Last updated

The Investigatory Powers Bill Is Junk

The UK Investigatory Powers Bill lacks a basic understanding of VPNs and should be thrown out.

Estimated reading time: 3 minutes

Table of contents

Back again

The Investigatory Powers bill is back and as a UK based Internet company we are very interested in seeing how this progresses.

In short it proposes the following:

12 Month History Retention

Taking the most contentious of these proposals the bill will require UK based ISPs to hold twelve months of history for customers and to allow agencies to request access to logs for specific periods. This will clearly increase overheads at ISPs that inevitably will be passed onto consumers.

Easily bypassed

The idea that requiring UK-based ISPs to maintain a list of ICRs (Internet Connection Records) giving agencies full visibility on UK Internet Activity is junk.

There are already VPN Companies offering products and workarounds to prevent traffic going through your ISP being loggable. This renders the bill irrelevant and for anyone with a modicum of technical experience getting and using a VPN outside of the UK is trivial and costs around $20 a month.

Jurisdiction over VPN providers

Because a user can easily connect and use a VPN service outside the UK the bill will have no jurisdiction over VPN providers outside of the UK. Because data will be passing through networks outside of the UK and will be encrypted the UK ISP provider will not be able to log ICRs for a user either.

Rushing through parliament

Theresa May seems hell-bent on pushing this bill through parliament before the EU Referendum campaign. It is a complex bill with deep implications for the UK Internet Industry and for Civil Liberties.

It is my opinion that this bill should be thrown out. Whether I agree with tracking ICRs or not this bill will not deliver on much of what it is trying to achive. I am not convinced that the authors of the report understand the fundamentals of the Internet well enough to realise that by using a VPN outside of the UK ISPs cannot record ICRs.

The bill is expected to be given a Commons second reading on 14 March and sent to the House of Lords before the end of April in order to get it on to the statute book before a 31 December deadline.

Although the Home Office claim the bill will be compliant with the European Convention of Human Rights a legal challenge looks likely if it is a passed.

Have an update or suggestion for this article? You can edit it here and send me a pull request.

Tags

Recent Posts