UK IP Bill is a threat to privacy, security, and trust online

The British Government has proposed legislation that would expand the surveillance capabilities of law enforcement and intelligence agencies. The draft omnibus Investigatory Powers Bill purports to modernise and update surveillance law to create a regime that is “fit for the digital age.” But as written, the law would undermine the technological and legal design framework that protects the continued vitality of the Open Internet. It represents a serious threat to open source software, online commerce, and user privacy, security, and trust.

The draft IP bill proposes a broad and dangerous set of surveillance mandates and authorities that threaten privacy and security online. Keeping Internet users safe does not have to cost them their privacy, nor the integrity of communications infrastructure.

As a registered UK company, and as a global community whose mission is to promote openness, innovation, and opportunity on the Web, we shared our concerns with the UK government by submitting commentary to the Science & Technology Committee of the House of Commons on November 27.

Our submission identified 5 serious, non-exhaustive concerns we wish to highlight in the bill:

Weakening security: Requirements to undermine encryption that pose a severe threat to trust online and to the effectiveness of the Internet as an engine for our economy and society;
Tampering with devices: Bulk equipment interference authorities that could be used to violate the integrity of our products and harm our relationship with our users;
Secrecy: Limitations on disclosure that impact our open philosophy and in practice are unworkable for an open source company;
Legalising mass surveillance: Bulk interception capabilities that would compromise the privacy of communications; and
Data retention: data retention mandates that create unnecessary risk for businesses and users.

Find Mozilla’s full submission to the Science & Technology Committee here.

So what’s the alternative?

Government collection and retention of user data impact trust and openness online. This makes it critical to have a clear and public understanding of the means and limits of surveillance activities – a set of surveillance rules of the road.

The following three principles, derived from the Mozilla Manifesto, attempt to identify those means and limits. They offer a “Mozilla way of thinking” about the complex landscape of government surveillance and law enforcement access. We do not propose a comprehensive list of good or bad government practices, but rather describe the kinds of activities in this space that would protect the underpinnings and integrity of the Web.

User Security: Mozilla Manifesto Principle #4 states “Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional.” Governments should act to bolster user security, not to weaken it. Strong and reliable encryption is a key tool in improving user security. Security and privacy go hand-in-hand; you cannot have one without the other.
Minimal Impact: Mozilla Manifesto Principle #2 states that the Internet is a global public resource. Government surveillance decisions should take into account global implications for trust and security online by focusing activities on those with minimal impact.
Transparency and Accountability: Mozilla Manifesto Principle #8 calls for transparent community-based accountability as the basis for user trust. Because surveillance activities generally are (and inherently must be, to some degree) conducted in secret, independent oversight bodies must be effectively empowered and must communicate with and on behalf of the public to ensure democratic accountability.

Next Steps

Comprehensive reform of this bill will be necessary in order to protect online commerce and the security and privacy of users. Mozilla will continue to follow the process closely, including submitting additional evidence to the Committees in charge of scrutinising the bill.

Currently, the Joint Committee on Human Rights is accepting submissions from stakeholders until 7 December. The main committee to analyse the bill – the Joint Committee on the Investigatory Powers Bill – has also recently announced that it will receive written evidence until 21 December. The committee will then report its findings by 11 February 2016.

As a global community of developers and engineers, Mozilla prides itself on providing secure and open products and services to our users. In our view, the draft Investigatory Powers bill is a missed opportunity to set a strong global standard in reforming surveillance powers, and a harmful step backward for the interests of Internet users and the Internet economy.

At this critical time, it is important that the UK government set a strong standard anchored in the values of privacy and security. We strongly advise the committees to carefully weigh the intended objectives with the consequences for the continued success of UK businesses and the security of users.

Now is the time to contact your representatives in the Committees and make your voice heard. You can learn more and take action through a campaign platform launched by a civil society coalition of UK and international organisations, dontspyonus.co.uk.

Open Policy & Advocacy

UK IP Bill is a threat to privacy, security, and trust online

So what’s the alternative?

Next Steps

Work Gets Underway on a New Federal Privacy Proposal

Mozilla Weighs in on State Comprehensive Privacy Proposals

Mozilla’s Comments to FCC: Net Neutrality Essential for Competition, Innovation, Privacy

Global Privacy Control Empowers Individuals to Limit Privacy-Invasive Tracking

Mozilla applauds CFPB for taking on the Data Broker Ecosystem

Mozilla Mornings: Choice or Illusion? Tackling Harmful Design Practices

Mozilla Asks US Supreme Court to Support Responsible Content Moderation

The Revival We Need: The FCC Takes On Net Neutrality

Mozilla Meetups – Code to Conduct in AI: Open Source, Privacy, and More

Mozilla Meetups with CDT: Talking Tech Transparency

Continuing to Protect our Users in Kazakhstan

Continuing to Protect our Users in Kazakhstan

It’s time for the G20’s first digital agenda

Mozilla provides feedback to ACM’s DSA Guidelines

Global Network Fee Proposals are Troubling. Here are Three Paths Forward.

Mozilla Mornings on addressing online harms through advertising transparency

The EU’s Current Approach to QWACs (Qualified Website Authentication Certificates) will Undermine Security on the Open Web

Mozilla files comments with the European Commission on safeguarding democracy in the digital age

Mozilla applauds CFPB for taking on the Data Broker Ecosystem

Mozilla Weighs in on Accountability Legislation: Public policies like PATA can help to keep the Internet in the public’s best interest.

Open Fibre Data Standard: Understanding the True Extent of the Internet

Mozilla Meetups: The Building Blocks of a Trusted Internet

The FTC and DOJ merger guidelines review is an opportunity to reset competition enforcement in digital markets

Mozilla submits comments to the California Privacy Protection Agency

European Parliament’s version of the CRA threatens cybersecurity and open source development

Mozilla weighs in on the EU Cyber Resilience Act

Enhancing trust and security on the internet – browsers are the first line of defence

Working in the open: Enhancing privacy and security in the DNS

The Van Buren decision is a strong step forward for public interest research online