Expressing techUK members’ concerns regarding the Investigatory Powers (Amendment) Bill
techUK sent a letter on 18 December 2023 to the Secretary of State for the Home Department The Rt Hon James Cleverly MP, expressing the concerns of our members relating to the Investigatory Powers (Amendment) Bill.
You can download the letter directly here, or read below.
Dear Secretary of State,
I am writing on behalf of techUK members to express our concerns regarding the proposed changes to the 2016 Investigatory Powers Act, as outlined in the Investigatory Powers (Amendment) Bill.
The government has stated that the changes set out in the Bill seek “to protect the existing capabilities that keep our citizens safe.”1 techUK and our members support the legitimate aims of enabling investigatory powers that are necessary and proportionate to keep citizens safe. However, we are of the view that the proposed changes will exacerbate conflicts of law, may hinder technological advancements aimed at improving consumer privacy, integrity and security, and, if emulated by other countries, could negatively impact UK businesses investing overseas. Taken as a whole, they risk making the UK less attractive for investment, thus contradicting the essence of the Prime Minister’s plan for a world-leading tech ecosystem. Our primary concerns revolve around the proposed updates to the notices regime.
- Scope of new powers
The Bill aims to expand the scope of the legislation by amending the definition of telecommunications operator to encompass additional persons/companies involved in the provision of telecommunications services into the UK - including when they control or provide a telecommunication system located outside the UK.
The expansion of the government’s authority to hold one entity liable for the actions of another, without considering existing global legal frameworks, raises concerns about the potential overreach and conflicts of law. This unprecedented power could allow the UK government to require foreign companies to take actions that might conflict with their own national laws, placing private companies in an untenable position of having to decide which country’s law to comply with.
This marks a departure in the way the UK approaches the extraterritorial reach of UK law and consequential conflicts of law. While the Government recognised the extraterritorial reach and conflicts of laws created by the data acquisition powers in the 2016 Act, it also identified a partial solution in the form of the UK-US Agreement. However, the Government proposes to further expand the reach of UK law via this Bill with respect to the notice regime but without plans to work towards equivalent solutions, either with the US or, as importantly, other jurisdictions. Overseas operators serving the UK market therefore face renewed legal risk which they cannot mitigate, including from an explicit but vague enforcement mechanism. It is important to recognise that any changes made by the UK will be scrutinised by other governments. It is therefore imperative to assess the potential implications for the UK.
Overall, we are concerned that the proposed changes to the notices regime will make the UK a less attractive place to provide technology services, ultimately disadvantaging consumers.
Therefore, we would welcome greater clarity on how the proposed notice regime will operate in practice alongside potential conflicts arising from extraterritorial reach and enforcement. Specifically, we call for mitigations for operators caught in irreconcilable conflicts of law. For instance, recognising conflict of law as a valid defence against enforcement should be introduced into the Bill.
- Product Notification notices: Effects on online privacy and security
Clause 20 introduces a Notifications Notice, requiring operators who are issued with such a notice to notify the Home Office of plans to make product or system changes to a yet-to-be-defined list of services that will be private and unique to each company.
We acknowledge that the Government has stated that the Bill contains no new, specific power to block the introduction of new products or features; however, used in combination with the new power to order the maintenance of the status quo during any TCN referral process, these changes would in effect grant a de facto power to indefinitely veto companies from making changes to their products and services offered in the UK.
techUK members are of the view that this will create a disincentive for companies to provide their services in the UK by constraining the nature and timing of product developments and launches in the UK market, potentially restricting what features are available to UK users.
Crucially, these amendments could impede the ability of techUK members to take immediate action to protect users from active security threats, to innovate, and enhance their services for their users. Instead of focusing on improving user privacy and security, firms’ attention would have to be diverted towards fulfilling the surveillance needs of the government. This is of particular concern in the world where threats to users’ data security continue to grow.
Therefore, we are of the view that the proposed reforms raise concerns about their potential to undermine the delicate balance struck during the IPA 2016 passage between the legitimate aims of national security and public safety, and the privacy and security of the internet.
Finally, it is important to note that, if other countries were to adopt similar legislative changes, this could pose a threat to UK businesses investing overseas by creating an uneven playing field and hindering their ability to compete in international markets, potentially harming the UK economy.
For the reasons outlined above, the Home Office should reconsider its assertion that the burden posed by a "product notification" notice on the company in comparison is likely to be small, and there is no additional intrusion relating to privacy. We oppose the introduction of the Notifications Notices due to strong concerns it could grant the Home Office an unprecedented power to veto product and service changes offered in the UK.
- Parliamentary transparency and accountability
Despite these industry-wide concerns, the government has swiftly introduced the Bill and aims for a speedy passage through the Parliament. Our overarching concern is that the significance of the proposed changes to the notices regime are presented by the Home Office as minor adjustments and as such are being downplayed. Therefore, we stress the critical need for adequate time to thoroughly discuss these changes, highlighting that rigorous scrutiny is essential given the international precedent they will set and their very significant impacts. Additionally, we call for industry and Parliament to have early sight of the secondary regulations particularising part 4 of the Bill.
Attached to this letter I have included a more detailed briefing that sets out our key concerns and request the earliest possible opportunity for members to meet with you to discuss how we can work to improve this Bill.
Yours sincerely
Julian David
CEO
Julian David
Julian David
Julian David is the CEO of techUK, the leading technology trade association that aims to realise the positive outcomes that digital technology can achieve for people, society, the economy and the planet.
Julian led the transformation of techUK from its predecessor Intellect in 2014, putting an increased focus on the growth and jobs the technology industry offers in a global economy. He has since led its impressive expansion driving forward the tech agenda in key areas such as skills, innovation, business success and public sector transformation. He leads techUK’s 90-strong team representing a thousand British based tech companies, comprising global and national champions and 600 SMEs. In 2020, techUK joined forces with TechSkills, the employer-led organisation that aims to improve the flow of talent into the digital workforce and open up access for all to high value tech jobs.
Julian represents techUK on a number of external bodies including the Digital Economy Council, the National Cyber Security Advisory Council and the Department of Business and Trade’s Strategic Trade Advisory Group. He is member of the NTA Advisory Board of DIGITALEUROPE and is a member of the Board of the Health Innovation Network the South London Academic Health Science Network.
Julian has over thirty years of experience in the technology industry. Prior to joining techUK, he had a series of leadership roles at IBM including Vice President for Small and Medium Business and Public Sector. After leaving IBM he worked as a consultant helping tech SMEs establish successful operations in the U.K. His personal interests include Football (West Ham, Balham FC and Real Madrid) and Art.
- Email:
- [email protected]
- Twitter:
- @techUKCEO
Neil Ross
Neil Ross
As Associate Director for Policy Neil leads on techUK's public policy work in the UK. In this role he regularly engages with UK and Devolved Government Ministers, senior civil servants and members of the UK’s Parliaments aiming to make the UK the best place to start, scale and develop a tech business.
Neil joined techUK in 2019 to lead on techUK’s input into the UK-EU Brexit trade deal negotiations and economic policy. Alongside his role leading techUK's public policy work Neil also acts as a spokesperson for techUK often appearing in the media and providing evidence to a range of Parliamentary committees.
In 2023 Neil was listed by the Politico newspaper as one of the '20 people who matter in UK tech' and has regularly been cited as a key industry figure shaping UK tech policy.
- Email:
- [email protected]
- Twitter:
- @neil13r
- Website:
- www.techuk.org/
- LinkedIn:
- https://www.linkedin.com/in/neilross13/
Audre Verseckaite
Audre Verseckaite
Audre joined techUK in July 2023 as a Policy Manager for Data. Previously, she was a Policy Advisor in the Civil Service, where she worked on the Digital Markets, Competition and Consumers Bill at the Department for Science, Innovation and Technology, and at HM Treasury on designing COVID-19 support schemes and delivering the Financial Services and Markets Bill. Before that, Audre worked at a public relations consultancy, advising public and private sector clients on their communications, public relations, and government affairs strategy.
Prior to this, Audre completed an MSc in Public Policy at the Korea Development Institute and a Bachelor's in International Relations and History from SOAS, University of London. Outside of work, she enjoys spending time outdoors, learning about new cultures through travel and food, and going on adventures.
