Internet giants have joined forces to attack parts of the UK Government’s proposed new snooping Bill.
Facebook, Google, Microsoft, Twitter and Yahoo criticised plans to force firms to help security services hack into devices as “very dangerous” and called for several changes to the draft legislation.
The draft Investigatory Powers Bill unveiled last year includes the appointment of judicial commissioners with powers to veto warrants for intrusive operations and a requirement for internet firms to store records of data relating to people’s web and social media use for up to a year.
In a 2,000-word joint statement to the committee of MPs and peers, the five US technology firms said the actions of the UK Government “could have far reaching implications” and key elements of whatever legislation is passed are likely to be replicated by other countries.
The companies criticised proposals around computer network exploitation, also known as equipment interference.
Under the Bill, domestic communications providers will be required in law to help officers hack into suspects’ smartphones and computers.
The technique is seen as an increasingly crucial tool as advanced encryption makes intercepting targets’ communications more difficult.
The companies said: “To the extent this could involve the introduction of risks or vulnerabilities into products or services, it would be a very dangerous precedent to set, and we would urge your Government to reconsider.”
They also claimed that “as a general rule” users should be informed when the Government seeks access to account data.
It said: “While it may be appropriate to withhold or delay notice in exceptional cases, in those cases the burden should be on the Government to demonstrate that there is an overriding need to protect public safety or preserve the integrity of a criminal investigation.”
They described encryption as a “fundamental security tool” and rejected any proposals that would require companies to deliberately weaken the security of their products.
The Government has said the Bill will not introduce new powers relating to encryption or ban it.
The companies’ statement also criticised “opaque” aspects of the Bill and claimed that allowing warrants on overseas companies to be served on British-based offices “presents a risk to UK employees of our companies”.
It said: “We have collective experience around the world of personnel who have nothing to do with the data sought being arrested or intimidated in an attempt to force an overseas corporation to disclose user information.
“We do not believe that the UK wants to legitimise this lawless and heavy-handed practice.”
There were also warnings that the laws are unlikely to last for more than a decade.
In another submission published today, ADS, a trade body for the UK’s aerospace, defence, security and space industries, called for the Government to revisit the legislation in five to seven years.
It said: “Despite the fact that ... the structure of the Bill is right, with the pace of technological evolutions that we have seen over the last decade and this development becoming ever faster, it is hard to see legislation of this nature lasting more than seven to 10 years.
“The first smartphone was only introduced eight years ago but they are now ubiquitous.”
The Government will set out final proposals in the spring.
Security Minister John Hayes said: “We are clear about the need for legislation that will provide law enforcement and the security and intelligence agencies with the powers they need in the digital age, subject to strict safeguards and world-leading oversight arrangements.”