LONDON – In Britain, Big Brother just got bigger.
After months of wrangling, Parliament has passed a contentious new snooping law that gives authorities — from police and spies to food regulators, fire officials and tax inspectors — powers to look at the internet browsing records of everyone in the country.
The law requires telecoms companies to keep records of all users’ web activity for a year, creating databases of personal information that the firms worry could be vulnerable to leaks and hackers.
Civil liberties groups say the law establishes mass surveillance of British citizens, following innocent internet users from the office to the living room and the bedroom.
Tim Berners-Lee, the computer scientist credited with inventing World Wide Web, tweeted news of the law’s passage with the words: “Dark, dark days.”
The Investigatory Powers Bill — dubbed the “snoopers’ charter” by critics — was passed by Parliament this month after more than a year of debate and amendments. It will become law when it receives the formality of royal assent in the coming week. But big questions remain about how it will work, and the government acknowledges it could be 12 months before internet firms have to start storing the records.
“It won’t happen in a big bang next week,” Home Office official Chris Mills told a meeting of internet service providers on Thursday. “It will be a phased program of the introduction of the measures over a year or so.”
The government says the new law “ensures powers are fit for the digital age,” replacing a patchwork of rules.
In a move taken by few other nations, it requires telecommunications companies to store for a year the web histories known as internet connection records — a list of websites each person has visited and the apps and messaging services they used, though not the individual pages they looked at or the messages they sent.
The government has called that information the modern equivalent of an itemized phone bill. But critics say it’s more like a personal diary.
Julian Huppert, a former Liberal Democrat lawmaker who opposed the bill, said it “creates a very intrusive database.”
“People may have been to the Depression Alliance website, or a marriage guidance website, or an abortion provider’s website, or all sorts of things which are very personal and private,” he said.
Officials won’t need a warrant to access the data, and the list of bodies that can see it includes not just the police and intelligence services, but government departments, revenue and customs officials and even the Food Standards Agency.
“My worry is partly about their access,” Huppert said. “But it’s much more deeply about the prospects for either hacking or people selling information on.”
James Blessing, chairman of the Internet Services Providers Association, said the industry has “significant questions” on how the law will work — including “how to keep the vast new data sets secure.”
He warned that if the law is not implemented in a “proportionate, considered way, there is a real danger the U.K. could lose its status as a world-leading digital economy.”
Some aspects of the new law remain clouded by secrecy. Not all internet companies will have to comply — only those that are asked to by the government. The government won’t say who is on that list, and the firms involved are forbidden from telling their customers.
Service providers are also concerned by the law’s provision that firms can be asked to remove encryption to let spies access communications. Internet companies say that could weaken the security of online shopping, banking and a host of other activities that rely on encryption.
The new law also makes official — and legal — British spies’ ability to hack into devices and harvest vast amounts of bulk online data, much of it from outside the U.K. In doing so, it both acknowledges and sets limits on the secretive mass-snooping schemes exposed by former U.S. National Security Agency contractor Edward Snowden.
The government says the law incorporates protections against intrusion, including an investigatory powers commissioner to oversee the system, and judges to scrutinize government-approved warrants to hack into electronic devices or look at the content of communications.
David Anderson, a lawyer who serves as Britain’s independent reviewer of terrorism legislation, said the new law “creates powerful new safeguards” and “achieves world-leading standards of transparency by putting on a detailed statutory basis all the powers which police and intelligence agencies already use.”
Privacy groups battled to stop the new legislation, and now say they will challenge it in court. But public opposition has been muted, in part because the bill’s passage through Parliament has been overshadowed by Britain’s vote to leave the European Union and the upheaval that has followed.
Renate Samson, chief executive of the group Big Brother Watch, said it would take time for the full implications of the law to become clear to the public.
“We now live in a digital world. We are digital citizens,” Samson said. “We have no choice about whether or not we engage online.
“This bill has fundamentally changed how we are able to privately and securely communicate with one another, communicate with business, communicate with government and live an online life. And that’s a real, profound concern.”