There's a petition to "repeal" it (really, to not enact it in the first place) at https://petition.parliament.uk/petitions/173199, though I have my doubts that that will achieve much.
My commentary paragraph: The UK's relationship to encryption and surveillance has been worrisome to those of us technical enough to understand what kind of power it represents. I do not think it's hyperbole to say that the powers discussed here are significantly more intrusive than those exercised by the East German Stasi. The only thing preventing them from being used catastrophically is the good will of the government. This should worry people.
British people have a less adversarial relationship with government than is found in American culture. One of the consequences of this is that the intelligence services are more trusted to get on with things and do whatever is necessary. There’s plenty of material to make the case that such trust is misplaced (dodgy dossiers are just the latest in a long trail of similar messes) but none of it has resulted in substantial changes in this general disposition.
That’s one of the reasons why, back in the 1990’s while the US was enacting the DMCA, the UK government was passing a law giving every trivial branch of the state substantial pen-register powers and requiring people to disclose encryption keys on pain of imprisonment. (If you don’t know a key that the police want you to disclose then you better hope you can prove that you don’t know it.)
This law was subsequently used to investigate hedge trimming, fouling of paths by dogs (more than a dozen times) and violations of car parking rules.
But, around 2008 (pre-Snowden), the Labour government was aware that the activities of GCHQ (the British NSA) were past the point where even a deferential reading of the law could cover them. In the subsequent Snowden documents, while the NSA might have had the lead role, whenever something especially crazy came up it would be the logo of GCHQ on the slides. The NSA was tapping significant fiber lines coming into the US, but it was GCHQ that decided to keep a three day buffer of nearly the entire British internet. (Thirty days for metadata.)
The solution to this was to write a law that gave GCHQ and friends the authority to do the things that they had already been doing for a while. Since none of it was public at that point, they hoped to neatly brush the excesses under the rug and make everything nice and legal for the future.
Due to a lack of political support, this plan never crystalised into a firm proposal. But the underlying problem remained for the next government, which appeared in 2010.
This new government was a coalition of a major party, the right-leaning Conservatives, and a minor party, the more socially liberal Liberal Democrats. The Conservatives in the form of the Home Secretary, Theresa May, were keen to essentially pick off where the previous attempt had failed and in 2012 things got to the point of being a draft law.
This time, the lack of support came from within the government: the minor coalition party withdrew their support and then Snowden finished it off.
Concurrent with that, the Labour party (which had been defeated in the election) held a leadership contest. Rather than pick the obvious and competent candidate they selected his younger brother. It’s probably the case that several powerful interests in the party though that the younger brother would be more compliant. Sadly, these interests didn’t realise that the younger brother, Ed Miliband, emphasised the idiot in “useful idiot” and it became clear that he was basically unelectable—dooming his party in the 2015 election.
The Liberal Democrats, the minor coalition partners from 2010, suffered terribly in the same election because they were also led by an unskilled politician who was unable to navigate the compromise between sticking up for party principles and being part of a coalition.
Thus in 2015, the Conservatives had enough support to form a government without any coalition. Enough time had, seemingly, passed since Snowden that the same Home Secretary felt it was time for another attempt at granting the intelligence services the authority to do what everyone now knew they were doing anyway, plus whatever else they wanted for the future.
Labour, having lost another election, held another leadership contest and selected a hard-left candidate. Since most of the Labour members of Parliament are fairly centrist, the party was hopelessly divided and unable to function. This is still the case.
Thus both opposition parties were crippled and this third attempt at passing the law looked like the strongest, even now that the behaviour of GCHQ was publicly known. Mrs May even admitted in public that successive governments had essentially broken the law, something confirmed in 2016 by the tribunal that was eventually compelled to investigate.
Nonetheless, there was hope that it could be stopped for a third time. Then the Brexit vote happened and nearly the entire political establishment exploded. Only one person was smart enough to stand back, Mrs May. Once everyone else had destroyed each other, she was the only significant person remaining and became Prime Minister almost by default.
At that point, I’m afraid, her pet project of five+ years was basically a done deal and the Investigatory Powers Act 2016 will soon be law.
Mrs May has also decided that the disaffected, anti-migration, fairly nationalist segment of the population that were the core of the Brexit vote would make a great pillar of political support in the future. The traditional core of Conservative support have been the more wealthy, but since they don’t have a real alternative, Mrs May is betting that she can focus on this new segment of voters and secure her future power.
She might well be correct and Americans might recognise some parallels with the Trump victory. Comparing Theresa May to Donald Trump would be inaccurate and insulting (to Mrs May), but there are similarities to the underlying political calculations; which is disquieting.
So it will soon be the case that UK ISPs must keep a record of every website visited, except that it’s not fully defined how much data ISPs must collect and it could be full netflow data in some cases. The police and other government organisations will be able to access this information at will: only the authority of a senior officer is required.
The intelligence services will have the authority to do the mass surveillance and mass hacking that is now their norm and we probably won’t find out what new things they’ll start doing for some time. They’ll gain the ability to demand “bulk personal datasets” from third parties too.
And, most problematically, they now have vaguely defined powers to compel cooperation from third parties on a variety of matters, all of which come with a gag order. This includes “technical capability notices” (section 254) which essentially can require anything “that [...] is (and remains) practicable” to demand. Oh and “a technical capability notice may be given to persons outside the United Kingdom (and may require things to be done, or not to be done, outside the United Kingdom)” and one “must not disclose the existence or contents of the notice to any other person without the permission of the Secretary of State.”
So the UK government reserves the right to demand anything that’s possible, extraterritorially or otherwise, and in secret.
Every other nation's intelligence community will soon be crying to their political masters that they they want one too and, in this political reality, anything is possible.
If you work at a technology firm, please keep this in mind when making design decisions. This internet that we’re building is a powerful tool and we engineers have more say than most about what this tool is going to be used for.