The U.K. government has pushed through a new surveillance law to replace one a European Union court said interfered with fundamental privacy rights -- but, say civil rights campaigners, the new law is worse than the one it replaces.
The Data Retention and Investigatory Powers Act 2014, also known as DRIP, was fast-tracked by the U.K. government after European Union laws requiring communications providers to retain metadata were ruled invalid by the Court of Justice of the EU (CJEU) in April because they seriously interfered with fundamental privacy rights.
Under the EU's Data Retention Directive, communication service providers had to retain communications data for law enforcement purposes for periods of between six months and two years. The U.K. had transposed this directive into law and the ruling affected the secondary legislation.
On July 10 the U.K. government introduced an emergency bill to provide law enforcers and intelligence agencies access to telecommunications data to help them investigate criminal activity.
However, it's not just metadata that can be accessed under the new law: law enforcement officers can also now access the content of messages, even if they are held by companies outside the U.K.
"The Bill amends the Regulation of Investigatory Powers Act 2000 (RIPA) to put beyond doubt that requests for interception and communications data to overseas companies that are providing communications services within the U.K. are subject to the legislation," the U.K. government said. Access to message contents requires a warrant signed by a Secretary of State.
In the short time the bill was under discussion, it met criticism from several privacy and civil liberties groups, which also voiced their dismay when the bill passed Thursday.
U.K. based Privacy International for instance called it "shameful that a year since Edward Snowden revealed the scope of the U.K. mass surveillance activities, the only British parliamentary action in relation to surveillance has been to drastically expand the interception powers of intelligence agencies."
"The rushed nature with which the legislation was rammed through Parliament shows an utter disregard for the democratic process and the rule of law," it said, adding that rushing the process was a way to circumvent any genuine scrutiny of what is "a dramatic expansion in the British surveillance state."
Rather than clarifying existing surveillance law, it expands spying powers that not only affect British citizens but the entire world, Privacy International said.
"Under the Act, common internet services such as Google and Facebook can now be compelled to assist the British security services in achieving their surveillance aims, including by building backdoors into their own systems to allow for interception of communications," it said.
Meanwhile, the U.K.'s Open Rights Group (ORG) threatened legal action. "We're already meeting with lawyers and taking Counsel's advice to work out the best way to take the Government to court," its director Jim Killock said in a blog post.
The U.K. has international obligations, Killock said, pointing at the European Convention on Human Rights, the European Charter of Fundamental Rights and the U.K.'s own Human Rights Act that could be used to challenged the new law.
Moreover, the CJEU has stated that blanket data retention is unlawful, Killock said. "This means we have strong grounds to challenge the new legislation on the same basis," he said, calling on people to support the legal action by donating money.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.