LONDON — The British government on Wednesday offered proposals that require communications companies to store Web users’ activity for up to a year in an overhaul that pits privacy advocates against officials who insist that Britain’s surveillance laws are badly outdated.
The long-awaited Investigatory Powers Bill, published in draft form, follows revelations by former U.S. National Security Agency contractor Edward Snowden that exposed the mass surveillance methods used by Britain’s notoriously secretive intelligence agencies.
It also comes amid a legal wrangle between the United States and the European Union, which last month struck down a pan-Atlantic pact to allow companies to share Web search histories and other details of E.U. citizens. The European Court of Justice also cited the Snowden leaks, which showed the deep reach of U.S. intelligence agencies in Europe.
The government is now attempting a major rework of Britain’s surveillance laws — many written in the pre-digital era — that would bring various powers under a single legislative umbrella.
Prime Minister David Cameron stressed that new powers are needed as people migrate online and to social media.
Speaking during the prime minister’s question session in Parliament on Wednesday, Cameron added: “Telecommunications have been absolutely vital in catching rapists and child abductors and solving other crimes, and the question before us is: Do we need that data when people are using social media to commit those crimes rather than just a fixed or mobile phone? My answer is yes.”
But critics contend that such measures infringe on privacy, and they worry that vast Internet records could fall into the wrong hands.
“If you store data, it can be compromised,” Preston Byrne, chief operating officer at Eris Industries, a cryptographic communications company, told the BBC. “It’s saying to the world: ‘Hey, we in the U.K. store all of the information about what all of our people are thinking all of the time every single day for the past year. Why don’t you come in and access it?’ ”
Caroline Wilson Palow, general counsel at the watchdog group Privacy International, said the British proposals highlight a “big contrast” with trends in the United States.
“The U.S. is trying to rein in bulk collection, or what we might call mass surveillance,” she said. “. . . The U.K. is going in the opposite direction, enshrining the ability for mass surveillance in law.”
Theresa May, Britain’s home secretary, has tried to counter the criticism by calling the plan nothing more than the “modern equivalent of an itemized phone bill.”
It also would introduce the “strongest protections and safeguards anywhere in the democratic world,” including a new element of judicial oversight, she told lawmakers.
This summer, David Anderson, the government’s independent reviewer of terrorism legislation, noted that the laws that oversee surveillance in Britain are scattered across more than 65 acts of Parliament and that few people fully understand the powers.
In a lengthy report, he also said that the current legislation is “ undemocratic, unnecessary and — in the long run — intolerable.” He called for a new bill.
The most contentious of the proposals is the requirement that Internet providers hold “Internet connection records” for up to a year. Authorities would be able to access that information — basic details about Web browsing but not the actual content — without a warrant.
So, for instance, police could see that someone accessed the messaging application WhatsApp at 1 p.m. but would not know what was in the message. Authorities, however, could still view the content by seeking a warrant.
Currently, senior ministers must sign warrants for authorities to engage in more-intrusive activities, such as hacking the computer of a terrorism suspect. A spokesman for the Home Office said May signed off on 2,795 warrants in 2014.
A final bill is expected to be unveiled in the spring and then debated and voted on by both houses of Parliament.