1. Service providers need to keep web records
There are now wider obligations for Communication Service Providers (CSP)s to work with investigating bodies. CSPs will be required to keep internet connection records for 12 months under the legislation. This will detail a specific service that device has connected to a specific web service, although not where the person travelled within that service.
2. Judges and Secretaries of state will both have oversight
The proposal legislation says that both a secretary of state and Judge, one of a group of judicial commissioners, will have to sign an interception warrant, a "double lock". Currently the Home Secretary can sign them without judicial input.
In "urgent" cases just the secretary of state can sign a warrant, with judicial oversight to follow later.
3. Tech Advisory Board remains
Provision for a Technical Advisory Board continues, giving the industry a forum on which to feedback about the costs and other business burdens that come from firmss compliance with these laws..
4. Damage to encryption?
The Home Secretary insisted that encryption had not been banned in the draft proposals, and documentation with them says: "The draft Bill will not impose any additional requirements in relation to encryption over and above the existing obligations" However, those law include an obligation on service providers to take reasonable steps for communications to be readable.
5. Backdoors
The draft Bill allows the Secretary of State to require service providers to make the interception and collection of data in the Bill possible on a permanent basis, a backdoor into software that some people have raised concerns about.