LONDON (Reuters) - The British government must make significant changes to a planned new surveillance law which would give authorities some of the most extensive monitoring capabilities in the West, a powerful committee of MPs said on Thursday.
Last November, Prime Minister David Cameron’s government announced plans for sweeping new powers which would force tech firms to store details of every website people visited for a year as well as spelling out the ability of spies to collect bulk data and hack into individuals’ computers and smartphones.
MPs examining the Draft Investigatory Powers Bill said they supported its aims in principle but made 86 recommendations for change.
“We think part of it is flawed and part of it needs to be looked at in greater detail,” Paul Murphy, the committee chairman, told reporters.
Earlier this week another parliamentary committee, which oversees intelligence and security, also called for more work on the bill, saying it did not sufficiently safeguard privacy and gave spies more powers than they need.
Western governments have been grappling with how to maintain the powers of spies and police in the digital age while addressing concerns about mass surveillance raised by leaks from former U.S. intelligence contractor Edward Snowden in 2013.
A previous British bill, dubbed the “snoopers’ charter”, was ditched amid widespread opposition.
Ministers and intelligence chiefs say current surveillance laws are outdated, leaving the police and spies unable to keep up with technology used by terrorists and serious criminals.
One of the most controversial aspects of the new bill is the requirement for internet service providers to store all “internet connection records” (ICRs) for a year, allowing the authorities to find out which websites people have visited, though not the specific pages or their full browsing history.
However, the committee said the practicality, cost and security of storing all this data required more work.
Tech firms have also expressed concern about the bill’s implications for encrypted services.
The government and spy chiefs say there should be no dark spaces on the internet beyond their reach, but companies say forcing them to provide “backdoors” or to break their encryption services would weaken their own security measures.
The report said firms offering end-to-end encrypted communication should not have to provide access or decrypted copies to the authorities.
“Everyone in the UK — in fact, everyone around the world, given the global extent of many of the powers the UK government would have under the bill — needs to be worried about this legislation,” said Sarah St.Vincent from the Center for Democracy & Technology, a Washington-based group advocating internet freedom.
editing by Gareth Jones