Big Brother in the U.K.

The United Kingdom’s Gangmasters and Labour Abuse Authority is not part of an agency tasked with fighting terrorism. It’s a licensing body that “regulates businesses who provide workers to the fresh produce supply chain and horticulture industry, to make sure they meet the employment standards required by law,” according to its mission statement.

Nevertheless, under a new mass surveillance law, high-ranking officials in this agency will have as much access to the private internet information of British citizens as agencies that actually do fight terrorism. So will officials in the U.K.’s Department of Health, its Food Standards Agency, and its Gambling Commission, along with dozens of other government bodies.

This is the outcome of the recent passage of the Investigatory Powers Act, also known by critics as the Snooper’s Charter. The surveillance bill was hammered out after whistleblower Edward Snowden revealed that several Western governments were spying on their own citizens. The U.K.’s response was to codify mass surveillance into law rather than to scale it back.

Initially crafted in 2013, the law was pushed hard by Theresa May when she was Secretary of State for the Home Department (the U.K.’s national security and policing oversight office). Back then, Parliament resisted it due to the broadness of surveillance powers it granted. In the wake of the successful Brexit vote and resignation of former Prime Minister David Cameron in July, however, May took the helm of the government, and the Act followed her into power. The bill passed both houses of the British Parliament and was approved by the queen in November. It became law at the start of 2017.

By requiring Internet Service Providers to keep all metadata and the basic web browsing histories of users for 12 months, the Investigatory Powers Act creates a trove of information accessible to many within the government.

May had defended the legislation by invoking the need to fight terrorism. She also told members of Parliament that since a judge has to approve an order to snoop on or hack into a computer, there are “robust and consistent safeguards” in place—no need to worry. But the over-300-page law allows top officials of myriad government agencies to demand access to private information to fight any sort of crime, not just terrorism. It also contains rules on how to get a warrant to access confidential information stored by journalists, including a reporter’s sources. Meanwhile, it creates special protections for members of Parliament: Officials have to meet a higher bar before snooping on them.

Prior to the bill’s passage, tech leaders and privacy activists argued with the Act’s proponents over the right to encryption. Surveillance supporters wanted the authority to demand that companies like Apple and creators of messaging tools like WhatsApp build in secret “back doors” that would allow officials to snoop on suspects. Opponents replied by warning that there’s no such thing as a back door that can only be accessed by authorized government representatives. Such encryption bypasses necessarily make people’s information vulnerable to hackers.

After the massive bill passed, analysts combed through it to see what had really changed. The law doesn’t formally “mandate” that smartphones and messaging services have back doors. But it does create a “technical capability notice” giving U.K. officials the authority to demand changes to these products. And one of the things they’re allowed to demand is the removal, upon request, of any “electronic protection” concealing users’ communications or data. This means that private companies could be forced to break their own encryption to help the government access data. The law even authorizes such demands to be made on tech companies based outside the country if they do business within the United Kingdom. What’s more, it prohibits those companies from so much as informing their users about the government’s request unless the authorities gives the OK.

After the Snooper’s Charter passed, Snowden took to Twitter, pointedly calling it “the most extreme surveillance in the history of Western democracy. It goes farther than many autocracies.”