Last Week on my Mac: a tragedy to freedom in two Acts

Act 1

Last week, the Investigatory Powers Act 2016 passed into UK law. There had been uproar when the present Prime Minister had introduced her draft bill, and in spite of its pernicious abuses of freedom, there was precious little opposition to it during its passage through the House of Commons.


This may of course have resulted from the effective campaign of propaganda launched with the bill. Documents labelled as “factsheets” laid on thick how it was all about providing the UK’s law enforcement and intelligence agencies with the powers that they needed to tackle terrorism and serious crime. Examples were given involving the sharing of child abuse imagery, which turned this most flagrantly oppressive law into the salvation of orderly society.


There were comforting reassurances that this really was only about the most serious of offences, and to help those struggling to prosecute them. Statements such as:
“Local authorities will be prohibited from acquiring internet connection records for any purpose.”
“Local authority access to internet connection records is prohibited so that they will never be able to request a list of internet services accessed by an individual.”


Then we look at the Act which is now law, and lo and behold, in section 73 local authorities are given access to communications data “for the purpose of preventing or detecting crime or of preventing disorder”, aims which I am sure can be distorted to whatever purpose they might wish.

The truth behind the steady stream of lies which we have been fed since the first glimmer of this legislation is that the UK government has equipped itself, and almost every agency which might conceivably be able to use or misuse our private data, with the perfect tool for prying into the personal lives and activities of any person whom it chooses.

The Act provides a complete set of tools, from mass surveillance and the power to force decryption of data on a grand scale (section 253, (5) (c), “obligations relating to the removal by a relevant operator of electronic protection applied by or on behalf of that operator to any communications or data”), down to installing spyware on individual phones and computers. And these are all completely secret.

Act 2, Scene 1

But for the UK government, surveillance is not sufficient. Two additional measures are required to complete its control, and they appear in the Digital Economy Bill, currently steaming its way through Parliament with hardly a glimmer of debate or opposition.

The next measure required is for you to lose ownership or control over your personal data, something which used to be protected by the Data Protection Act 1998 (DPA), and which would in future have been protected by the new European GDPR. Read Part 5 of that bill and you will see that, once the Digital Economy Bill becomes law, UK citizens will lose all rights of control over personal data which are collected by any government agency.

Prior to this bill, all central and local government departments have been subject to the same laws on data protection as everyone else. The Civil Service has gone to great lengths to try to educate its staff that they cannot share personal data just because it is convenient, but must do so within the law. This has not always been successful, but by and large child benefit records have not been handed over to, say, local authority housing departments.

Under this bill, the principle will be that “a specified person may disclose information held by the person in connection with any of the person’s functions to another specified person for the purposes of a specified objective.” That is parliamentary language for a complete free-for-all exchange of personal data within all public authorities and anyone providing services to a public authority. So if your local council’s waste collection contractor wants details on the number of children in each household for which child benefit is paid, they can obtain that information without your consent or knowledge.

There are of course some objectives laid down for the purposes of this sharing of data. But they are as vague and open as “the improvement or targeting of a public service provided to individuals or households”.

The extent of such disclosures even includes those to licensed gas and electricity suppliers, again provided that they comply with some very flexibly vague purposes.

Curiously the bill does claim that it does not authorise disclosures which would contravene the DPA, but as disclosures fully compliant with the DPA have been entirely legal in any case, it is hard to see the purpose of the bill if not intended to remove the protection provided in the past.

One of the cornerstones of the DPA is that the person whose data is stored shall have given their consent to the processing of their data, and for its use in the purpose(s) for which it is processed. When you give consent to your local council to obtain and hold certain personal data about you, that is given for specific purposes to that particular council.

If the council decides that it wishes to disclose your personal information to a contractor for a different purpose, then it must obtain your consent for that change in purpose and the transfer to another custodian. If it fails to do so, then it deprives you of other rights conferred by the DPA, of being able to view the data which that organisation holds about you, and to correct that data if you consider that it is inaccurate.

Act 2, Scene 2

The final measure is for the UK government to control what you can access on the internet, which is implemented in Part 3 of the Digital Economy Bill, under the smokescreen of “online pornography”.

This is an old legislative trick, of course, hiding regressive powers away in what is ostensibly to promote electronic communications and “the digital economy”. Even the unguarded statements of the bill’s advocates, who seem to want the internet to be the sort of thing that parents would be happy for their twelve-year-old children to access unbridled (The Sound of Music, perhaps?), have not rung alarm bells among our representatives in Parliament.

The measures ostensibly to “prevent access to internet pornography by persons under the age of 18” establish an “age-verification regulator” who in fact does much more than regulate the verification of age. Among those powers is the direction to ISPs to take steps to block access to material which is deemed to contravene the Act. Determination as to whether material is “pornographic” under the bill seems to rest between the age-verification regulator and the “video works authority”.

The “video works authority” is authorised under the Video Recordings Act 1984, a knee-jerk legislative response to a tabloid press campaign about ‘video nasties’ during 1982-3. It is currently the British Board of Film Classification (BBFC), which has already been named as the likely ‘age-verification regulator’ for the purposes of the Digital Economy Bill/Act. How convenient.

Although the bill appears to concern itself only with sexual acts which might be deemed to be ‘pornography’, the BBFC has a much broader remit and classifies video material according to a wide range of criteria, including violence and the potential to incite or encourage crime. As the bill is written around existing R18 and 18 certification, it is very unlikely that the BBFC’s classification of content will solely be based on sexual content. It is notable, for example, that the first video game which it refused to certificate was Carmageddon (in 1997), and that it more recently refused to certificate a horror film, The Human Centipede II.

The government has ducked addressing how the BBFC could possibly view and certificate countless commercial websites offering video or movies, and how ISPs can possibly block access to them all, when any smart child now knows how to subvert such blocks. That is because the government is less concerned about the effectiveness of any ‘porn block’, and more interested as to how it can use the new Great Firewall of Britain to its own advantage.


With the Investigatory Powers Act already in place, the Digital Economy Bill will finally give the UK government the totalitarian powers which it has been engineering itself over several years – see my warning here, which was originally published in 2009. The state will have authority to monitor and inspect our internet activity and communications, effective ownership of our personal data, and the ability to block what we can access whenever it so wishes.

Of course the state would never dream of abusing those powers, would it?