Leaked: The UK’s secret blueprint with telcos for mass spying on internet, phones – and backdoors

The UK government has secretly drawn up more details of its new bulk surveillance powers, awarding itself the ability to monitor the live communications of all UK citizen – and inserting encryption backdoors by the backdoor.

In the draft technical capability notices paper [PDF], all communications companies – including phone companies and ISPs – will be obliged to provide real-time access to the full content of any named individual within 24 hours, as well as any “secondary data” relating to that person.

That includes encrypted content – which means that UK companies will not be allowed to introduce true end-to-end encryption of their users’ data but will be legally required to introduce a backdoor to their systems so the authorities can read any and all communications.

In addition, comms providers will be required to make bulk surveillance possible by introducing systems that can provide real-time interception of 1 in 10,000 of its customers. Or in other words, the UK government will be able to simultaneously spy on 6,500 UK citizens at any given moment.

The live surveillance of individuals will require authorization from senior police or secretaries of state, overseen by a judge appointed by the prime minister. And there are a few safeguards built into the system following strong opposition to earlier drafts of the Investigatory Powers Act.

Closed doors

What will concern many, however, is how the draft paper and its contents are being handled.

The technical capability notices paper has only been provided to a select few companies – mostly ISPs and telcos – on a short four-week consultation, but a copy of the draft found its way to the Open Rights Group, which has published it online today.

According to the document, it has already passed through the UK’s Technical Advisory Board, which comprises six telco representatives (currently O2, BT, BSkyB, Cable and Wireless, Vodafone and Virgin Media), six people from the government’s intercepting agencies and a chair.

That means that the contents have already been largely agreed to by most of the companies that have been included in the closed consultation.

It is unclear whether the Home Office intends to make it available for public comment after that time or whether it will seek to push it through the legislature before anyone outside the consultation group has an opportunity to review it.

The rules will have to be formally approved by both houses of Parliament before becoming law.

You ain’t see me, right?

The process and the approach seem to be purposefully obscure. The rules come under Section 267(3)(i) of the Investigatory Powers Act – a one paragraph section that refers back to Section 253, which covers “Technical capability notices.”

There is no mention of the technical capability notices paper existing either on the Home Office website or on the Gov.uk consultation website. And the only reason we know about it is presumably because someone at one of the few companies that have been sent the draft rules decided to tell Open Rights Group about it.

But what the nine-page document does is provide the government with the legal authority to monitor any UK citizen in real time, as well as effectively make unbreakable encryption illegal.

The consultation is open until 19 May. If you would like the UK government to know your views, then email investigatorypowers@homeoffice.gsi.gov.uk. ®

PS: The Home Office ran a short public consultation earlier this year on a code of conduct for government snoops.

Source: The Register – Security @ May 4, 2017 at 02:36PM

0
Share