Cybersecurity , Legislation , Privacy

UK Elections: Privacy, Security Impacts

As Tories Take Majority, Experts Detail Expected Policies
UK Elections: Privacy, Security Impacts
Prime Minister David Cameron

The results from the May 7 general election in the United Kingdom are now in, and the Conservative - a.k.a. Tory - party is set to lead the country for the next five years.

See Also: Unite & Disrupt: Mitigate Attacks by Uniting Security Operations

For the last five years, the Tories had formed a coalition government with the Liberal Democrats, leading to numerous policy compromises, including on questions relating to privacy and data retention. But in the wake of the elections, Prime Minister David Cameron will be returning to 10 Downing Street with the Tories now holding a majority in Parliament, thus giving them a freer hand to advance their own agenda.

When it comes to matters that center on information security, privacy and surveillance, here are some related moves that experts expect to see in the coming months:

Ongoing "Cyber" Investment

Economists say that the high-technology sector accounts for 10 percent of the U.K.'s gross domestic product, and the coalition government was - no surprise - keen to promote all things "digital." As part of a five-year, £860 million ($1.3 billion) National Cyber Security Program, the U.K. government has also been advancing a "cyber" agenda, including programs aimed at improving British organizations' information security practices (see UK Pitches Business 'Cyber Essentials').

But that national program is set to expire in 2016, and it's not yet clear how, or if, the Tories might extend it.

Education: Cyber Overhaul

From an IT education standpoint, information security expert Alan Woodward, a professor at the University of Surrey, tells Information Security Media Group that in February, the U.K. government launched the independent Shadbolt Review of England's computer science degrees. It's named for Nigel Shadbolt, a professor of artificial intelligence and head of the Web and Internet Science at the University of Southampton, who's leading the review. His mission is to "focus on the purpose and role of accreditation and how the system can support the skills requirements of employers and improve graduate employability."

Woodward notes: "It follows on from a report we did last year flagging up that some of what was happening with computing higher education was not necessarily leading to employment, which had serious implications - bearing in mind the lack of skills in cyber. I suspect it will lead to some big changes in how computing is taught at universities, with a significant driver being the need to get more people into security."

Results from the review are due this fall.

Crypto Criticism

Of course, how the government promotes technology and computer-science degrees may differ markedly from how it chooses to employ technology for political purposes, for example, when it comes to questions of surveillance or privacy rights.

In recent months, for example, Cameron argued that all uses of encryption - for example on mobile devices - should include a "front door" capability that would allow the government to crack the crypto (see Cameron to Ask Obama to Help Weaken Crypto). In response, numerous technologists accused the prime minister of not understanding how cryptography works, and warning that strong crypto is crucial for businesses.

More Mass Surveillance

Some critics worry that such nuances have been lost on U.K. government officials. Jim Killock, executive director of the Open Rights Group, which focuses on human rights, said earlier this week in a Guardian podcast: "The big question for government is, are they getting the balance right, are they protecting us as citizens, are they making things better or worse?

"While they've been very keen to extract the economic value out of digital and are seen to be taking part in that process ... they are much less capable of making good judgments when it comes to issues where the government has a bit more self-interest," Killock said. "That ranges from promoting mass surveillance through to Cameron's incredibly stupid comments about encryption and also includes things like the way they've negotiated on data protection in Europe, where they've essentially played the role of trying to water down data protection in favor of companies, but not in favor of citizens."

May to Reintroduce Snooper's Charter

In the wake of the election, for example, Home Secretary Theresa May has already promised to reintroduce the Draft Communications Data Bill to expand the government's surveillance powers, reports Britain's Independent newspaper. The bill, which has been labeled by critics as being a "Snooper's Charter," was previously blocked by Liberal Democrat leader Nick Clegg, formerly the Deputy Prime Minister of the coalition government. But he resigned on May 8 as head of his party, after what he described as a "crushing" defeat at the polls that left just eight "Lib Dem" Members of Parliament, down from 57 in 2010.

Already, many privacy experts are nonplussed by May's continuing focus on the Snooper's Charter. "Raising the specter of expanded surveillance powers only moments after the election results have emerged is a clear indication of the forthcoming assault on the rights of ordinary British citizens," Carly Nyst, legal director of Privacy International, tells ISMG. "Theresa May's comments confirm that widespread public concern about the threats posed to online privacy and expression by Internet monitoring powers has been completely ignored by the new government.

"Reviving it as a policy priority is a clear sign both of an insatiable appetite for spying powers, and intentions to continue to sacrifice the civil liberties of Britons everywhere on the altar of national security."

Promise: Surveillance Law Review

The Tories in 2014 also rushed into law "emergency legislation" called the Data Retention and Investigatory Powers Bill, after the European Court of Justice ruled that an EU directive requiring blanket - as opposed to targeted - data retention violated Europeans' right to privacy and protection of their personal information.

DRIP is set to expire in 2016, and the coalition government pledged to pursue a more public review of the country's surveillance legislation before then, including reviewing the Regulation of Investigatory Powers Act. In March, meanwhile, a Parliamentary committee warned that RIPA and other U.K. surveillance legislation was "unnecessarily complicated" and "lacks transparency." All of that sets the stage for a potential full-scale review of the country's surveillance laws.

The Scottish Question

There are many unanswered questions in the wake of the 2015 general election. For example, the Scottish National Party won a landslide victory, taking 56 of 59 seats in Scotland, and raising the prospect that unless the Tories work with the SNP, it may call another referendum on Scottish independence. Notably, the SNP has opposed moves by the Tories to scrap the country's Human Rights Act and withdraw the U.K. from the European Convention on Human Rights, which has declared mass surveillance - of the type currently practiced by Britain - to be illegal.

But what impact the SNP may have on the Tories' legislative agenda - and ability to pass laws - remains to be seen.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network