The UK's Investigatory Powers Bill, dubbed the 'Snooper's Charter' by critics, has passed into law. It compels tech and internet firms, among other things, to store user data in bulk and hand this over to government agencies or remove encryption when hit with a summons.
Tech giants continue to push back against the intrusive aspects of the bill, with some seeking to circumvent its surveillance capabilities by offering privacy enhancing services.
Critics of Snooper's Charter warn that cybercriminals could end up gaining access to user data, which the British government intends its intelligence and security services to use when conducting investigations.
Virtual private network (VPN) providers have already begun capitalising on growing privacy concerns to offer users services that conceal the slow of their traffic, BBC reported.
Tech experts slam Snooper's Charter
"It only takes one bad actor to go in there and get the entire database," said James Blessing, chairman of the Internet Service Providers' Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others.
"You can try every conceivable thing in the entire world to [protect it] but somebody will still outsmart you. Mistakes will happen. It's a question of when. Hopefully it's in tens or maybe a hundred years. But it might be next week."
Jonathan Sander, VP of Product Strategy at Lieberman Software, told IBTimes UK: "The Investigatory Powers Bill demonstrates yet again that law — and law makers — have an extremely difficult time keeping up with technology and making constituents well informed.
"If I listed all the spy movies and novels based on the 'bad guys get the powerful thing only the good guy government was supposed to have' plot device, it would take all day. If there is a magic key and even if we assume the government itself will not abuse it, we still must assume the bad guys can steal it," said Sander.
"Add to this the fact that it's likely to be ineffectual. People who really want protection will just use apps that weren't built in by the manufacturers that don't have the back door. Then only the uninformed, average user is vulnerable."
Sander said: "The other striking thing about the Investigatory Powers Bill is that, like so much other law in cybersecurity, it ignores current thinking on what really reveals terrorist cells and operations.
"If the recent success in thwarting plots has shown us anything, it's that the machine learning and data science studying Metadata — who called or texted whom but not the contents of these conversations — has the power to out the bad guys.
"The Bill will strengthen this program, but it missed the chance to double or even triple those efforts to yield the data we really need, who exactly the bad guys among us are," said Sander.
Demand for VPN services rising
VPN providers claim to have noted an increase in demand for services. Jodi Myers, a spokesperson for NordVPN, said: "We saw a boom in Australia last year correlated to when its data retention law went into effect. And we are already seeing an increase in inquiries from the UK."
"Our biggest advantage is we have a zero log policy. Our headquarters are in Panama, which doesn't have data retention laws, so it allows us to do this," said Myers.
Caleb Chen, a spokesman for Private Internet Access, said: "The legislation specifically mentions connection service providers and not just ISPs, and the assumption is that VPNs based in the UK will have to give up their logs under this law."
"But as a US-based company, my legal team has advised me that we would not be under any obligation to do so. And even if the government were to try to take it a step further and say no UK citizen could use a VPN that was not compliant with the law, those services would still be available."