UK government's draft spying powers get leaked online

Open Rights Group lifts curtain on Home Office's secretive consultation

The UK government has drawn up details of its surveillance powers and put them out for a secretive consultation without letting the public know.

The government wants to give itself the ability to monitor British people's communications and force UK firms to include encryption backdoors in their products. Under the proposed Investigatory Powers (Technical Capability) Regulations 2017, telecoms providers must allow the government to simultaneously spy on one in 10,000 of their customers at any time.

Telcos would also have to provide any information the government requests within one working day, and must notify Home Secretary Amber Rudd if there will be any changes to their service, including the development of new services - these will have to be built with the obligations and requirements of the technical capability notice in mind.

Furthermore, telecoms providers must provide backdoors to encrypted data sitting in their services so that the government can access any communications. Telecoms providers must "remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data".

The notice also extends to the postal service, where the government will have the power to "open, copy and reseal any postal item" in order to inspect its contents.

The Open Rights Group leaked the draft yesterday on its website and highlighted that the short four-week consultation had not been publicised to the tech industry or to the public. Under Section 253 (6) of the Investigatory Powers Act, the Secretary of State is under no obligation to consult the public, but instead must consult a small selection of organisations likely to be affected by the proposals.

Concluding on 19 May, responses to the consultation can be sent to investigatorypowers@homeoffice.gsi.gov.uk.

These measures have passed through a Technical Advisory Board composed of six industry representatives from O2, BT, BSkyB, Cable and Wireless, Vodafone and Virgin Media, alongside six representatives from UK spy agencies and a neutral chair.

Open Rights Group's executive director, Jim Killock, said: "These powers could be directed at companies like WhatsApp to limit their encryption. The regulations would make the demands that Amber Rudd made to attack end-to-end encryption a reality. But if the powers are exercised, this will be done in secret.

"The public has a right to know about government powers that could put their privacy and security at risk. There needs to be transparency about how such measures are judged to be reasonable, the risks that are imposed on users and companies, and how companies can challenge government demands that are unreasonable. Selective, secret consultations have no place in open government."

The Investigatory Powers Act passed through Parliament last November despite facing strong opposition, and received Royal Assent soon after to become an act. However, large parts of it were struck down by the European Court of Justice in February over its bulk data collection plans. It was thought then that the government would seek new ways to reinstate bulk data collection.

IT Pro has approached the Home Office for comment.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

12 Nov 2021