The UK governemnt has expanded powers in its so-called ‘Snooper’s Charter’, letting police access everyone’s web browsing histories and to hack into phones.
The revamped spying laws will let police access internet records and hack into suspects’ smartphones and computers.
The bill could also require companies like Apple to decrypt users’ private data.
According to one example in the document, GCHQ could use bulk equipment interference to penetrate entire “software packages”, used by innocent members of the public, as well as terrorists. In another example, intelligence agencies might hack into all the devices in “a major town”.
The bill is designed to provide the first comprehensive legal framework for state surveillance powers anywhere in the world.
It has been developed in response to the disclosure of state mass surveillance programmes by the whistleblower Edward Snowden. The government hopes it will win the backing of MPs by the summer and by the House of Lords this autumn.
Under the updated bill, law enforcement bodies will be able to access people’s internet history – stored for a year – “for the purposes of preventing or detecting crime” and for “assessing or collecting any tax”, without a warrant.
Public authorities including HMRC, the Department for Work and Pensions and the Health and Safety Executive will also be able to access this communications data.
Law enforcement agencies will also be given more powers to hack into people’s phones, known as equipment interference.
In addition to detecting crime, equipment interference may also be used by law enforcement for “threat to life” situations.
This equipment interference must be a warrant signed by a law enforcement chief and a judicial commissioner.
These changes could lead to more privacy compplaints, and signal a standoff between the government and technology sector.
The bill could also require companies like Apple to decrypt users’ private data. Companies could be asked to remove the encryption they provide if it is “practicable” to do so, despite the government saying it is “not asking companies to weaken their security by undermining encryption”.
The updated bill introduces more privacy safeguards, increasing protections for lawyers and requiring judicial permission to identify a journalist’s source.
The bill is also accompanied by a new operational case for bulk powers, setting out why the government believes security and intelligence agencies require existing powers to monitor data on a huge scale.
Bulk equipment interference must be authorised by a warrant and can only be used against overseas targets.