The Act makes broad provisions to track what you do online. Amongst a raft of new surveillance and hacking powers, it introduces the concept of an internet connection record: a log of which internet services - such as websites and instant messaging apps - you have accessed. Your internet provider must keep these logs in bulk and hand them over to the government on request, whether you want them to or not.
This is a truly appalling development, but all is not quite lost: there are still legal actions pending against the UK’s mass surveillance powers, and you can visit Don’t Spy on Us to find out more.
In the meantime, read on to find out who exactly will be able to see what you’ve been up to online.
Who can view my stuff?
A list of who will have the power to access your internet connection records is set out in Schedule 4 of the Act. It’s longer than you might imagine:
Metropolitan police force
City of London police force
Police forces maintained under section 2 of the Police Act 1996
Police Service of Scotland
Police Service of Northern Ireland
British Transport Police
Ministry of Defence Police
Royal Navy Police
Royal Military Police
Royal Air Force Police
Secret Intelligence Service
Ministry of Defence
Department of Health
Ministry of Justice
National Crime Agency
HM Revenue & Customs
Department for Transport
Department for Work and Pensions
NHS trusts and foundation trusts in England that provide ambulance services
Common Services Agency for the Scottish Health Service
Competition and Markets Authority
Criminal Cases Review Commission
Department for Communities in Northern Ireland
Department for the Economy in Northern Ireland
Department of Justice in Northern Ireland
Financial Conduct Authority
Fire and rescue authorities under the Fire and Rescue Services Act 2004
Food Standards Agency
Food Standards Scotland
Gangmasters and Labour Abuse Authority
Health and Safety Executive
Independent Police Complaints Commissioner
NHS Business Services Authority
Northern Ireland Ambulance Service Health and Social Care Trust
Northern Ireland Fire and Rescue Service Board
Northern Ireland Health and Social Care Regional Business Services Organisation
Office of Communications
Office of the Police Ombudsman for Northern Ireland
Police Investigations and Review Commissioner
Scottish Ambulance Service Board
Scottish Criminal Cases Review Commission
Serious Fraud Office
Welsh Ambulance Services National Health Service Trust
I always wondered what it would feel like to be suffocated by the sort of state intrusion that citizens are subjected to in places like China, Russia and Iran. I guess we’re all about to find out.
Who else can view my stuff?
Bulk surveillance of the population and dozens of public authorities with the power to access your internet connection records is a grim turn of events for a democracy like ours.
Unfortunately, bulk collection and storage will also create an irresistible target for malicious actors, massively increasing the risk that your personal data will end up in the hands of:
People able to hack / infiltrate your ISP
People able to hack / infiltrate your Wi-Fi hotspot provider
People able to hack / infiltrate your mobile network operator
People able to hack / infiltrate a government department or agency
People able to hack / infiltrate the government’s new multi-database request filter
I’d wager that none of these people have your best interests at heart.
Sadly, if the events of the past few years are anything to go by, it won’t take long for one or more of these organisations to suffer a security breach. Assuming, of course, that the powers that be manage not to just lose all of our personal data in the post.