Web surveillance plans need more clarity around encryption, government told

The Joint Select Committee adds to criticism of the UK government's web snooping plans.
Written by Steve Ranger, Global News Director
password encryption

Parliamentary committee says government should make it clear that accessing data with a warrant will not require encryption keys to be compromised.

Image: Shutterstock

The government's web snooping plans have come in for yet more criticism, this time for lacking clarity around its stance on encryption and plans to record everyone's web surfing history for a year.

Lord Murphy of Torfaen, chairman of a parliamentary committee that has just published a report looking at the proposed Investigatory Powers Bill, said that "the Home Office has a significant amount of further work to do before Parliament can be confident that the provisions have been fully thought through".

He said that while the Joint Select Committee saw the potential value of proposals for communications service providers to create and store users' internet connection records, the cost and other practical implications are still being worked out. Lord Murphy added: "In a number of areas the definitions used in the Bill will be important, and we have asked the Home Office to do more to address these."

This is the latest blow for the government's planned law to update the powers of police and spies for the internet age. The Prime Minister has described the draft legislation as being the most important in the current session of parliament: critics have warned that it extends the power of the state too far. Earlier this week another panel of MPs warned the new law had been rushed and lacked clear privacy protections.

In particular the Joint Select Committee said the government needed to provide greater clarity around encryption: the government should make it clear that its policy to seek access to communications and data when required by a warrant will not require encryption keys to be compromised or backdoors installed onto systems.

The government needs to make it explicit that companies offering end-to-end encrypted communication or other undecryptable communication services "will not be expected to provide decrypted copies of those communications if it is not practicable for them to do so", the committee said.

The committee also said that if the Bill is to include powers for police and spies to carry out large-scale hacking or comb through giant data sets -- so called 'bulk powers' -- then a fuller justification for each of them should also be published.

The case for recording the web browsing history of everyone for 12 months has not been proved, said the committee, which added that the government needs to work harder with industry in order to provide more robust information. It also recommended the formation of a panel to review the operation of the powers in the Bill five years after it is enacted.

Read more on web surveillance

Editorial standards