The UK government is quietly expanding and developing a controversial surveillance technology that could be capable of logging and storing the web histories of millions of people.
Official reports and spending documents show that in the past year, UK police have deemed the testing of a system that can collect people’s “internet connection records” a success, and have started work to potentially introduce the system nationally. If implemented, it could hand law enforcement a powerful surveillance tool.
Critics say the system is highly intrusive, and that officials have a history of not properly protecting people’s data. Much of the technology and its operation is shrouded in secrecy, with bodies refusing to answer questions about the systems.
At the end of 2016, the UK government passed the Investigatory Powers Act, which introduced sweeping reforms to the country’s surveillance and hacking powers. The law added rules around what law enforcement and intelligence agencies can do and access, but it was widely criticized for its impact on people’s privacy, earning it the name the “Snooper’s Charter.”
Particularly controversial was the creation of so-called internet connection records (ICRs). Under the law, internet providers and phone companies can be ordered—with a senior judge approving the decision—to store people’s browsing histories for 12 months.
An ICR isn’t a list of every page online you visit, but may nonetheless reveal a significant amount of information about your online activities. ICRs can include that you visited Wired.com but not that you read this individual article, for instance. An ICR can also be your IP address, a customer number, the date and time the information was accessed, and the amount of data being transferred. The UK government says an internet connection record could indicate when, for example, the travel app EasyJet is accessed on someone’s phone, but not how the app was used.