We are all aware that the pace of technological change is growing exponentially, which has proved both a blessing and a burden. Technology is a great enabler for business and domestic use, but it has also spawned new industries of criminal activity and allows existing activities to be conducted under a cloak of virtual invisibility.
This poses a challenge for law enforcement and for the law makers seeking to balance the legitimate expectation of its citizens to privacy and the need to disrupt criminal activity.
Access to good intelligence is necessary to achieve the latter, but it comes at a price of threatening the former, and this dichotomy is clearly visible in the debate relating to the Investigatory Powers Bill, also dubbed the 'snooper's charter'.
Part of the dichotomy for law makers is how to respond to the pace of change. Legislation that is brought in very rapidly seldom achieves its intended effect – for example the ban on hand guns following the Dunblane shootings has not prevented criminal access to guns, and the Dangerous Dogs Act has not prevented children being bitten by dogs (hospital admissions for injuries caused by dogs has increased by 76% in the last 10 years).
> See also: Is the 'Snooper's Charter' a balanced approach to national cyber security?
Criticism has been levelled at the Bill on the grounds that it will be out of date within five years. This criticism, principally made by US web-companies who will be affected by the Bill, fails to recognise that UK Acts of Parliament are generally 'future-proofed' by focussing on effects and outcomes and remaining agnostic to a particular form or use of technology.
This makes the law more abstract but less likely to become outdated as technology evolves. For example, the Computer Misuse Act 1990 still remains relevant despite pre-dating crime now conducted in the context of cybercrime.
The law evolves by recognising the development of new issues and plugging gaps by amending existing legislation. Periodically, Parliament then rationalises the law by consolidating it into a single piece of legislation, which is essentially what is happening with the Investigatory Powers Bill.
It will replace or amend a number of Acts listed in the Bill, including the Data Retention and Investigatory Powers Act 2014, the Regulation of Investigatory Powers Act 2000, the Anti-terrorism, Crime and Security Act 2001 as well as a number of policing Acts.
This evolutionary process allows for the maintenance of fundamental principles and provides for a high degree of legal consistency. It also allows for corrections to be made in response to errors in the law or to deal with changes in circumstances identified within the context of its operation.
The Bill principally deals with the powers granted to law enforcement agencies to obtain intelligence in respect of criminal and terrorist activities, and the procedures to be followed in order to exercise those powers. It also provides for criminal sanctions in respect of the unlawful interception of communications.
The purposes of the criminal law are to punish and rehabilitate criminals and to deter others from offending. Despite this, published reports, such as the Ponemon Institute report on cybercrime, indicate that criminal activities are not deterred.
Crime is generally perpetrated by people who feel comfortable with breaking the law, intentionally recklessly or, in some instances, merely in ignorance of the law and the criminal consequences of their acts.
The increasing dependence on technology has enabled and facilitated criminal activity because of its ability to industrialise the process of committing crime, and the anonymous and borderless nature of the internet.
The antithesis of preventing criminal behaviour is to encourage good corporate citizenship.
Cyber Essentials is an example of a UK Government initiative to encourage such behaviours by requiring all suppliers to the public sector to meet certain technological standards. This operates like a kite mark which, if carried into the private sector, is expected to create a trusted trading environment.
Establishing trust should be a sine qua non for any business, but the tension between system availability and usability and security has clearly favoured availability in the past, and it is taking time for businesses to amend their past practices.
This is an area where government can influence the process; governments of all political persuasions have previously used financial incentives to generate regional growth could be used to increase the pace of change.
Debate about this Bill has been fuelled by concerns over personal privacy. As citizens we expect to be protected by our government and the legitimate acts of law enforcement, but we also fear the prospect of government agencies tracking our every movement.
A Bill is a draft Act that will be amended during its progression through Parliament and the Government is currently seeking views on the issues covered by this Bill.
Sourced from Stewart James, Technology Partner, Ashfords LLP