 2017’s terrorist attacks on London and Manchester, there have been calls from MPs, notably Home Secretary Amber Rudd, for organisations like WhatsApp to make sure they “don’t provide a secret place for terrorists to communicate with each other”. The counter argument runs that, if authorities were to press companies like Facebook to undermine their security, it would result in a drawn out, very public battle, and would simply push nefarious users to more underground services.

“Eventually [the government] will lose the battle because they will never [for instance] coerce the global open-source community to comply,” commented Muffett, technical advisor and board member for the Open Rights Group. “Government time and money would be better spent elsewhere – pursuing criminals through ‘human’ means and by building upon metadata – than in attempting to combat ‘secure communication across the internet’ as an abstract entity.”

When did the Snoopers’ Charter become law?

The legislation passed the House of Lords in November 2016, following 12 months of debate between politicians, internet service providers and privacy advocates. A royal assent marked the conclusive enshrining of the bill as law, although the Home Office has said that certain provisions will need to be tested before being put into effect.

Home secretary Amber Rudd called the bill “world-leading”, claiming that it provides “unprecedented transparency and substantial privacy protection”.

“The government is clear that, at a time of heightened security threat, it is essential our law enforcement and security and intelligence services have the power they need to keep people safe,” said Rudd. “The internet presents new opportunities for terrorists and we must ensure we have the capabilities to confront this challenge. But it is also right that these powers are subject to strict safeguards and rigorous oversight.”

The reaction from privacy and human-rights organisations, meanwhile, was damning. Jim Killock, executive director of Open Rights Group, said that Rudd was correct to call the Act world-leading, but for different reasons than intended: “It is one of the most extreme surveillance laws ever passed in a democracy,” he said. “Its impact will be felt beyond the UK as other countries, including authoritarian regimes with poor human-rights records, will use this law to justify their own intrusive surveillance regimes.

“Although there are some improvements to oversight, the Bill will mean the police and intelligence agencies have unprecedented powers to surveil our private communications and internet activity, whether or not we are suspected of a crime.”

Jo Glanville, director of global literary network English PEN, commented: “The Investigatory Powers Act will diminish the space for freedom of expression in the UK. Our liberty to communicate or research online in private can no longer be guaranteed. The UK has set a worrying precedent for the rest of the world”.