• At Kemp Little, we are known for our ability to serve the very particular needs of a large but diverse technology client base. Our hands-on industry know-how makes us a good fit with many of the world's biggest technology and digital media businesses, yet means we are equally relevant to companies with a technology bias, in sectors such as professional services, financial services, retail, travel and healthcare.
  • Kemp Little specialises in the technology and digital media sectors and provides a range of legal services that are crucial to fast-moving, innovative businesses.Our blend of sector awareness, technical excellence and responsiveness, means we are regularly ranked as a leading firm by directories such as Legal 500, Chambers and PLC Which Lawyer. Our practice areas cover a wide range of legal issues and advice.
  • Our Commercial Technology team has established itself as one of the strongest in the UK. We are ranked in Legal 500, Chambers & Partners and PLC Which Lawyer, with four of our partners recommended.
  • Our team provides practical and commercial advice founded on years of experience and technical know-how to technology and digital media companies that need to be alert to the rules and regulations of competition law.
  • Our Corporate Practice has a reputation for delivering sound legal advice, backed up with extensive industry experience and credentials, to get the best results from technology and digital media transactions.
  • In the fast-changing world of employment law our clients need practical, commercial and cost-effective advice. They get this from our team of employment law professionals.
  • Our team of leading IP advisors deliver cost-effective, strategic and commercial advice to ensure that your IP assets are protected and leveraged to add real value to your business.
  • Our litigation practice advises on all aspects of dispute resolution, with a particular focus on ownership, exploitation and infringement of intellectual property rights and commercial disputes in the technology sector.
  • We have an industry-leading reputation for our outsourcing expertise. Our professionals deliver credible legal advice to providers and acquirers of IT and business process outsourcing (BPO) services.
  • We work alongside companies, many with disruptive technologies, that seek funding, as well as with the venture capital firms, institutional investors and corporate ventures that want to invest in exciting business opportunities.
  • Our regulatory specialists work alongside Kemp Little’s corporate and commercial professionals to help meet their compliance obligations.
  • With a service that is commercial and responsive to our clients’ needs, you will find our tax advice easy to understand, cost-effective and geared towards maximising your tax benefits.
  • At Kemp Little, we advise clients in diverse sectors where technology is fundamental to the ongoing success of their businesses.They include companies that provide technology as a service and businesses where the use of technology is key to their business model, enabling them to bring their product or service to market.
  • We bring our commercial understanding of digital business models, our legal expertise and our reputation for delivering high quality, cost-effective services to this dynamic sector.
  • Acting for market leaders and market changers within the media industry, we combine in-depth knowledge of the structural technology that underpins content delivery and the impact of digitisation on the rights of producers and consumers.
  • We understand the risks facing this sector and work with our clients to conquer those challenges. Testimony to our success is the continued growth in our team of professionals and the clients we serve.
  • We advise at the forefront of the technological intersection between life sciences and healthcare. We advise leading technology and data analytics providers, healthcare institutions as well as manufacturers of medical devices, pharmaceuticals and biotechnological products.
  • For clients operating in the online sector, our teams are structured to meet their commercial, financing, M&A, competition and regulatory, employment and intellectual property legal needs.
  • Our focus on technology makes us especially well positioned to give advice on the legal aspects of digital marketing. We advise on high-profile, multi-channel, cross-border cases and on highly complex campaigns.
  • The mobile and telecoms sector is fast changing and hugely dependent on technology advances. We help mobile and wireless and fixed telecoms clients to tackle the legal challenges that this evolving sector presents.
  • Whether ERP, Linux or Windows; software or infrastructure as a service in the cloud, in a virtualised environment, or as a mobile or service-oriented architecture, we have the experience to resolve legal issues across the spectrum of commercial computer platforms.
  • Our clients trust us to apply our solutions and know-how to help them make the best use of technology in structuring deals, mitigating key risks to their businesses and in achieving their commercial objectives.
  • We have extensive experience of advising customers and suppliers in the retail sector on technology development, licensing and supply projects, and in advising on all aspects of procurement and online operations.
  • Our legal professionals work alongside social media providers and users in relation to the commercial, privacy, data, advertising, intellectual property, employment and corporate issues that arise in this dynamic sector.
  • Our years of working alongside diverse software clients have given us an in-depth understanding of the dynamics of the software marketplace, market practice and alternative negotiating strategies.
  • Working with direct providers of travel services, including aggregators, facilitators and suppliers of transport and technology, our team has developed a unique specialist knowledge of the sector
  • Your life as an entrepreneur is full of daily challenges as you seek to grow your business. One of the key strengths of our firm is that we understand these challenges.
  • Kemp Little is trusted by some of the world’s leading luxury brands and some of the most innovative e-commerce retailers changing the face of the industry.
  • HR Bytes is an exclusive, comprehensive, online service that will provide you with a wide range of practical, insightful and current employment law information. HR Bytes members get priority booking for events, key insight and a range of employment materials for free.
  • FlightDeck is our portal designed especially with start-up and emerging technology businesses in mind to help you get your business up and running in the right way. We provide a free pack of all the things no-one tells you and things they don’t give away to get you started.

Investigatory Powers Bill

The draft Investigatory Powers Bill (the “Bill”), which was published by the Home Office on 4 November 2015, is intended to govern the use of investigatory powers by law enforcement agencies and security and intelligence agencies. A key objective of the Bill is to address access to and retention of internet records. Under existing laws, law enforcement and security and intelligence agencies can ask communications service providers (“CSPs”) to start collecting internet records for suspected individuals, but they cannot access historic information as internet CSPs are not required to keep this. It is currently possible for these agencies to access historic telephone bills and therefore the Bill aims to address this discrepancy between telephone records and internet records as online communication has become more prevalent. Another objective of the Bill is to unite the other investigatory powers which involve intrusion into communications or private lives into a single piece of legislation, including:

  • the interception and reading of communications

  • interference with equipment (i.e. “hacking” or “bugging”) to acquire information

  • collection of “bulk” internet or phone data so that it can be reviewed for leads and patterns of criminality

Communications data

The range of public authorities that can access data goes beyond just law enforcement and security agencies. The more intrusive powers under the Bill, like the interception of contents data (which is the making available of the contents of a call, email or social media message) or interference with computer systems, will only be available to security agencies, intelligence agencies, armed forces and some law enforcement agencies. However, communications data can be accessed by a far greater range of public bodies. Under the Bill, communications data will not only include information about who sent the communication, to whom, when and how, but will now also cover “internet connection records”. Internet connection is a record of the internet services a specific device has connected to, such as a website or instant messaging application.  Under the Bill, the relevant public authorities that can access communications data includes the Department of Health, HMRC, Department for Transport, Department of Work and Pensions, the Gambling Commission, Food Standards Agency, NHS Trusts and the Information Commissioner. The Regulatory of Investigatory Powers Act 2000 (“RIPA”) also allowed a wide range of public authorities to access communications data, but this was criticised following reports that local authorities were using these powers for purposes which were not anticipated (such as checking up on parents' residence within catchment areas or detecting whether people were putting their bins out for collection on the wrong day). Following a consultation on the use of these powers in 2008, the Home Office found that despite some misuse of RIPA powers there was not widespread support for reducing the number of public authorities with access to communications data. However, under the Bill, local authorities will require judicial authority to access communications data.

As a general principle of the Bill, the more intrusive the power of access, the narrower the lawful purposes for which the data can be accessed. The interception of contents data will only be authorised in the interests of national security, for the prevention and detection of serious crime or in the interests of the economic well-being of the UK where it is connected to national security. However, access to communications data can be for much broader purposes, like collecting taxes, public health, investigating miscarriages of justice, financial regulation and for ensuring financial stability.

The rules around communications data are considerably less onerous than the rules around contents data. It is worth noting that public authorities can effectively self-authorise their access to communications data. A designated senior officer of a relevant public authority can authorise any officer of the same authority to obtain communications data. This is one of the more controversial measures of the Bill as it grants public authorities the right to view a person's internet browsing history without a warrant. 

New obligations for CSPs

The Bill places a number of obligations on telecommunications operators (“TOs”), who are defined as any person providing telecommunications services in the UK or any person that controls telecommunications systems in the UK. This definition encompasses CSPs as they were widely referred to previously. The Bill also seeks to bring together all of the existing obligations on CSPs/TOs under various pieces of legislation including RIPA, the Counter Terrorism and Security Act 2015 and the Telecommunications Act 1984. Current legislation requires CSPs to retain certain types of communications data (though not internet services records). RIPA requires CSPs to provide communications data to authorities when served with a notice, to assist in giving effect to interception warrants and to maintain permanent interception capabilities, including maintaining the ability to remove any encryption applied by the CSP to whom the notice relates. The Telecommunications Act 1984 requires CSPs to comply with directions issued by the Secretary of State in the interests of national security; this includes the acquisition of bulk communications data. 

The Bill acknowledges that the use of investigatory powers relies heavily on the cooperation of TOs/CSPs both in the UK and, in certain sections, overseas and this is a central theme in the drafting of the Bill. The assistance of TOs is often required to obtain communications data relating to a person’s use of a particular service or to intercept communications sent via that service. The assistance of TOs may also be necessary in order to gain direct access to a suspect’s device when law enforcement seeks to use equipment interference powers.

The obligations of a TO under the Bill are significant and wide-reaching. While the Bill does not require overseas companies to retain communications data, it does still require overseas companies to comply with interception warrants, mutual assistance warrants, communications data acquisition notices, equipment interference warrants and bulk warrants.

The Bill states that TOs are duty bound to do what they can to give effect to warrants to interfere with computer systems (i.e. bug or hack data) or to provide access to data, but the Bill also states that companies are not required to take any step that is not “reasonably practicable”. It is a criminal offence for TOs to make known that they have received such warrants and any steps they have taken to comply with the warrant. Failure to adhere to this secrecy requirement is punishable by up to 2 years imprisonment and a fine for the TOs. So TOs will need to satisfy themselves that they understand what their legal obligations are under this Bill as they will be unable to seek guidance following receipt of a warrant.

Significantly the Bill does include a clause that compels the Secretary of State to put in place an arrangement so that TOs can be provided with an appropriate contribution in respect of their costs of complying with an order or direction in certain circumstances under the Bill.     

Another significant power the Bill creates is to allow the Secretary of State to issue any TO in the United Kingdom with a national security notice requiring the operator to take steps as the Secretary of State considers necessary in the interests of national security. Such a notice may only be issued where the Secretary of State considers the conduct required by the notice is proportionate to what is sought to be achieved by the conduct. A national security notice may not require the taking of any steps the main purpose of which is to do something for which a warrant or authorisation is required under the Bill. The Secretary of State is under an obligation to take into account the likely benefits of the notice, the likely number of users of the TOs to whom the notice will relate, the technical feasibility and cost of complying with the notice. These notices must be kept under review by the Secretary of State. The TO is under an obligation to not disclose the existence of such a notice to any other person.

Encryption

In the build up to the publication of the Bill it was reported that the Bill would prohibit end-to-end encryption on the internet. End-to-end encryption is where only the sender and the recipient of a message can decipher the contents. Not even TOs can decipher end-to-end encryption as it currently operates thus making communications which are subject to such encryption much more difficult for intelligence agencies to monitor.  The published Bill does not contain a ban on end-to-end encryption, but it does require TOs to assist with giving effect to any warrants for data, including removing any encryption applied to that data. So if a TO has a service that utilises end-to-end encryption and they are served with a warrant, they will need to have the ability to “unlock” the contents to comply with the warrant.  As the current end-to-end encryption used by some CSPs’ services mean it is not possible to do so, CSPs’ systems will need to be re-engineered so that they can unlock any message, and this in turn makes the system more vulnerable to hacking and other cyber-crime.

Conclusion

The Bill is still passing through the normal legislative process and as such it’s possible that sections will change and more detail will be added. It seems inevitable that the passage of the Bill will meet resistance in the form of parliamentary discussion and media and public pressure. However, in light of recent terrorist attacks in Europe the Government have expressed a desire to have this Bill fast-tracked through parliament so a final Investigatory Powers Act may be closer than was originally predicted when the Bill was first published earlier this month.

For more information, please contact Nicola Fulford.