UK's internet surveillance law receives royal approval

Britons hoping that a quaint historical tradition might stop a Draconian internet surveillance law in its tracks were disappointed on Tuesday morning, when the Queen gave her approval to the Investigatory Powers Act 2016.

In theory, the Queen has the power of veto over all U.K. legislation as bills do not become law until they receive royal assent.

In practice, though, it’s just a formality: no reigning British monarch has rejected a piece of legislation since 1707. Besides, given the post-Brexit backlash against anyone than Parliament deciding British law, it would have been a daring move for a hereditary head of state.

With a stroke of her pen, then, the Queen has granted a whole crowd of police officers and other government officials access to records of the online activities of everyone in the U.K.

Defenders of the legislation, including Prime Minster Theresa May in her previous role as Home Secretary, say that requiring network operators to store a year’s worth of communication data, and allowing government officials to sift through it, is necessary and proportionate for protecting national security and public safety.

The communication data does not include your entire browsing history, May pointed out: Only the sites visited are stored, not the exact pages. That only provides a certain degree of privacy: You might be able to pass off your visit to a Facebook group about tax evasion as chatting with friends, but a visit to taxevasion.example.com will be harder to explain away.

The legislation does contain some safeguards to prevent rampant abuse of the data, limiting access to certain government departments and agencies, and imposing strict limits on the ranks of those that can authorize access to the data.

For example, only police officers of the rank of inspector or above can approve access to the data. Of Britain’s 126,818 serving police officers, 8,716 held that rank or higher, according to official figures from 2015.

Other organizations allowed to access citizens’ internet connection records include Her Majesty’s Revenue and Customs, the U.K.’s tax collection agency. There, only staff with the grade of “Higher Officer” or above can access the data — but that’s almost an entry-level post for applicants with a degree, and there are around 20,000 HMRC employees at that grade or above, according to official figures.

The list also includes senior officers at the Department of Work and Pensions, which overseas the payment of unemployment benefits and old age pensions, and a mishmash of fire services and regulatory authorities covering gambling, farm workers, food health and air safety.

Almost forgotten in that list are those that might be expected to have a real role to play in protecting national security with all that data, the country’s three spy agencies: the Security Service, the Secret Intelligence Service, and Government Communications Headquarters (GCHQ), where officials of grades 3, 6 or 8 and above, respectively, can access the data.