The UK government is soliciting feedback from a handful of internet providers, but
isn’t consulting the tech industry or the public.
The UK government is planning to push greater surveillance powers that would force
internet providers to monitor communications in near-realtime and install backdoor
equipment to break encryption, according to a leaked document.
A draft of the proposed new surveillance powers, leaked on Thursday, is part of a
“targeted consultation” into the Investigatory Powers Act, brought into law last
year, which critics called the “most extreme surveillance law ever passed in a
Provisions in proposals show that the government is asking for powers to compel
internet providers to turn over the realtime communications of a person “in an
intelligible form,” including encrypted content, within one working day.
To that end, internet providers will be forced to introduce a backdoor point on their
networks to allow intelligence agencies to read anyone’s communications.
This “backdoor” capability was heavily criticized last year when it was floated as
part of the draft law’s proposal. Apple chief executive Tim Cook last year warned of
“dire consequences” if the legislation required internet providers or companies to
put backdoors into their systems. The provision would effectively prohibit companies
operating in the UK from introducing end-to-end encryption, a feature now commonplace
in many messaging apps, including Facebook Messenger, WhatsApp, and Apple’s own
messaging platform iMessage.
But it’s not clear exactly how the provision would be enforced — or if it would only
affect companies operating or based in the UK.
Similar questions arose when a committee of UK lawmakers criticized the original
Investigatory Powers Act prior to it becoming law late last year.
Jim Killock, executive director of Open Rights Group, who obtained the document, said
in an email that the proposals, if passed, would “make security products much easier
to break into, and means that companies may be obliged to lie to their customers
about the privacy and security that is applied to their communications.”
The draft document also asks for the capability to realtime intercept data on one out
of 10,000 citizens at any given time, allowing the government to wiretap over 6,500
citizens at any given time.
But the lack of transparency over the proposals has already drawn ire.
“The government doesn’t think it has any legal or moral obligation to consult anyone
outside of industry partners and the security services,” said Killock.
So far, the draft document has only been circulated among the UK government’s
technical advisory board, consisting of six telecoms giants, including O2, BT, BSkyB,
and Vodafone, as well as government agencies who would use the powers, thought to
include at least MI5 and GCHQ.
But the document was not made readily available on the government’s website, or to
partners in the tech industry, who would be directly affected by the provisions if
passed into law.
The consultation is open for the next three weeks until May 19, said Killock, during
which anyone can file a response with the Home Office.
A spokesperson for the Home Office did not respond to a request for comment at the
time of writing.