The bill passed its first reading by 266 votes in the House of Commons after Labour and the SNP abstained, rather than voting against, in a vote on Tuesday.
WHAT IS THE BILL?
It is an update of existing laws governing the interception of communications. The new bill requires web and phone companies to store records of websites visited by every citizen for 12 months for access by police, security services and other public bodies. It also explicitly states, for the first time, the extent to which the security services have powers for the bulk collection of large volumes of personal communications data such as emails or text messages.
WHY IS IT BEING INTRODUCED?
The security services believe new powers are needed in recognition of the fact so much communication is now done online and across new platforms. MI5, the police and GCHQ have previously warned their ability to track potentially dangerous criminals and terrorists would be hampered if new laws were not passed.
READ MORE: The security risks of the Cyber Age
WHAT ABOUT INDIVIDUAL PRIVACY?
Home secretary Theresa May said privacy was “hard-wired” into the bill. She told MPs: “We are not talking about looking at people’s web browsing history, we are just talking about that initial point of contact.
“It strictly limits the public authorities that can use investigatory powers, imposes high thresholds for the use of the most intrusive powers, and sets out in more detail than ever before the safeguards that apply to material obtained under those powers.”
WHAT DO EXPERTS SAY?
Bill Buchanan, professor of computing at Napier University and an authority on cyber security, said that many of the bills provisions could already be circumvented. “There are many technical issues involved with the bill,” he said. “One of the most basic ones is that increasingly users are using encryption tunnels, such as for HTTPs, and it will be almost impossible to determine any information that is being requested and accessed.
“Anyone who seriously wants to hide data will use data encryption at its source, and will not even need to use a tunnelled network. The technical challenge involved in this is trivial, and there are a wide range of tools and services around which will provide easy methods of source encryption.”
WHAT DO INTERNET PROVIDERS THINK?
A spokesman for the Internet Service Providers Association said: “Even our members are not yet fully clear about what the bill will mean for them. It is vital that parliament is provided with a sufficient amount of time to scrutinise the bill.”
WHAT DO OPPOSITION PARTIES SAY?
SNP MP Joanna Cherry QC agreed existing laws needed “a thorough overhaul” and welcomed the attempt to consolidate a number of statutes.
But she branded the bill a rushed job. “In recent weeks three parliamentary committees expressed serious misgivings about many aspects of the draft bill and made extensive recommendations for revisal,” she said.
“The powers to retain internet connection records and bulk powers go beyond what is currently authorised in other western democracies and thus could set a dangerous precedent and a bad example internationally.
“The only other western democracy, which has authorised the retention of material similar to internet connection records, is Denmark and they subsequently abandoned their experiment having found it did not yield any significant benefits for law enforcement.”