Tech giants call on UK government to ensure new surveillance laws are ‘jurisdictionally bounded’

In joint written evidence submitted to a UK parliamentary committee that is tasked with scrutinising the draft Investigatory Powers Bill, Facebook, Google, Microsoft, Twitter and Yahoo! warned that the new laws could force overseas communication service providers (CSPs) to grapple with competing legislation.

“Unilateral assertions of extraterritorial jurisdiction will create conflicting legal obligations for overseas providers who are subject to legal obligations elsewhere,” the companies said. “Conflicts of laws create an increasingly chaotic legal environment for providers, restricting the free flow of information and leaving private companies to decide whose laws to violate. These decisions should be made by governments, grounded in fundamental rights of privacy, freedom of expression, and other human rights.”

“If the UK legislation retains authority to reach extraterritorially, the Bill should consistently and explicitly state that no company is required to comply with any notice/warrant, which in doing so would contravene its legal obligations in other jurisdictions. Enforcement obligations should also take this into account,” it said.

The companies said that the way the Bill is currently drafted does not reflect what the UK government has stated about the extent of the extraterritorial effect of the proposed laws in a side document to the Bill.

“Notwithstanding our position, currently there is confusion: the context section of the Bill overview document states, ‘enforcement of obligations against overseas CSPs will be limited to interception and targeted CD (communications data) acquisition powers’,” the companies said. “This is not what the Bill itself says.”

The technology businesses also said that CSPs should not be forced to “generate and retain data” that they do not “ordinarily generate in the course of [their] business”. Some of the biggest UK internet service providers andmobile network operators have said that they will need to create ‘internet connection records’ so as to retain that data as part of their obligations under the Investigatory Powers Bill.

Facebook, Google, Microsoft, Twitter and Yahoo! also raised concern about provisions in the Bill which it said could force them to remove encryption so that data and communications can be analysed by intelligence agencies.

“We reject any proposals that would require companies to deliberately weaken the security of their products via backdoors, forced decryption, or any other means,” the companies said. “We therefore have concerns that the Bill includes ‘obligations relating to the removal of electronic protection applied by a relevant operator to any communication or data’ and that these are explicitly intended to apply extraterritorially with limited protections for overseas providers.”

“We appreciate the statements in the Bill and by the home secretary that the Bill is not intended to weaken the use of encryption, and suggest that the Bill expressly state that nothing in the Bill should be construed to require a company to weaken or defeat its security measures,” they said.

The technology companies identified six principles that it said should be observed to shape new surveillance laws.

“We believe the best way for countries to promote the security and privacy interests of their citizens, while also respecting the sovereignty of other nations, is to ensure that surveillance is targeted, lawful, proportionate, necessary, jurisdictionally bounded, and transparent,” they said. “These principles reflect the perspective of global companies that offer borderless technologies to billions of people around the globe.”


Read more:

Camilla Wood

UK based Legal Aid Lawyer

Leave a Reply

Your email address will not be published. Required fields are marked *