(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


Are we doing this again? Yes, we’re doing this again. – Hi, I'm Heather Burns

2023-11-08 00:00:00

Yesterday I was rudely summoned away from a beautiful autumn day of wild foraging by The King.

Specifically, I was given a heads-up about one of the bills which would be in yesterday’s King’s Speech – the first of the King’s reign, and the first and only one of Rishi Sunak’s time in office.

The bill in question is the Investigatory Powers (Amendment) Bill, the outcome of a consultation held over the summer, which I obviously missed being out of work. (Neil Brown did not miss one word from his tech lawyer perspective, and TechUK were equally diligent from the service provider perspective.) There was also an independent review which requires prior knowledge of the IPA.

The problem is that aside from the rather legalistic topics dealt with in the summer consultation and independent review, some of which do indeed have merit, the politicians have stepped in.

What we learned yesterday is that the Bill aims to

Force technology companies to inform the Home Office in advance of security and privacy features they want to add, including encryption, and force them to disable features which the government objects to;

Increase the power of the Home Office to force non-UK companies to comply with changes it wants them to make to security features without the right to appeal; and

Require companies to comply with a notice before any requested review is completed, depriving companies of the opportunity to seek a review of the appropriateness of notices before being obliged to follow them.

The adoring public was not impressed.

And yes, this all dovetails with the Online Safety Act, in ways I will make no attempt to parse out over morning coffee.

The official speech souvenir handout noted how these asks will be framed:

Make changes to the bulk personal dataset regime to ensure the UK’s intelligence agencies can more effectively make use of less sensitive data, which is already widely available to the public, subject to appropriate safeguards

Expand the oversight regime to support the Investigatory Powers Commissioner to effectively carry out their role, including putting a number of their functions on a statutory basis. This will maintain the robust, transparent, and world-leading safeguards in the regime.

Reform the notices regime, to help the UK anticipate the risk to public safety posed by the rolling out of technology by multinational companies that precludes lawful access to data. This will reduce the risk of the most serious offences such as child sexual exploitation and abuse or terrorism

Update the conditions for use of Internet Connections Records to ensure that these can be used effectively to detect the most serious types of criminal activity and national security threats, underpinned by a robust independent oversight regime

Increase the resilience of the warrantry authorisation processes to ensure the security and intelligence agencies, as well as the National Crime Agency, can always get lawful access to information in a timely way so that they can respond to the most serious national security and organised crime threats.

You’ve probably been reading this blog long enough to know how the sausage gets made. These asks, which go well beyond the hair-splitting legal minutiae of the summer consultation and of the independent review, were asks thrown in by the authoritarian wing of the Home Office, who are obviously still enraged that they failed to regulate the entire open internet around Meta via the Online Safety Act.

And let’s state the obvious here: that’s what this is bill about.

While we don’t know what is actually in the bill, as it doesn’t exist yet, it’s already clear that this is the latest salvo in government’s Meta Vendetta.

You would think that they’d have learned their lesson from spending six years crafting world-leadingly bad legislation around the obsession with getting one company, its suite of products, and its executive leadership (which just happens to include their former political enemy number one).

But this is Conservative digital policymaking we’re talking about. It learns nothing from its mistakes.

So without knowing the contents, one thing’s for sure: the sharpest minds on these issues across law, policy, tech, and digital rights need to saddle up for yet another year of going into government meetings, in good faith, with notes prepared and talking points honed, so that they can be shouted at for 58 minutes about Meta, and leave with nothing accomplished.

Plus ça change.

And while everyone obviously needs to show up for this Bill, and yes that includes the people who don’t show up for anything because “politics”, it’s also worth remembering the actual politics of the thing.

First, we will be having a general election no later than January 2025, one which is going to wipe the Conservatives into the third party. That’s why the King’s Speech was so strikingly meh: it’s all tinkering and technocracy to fill twelve months of time, as opposed to the post-EU revolutionary bombast we’ve seen in recent years. And while the public knows full well that the Conservatives are openly shitting the bed on their way out, knowing it will be someone else’s responsibility to change the sheets, they’re not dumb. And certainly not about a bill like this.

Second, while the Home Office has been a rogue outfit for a long time, it’s currently headed by a racist lunatic who, by all accounts from the Westminster gossip chain, is deliberately trolling the town so that she can get sacked so that she can work up her leadership challenge to Rishi Sunak. (Yes, there are people who dream of a Braverman-led UK and a Trump-led US. They work hard. They’re working right now.) And what better way to gum up the works for your political rival, who’s riding high on the global AI summit he led last week, than by introducing a law that would make it impossible for anyone anywhere to do any tech of any kind?

By the way, if you think it isn’t possible for the integrity of the open internet to fall victim, via bad legislation, to backstabbing Tory power grabs, what do you think I’ve been working on since 2016? Like I said. This garbage is what the sharpest tech policy minds in the UK have been dealing with for seven years. Not the work they were born to do.

So while we wait for the IP(A)A to be published, let’s all read up, form up, strategise, and get this right, so that what’s good about the IP(A)A gets sorted and what’s bad about the IP(A)A gets put in the bin. Quickly, cleanly, and definitively.

Look on the bright side: you’ve just had six years of practice.

An aside because fuck yeah I am going there: the IPA and IPCO were one of four disparate policy portfolios I held in my brief stint in a digital rights organisation, on a salary of £28k per year, a salary which in the end they could not sustain for an entire year. Imagine getting up to speed with all of that, above, back to front, including building a relationship with IPCO all for nothing, on a few hours a month, for net pay of less than £500 pcm for that work, in a work environment which was, as they say, suboptimal. It is well past time to have the ugly conversation about how the resourcing and leadership of UK digital rights organisations is failing to contribute to the solution and, indeed, is now becoming part of the problem.
[END]

[1] URL: https://webdevlaw.uk/2023/11/08/investigatory-powers-act-amendment-kings-speech/
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.