IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

UK government's draft spying powers get leaked online

Open Rights Group lifts curtain on Home Office's secretive consultation

The UK government has drawn up details of its surveillance powers and put them out for a secretive consultation without letting the public know.

The government wants to give itself the ability to monitor British people's communications and force UK firms to include encryption backdoors in their products. Under the proposed Investigatory Powers (Technical Capability) Regulations 2017, telecoms providers must allow the government to simultaneously spy on one in 10,000 of their customers at any time.

Telcos would also have to provide any information the government requests within one working day, and must notify Home Secretary Amber Rudd if there will be any changes to their service, including the development of new services - these will have to be built with the obligations and requirements of the technical capability notice in mind.

Furthermore, telecoms providers must provide backdoors to encrypted data sitting in their services so that the government can access any communications. Telecoms providers must "remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data".

The notice also extends to the postal service, where the government will have the power to "open, copy and reseal any postal item" in order to inspect its contents.

The Open Rights Group leaked the draft yesterday on its website and highlighted that the short four-week consultation had not been publicised to the tech industry or to the public. Under Section 253 (6) of the Investigatory Powers Act, the Secretary of State is under no obligation to consult the public, but instead must consult a small selection of organisations likely to be affected by the proposals.

Concluding on 19 May, responses to the consultation can be sent to investigatorypowers@homeoffice.gsi.gov.uk.

These measures have passed through a Technical Advisory Board composed of six industry representatives from O2, BT, BSkyB, Cable and Wireless, Vodafone and Virgin Media, alongside six representatives from UK spy agencies and a neutral chair.

Open Rights Group's executive director, Jim Killock, said: "These powers could be directed at companies like WhatsApp to limit their encryption. The regulations would make the demands that Amber Rudd made to attack end-to-end encryption a reality. But if the powers are exercised, this will be done in secret.

"The public has a right to know about government powers that could put their privacy and security at risk. There needs to be transparency about how such measures are judged to be reasonable, the risks that are imposed on users and companies, and how companies can challenge government demands that are unreasonable. Selective, secret consultations have no place in open government."

The Investigatory Powers Act passed through Parliament last November despite facing strong opposition, and received Royal Assent soon after to become an act. However, large parts of it were struck down by the European Court of Justice in February over its bulk data collection plans. It was thought then that the government would seek new ways to reinstate bulk data collection.

IT Pro has approached the Home Office for comment.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022