Legislation governing surveillance powers has appeared on both sides of the Atlantic: the draft Investigatory Powers Bill has just been published in the U.K. while the U.S. Senate has voted through a proposed Cybersecurity Information Sharing Act (CISA). Following Edward Snowden’s revelations about the extent of government surveillance and communications interception, these proposed laws reflect the U.K. and U.S. governments’ attempts to clarify their legal powers and address their citizens’ significant privacy and security concerns.
But what do these powers really allow for? What safeguards do they offer? And to what extend do they conform to privacy protections of the European Convention on Human Rights (for the U.K.) and the International Covenant of Civil and Political Rights (for the United States)?
In the United States
The aim of the U.S. (CISA) bill is to enable companies and federal agencies to coordinate responses to cyberattacks. It grants sweeping powers to private companies that will allow them to voluntarily share “cybersecurity threat data,” including individuals’ personal information, with the Department of Homeland Security. The department could pass it to other agencies, such as the NSA or Federal Bureau of Investigation (FBI). The bill also authorizes companies to deploy “defensive measures” that include monitoring information systems to protect their hardware and software from attack.