Snooper's Charter could lead to Apple vs FBI-style case in UK
Electronic Frontier Foundation warns of backdoor provisions in IPB
The Electronic Frontier Foundation (EFF) has warned the Snooper's Charter contains three clauses that could compel companies to hack their own technology while preventing them from revealing to the public what is going on.
The campaign group's comments come in the midst of an ongoing court battle in the US between Apple and the FBI, where the law enforcement agency is trying to force the company to build custom code to bypass security measures on an iPhone.
The EFF, however, has warned that the Investigatory Powers Bill (IPB), as the Snooper's Charter is properly called, could be even more of a threat to privacy and security than what is being asked of Apple by the FBI.
In a blog post, EFF's international director Danny O'Brien claimed the IPB already contains clauses that could force tech companies to re-engineer their own technology, as the FBI is requesting of Apple, and that these would be accompanied by a gag order.
"If the law passes ... not only would Apple be expected to comply, but the IPB would insist that Tim Cook could not tell the public what was going on without breaking UK law," said O'Brien. "At least in the current fight between Apple and the US government, we're having the debate out loud and in public."
O'Brien has identified three parts of the Snooper's Charter that could allow what he has described at "unchecked hacking powers".
The first of these is the Technical Capability Notice, which O'Brien describes as "a secret order that the UK would be able to serve on a telecommunications operator ... to force it to 'remov[e] electronic protection applied ... to any communications or data [and] provide facilities or services of a specified description'."
According to O'Brien, the wording of the bill is currently so broad that the term telecommunications operator "would include companies like Apple".
O'Brien also draws attention to the provision for the issuing of a National Security Notice, which he claims is "another secret instrument, even more vaguely drawn, that would require operators to 'carry out any conduct, including the provision of services of facilities,' which the British government 'considers necessary in the interests of national security'." Once again, this element includes a gag order.
His third and final point of contention is equipment interference orders, which he said "would allow the UK to break into private devices and insert new code for the purposes of surveillance or extracting data ... [including] a requirement (S.101) that any communications provider (again, this includes Apple) take any 'reasonably practicable' steps in effecting a hacking warrant".
Referencing the company's submission to the Draft Investigatory Powers Bill Committee, O'Brien said: "Apple saw in the IPB's provisions exactly what it now sees in the FBI's demands: the government asking it to undermine the trust of its own customers."
"The IPB needs to be taken back to the drawing board, and rewritten to limit these blanket powers - and to give companies and technologists a chance to speak up, and fight back," he concluded.
The essential guide to cloud-based backup and disaster recovery
Support business continuity by building a holistic emergency planDownload now
Trends in modern data protection
A comprehensive view of the data protection landscapeDownload now
How do vulnerabilities get into software?
90% of security incidents result from exploits against defects in softwareDownload now
Delivering the future of work - now
The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.Download now