Official reports and spending documents show that in the past year, UK police have deemed the testing of a system that can collect people's "internet connection records" a success, and have started work to potentially introduce the system nationally. If implemented, it could hand law enforcement a powerful surveillance tool.
Critics say the system is highly intrusive, and that officials have a history of not properly protecting people's data. Much of the technology and its operation is shrouded in secrecy, with bodies refusing to answer questions about the systems.
At the end of 2016, the UK government passed the Investigatory Powers Act, which introduced sweeping reforms to the country's surveillance and hacking powers. The law added rules around what law enforcement and intelligence agencies can do and access, but it was widely criticizedfor its impact on people's privacy, earning it the name the "Snooper's Charter."
Particularly controversial was the creation of so-called internet connection records (ICRs). Under the law, internet providers and phone companies can be ordered—with a senior judge approving the decision—to store people's browsing histories for 12 months.
[...] Little is known about the development and use of ICRs. When the Investigatory Powers Act was passed, internet companies said it would take them years to build the systems needed to collect and store ICRs. However, some of those pieces may now be falling into place. In February, the Home Office, a government department that oversees security and policing in the UK, published a mandatory review of the operation of the Investigatory Powers Act so far.
The review says the UK's National Crime Agency (NCA) has tested the "operational, functional, and technical aspects" of ICRs and found a "significant operational benefit" of collecting the records. A small trial that "focused" on websites that provided illegal images of children found 120 people who had been accessing these websites. It found that "only four" of these people had been known to law enforcement based on an "intelligence check."
WIRED first reported the existence of the ICR trial in March 2021, when there were even fewer details about the test. It is still unclear which telecom companies were involved. The Home Office's February report is the first official indication that the trial was useful to law enforcement, and could help lay the groundwork for expanding the system across the UK. The Home Office review also states its trial found that "ICRs appear to be currently out of reach for some potentially key investigations," raising the possibility that the law may be changed in the future.
[...] The Home Office FOIA response also refused to provide details of an internal review into ICRs, citing national security and law enforcement grounds. A Home Office spokesperson said the UK has "one of the most robust and transparent oversight regimes for the protection of personal data and privacy anywhere in the world" and confirmed that trials of ICRs are ongoing.
[...] The possible expansion of ICR collection in the UK comes as governments and law enforcement agencies globally try to gain access to increasing amounts of data, particularly as technology advances. Multiple nations are pushing to create encryption backdoors, potentially allowing access to people's private messages and communications. In the US, a storm is brewing about the FBI's use of Section 702 of the Foreign Intelligence Surveillance Act (FISA), which allows it to intercept the communications of overseas targets.
Haidar of Privacy International says that creating powers to collect more of people's data doesn't result in "more security" for people. "Building the data retention capabilities of companies and a vast range of government agencies doesn't mean that intelligence operations will be enhanced," Haidar says. "In fact, we argue that it makes us less secure as this data becomes vulnerable to being misused or abused."
Related Stories
Scan the online brochures of companies who sell workplace monitoring tech and you'd think the average American worker was a renegade poised to take their employer down at the next opportunity.
[...]
A new wave of return-to-office mandates has arrived since the New Year, including at JP Morgan Chase, leading advertising agency WPP, and Amazon—not to mention President Trump's late January directive to the heads of federal agencies to "terminate remote work arrangements and require employees to return to work in-person ... on a full-time basis."
[...]
The question is, what exactly are we returning to?Take any consumer tech buzzword of the 21st century and chances are it's already being widely used across the US to monitor time, attendance, and, in some cases, the productivity of workers, in sectors such as manufacturing, retail, and fast food chains: RFID badges, GPS time clock apps, NFC apps, QR code clocking-in, Apple Watch badges, and palm, face, eye, voice, and finger scanners. Biometric scanners have long been sold to companies as a way to avoid hourly workers "buddy punching" for each other at the start and end of shifts—so-called "time theft." A return-to-office mandate and its enforcement opens the door for similar scenarios for salaried staff.
[...]
HID's OmniKey platform. Designed for factories, hospitals, universities, and offices, this is essentially an all-encompassing RFID log-in and security system for employees, via smart cards, smartphone wallets, and wearables. These will not only monitor turnstile entrances, exits, and floor access by way of elevators but also parking, the use of meeting rooms, the cafeteria, printers, lockers, and yes, vending machine access.
[...]
Depending on the survey, approximately 70 to 80 percent of large US employers now use some form of employee monitoring, and the likes of PwC have explicitly told workers that managers will be tracking their location to enforce a three-day office week policy.
[...]
Wolfie Christl, a researcher of workplace surveillance for Cracked Labs, a nonprofit based in Vienna, Austria. "We're moving toward the use of all kinds of sensor data, and this kind of technology is certainly now moving into the offices. However, I think for many of these, it's questionable whether they really make sense there."
[...]
Cracked Labs published a frankly terrifying 25-page case study report in November 2024 showing how systems of wireless networking, motion sensors, and Bluetooth beacons, whether intentionally or as a byproduct of their capabilities, can provide "behavioral monitoring and profiling" in office settings.
(Score: 3, Interesting) by inertnet on Monday May 22 2023, @10:25AM (1 child)
Not that I feel sorry for them, but Facebook was fined €1.2bn for ""mishandling user data" [bbc.com].
While similar or worse handling of data is apparently okay for the governments that handout those fines.
(Score: 2) by PiMuNu on Monday May 22 2023, @11:10AM
> While similar or worse handling of data is apparently okay for the governments that handout those fines.
Yes, in fact GDPR has explicit provision to enable nation states to collect any data they want, if it is required by law.
(Score: 2) by Spook brat on Tuesday May 23 2023, @04:59PM
So, after Snowden made it public that the NSA and GCHQ were illegally [1] collecting metadata on their own citizens, and after the UK passed regulation that was supposed to keep that illegal surveillance in check, they're not only still doing it but rolling it out to their civilian law enforcement counterparts?
Sounds about par for the course.
[1] A September 2020 Federal Appeals court ruling established that the PRISM program was illegal, and that U.S. authorities were lying about its nature and how it was used. Edward Snowden is still having to live in Russia to avoid retribution from the Powers That Be.
Travel the galaxy! Meet fascinating life forms... And kill them [schlockmercenary.com]