The Investigatory Powers Bill became Law earlier this week. Interestingly the noise and criticism was turned up after the Royal Assent and a Government Site petition opposing the Law reached 1500,000 signatures in a week. I had reason to perform some research on what the Law actually says, and here are my notes and links.

  1. The Investigatory Powers Act 2016, full text at
  2. And in .pdf by Neil
  3. The Code of Practice, home page, the Interception of Communications Code of Practice, text. (I think this is it, updated in Oct 2016 at the time I posted).
  4. House of Commons Briefing Paper: Investigatory Powers Bill Committee Stage Report, i.e. the House of Commons Committee stage report.


  1. The Intelligence and Security Committee report on the IPB
  2. Written for a conference, a bibliography of the Independent Reviewer of Terrorism’s contributions to the debate
  3. The Independent Reviewer on (Anti-)Terrorism Legislation’s last words on the IBA, as passed.
  4. The Home page of the Independent Reviewer on (Anti-)Terrorism’s evidence to the HOuse of Commons Public Bill Committee.

I found the following commentary exceptionally useful,

  1. E. King and D. Lock, ‘Investigatory Powers Bill: Key Changes Made by the Lords’, U.K. Const. L. Blog (1st Dec 2016)/

For more

  1. The Guardian reports that the Investigatory Powers Tribunal finds GCHQ’s secrecy violates Human Rights Law, the IPT declares that the secrecy surrounding the UK & US surveillance regimes was illegal in the UK and Europe. Evidence that the security state, notice how similar it sounds to securitaté, behaved illegally for 7 years. I think we would say in a civil and commercial domain that the compliance department was found to be wanting.

Have they mandated backdoors?

  1. The Register exposes the powers of technical notices probably based on
  2. PI exposes the requirement to pre-announce telco products
  3. Section 253 as enacted
  4. Edward Snowden tweets … although his reference seems to be out of date.
  5. Section 2.2 of the Code of practice defines what a CSP is. It’s a service provider and so can be a software are only provider, think facebook, although most IP service providers have hardware also. (Looks like we need to develop a peer to peer chat server although that will run on vulnerable systems.)
  6. Section 8.4 of the Code of practice restricts the removal of encryption to technologies they have installed themselves.
  7. Section 8.31 of the Code of Practice requires CSPs under a technical notice to give prior notice of major changes that might/will disrupt any previously installed backdoors.

or is it 8.29


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.