1984 just got a lot closer to reality.
By now you’ve probably heard of the Investigatory Powers Bill, aka Snooper’s Charter, recently passed in the UK that allows the government to spy on its own citizens. The bill requires Internet service providers and mobile phone companies to retain all data of peoples’ browsing histories, downloads, email correspondence, phone calls, and any other activity for up to 12 months. The UN’s privacy chief called the situation “worse than scary” and Edward Snowden stated it’s “the most extreme surveillance in the history of western democracy.”
The bill also legalized the UK’s global surveillance program, which scours and collects communications data from around the world. As a result, it’s likely that other countries will follow suit and pass similar surveillance laws in order to keep a closer eye on domestic and foreign people.
Takeaways of Snooper’s Charter Laws
ISP Records Stored For 12 Months
Internet providers will now store data logs of all websites visited by customers for up to 12 months. All they’re listing are the sites themselves, but not the pages. For example, they’ll list that you visited reddit.com, but not reddit.com/r/funny. The good news here is that they won’t be able to see what pictures you’ve looked at on Facebook, or that you’ve been creeping your ex on Instagram. The problem, though, is let’s say you click link on your Facebook wall directed to howtobuildbombs.com – that’s now on file for a year, and any government service would be able to see you visited that site.
One’s browsing history is highly personal and very revealing, particularly when accumulated over a period of a year. Someone could draw conclusions about your political preferences, sexuality, religion, financial situation, medical problems, and other details of your private life that could be potentially used against you.
Companies Must Decrypt on Command
The bill requires companies to decrypt any encrypted conversations if they are demanded to do so by the government. It’s not yet clear how they intend for companies to do this, and whether it forces companies to write code that’s easier to decrypt “just in case.” It’s likely that companies like Facebook will try to fight against such a law in court, but the implication is there – if the government wants your data, don’t expect third party companies to have your back.
Journalists Can Be Spied On
British intelligence agencies will have the ability to monitor journalists’ communications without any judicial approval, thanks to a loophole in the provision protecting journalists from arbitrary police spying. The law also makes it so journalists will not be aware when surveillance takes place.
Whistleblowers Will Be Punished
Any “unauthorized disclosure” by telecommunications employees of any details about government surveillance will lead to a 12-month jail term and fine. The idea appears to stifle leaks and deter whistleblowers.
Bulk Hacking & Surveillance Allowed
Intelligence agencies have the power to hack entire organizations and collect data in bulk without any clear guidelines on when it’s acceptable to do so, and without much supervision.
One of the biggest implications with these new laws is the potential for the government to monetize your information by selling it to third parties. As mentioned above, one’s browsing history can reveal a lot of personal details that can easily be capitalized on. Some believe it’s not a question of if the government will sell your data, but simply when.
Tied to this is the fact that this massive amount of data is readily available to over 50 different government agencies upon request. An ISP employee simply needs to stamp his approval for data release – no court order is needed.
Picture the following scenario:
You visit a health insurance provider to ask about coverage. He pulls up some information on you and denies you, citing the fact that you’d been visiting a lot of cancer-related websites in the past few months and are thus a liability to them.
It may seem far-fetched, but today lenders already have the ability to pull up information on your credit score, financial situation, and other personal details. It’s not unlikely that this could be the future of how agencies operate.
Another issue to keep in mind is how secure the government surveillance system will be. Anonymous hackers could potentially breach the system, and the fact that data can be accessed without a warrant means your online activity could be public knowledge. There’s the possibility that you could be blackmailed with that info in malicious hands.
How to Protect Yourself
If you live in the UK, here are some tips on what you should do to protect yourself and combat the Snoopers Charter. And even if you don’t live in the UK and aren’t affected, definitely consider doing the below anyway to get a leg up in advance of similar laws coming to effect in your country.
- Use a VPN. This is the most obvious and most beneficial thing to do to protect your privacy online. VPNs encrypt your traffic and prevent your ISP from detecting your Internet activity including the sites you visit. Choose one that’s hosted outside of the Five Eyes jurisdiction (Australia, Canada, New Zealand, UK, US) and doesn’t keep customer logs: we suggest NordVPN or BlackVPN.
- Delete your social media accounts. If you’re serious about limiting what the government knows about you, it would be beneficial to delete any social media accounts you have such as Facebook, Twitter, reddit, etc. These are all services the government can demand data from and held against you.
- Use Tor. Not as convenient as VPNs because of the slower speeds, but the benefit of using Tor is that you hide your true IP address even from your VPN. For the safest option, combine Tor and your VPN.
- Use a privacy-focused email provider. Ditch the Gmail/Hotmail address and switch to a privacy-focused mail service. Posteo, Blur/DNT, Mailsac, Fastmail
- Secure your operating system. Windows 10 is believed to be one of the least secure operating systems. Switch to OSX or Linux if you are able to. For maximum security, try Tails or Qubes.
- Stop using SMS. Your mobile data company will have logs of all communications. WhatsApp has end-to-end encryption but is owned by Facebook, which would be obligated to hand over metadata. Try Signal.
- Use a password manager. This is more of an overall way to improve your online security, but still applies. Have randomly-generated, complex and unique passwords for every online account. Use LastPass or KeePass.
- Install HTTPS Everywhere extension. This helps prevent your information from being cataloged and linked to you.
The Snooper’s Charter bill introduces some dangerous precedence, where surveillance of all citizens’ online activity is the norm and requires no judicial oversight. And it’s not as simple as “don’t be a criminal” – it’s likely your information will be used in a variety of ways that affect your day to day life.
It is clear that services like VPN and Tor will be even more important than ever in the fight to protect your privacy online. Time will tell what the exact implications and outcomes will be, but for now it’s in your best interest to take measures to secure yourself from prying eyes.