US tech firms call for changes in UK spy bill

Theresa May addressing MPs
Image caption A redrafted version of the Investigatory Powers Bill was debated in Parliament earlier this month

US tech companies have submitted new written evidence on the UK's Investigatory Powers Bill.

For the first time, Apple, Facebook, Google, Twitter, Microsoft and Yahoo have jointly set out their concerns over the bill.

They say they want more clarity on issues such as encryption, tougher safeguards and a better framework for demands from different countries.

The companies say they welcome the idea of placing powers into a single bill.

No back doors

The controversial Investigatory Powers Bill aims to update UK laws on how far police forces and intelligence agencies can go when collecting data on suspects.

It will force ISPs to store net browsing records for 12 months and authorise the bulk collection of personal data.

Earlier this month a redrafted version of the bill was debated in parliament where it is undergoing further scrutiny. The companies had already submitted evidence to a previous committee which looked at an earlier draft.

In their written response to the redrafted bill, the six firms say the UK legislation is particularly important because it is likely to set precedents which might be copied elsewhere.

"Important amendments are required to ensure the bill is worthy of emulation around the world and does not further exacerbate the challenges communications companies outside the UK face, while also protecting the user trust that is essential to the modern data-driven economy," say the companies in their joint statement.

The group says the redrafted bill has still not ruled out potential requests for back doors into encrypted communications.

In the US, Apple has been fighting the FBI in the courts over the issue of unlocking a specific device. However, the concern over the UK proposals are that they might be interpreted to require all systems to be built with a so-called "back door" which would provide law enforcement access on production of a warrant.

The government has said it does not intend the bill to change current practice which does not see such a demand as practicable.

Despite this assurance, the companies say they are worried about provisions in the bill that talk about "the removal of electronic protection where reasonably practicable".

They want the bill amended so that there is an explicit recognition that it will not be reasonably practicable to provide the content from communications protected with end-to-end encryption, rather than leave this to be established on a case-by-case basis.

They also argue that what the bill calls "Technical Capability Notices" might require such a back door to be built by a company. The firms argue that such notices should be authorised by a judge, as with other sensitive warrants.

Image copyright Thinkstock
Image caption The bill requires ISPs to retain data about browsing habits for 12 months

The companies do support using judges to approve decisions by ministers to issue warrants for intrusive surveillance.

They want this "double lock" to be applied to a broader set of powers that might see companies issued with demands and want the basis on which the judge makes their decision clearer and stronger in its safeguards.

On the bulk collection of data, the written response calls for the bill to be clear that safeguards should explicitly include so-called "minimisation" provisions - these ensure that only the necessary and proportionate amount of data is obtained, analysed and retained.

All other data, they say, should be destroyed. The companies say that, as a general rule, users should be informed when government seeks access to their account data. They say they accept it may be appropriate to delay this in some cases but the burden should then be on the government to demonstrate why.

The bill also establishes an ability to require companies to co-operate with UK warrants even if they are based outside the country. This has long been a worry for the tech firms because they fear they will be subject to a series of competing obligations from different countries.

The group also raises the fear that legislation in the UK and elsewhere could be used against their employees residing in any country that demands compliance.

They argue that rather than competing international claims, there should be an agreed cross-country framework between governments to deal with the issues. The UK has been looking into this with a study by Sir Nigel Sheinwald, former ambassador to Washington.

Related Topics

More on this story