Expressing techUK members’ concerns regarding the Investigatory Powers (Amendment) Bill

techUK sent a letter on 18 December 2023 to the Secretary of State for the Home Department The Rt Hon James Cleverly MP, expressing the concerns of our members relating to the Investigatory Powers (Amendment) Bill.

You can download the letter directly here, or read below.

 

Dear Secretary of State,

I am writing on behalf of techUK members to express our concerns regarding the proposed changes to the 2016 Investigatory Powers Act, as outlined in the Investigatory Powers (Amendment) Bill.

The government has stated that the changes set out in the Bill seek “to protect the existing capabilities that keep our citizens safe.”1 techUK and our members support the legitimate aims of enabling investigatory powers that are necessary and proportionate to keep citizens safe. However, we are of the view that the proposed changes will exacerbate conflicts of law, may hinder technological advancements aimed at improving consumer privacy, integrity and security, and, if emulated by other countries, could negatively impact UK businesses investing overseas. Taken as a whole, they risk making the UK less attractive for investment, thus contradicting the essence of the Prime Minister’s plan for a world-leading tech ecosystem. Our primary concerns revolve around the proposed updates to the notices regime.

  1. Scope of new powers

The Bill aims to expand the scope of the legislation by amending the definition of telecommunications operator to encompass additional persons/companies involved in the provision of telecommunications services into the UK - including when they control or provide a telecommunication system located outside the UK.

The expansion of the government’s authority to hold one entity liable for the actions of another, without considering existing global legal frameworks, raises concerns about the potential overreach and conflicts of law. This unprecedented power could allow the UK government to require foreign companies to take actions that might conflict with their own national laws, placing private companies in an untenable position of having to decide which country’s law to comply with.

This marks a departure in the way the UK approaches the extraterritorial reach of UK law and consequential conflicts of law. While the Government recognised the extraterritorial reach and conflicts of laws created by the data acquisition powers in the 2016 Act, it also identified a partial solution in the form of the UK-US Agreement. However, the Government proposes to further expand the reach of UK law via this Bill with respect to the notice regime but without plans to work towards equivalent solutions, either with the US or, as importantly, other jurisdictions.  Overseas operators serving the UK market therefore face renewed legal risk which they cannot mitigate, including from an explicit but vague enforcement mechanism. It is important to recognise that any changes made by the UK will be scrutinised by other governments. It is therefore imperative to assess the potential implications for the UK. 

Overall, we are concerned that the proposed changes to the notices regime will make the UK a less attractive place to provide technology services, ultimately disadvantaging consumers.

Therefore, we would welcome greater clarity on how the proposed notice regime will operate in practice alongside potential conflicts arising from extraterritorial reach and enforcement. Specifically, we call for mitigations for operators caught in irreconcilable conflicts of law. For instance, recognising conflict of law as a valid defence against enforcement should be introduced into the Bill.

  1. Product Notification notices:  Effects on online privacy and security

Clause 20 introduces a Notifications Notice, requiring operators who are issued with such a notice to notify the Home Office of plans to make product or system changes to a yet-to-be-defined list of services that will be private and unique to each company.

We acknowledge that the Government has stated that the Bill contains no new, specific power to block the introduction of new products or features; however, used in combination with the new power to order the maintenance of the status quo during any TCN referral process, these changes would in effect grant a de facto power to indefinitely veto companies from making changes to their products and services offered in the UK.

techUK members are of the view that this will create a disincentive for companies to provide their services in the UK by constraining the nature and timing of product developments and launches in the UK market, potentially restricting what features are available to UK users.

Crucially, these amendments could impede the ability of techUK members to take immediate action to protect users from active security threats, to innovate, and enhance their services for their users. Instead of focusing on improving user privacy and security, firms’ attention would have to be diverted towards fulfilling the surveillance needs of the government. This is of particular concern in the world where threats to users’ data security continue to grow.

Therefore, we are of the view that the proposed reforms raise concerns about their potential to undermine the delicate balance struck during the IPA 2016 passage between the legitimate aims of national security and public safety, and the privacy and security of the internet.

Finally, it is important to note that, if other countries were to adopt similar legislative changes, this could pose a threat to UK businesses investing overseas by creating an uneven playing field and hindering their ability to compete in international markets, potentially harming the UK economy.

For the reasons outlined above, the Home Office should reconsider its assertion that the burden posed by a "product notification" notice on the company in comparison is likely to be small, and there is no additional intrusion relating to privacy. We oppose the introduction of the Notifications Notices due to strong concerns it could grant the Home Office an unprecedented power to veto product and service changes offered in the UK.

  1. Parliamentary transparency and accountability

Despite these industry-wide concerns, the government has swiftly introduced the Bill and aims for a speedy passage through the Parliament. Our overarching concern is that the significance of the proposed changes to the notices regime are presented by the Home Office as minor adjustments and as such are being downplayed. Therefore, we stress the critical need for adequate time to thoroughly discuss these changes, highlighting that rigorous scrutiny is essential given the international precedent they will set and their very significant impacts. Additionally, we call for industry and Parliament to have early sight of the secondary regulations particularising part 4 of the Bill.

Attached to this letter I have included a more detailed briefing that sets out our key concerns and request the earliest possible opportunity for members to meet with you to discuss how we can work to improve this Bill. 

Yours sincerely

Julian David
CEO


 

Julian David

Julian David

CEO, techUK

Neil Ross

Neil Ross

Associate Director, Policy, techUK

Audre Verseckaite

Audre Verseckaite

Policy Manager, Data, techUK

 

Related topics