Are we doing this again? Yes, we’re doing this again.

Estimated reading time: 6 minutes
UK policy

Yesterday I was rudely summoned away from a beautiful autumn day of wild foraging by The King.

Specifically, I was given a heads-up about one of the bills which would be in yesterday’s King’s Speech – the first of the King’s reign, and the first and only one of Rishi Sunak’s time in office.

The bill in question is the Investigatory Powers (Amendment) Bill, the outcome of a consultation held over the summer, which I obviously missed being out of work. (Neil Brown did not miss one word from his tech lawyer perspective, and TechUK were equally diligent from the service provider perspective.) There was also an independent review which requires prior knowledge of the IPA.

The problem is that aside from the rather legalistic topics dealt with in the summer consultation and independent review, some of which do indeed have merit, the politicians have stepped in.

What we learned yesterday is that the Bill aims to

  • Force technology companies to inform the Home Office in advance of security and privacy features they want to add, including encryption, and force them to disable features which the government objects to;
  • Increase the power of the Home Office to force non-UK companies to comply with changes it wants them to make to security features without the right to appeal; and
  • Require companies to comply with a notice before any requested review is completed, depriving companies of the opportunity to seek a review of the appropriateness of notices before being obliged to follow them.

The adoring public was not impressed.

And yes, this all dovetails with the Online Safety Act, in ways I will make no attempt to parse out over morning coffee.

The official speech souvenir handout noted how these asks will be framed:

  • Make changes to the bulk personal dataset regime to ensure the UK’s intelligence agencies can more effectively make use of less sensitive data, which is already widely available to the public, subject to appropriate safeguards
  • Expand the oversight regime to support the Investigatory Powers Commissioner to effectively carry out their role, including putting a number of their functions on a statutory basis. This will maintain the robust, transparent, and world-leading safeguards in the regime.
  • Reform the notices regime, to help the UK anticipate the risk to public safety posed by the rolling out of technology by multinational companies that precludes lawful access to data. This will reduce the risk of the most serious offences such as child sexual exploitation and abuse or terrorism
  • Update the conditions for use of Internet Connections Records to ensure that these can be used effectively to detect the most serious types of criminal activity and national security threats, underpinned by a robust independent oversight regime
  • Increase the resilience of the warrantry authorisation processes to ensure the security and intelligence agencies, as well as the National Crime Agency, can always get lawful access to information in a timely way so that they can respond to the most serious national security and organised crime threats.

You’ve probably been reading this blog long enough to know how the sausage gets made. These asks, which go well beyond the hair-splitting legal minutiae of the summer consultation and of the independent review, were asks thrown in by the authoritarian wing of the Home Office, who are obviously still enraged that they failed to regulate the entire open internet around Meta via the Online Safety Act.

And let’s state the obvious here: that’s what this is bill about.

While we don’t know what is actually in the bill, as it doesn’t exist yet, it’s already clear that this is the latest salvo in government’s Meta Vendetta.

You would think that they’d have learned their lesson from spending six years crafting world-leadingly bad legislation around the obsession with getting one company, its suite of products, and its executive leadership (which just happens to include their former political enemy number one).

But this is Conservative digital policymaking we’re talking about. It learns nothing from its mistakes.

So without knowing the contents, one thing’s for sure: the sharpest minds on these issues across law, policy, tech, and digital rights need to saddle up for yet another year of going into government meetings, in good faith, with notes prepared and talking points honed, so that they can be shouted at for 58 minutes about Meta, and leave with nothing accomplished.

Plus ça change.

And while everyone obviously needs to show up for this Bill, and yes that includes the people who don’t show up for anything because “politics”, it’s also worth remembering the actual politics of the thing.

First, we will be having a general election no later than January 2025, one which is going to wipe the Conservatives into the third party. That’s why the King’s Speech was so strikingly meh: it’s all tinkering and technocracy to fill twelve months of time, as opposed to the post-EU revolutionary bombast we’ve seen in recent years. And while the public knows full well that the Conservatives are openly shitting the bed on their way out, knowing it will be someone else’s responsibility to change the sheets, they’re not dumb. And certainly not about a bill like this.

Second, while the Home Office has been a rogue outfit for a long time, it’s currently headed by a racist lunatic who, by all accounts from the Westminster gossip chain, is deliberately trolling the town so that she can get sacked so that she can work up her leadership challenge to Rishi Sunak. (Yes, there are people who dream of a Braverman-led UK and a Trump-led US. They work hard. They’re working right now.) And what better way to gum up the works for your political rival, who’s riding high on the global AI summit he led last week, than by introducing a law that would make it impossible for anyone anywhere to do any tech of any kind?

By the way, if you think it isn’t possible for the integrity of the open internet to fall victim, via bad legislation, to backstabbing Tory power grabs, what do you think I’ve been working on since 2016? Like I said. This garbage is what the sharpest tech policy minds in the UK have been dealing with for seven years. Not the work they were born to do.

So while we wait for the IP(A)A to be published, let’s all read up, form up, strategise, and get this right, so that what’s good about the IP(A)A gets sorted and what’s bad about the IP(A)A gets put in the bin. Quickly, cleanly, and definitively.

Look on the bright side: you’ve just had six years of practice.

Update from the next day

The draft bill was published and had its first reading yesterday. This is moving fast (although admittedly dealing with one bill for nearly five years may have warped my perception of legislative speed).

You can access all the documents here:

While I have to work on the other equally important thing this week, Neil Brown has already given the draft bill a quick skim. Remember that he is a lawyer, but not your lawyer. Based on my read of his quick skim (I know, I know), I see another long amendment/horse-trading/ping-pong game ahead, as we all endured with the other thing.

It’s also important to understand this: as I wrote, there’s been bad stuff slapped on top of the good stuff, likely without the knowledge of the author of the good stuff.

The second reading is on the 20th of November, 11 days from now.

An aside because fuck yeah I am going there: the IPA and IPCO were one of four disparate policy portfolios I held in my brief stint in a digital rights organisation, on a salary of £28k per year, a salary which in the end they could not sustain for an entire year. Imagine getting up to speed with all of that, above, back to front, including building a relationship with IPCO all for nothing, on a few hours a month, for net pay of less than £500 pcm for that work, in a work environment which was, as they say, suboptimal. It is well past time to have the ugly conversation about how the resourcing and leadership of UK digital rights organisations is failing to contribute to the solution and, indeed, is now becoming part of the problem.

The Author

I’m a UK tech policy wonk based in Glasgow. I work for an open web built around international standards of human rights, privacy, accessibility, and freedom of expression. The content and opinions on this site are mine alone and do not reflect the opinions of any current or previous team.


  1. Jack says

    Thank you hugely and deeply for continuing to fight this fight for digital freedoms and our liberties (I contribute to the Open Rights Group in the UK – but I don’t have time to contribute my time perhaps more).

    I really hope this bill doesn’t get through in – what I very much hope – are the dying days of an awful administration. However, I feel further worried that Labour themselves are not necessarily above necessarily trying to legislate their way to π=3 in the name of protecting the public from themselves. I haven’t heard the words ‘remote attestation’ coming yet, but I worry it’s not that long until a politician learns them.

    Where do you think the political drive for this is coming from – “protect the children” as part of a votegrabbing strategy to core Tories; a desire to “show the tech gurus who’s boss”; or – perhaps more worryingly – persistent, long-lasting behind-the-scenes pleas from an intelligence service increasingly hamstrung by technology?

    • Thanks for the kind words about my work here. Regarding other initiatives, I’d ask you to reread the red box and suspend your financial support until there’s a change in leadership.

      To answer your question, it’s a little bit of all three, but the latter faction always wins. (There are plenty of deep dives on those battles in the previous posts I wrote on the OSB/OSA.) For those of us who work on these issues, there’s a lot of almost hallucinatory deja vu – we just keep dealing with the same issues and arguments and policy grabs over and over and over again.

  2. Zak Orthle says

    Instead of the partisan nonsense why don’t you call out ALL parties pushing these authoritarian laws, it would give complaints more credibility. Labour not only support these bills, they think they don’t go far enough, they want them to be significantly more authoritarian.

    • There are authoritarians in all of the parties, just as there are intelligent people in all of the parties. The ways these bills move through their processes is as much about the internal horse trading within the parties as it is about presenting legislative challenges to the other ones. But we do need to start shifting our thinking to how we’ll be strategising these issues under the Labour government, which will be the same thing but a different colour.

Comments are closed.