4 November 2015, UK Home Office: Draft Investigatory Powers Bill (PDF)
Theresa May unveils UK surveillance measures in wake of Snowden claims
* Spy agencies free to track everyone's internet use without warrant
* UK governments have signed secret orders on data collection for years
* Snowden says bill is most intrusive surveillance regime in the west
Alan Travis Patrick Wintour and Ewen MacAskill
4 November 2015
New surveillance powers will be given to the police and security services, allowing them to access records tracking every UK citizen's use of the internet without any judicial check, under the provisions of the draft investigatory powers bill  unveiled by Theresa May.
It includes new powers requiring internet and phone companies to keep "internet connection records" -- tracking every website visited but not every page -- for a maximum of 12 months but will not require a warrant for the police, security services or other bodies to access the data. Local authorities will be banned from accessing internet records.
The proposed legislation will also introduce a "double-lock" on the ministerial approval of interception warrants with a new panel of seven judicial commissioners -- probably retired judges -- given a veto before they can come into force.
But the details of the bill make clear that this new safeguard for the most intrusive powers to spy on the content of people's conversations and messages will not apply in "urgent cases" -- defined as up to five days -- where judicial approval is not possible.
The draft investigatory powers bill published on Wednesday by the home secretary aims to provide a "comprehensive and comprehensible" overhaul of Britain's fragmented surveillance laws. It comes two-and-a-half years after the disclosures by the whistleblower Edward Snowden  of the scale of secret mass surveillance of the global traffic in confidential personal data carried out by Britain's GCHQ and the US's National Security Agency (NSA).
It will replace the current system of three separate commissioners with a senior judge as a single investigatory powers commissioner.
May told MPs that the introduction of the most controversial power -- the storage of everyone's internet connection records tracking the websites they have visited, which is banned as too intrusive in the US and every European country including Britain -- was "simply the modern equivalent of an itemised phone bill".
Snowden, however, took a different view:
-- Edward Snowden (@Snowden)
November 4, 2015
By my read, #SnoopersCharter legitimizes mass surveillance. It is the most intrusive and least accountable surveillance regime in the West. 
-- Edward Snowden (@Snowden)
November 4, 2015
#SnoopersCharter does not require individualized judicial authorization in advance of *interception*. Such a dragnet is mass surveillance. 
May's recommendations were broadly welcomed by the shadow home secretary, Andy Burnham, but received a more cautious welcome from the former Conservative shadow home secretary David Davis, the former shadow home secretary Yvette Cooper and Nick Clegg, the former deputy prime minister.
Some former ministers pressed May on the nature of the double-lock, whereby a warrant could be issued first by the home secretary and then endorsed by a specially appointed judge. They also asked whether some warrants could be issued by the home secretary outside this dual-lock process.
Burnham said it was important to stress the proposals were "neither a snooper's charter nor a plan for mass surveillance". The Labour frontbencher said the UK's laws were outdated given that changes in technology had made the jobs of the security services and police much harder.
Burnham said: "In a world where the threats we face internationally and domestically are growing, parliament cannot sit on its hands and leave blind spots where the authorities can't see."
He said strong powers must be balanced by strong protections for the public, adding: "What the home secretary has said today, it seems clear to me both she and the government have been listening carefully to the concerns that were expressed about the original legislation presented in the last parliament."
Burnham added: "I think it would help the future conduct of this important public debate if this House sent out a unified message today that this is neither a snooper's charter nor a plan for mass surveillance."
Davis questioned whether the new warrant process would cover all the current mechanisms for the intercept and use of communications data. He also questioned the independence of the judiciary, asking if they would be appointed by the prime minister or by the Judicial Appointments Commission.
Clegg, who in government blocked previous attempts to give spies sweeping new powers, was cautious, saying the proposals were much improved compared with the snooper's charter. But he warned: "I have a feeling under the bonnet it still retains some of the flaws of its predecessor."
The Lib Dem MP suggested it might be simpler and faster to provide for direct judicial authorisation, rather than retaining a role for ministers. He also queried why it was necessary to hold so much internet browsing data.
The draft bill explicitly includes in statute for the first time powers for the bulk collection of large volumes of communications and other personal data by MI5, GCHQ, MI6 and for their use of "equipment interference powers" -- the ability to hack computers and phones around the world -- for purposes of national security, serious crime and economic wellbeing.
UK has secretly collected data in bulk since 2001
In her statement, May also revealed for the first time that successive governments since 2001 have issued secret directions to internet and phone companies to hand over the communications data of British citizens in bulk to the security services.
She said these secret "directions" had allowed the security services to thwart a number of attacks in Britain, including the plot to attack the London Stock Exchange in 2010.
May revealed that the use of these powers -- which show that GCHQ was also engaged in mass surveillance programmes on British citizens using their communications data -- under the 1984 Telecommunications Act will be put on a more explicit footing in the new legislation and be subject to the same safeguards as other bulk powers.
Home Office estimates put the extra costs of storing internet connection records and the new judicial oversight regime at (GBP)245m to (GBP)250m over 10 years after the legislation comes into force in December next year. This includes (GBP)175m for the cost of storing everyone's internet records and (GBP)60m for the extra judicial oversight.
Welcoming the bill as a decisive moment in updating Britain's surveillance laws, May said: "There should be no area of cyberspace which is a haven for those who seek to harm us to plot, poison minds and peddle hatred under the radar.
"But I am also clear that the exercise and scope of investigatory powers should be clearly set out and subject to stringent safeguards and robust oversight, including 'double-lock' authorisation for the most intrusive capabilities. This bill will establish world-leading oversight to govern an investigatory powers regime which is more open and transparent than anywhere else in the world."
She said it could not be used to determine whether somebody had visited a mental health website or even a news website but only for the purpose of finding out whether they had visited a communications website, such as WhatsApp, an illegal website or to link their device to a specific website as part of a specific investigation.
But the detail of the bill makes clear that the authorisation arrangements for internet connection records will remain exactly the same as the current 517,000 requests for communications data made last year. These requests are made without any kind of warrant and signed off by either a police inspector or superintendent depending on the kind of data.
Jim Killock, the executive director of the privacy campaigning body Open Rights Group, sees the draft bill as an attempt to secure even more intrusive powers. "At first glance, it appears that this bill is an attempt to grab even more intrusive surveillance powers and does not do enough to restrain the bulk collection of our personal data by the secret services," he said.
"It proposes an increase in the blanket retention of our personal communications data, giving the police the power to access web logs. It also gives the state intrusive hacking powers that can carry risks for everyone's internet security."
A Microsoft spokesperson tentatively welcomed the bill while adding caveats about private data and protection for customers, saying: "We appreciate the government's willingness to engage in an open debate about these important issues, and as this process unfolds, we will work to ensure that legislation respects these principles and protects the privacy of our customers."
GCHQ in Cheltenham. Photograph: Barry Batchelor/PA