UK unveils powers to spy on web use, raising privacy fears

By Michael Holden and Kate Holton LONDON (Reuters) - Britain unveiled plans for sweeping new surveillance powers on Wednesday, including the right to find out which websites people visit, measures ministers say are vital to keep the country safe but which critics denounce as an assault on freedoms. Across the West, debate about how to protect privacy while helping agencies operate in the digital age has raged since former U.S. intelligence contractor Edward Snowden leaked details of mass surveillance by British and U.S spies in 2013. Experts say part of the new British bill goes beyond the powers available to security services in the United States. The draft was watered down from an earlier version dubbed a "snoopers' charter" by critics who prevented it reaching parliament. Home Secretary (interior minister) Theresa May told lawmakers the new document was unprecedented in detailing what spies could do and how they would be monitored. "It will provide the strongest safeguards and world-leading oversight arrangements," she said. "And it will give the men and women of our security and intelligence agencies and our law enforcement agencies ... the powers they need to protect our country." They will have the ability to require communication service providers (CSPs) to hold their customers' web browsing data for a year which experts say is not available to their U.S. counterparts. "What the British are attempting to do, and what the French have already done post Charlie Hebdo, would never have seen the light of day in the American political system." Michael Hayden, former director of the U.S. National Security Agency and Central Intelligence Agency, told Reuters. May said many of the new bill's measures merely updated existing powers or spelled them out. Police and spies access to web use would be limited to "internet connection records" -- which websites people had visited but not the particular pages -- and not their browsing history, she said. "An internet connection record is a record of the communications service that a person has used - not a record of every web page they have accessed," May said. "It is simply the modern equivalent of an itemised phone bill." ENCRYPTION The Computer and Communications Industry Association, a lobby group for internet and telecoms firms including Google, Microsoft and Facebook, said the proposals were a concern. "The bill is a setback for privacy rights and part of a worrisome trend towards more governmental surveillance in Europe while the United States is reforming its surveillance practices," CCIA Europe Director Christian Borggre said. May said there would be no new ban on encryption, but in its guide to the bill, the Home office said there was an existing requirement on CSPs "to maintain permanent interception capabilities, including maintaining the ability to remove any encryption applied by the CSP". The bill would also place explicit obligations on service providers to help intercept data and hack suspects' devices. As well as being able to carry out bulk interception of communications data, the security services would be allowed to perform "equipment interference", whereby spies hack or take over a person's computer or smartphone to access its data. In a concession to privacy groups, May said there would be jail penalties for anyone abusing the system and a two-tier oversight system with senior judges with veto power reviewing all the 2,800-odd ministerial-approved warrants issued each year to allow suspects' emails and conversations to be intercepted. Industry experts said that could help ensure any new law is not struck down by the European courts. Amnesty International said the powers would "take the UK closer to becoming a surveillance state" and Shami Chakrabarti, director of civil liberties group Liberty, said the bill constituted "a breath-taking attack on the internet security of every man, woman and child". The opposition Labour Party broadly supports the bill, but veteran Labour lawmaker David Winnick said if the proposals were passed without substantial amendments "it would be very unfortunate and a bitter blow for civil liberties". "I remain concerned, even if I am one of the few who do remain concerned, about the excessive powers which will be given to the security authorities in addition to what they already have, though judicial involvement is better than no judicial involvement," he told parliament. Ministers and officials have argued that current British laws governing surveillance powers are outdated, drafted in the days before anyone anticipated the widespread use of social media, leaving the police and security agencies unable to keep up with technology used by terrorists and serious criminals. In April last year, the European Court of Justice (ECJ) struck down an EU directive requiring telecoms companies to store communications data for up to two years because it interfered with people's right to privacy. Britain rushed through emergency legislation as a result, but these measures were later ruled unlawful by London's High Court, meaning the government must produce a replacement by the end of next year. After Snowden's disclosures, three major reviews cleared British spies of acting illegally but all agreed the laws needed an overhaul. In unprecedented display of openness, spy chiefs have invited journalists into their headquarters to argue for new powers and to try to reassure sceptics that they were not interested in mass state surveillance of people's private lives. They have also pointed out that private companies such as Google or Facebook hold a mass of data about individuals, with some insisting on obtaining personal information far in excess of what the authorities would want and without any oversight. (Additional reporting by Elizabeth Piper and Kylie MacLellan in London and Mark Hosenball in Washington; Editing by Alan Crosby and Philippa Fletcher)