UK government's draft spying powers get leaked online

The UK government has drawn up details of its surveillance powers and put them out for a secretive consultation without letting the public know.

The government wants to give itself the ability to monitor British people's communications and force UK firms to include encryption backdoors in their products. Under the proposed Investigatory Powers (Technical Capability) Regulations 2017, telecoms providers must allow the government to simultaneously spy on one in 10,000 of their customers at any time.

Telcos would also have to provide any information the government requests within one working day, and must notify Home Secretary Amber Rudd if there will be any changes to their service, including the development of new services - these will have to be built with the obligations and requirements of the technical capability notice in mind.

Furthermore, telecoms providers must provide backdoors to encrypted data sitting in their services so that the government can access any communications. Telecoms providers must "remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data".

The notice also extends to the postal service, where the government will have the power to "open, copy and reseal any postal item" in order to inspect its contents.

The Open Rights Group leaked the draft yesterday on its website and highlighted that the short four-week consultation had not been publicised to the tech industry or to the public. Under Section 253 (6) of the Investigatory Powers Act, the Secretary of State is under no obligation to consult the public, but instead must consult a small selection of organisations likely to be affected by the proposals.

Concluding on 19 May, responses to the consultation can be sent to investigatorypowers@homeoffice.gsi.gov.uk.

These measures have passed through a Technical Advisory Board composed of six industry representatives from O2, BT, BSkyB, Cable and Wireless, Vodafone and Virgin Media, alongside six representatives from UK spy agencies and a neutral chair.

Open Rights Group's executive director, Jim Killock, said: "These powers could be directed at companies like WhatsApp to limit their encryption. The regulations would make the demands that Amber Rudd made to attack end-to-end encryption a reality. But if the powers are exercised, this will be done in secret.

"The public has a right to know about government powers that could put their privacy and security at risk. There needs to be transparency about how such measures are judged to be reasonable, the risks that are imposed on users and companies, and how companies can challenge government demands that are unreasonable. Selective, secret consultations have no place in open government."

The Investigatory Powers Act passed through Parliament last November despite facing strong opposition, and received Royal Assent soon after to become an act. However, large parts of it were struck down by the European Court of Justice in February over its bulk data collection plans. It was thought then that the government would seek new ways to reinstate bulk data collection.

IT Pro has approached the Home Office for comment.

Zach Marzouk

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.