Leaked document shows gory details about UK plans to break encryption and snoop in bulk
Campaigner Jim Killock: 'Secret consultations have no place in open government.'
The UK government's spying law, the Investigatory Powers Bill (IPBill), faced renewed criticism this week (5 May) after key portions of its demands on UK telecommunications providers were leaked, shining a spotlight on demands for "real-time" snooping and the shattering of encryption.
According to an official document disclosed by the Open Rights Group, titled "draft technical capability notice", the content of telephone calls, text messages and internet browsing will have to be made available to the authorities, upon warrant, within a single working day.
It requires all UK telecommunications operators to "provide and maintain the capability to ensure the interception, in their entirety, of all communications [...] in their entirety, of all secondary data authorised or required by the warrant."
On the topic of encryption, it asks companies to "disclose, where practicable, the content of communications [...] in an intelligible form and to remove electronic protection [emphasis added] applied by or on behalf of the telecommunications operator."
Authorities will have access the transmission of communications in "near real time", it said. This never-before-seen consultation provides unprecedented insight on what exactly the UK government is asking of tech companies such as WhatsApp, Apple and Google.
"This is a 'targeted consultation' and has not been publicised to the tech industry or public," Open Rights Group said in a blog post. "The Secretary of State is in fact not under any obligation to consult the public, but instead must consult only a small selection of organisations," it added.
These organisations, which make up the government's Technical Advisory Board, include representatives from O2, BT, BskyB, Vodafone, Cable and Wireless and Virgin Media.
It is believed many of these firms have already received and processed the proposals. The consultation is reportedly set to conclude on 19 May.
Limiting encryption
Jim Killock, executive director of the Open Rights Group said: "Selective, secret consultations have no place in open government."
"These powers could be directed at companies like WhatsApp to limit their encryption," he continued, adding: "The regulations would make the demands that Amber Rudd made to attack end-to-end encryption a reality. But if the powers are exercised, this will be done in secret.
"The public has a right to know about government powers that could put their privacy and security at risk.
"There needs to be transparency about how such measures are judged to be reasonable, the risks that are imposed on users [...] and how companies can challenge the demands.
"Sometimes, surveillance capabilities may be justified and safe: but at other times, they might put many more people – who are not suspected of any crime – at risk."
The nine-page leaked document indicates UK companies providing end-to-end encryption will be forced to "modify" their products to allow access to the government upon demand.
It remains to be seen the impact such legislation will have on the slew of US technology giants currently operating in Britain.
According to the Home Office, no obligations will be imposed on telecommunications firms which solely provide service to banking, insurance, investment or other financial services. Additionally, the warrants are not being imposed on operators with fewer than 10,000 customers, it claimed.
Ultimately, this was not unexpected.
The law, which brings a slew of other existing bills under one roof, has long been known to give the security services, intelligence agencies, police forces and local authority's enhanced legal backing to access – in bulk – massive amounts of information about phone calls and internet activity.
Essentially, it puts into writing the mass surveillance activities of GCHQ, MI5 and MI6 previously revealed by former NSA computer analyst Edward Snowden. Such powers include bulk computer hacking, bulk communications interception and the retention of bulk personal datasets.
This data will have to be stored by telecommunications providers for 12 months. Exact details about how much this will cost in reality remains unclear. The government has stressed a "double lock" feature adds some much-needed safeguards, yet many critics remain sceptical.
The Home Office marked the passing of the bill by claiming security officials will now have "the powers they need in a digital age to disrupt terrorist attacks." Amid backlash from privacy groups, the UK Home Secretary, Amber Rudd, praised the bill as a piece of "world-leading legislation."
© Copyright IBTimes 2024. All rights reserved.