British spies would be allowed to legally hack into smartphones and computers under the Tory government’s new surveillance law.
Telecoms firms will be forced to help MI5, the domestic intelligence agency; MI6, overseas intelligence; and the U.K.'s Government Communications Headquarters use James Bond-style “equipment interference" -- remotely accessing phones and using them as listening devices -- as part of the draft Investigatory Powers Bill.
Setting out the most sweeping data gathering powers of any Western country, Home Secretary Theresa May also confirmed for the first time that MI5 had been using an old piece of legislation to justify the bulk collection of communications data from suspects.
In the past, telecoms firms have voluntarily allowed spies to remote access users' phones or computers, but under the new law they will be legally required to do so.
The new bill will require Internet firms to hold for a year a list of the main browser history of every U.K. web user.
No warrant will be needed, although only main domains will be listed rather than individual web pages within a site.
In a concession to lobby groups, May unveiled a framework of safeguards that will allow a panel of judges to act as a legal backstop to intercept or bugging warrants approved by the home secretary.
The so-called "Wilson Doctrine" -- that suggested no parliament members' phones could be bugged -- was also given a proper legal footing for the first time, with the prime minister’s permission now needed as well as a legal warrant for any surveillance of members of Parliament (MPs), peers, European Parliament members or other politicians.
The Labour Party’s Andy Burnham stunned some civil liberties groups by swiftly welcoming the new bill, declaring that it was “neither a snooper's charter nor a plan for mass surveillance."
But leading data transparency campaigners, from Edward Snowden and Glenn Greenwald to Shami Chakrabarti of the advocacy organization Liberty, lined up to warn that the government’s new powers represented an unprecedented breach of the privacy of individuals.
The U.K.’s leading terror watchdog, David Anderson QC, welcomed the way the bill was finally "putting Parliament in charge" of practices that were for years hidden from view, though he added that "not everyone will be happy about these powers."
In her Commons statement, May revealed for the first time that successive governments since 2001 have authorized secret directions to telecoms firms to allow intelligence agencies to collect communications data in bulk under the Telecommunications Act 1984.
This has allowed MI5, GCHQ and other agencies to identify "subjects of interest" in the U.K. and overseas and hack into their phones and computers to collect huge swaths of data.
Anderson, the independent reviewer of terror legislation, said that May's words were "a significant and necessary" move to put in the public domain the activities of the intelligence agencies, putting them on a clearer statutory footing.
“Whatever the content of the eventual U.K. law, it will no longer be possible to describe it as opaque, incomprehensible or misleading,” he said.
The watchdog added that he was pleased that for the first time in 300 years, no intercept or tapping warrant would be allowed without "judicial approval."
Yet he also questioned "whether these safeguards go far enough" and said judges would need to be "well supported" to avoid becoming "rubber stamps" for ministers’ decisions on whom to bug.
May said that the new safeguards that gave judges a role in approving ministerial warrants for bugging amounted to a "double lock" to reassure the public.
She said that the new requirement on firms to hold 12 months of browsing history was the Internet equivalent of an itemized phone bill.
But criticism on Twitter was swift.
May's phone bill example prompted Home Affairs Committee chairman Keith Vaz to say that "there is a lot of information in an itemized bill."
"If I was to look at her itemized telephone bill and she was to look at mine, she might be surprised at who we were phoning," Vaz said.
May laughed off the point, joking that one of her colleagues had replied, "Speak for yourself," which she said was the "right response."
The home secretary said that the "mythology" of the Wilson Doctrine had grown into something that wrongly suggested MPs’ communications could not be put under surveillance.
But former Shadow Home Secretary David Davis seized on a detailed line in the new bill that made clear that the new “judicial commissioners” will have to make decisions based on judicial review principles, not on the basis of the evidence.
“In other words, the home secretary would have to behave in an extraordinary manner not to get his or her warrant approved,” Davis said. “This is not the judge checking the evidence, it is the judge checking that the correct procedure has been followed.”
He also questioned whether the Wilson Doctrine would interfere with MPs’ future ability to help whistleblowers, who feared their contacts would be monitored.
Chakrabarti, the director of Liberty, was scathing about the whole bill.
“After all the talk of climbdowns and safeguards, this long-awaited bill constitutes a breath-taking attack on the internet security of every man, woman and child in our country,” she said in a statement. “We must now look to Parliament to step in where Ministers have failed and strike a better balance between privacy and surveillance.”
She said the safeguard system set out by May was “a very, very limited role for judges in a rubber-stamping exercise.”
“They have spun it as a double lock, but the second person, the judge, does not actually have a key.”
This piece originally appeared on HuffPost UK and has been adapted for a U.S. audience.