In the latest iteration of the UK Investigatory Powers Bill released by Home Secretary Theresa May, the UK government has claimed that bulk collection powers provided to police and intelligence agencies are essential to disrupting cybercriminals that use the Tor network to operate on the internet.
In the final draft of the proposals – branded a 'Snoopers' Charter' by critics – the controversial bulk powers first exposed by former NSA whistleblower Edward Snowden are vast. They include bulk interception of communications, bulk equipment interference (hacking), the collection of bulk communications data held by service providers and, perhaps most controversially, the retention of so-called bulk personal datasets on masses of innocent UK civilians not suspected of committing any crime.
Additionally, they now are being endorsed as a way to combat criminality on underground networks. "The use of bulk data is among the few effective methods available to counter the illicit use of the dark web," the report asserts. "By analysing data obtained through bulk interception, investigators are able to link the anonymous identities of criminal users to their real world identities. These techniques rely on the analysis of large volumes of data; it would not be possible to do this through targeted interception or communications data powers."
The claims come as part of the 'Operational Case for Bulk Powers' paper, just one document contained in the slew of fresh output that also features information on new powers such as internet connection records and the much sought-after Codes of Practice that outlines how each of the proposals will actually work in reality.
According to the bulk powers document, which repeatedly claims that UK security and intelligence agencies have never collected data 'indiscriminately', the intention is to combat the protections Tor offers and crack down on drug marketplaces and hacking forums that have traditionally thrived on this hidden internet.
"Strong encryption and anonymity protocols are intended to ensure the users of these sites cannot be identified," it complains. "The dark web offers users a secure space in which information can be exchanged anonymously and beyond the reach of law enforcement. These internet services may be hosted in countries without effective legal systems, or be deliberately designed to prevent access by law enforcement agencies.
"There are many valid uses for these internet tools and sites, including by citizens campaigning for civil rights under authoritarian regimes. Terrorists and criminals, however, have also embraced some of these services.
"Bulk powers have been essential to the security and intelligence services over the last decade and will be increasingly important in the future. The acquisition and use of bulk data – information acquired in large volumes and used subject to special restrictions – provides vital and unique intelligence that the security and intelligence agencies cannot obtain by any other means."
Yet Tor anonymity is not the only secure system the proposals aim to disrupt. End-to-end encryption, used in messaging applications from WhatsApp to iMessage, is also on the hit list.
"Encryption provides a means of making sure communications cannot be read by anyone other than the sender or intended recipient. It is now cheap and almost ubiquitous; strong encryption is typically a default setting in most IT products and on-line services, often without the user ever being aware," the report notes. According to the UK government, bulk powers – including hacking – remain one sure-fire way of circumventing the use of these strong protections.
"The growth in the availability of encrypted communications has had two implications for the security and intelligence agencies," the paper states. "First, they have had to become less reliant on obtaining the content of a suspect's communications: when investigating a known threat in the UK, the agencies will often have to make greater use of bulk data to identify associates and to reveal possible attack planning. Second, the ability to obtain the communications of suspects overseas increasingly requires the use of equipment interference in order to supplement bulk interception."
The release of the documents comes after the release of three separate Parliamentary committee reports that each slammed many of the bill's proposals for a severe lack of clarity. Yet even now, in a bill that is supposed to contain updated privacy protections for the general public, critics have already started picking apart the numerous inconsistencies contained within.
According to Anne Jellema, chief executive officer of the World Wide Web Foundation, the bill needs an extended period of scrutiny. "The world is watching, and this legislation is too important to get wrong. It is time for the government to admit it has made a mistake, and to commit to a new timeline that allows for proper scrutiny and public debate. Rushing this vital legislation risks leaving us all less safe, imposing huge costs on UK businesses while riding roughshod over basic British values and civil liberties," she said.
"Attempting to push a Bill of this magnitude, with this many flaws, through Parliament in a matter of weeks, is a slap in the face for Britain's democracy."
However, whatever the outcome, the UK government appears determined to have the bill passed by December – just before the sunset clause of the existing surveillance law DRIPA officially expires.