The Investigatory Powers Act, which has been given royal assent, has got short shrift from privacy and civil liberties campaigners.
Bella Sankey, Policy Director for Liberty, said: “It’s a sad day for our democracy as this Bill – with its eye-wateringly intrusive powers and flimsy safeguards – becomes law. The Home Secretary is right that the Government has a duty to protect us, but these measures won’t do the job. Instead they open every detail of every citizen’s online life up to state eyes, drowning the authorities in data and putting innocent people’s personal information at massive risk. This new law is world-leading – but only as a beacon for despots everywhere. The campaign for a surveillance law fit for the digital age continues, and must now move to the courts.”
The Home Office described it as a landmark bill which sets out and governs the powers available to the police, security and intelligence agencies to gather and access electronic communications. Home Secretary Amber Rudd said: “This government is clear that, at a time of heightened security threat, it is essential our law enforcement, security and intelligence services have the powers they need to keep people safe. The internet presents new opportunities for terrorists and we must ensure we have the capabilities to confront this challenge. But it is also right that these powers are subject to strict safeguards and rigorous oversight. The Investigatory Powers Act is world-leading legislation that provides unprecedented transparency and substantial privacy protection. I want to pay tribute to the independent reviewers, organisations, and Parliamentarians of all parties for their rigorous scrutiny of this important law which is vital for the safety and security of our families, communities and country.”
The Home Office said that it’s developing plans for implementing the provisions in the bill and will set out a timetable.
David Emm, Principal Security Researcher at the IT security product company Kaspersky Lab offered several steps cyber-savvy consumers can take to ensure their privacy online:
Firstly, change some browser settings – e.g., disable automatic add-on installation, block suspicious websites and pop-ups, make SSL certificate checks
compulsory, block third party cookies and never opt to save passwords in the browser.
When installing new free software, untick the boxes that let the software install additional toolbars, plugins and extensions. Otherwise these can – absolutely legally – be used to collect consumer data.
Use HTTPS sites wherever possible. HTTPS means that the traffic is encrypted. Avoid using mail providers, social networks or ecommerce sites without an HTTPS connection.
Use two different browsers – one for primary online services (social networks, web mail, productivity tools, ecommerce), and one for web surfing, so that
online activity cannot be matched to your identity.
Use VPN traffic encryption.
Be cautious when sharing personal information on social networks, any personal information that is shared on a social network platform is potentially vulnerable
to malicious attack, for instance: spam and phishing campaigns. Read the security and privacy settings carefully, to ensure that default settings don’t
allow leakage of data.
Consider using an encrypted email service, to ensure that emails cannot be shared with third parties.
Avoid linking online accounts. This will reduce the volume of data that companies can obtain and prevent the data from being aggregated.
Setup multi-factor authentication. Multi-factor authentication adds an extra layer of security, requiring a password, username and information that only
the user has access to. This is especially important for your e-mail address, since this is so often used as a username for online accounts.
Use a strong PIN or passcode or enable the devices fingerprint scanner. Remember that this is all that stands between a criminal and your online identity if your device is lost or stolen.
Avoid using public Wi-Fi for confidential transactions. If you have to, use a VPN.
Ensure to switch off location services on devices unless you’re specifically using it.