The UK government is planning to push greater surveillance powers that would force internet providers to monitor communications in near-realtime and install backdoor equipment to break encryption, according to a leaked document.
A draft of the proposed new surveillance powers, leaked on Thursday, is part of a “targeted consultation” into the Investigatory Powers Act, brought into law last year, which critics called the “most extreme surveillance law ever passed in a democracy”.
Provisions in proposals show that the government is asking for powers to compel internet providers to turn over the realtime communications of a person “in an intelligible form,” including encrypted content, within one working day.
To that end, internet providers will be forced to introduce a backdoor point on their networks to allow intelligence agencies to read anyone’s communications.
This “backdoor” capability was heavily criticized last year when it was floated as part of the draft law’s proposal. Apple chief executive Tim Cook last year warned of “dire consequences” if the legislation required internet providers or companies to put backdoors into their systems. The provision would effectively prohibit companies operating in the UK from introducing end-to-end encryption, a feature now commonplace in many messaging apps, including Facebook Messenger, WhatsApp, and Apple’s own messaging platform iMessage.
But it’s not clear exactly how the provision would be enforced — or if it would only affect companies operating or based in the UK.
Similar questions arose when a committee of UK lawmakers criticized the original Investigatory Powers Act prior to it becoming law late last year.
Jim Killock, executive director of Open Rights Group, who obtained the document, said in an email that the proposals, if passed, would “make security products much easier to break into, and means that companies may be obliged to lie to their customers about the privacy and security that is applied to their communications.”
The draft document also asks for the capability to realtime intercept data on one out of 10,000 citizens at any given time, allowing the government to wiretap over 6,500 citizens at any given time.
But the lack of transparency over the proposals has already drawn ire.
“The government doesn’t think it has any legal or moral obligation to consult anyone outside of industry partners and the security services,” said Killock.
So far, the draft document has only been circulated among the UK government’s technical advisory board, consisting of six telecoms giants, including O2, BT, BSkyB, and Vodafone, as well as government agencies who would use the powers, thought to include at least MI5 and GCHQ.
But the document was not made readily available on the government’s website, or to partners in the tech industry, who would be directly affected by the provisions if passed into law.
The consultation is open for the next three weeks until May 19, said Killock, during which anyone can file a response with the Home Office.
A spokesperson for the Home Office did not respond to a request for comment at the time of writing.
Source: SANS ISC SecNewsFeed @ May 5, 2017 at 02:12AM