Spoiler alert: they already know you visited this site.
Last week, whilst most of us were busy watching the comings and goings at Trump Tower and Ed Balls on Strictly, Parliament quietly passed the Investigatory Powers Act 2016 (a.k.a. the Snoopers’ Charter). It’s been described as the most intrusive system of any democracy in history and a privacy disaster waiting to happen.
The Act makes broad provisions to track what you do online. Amongst a raft of new surveillance and hacking powers, it introduces the concept of an internet connection record: a log of which internet services - such as websites and instant messaging apps - you have accessed. Your internet provider must keep these logs in bulk and hand them over to the government on request, whether you want them to or not.
This is a truly appalling development, but all is not quite lost: there are still legal actions pending against the UK’s mass surveillance powers, and you can visit Don’t Spy on Us to find out more.
In the meantime, read on to find out who exactly will be able to see what you’ve been up to online.
A list of who will have the power to access your internet connection records is set out in Schedule 4 of the Act. It’s longer than you might imagine:
I always wondered what it would feel like to be suffocated by the sort of state intrusion that citizens are subjected to in places like China, Russia and Iran. I guess we’re all about to find out.
Bulk surveillance of the population and dozens of public authorities with the power to access your internet connection records is a grim turn of events for a democracy like ours.
Unfortunately, bulk collection and storage will also create an irresistible target for malicious actors, massively increasing the risk that your personal data will end up in the hands of:
I’d wager that none of these people have your best interests at heart.
Sadly, if the events of the past few years are anything to go by, it won’t take long for one or more of these organisations to suffer a security breach. Assuming, of course, that the powers that be manage not to just lose all of our personal data in the post.
Postscript: What now?
Since I posted this piece, lots of people have been in touch to ask me what they can do. Here are three suggestions: