On Wednesday, the Draft Investigatory Powers Bill was released. In terms of the media recently, the main point which newspapers such as The Guardian and The Daily Mail seem to be focussing on is how Internet Service Providers (ISPs) will have to store the last 12 months’ browsing history of all its customers. But with all that mass data, how can it be managed properly?
It was a question implied by a few newspapers, with the idea that if ISPs are storing all this data in one file or document, how safe would it be? The example referenced by some newspapers was the recent TalkTalk hack. As The Daily Mail says in an article from their Wednesday issue, a data leak on a mass scale – where customers’ 12-month browsing history is revealed – could cause catastrophic problems, including blackmail (take the Ashley Madison hack, for example).
Of course, surveillance is the main focus of the Bill, but if this goes ahead, questions about funding (staff to manage the data, security to protect the data) needs to be asked as well.
If there’s one criticism I have about this aspect of the Bill, it’s that the state and ISPs seem to own and regulate most of the Internet. As discussed in my post about Digital Rights, there needs to be a more democratic way of creating digital rights – rights which are determined by the people, not the state.
The Bill also addresses the rule that state officials, police officers and so forth will be able to access certain data without the need for a warrant. Some members of the public would be quick to assume that this use of data without official judicial regulations is a breach of our privacy. However, as I touched on in previous debates (here and here), we once again have to consider how much we volunteer this information or agree to it in the social network or ISP’s terms and conditions. It is essentially a compromise between us and these services, it’s just that it is only now that this aspect of Internet user rights – normally buried within lengthy T&Cs – is brought to our attention. So for that reason, to argue that this is a breach of our privacy is not entirely true, and it’s one aspect of the Bill which people shouldn’t worry about. One aspect of the Bill that the public should be concerned about is how mass data can be stored securely.
What do you think? Comment below!