web analytics

UK Lawmakers Push Ahead With Revised Snoopers’ Charter – Source: www.databreachtoday.com

uk-lawmakers-push-ahead-with-revised-snoopers’-charter-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Governance & Risk Management
,
Privacy

The Investigatory Powers Bill Will Allow Police to Collect More Data

Akshaya Asokan (asokan_akshaya) •
February 2, 2024    

UK Lawmakers Push Ahead With Revised Snoopers' Charter
Image: Shutterstock

Proposed legislation called the “snoopers’ charter,” which would allow British intelligence agencies to collect data on a large scale, cleared further parliamentary scrutiny this week despite mounting criticism from privacy advocates, watchdog groups and technology companies.

See Also: Live Webinar | Securing the Cloud: Mitigating Vulnerabilities for Government

U.K. lawmakers in November 2023 introduced the Investigatory Powers Bill, which seeks to update the Investigatory Powers Act of 2016 – the primary regulation governing the interception of electronic communications by British intelligence agencies, including the Government Communications Headquarters, MI6 and MI5, and other British law enforcement agencies.

Civil society organizations dubbed the regulation the “snoopers’ charter” when it was first introduced in 2015.

The House of Commons on Tuesday approved the revised bill on the first reading and retained provisions that could allow British intelligence agencies to carry out large-scale collection of bulk public datasets that contain the “who, where, when, how and with whom of communications,” according to MI5.

The bill also authorizes law enforcement to collect data in bulk from third-party telecom service providers, including internet connection records, such as details of websites visited by users, which enable law enforcement agencies to process further data at a user’s IP level.

The revised regulations will require telecom companies to notify the Home Office of any changes introduced to their software.

At Tuesday’s hearing, Andrew Sharpe, a conservative member of Parliament and co-rapporteur of the bill, said the amended proposal will give the U.K.’s intelligence services “tools to keep the country safe” while ensuring that law enforcement requests for information are made in a “proportionate way which places privacy at its heart.”

Hours after the conclusion of the hearing, tech industry body TechUK was quick to criticize the proposal, fearing that the bill could hinder “technological advancements aimed at improving consumer privacy, integrity and security.”

The organization, which represents 1,000 tech firms, said the proposals that require companies to notify the government of software changes would deter them from making changes to their products.

“Instead of focusing on improving user privacy and security, firms’ attention would have to be diverted towards fulfilling the surveillance needs of the government,” TechUK said.

Tech giant Apple also criticized the provision on change notification on Monday. It told the BBC that the proposal could allow the U.K. government to “secretly veto new user protections globally,” which would prevent the company from rolling out security updates to its customers.

“We’re deeply concerned the proposed amendments to the Investigatory Powers Act now before Parliament place users’ privacy and security at risk,” Apple said.

A Home Office spokesperson played down the concerns, saying the government supports “innovation and privacy” but added that “lawful access” to communication is vital to identify child sexual abusers and terrorist activities.

“We have always been clear that we support technological innovation and private and secure communications technologies, including end-to-end encryption, but this cannot come at a cost to public safety,” a Home Office spokesperson told Information Security Media Group.

Efforts to revise the bill stem from the June 2023 review of the Investigatory Powers Act of 2016 by British parliamentarian David Anderson. The review, called the Lord Anderson report, said current restrictions on processing bulk personal datasets in the 2016 law have prevented British intelligence agencies from collecting large swaths of public datasets.

British intelligence agencies primarily objected to restrictions imposed on processing bulk personal datasets, which is currently under “triple-lock” authorization, requiring the agencies to first obtain a warrant for interception or equipment interference from the Secretary of State. The warrant then has to be approved by a judicial commissioner and ultimately by the prime minister. Warrants are currently valid only for six months.

These measures prevented the agencies from accessing data needed to train their machine learning systems for faster crime detection and threat disruption, which in turn posed a threat to national security. The agencies raised similar concerns about end-to-encryption rolled out by tech companies, which they said also prevented them from collecting data in a timely manner, according to the report.

The report recommends further amendments to the act, including the introduction of a new category of bulk personal data “with low or no expectation of privacy,” an increase in the timeline for data retention, and revisions to the role of judicial commissioner.

In response to the suggestions, lawmakers have introduced the latest bill with an amended scope for bulk personal datasets. Under the revised bill, a bulk personal dataset could include any data in the public domain that is shared with consent, bringing official records, audiobooks and podcasts, and content derived from online video sharing.

The amended proposal will also allow the head of the intelligence service to authorize data collection and processing, creating a new Investigatory Powers Officer, who can nominate individuals from the law enforcement agencies to the position of judicial commissioner. It also proposed extending the time of interception and data retention to 12 months.

The bill also removes safeguards put in place to secure journalistic sources under the previous regulation, to allow law enforcement agencies to “identify any confidential journalistic material” or “identify or confirm a source of journalistic information.”

In addition to industry tech players, privacy groups Big Brother Watch, Privacy International and Open Rights Group are vocal critics of the bill. In a January letter, Open Rights Group said the bill could transform “private companies into arms of the surveillance state” – “eroding the security of devices and the internet.”

Sarah Simms, policy officer at Privacy International, said the government is using the proposed amendments to dilute existing safeguards put in place under the IPA 2016 to reduce the administrative burden for law enforcement agencies.

“Overall, the government is suggesting to essentially weaken the powers/existing safeguards, which we believe need to be strengthened, not diluted,” Simms told ISMG.

Original Post url: https://www.databreachtoday.com/uk-lawmakers-push-ahead-revised-snoopers-charter-a-24262

Category & Tags: –

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
SentinelOne
90 DAYS A CISO´s Journey to Impact define your role !!
90 DAYS A CISO´s Journey...
WILEY
Cybercrime Investigators Handbook by WILEY
Cybercrime Investigators Handbook by WILEY
ACSC Australia
Cyber Incident Response Plan Template by ACSC & Australian Goverment
Cyber Incident Response Plan Template...
CISO Forum
CISO’s – First 100 Days Roadmap – Your success as a security leader is determined largely by your first 100 days in the role.
CISO’s – First 100 Days...
Microsoft
Microsoft 365 and the NIST Cybersecurity Framework
Microsoft 365 and the NIST...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...
Forrester - Allie Mellen
Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR – EDR Is Dead, Long Live XDR by Allie Mellen – Forrester
Adapt Or Die: XDR Is...
CYBER LEADERSHIP INTITUTE
CISO PLAYBOOK: FIRST 100 DAYS Setting the CISO up for success
CISO PLAYBOOK: FIRST 100 DAYS...

LASTEST PUBLISHED POSTS

National Security Agency
CSI Cloud Top10 Key Management
CSI Cloud Top10 Key Management
CSA Cloud Security Alliance
Defining the Zero TrustProtect Surface
Defining the Zero TrustProtect Surface
HANIM EKEN
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CNIL
PRACTICE GUIDE GDPR – SECURITY OF PERSONAL DATA Version 2024
PRACTICE GUIDE GDPR – SECURITY...
PWNED LABS
Cloud Security Engineer Roadmap
Cloud Security Engineer Roadmap
tutorialspoint.com
Cloud Computing Tutorial Simply Easy Learning
Cloud Computing Tutorial Simply Easy...
SMITHA SRIHARSHA
CISSP Preparation Notes
CISSP Preparation Notes
CISSP Mind Map: All Domains
CISSP Mind Map: All Domains
Lansweeper
CIS 18 CRITICAL SECURITY CONTROLS CHECKLIST
CIS 18 CRITICAL SECURITY CONTROLS...
Semaphore
CI-CD with Docker and Kubernetes
CI-CD with Docker and Kubernetes
EC-MSP
BUSINESS CONTINUITY PLAN & DISASTER RECOVERY PLAN TEMPLATE
BUSINESS CONTINUITY PLAN & DISASTER...
PWC
Building a risk-resilient organisation
Building a risk-resilient organisation

More Latest Published Posts

40 under 40
40 under 40 in CyberSecurity 2024
40 under 40 in CyberSecurity 2024
HADESS
40 Days in DeepDark Web About Crypto Scam
40 Days in DeepDark Web About Crypto Scam
Everbridge
8 Principles of Supply Chain Risk Management
8 Principles of Supply Chain Risk Management
CHAOSSEARCH
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
ENDGAME
The Hunters Handbook Endgame’s Guide to Adversary Hunting
The Hunters Handbook Endgame’s Guide to Adversary Hunting
THE EU’S MOST THREATENING by EUROPOL
THE EU’S MOST THREATENING by EUROPOL
National Cyber Security Centre
Responding to a cyber incident – a guide for CEOs
Responding to a cyber incident – a guide for CEOs
IGNITE Technologies
CREDENTIAL DUMPING
CREDENTIAL DUMPING
HADESS
Pwning the Domain Lateral Movement
Pwning the Domain Lateral Movement
Jorgen Lanesskog
PING Basic IP Network Troubleshooting
PING Basic IP Network Troubleshooting
TELESOFT
Layer 7 Visibility What are the Benefits?
Layer 7 Visibility What are the Benefits?
TIGERA
Introduction to Kubernetes Networking and Security
Introduction to Kubernetes Networking and Security
Department of Defense's (DoD)
Defense Industrial Base Cybersecurity Strategy 2024
Defense Industrial Base Cybersecurity Strategy 2024
Dummies
Zero Trust Access for Dummies Fortinet
Zero Trust Access for Dummies Fortinet
Homeland Security
Zero Trust Implementation Strategy
Zero Trust Implementation Strategy
National Australia Bank Limited
Your Business and Cyber Security
Your Business and Cyber Security
CYFIRMA
Xeno RAT- A New Remote Access Trojan
Xeno RAT- A New Remote Access Trojan
IGNITE Technologies
Windows Persistence COM Hijacking MITRE T1546 015
Windows Persistence COM Hijacking MITRE T1546 015
IGNITE Technologies
Windows Exploitation Rundll32
Windows Exploitation Rundll32
IGNITE Technologies
Windows Exploitation Msbuild
Windows Exploitation Msbuild
HADESS
Web LLM Attacks
Web LLM Attacks
HADESS
Trended Protocols for Security Stuff
Trended Protocols for Security Stuff
Red Iberoamericana de Protección de Datos
Transferencia Internacional de Datos Personales – Guia de Implementación
Transferencia Internacional de Datos Personales – Guia de Implementación
CYFIRMA
TRACKING RANSOMWARE January 2024
TRACKING RANSOMWARE January 2024
https://www.linkedin.com/in/harunseker/
TOP Cyber Attacks Detected by SIEM Solutions
TOP Cyber Attacks Detected by SIEM Solutions
TRAVARSA
Top 100 Cyber Threats and Solutions 2024
Top 100 Cyber Threats and Solutions 2024
Top 50 Cybersecurity Threats
Top 50 Cybersecurity Threats
OWASP
Top 10 Considerations for Incident Response
Top 10 Considerations for Incident Response