Yesterday I was rudely summoned away from a beautiful autumn day of wild foraging by The King.
Specifically, I was given a heads-up about one of the bills which would be in yesterday’s King’s Speech – the first of the King’s reign, and the first and only one of Rishi Sunak’s time in office.
The bill in question is the Investigatory Powers (Amendment) Bill, the outcome of a consultation held over the summer, which I obviously missed being out of work. (Neil Brown did not miss one word from his tech lawyer perspective, and TechUK were equally diligent from the service provider perspective.) There was also an independent review which requires prior knowledge of the IPA.
The problem is that aside from the rather legalistic topics dealt with in the summer consultation and independent review, some of which do indeed have merit, the politicians have stepped in.
What we learned yesterday is that the Bill aims to
- Force technology companies to inform the Home Office in advance of security and privacy features they want to add, including encryption, and force them to disable features which the government objects to;
- Increase the power of the Home Office to force non-UK companies to comply with changes it wants them to make to security features without the right to appeal; and
- Require companies to comply with a notice before any requested review is completed, depriving companies of the opportunity to seek a review of the appropriateness of notices before being obliged to follow them.
And yes, this all dovetails with the Online Safety Act, in ways I will make no attempt to parse out over morning coffee.
The official speech souvenir handout noted how these asks will be framed:
- Make changes to the bulk personal dataset regime to ensure the UK’s intelligence agencies can more effectively make use of less sensitive data, which is already widely available to the public, subject to appropriate safeguards
- Expand the oversight regime to support the Investigatory Powers Commissioner to effectively carry out their role, including putting a number of their functions on a statutory basis. This will maintain the robust, transparent, and world-leading safeguards in the regime.
- Reform the notices regime, to help the UK anticipate the risk to public safety posed by the rolling out of technology by multinational companies that precludes lawful access to data. This will reduce the risk of the most serious offences such as child sexual exploitation and abuse or terrorism
- Update the conditions for use of Internet Connections Records to ensure that these can be used effectively to detect the most serious types of criminal activity and national security threats, underpinned by a robust independent oversight regime
- Increase the resilience of the warrantry authorisation processes to ensure the security and intelligence agencies, as well as the National Crime Agency, can always get lawful access to information in a timely way so that they can respond to the most serious national security and organised crime threats.
You’ve probably been reading this blog long enough to know how the sausage gets made. These asks, which go well beyond the hair-splitting legal minutiae of the summer consultation and of the independent review, were asks thrown in by the authoritarian wing of the Home Office, who are obviously still enraged that they failed to regulate the entire open internet around Meta via the Online Safety Act.
And let’s state the obvious here: that’s what this is bill about.
You would think that they’d have learned their lesson from spending six years crafting world-leadingly bad legislation around the obsession with getting one company, its suite of products, and its executive leadership (which just happens to include their former political enemy number one).
But this is Conservative digital policymaking we’re talking about. It learns nothing from its mistakes.
So without knowing the contents, one thing’s for sure: the sharpest minds on these issues across law, policy, tech, and digital rights need to saddle up for yet another year of going into government meetings, in good faith, with notes prepared and talking points honed, so that they can be shouted at for 58 minutes about Meta, and leave with nothing accomplished.
Plus ça change.
And while everyone obviously needs to show up for this Bill, and yes that includes the people who don’t show up for anything because “politics”, it’s also worth remembering the actual politics of the thing.
First, we will be having a general election no later than January 2025, one which is going to wipe the Conservatives into the third party. That’s why the King’s Speech was so strikingly meh: it’s all tinkering and technocracy to fill twelve months of time, as opposed to the post-EU revolutionary bombast we’ve seen in recent years. And while the public knows full well that the Conservatives are openly shitting the bed on their way out, knowing it will be someone else’s responsibility to change the sheets, they’re not dumb. And certainly not about a bill like this.
Second, while the Home Office has been a rogue outfit for a long time, it’s currently headed by a racist lunatic who, by all accounts from the Westminster gossip chain, is deliberately trolling the town so that she can get sacked so that she can work up her leadership challenge to Rishi Sunak. (Yes, there are people who dream of a Braverman-led UK and a Trump-led US. They work hard. They’re working right now.) And what better way to gum up the works for your political rival, who’s riding high on the global AI summit he led last week, than by introducing a law that would make it impossible for anyone anywhere to do any tech of any kind?
By the way, if you think it isn’t possible for the integrity of the open internet to fall victim, via bad legislation, to backstabbing Tory power grabs, what do you think I’ve been working on since 2016? Like I said. This garbage is what the sharpest tech policy minds in the UK have been dealing with for seven years. Not the work they were born to do.
So while we wait for the IP(A)A to be published, let’s all read up, form up, strategise, and get this right, so that what’s good about the IP(A)A gets sorted and what’s bad about the IP(A)A gets put in the bin. Quickly, cleanly, and definitively.
Look on the bright side: you’ve just had six years of practice.
Update from the next day
The draft bill was published and had its first reading yesterday. This is moving fast (although admittedly dealing with one bill for nearly five years may have warped my perception of legislative speed).
You can access all the documents here:
- Bill: https://bills.parliament.uk/publications/52904/documents/3976
- Explanatory notes: https://bills.parliament.uk/publications/52906/documents/3980
- Page: https://bills.parliament.uk/bills/3508
- RSS: https://bills.parliament.uk/rss/bills/3508.rss
- Government factsheets: https://gov.uk/government/publications/investigatory-powers-amendment-bill-factsheets
- (Added 22 November) UK Gov response to the summer consultation, which is, as they say, “problematic”
- (Added 22 November) Big Brother Watch’s briefing for the Lords, which is an essential read
- (Added 22 November) Commons library briefing for the Lords
- (Added 22 November) Hansard transcript of second reading in the Lords on 20 November)
While I have to work on the other equally important thing this week, Neil Brown has already given the draft bill a quick skim. Remember that he is a lawyer, but not your lawyer. Based on my read of his quick skim (I know, I know), I see another long amendment/horse-trading/ping-pong game ahead, as we all endured with the other thing.
It’s also important to understand this: as I wrote, there’s been bad stuff slapped on top of the good stuff, likely without the knowledge of the author of the good stuff.
The second reading is on the 20th of November, 11 days from now.