By Chris Baraniuk, Technology reporter
The “live” surveillance of British web users’ internet communications has been proposed in a draft technical paper allegedly prepared by the government.
If made law, such access would occur via the Investigatory Powers (IP) Act, which includes provisions for the removal of encryption on content.
The paper was allegedly leaked to civil liberties body the Open Rights Group, which received the document on 4 May.
The Home Office has not yet responded to a BBC request for comment.
Phone companies and internet service providers would be asked to provide “data in near real time” within one working day, according to one clause in the technical capabilities paper.
Such access would need to be sanctioned by secretaries of state and a judge appointed by the prime minister.
The paper also echoes the IP Act itself, noting that tech companies would be required to remove – or enable the removal – of encryption from communications as they would need to be provided “in an intelligible form” without “electronic protection”.
Cryptographers often describe such access as a “backdoor” in the security of communications services.
The idea is controversial because some argue it could be exploited by hackers, endangering innocent users.
Under the terms of the Investigatory Powers Act, telecoms firms would have to carry out the requirements of any notices to these effects in secret, so the public would be unaware that such access had been given.
Simultaneous surveillance could occur in bulk, but be limited to one in every 10,000 users of a given service – a maximum of roughly 900 of BT’s 9 million British broadband customers, for instance.
A consultation about the paper – due to end on 19 May – is allegedly under way at the moment, though this was not publicly announced by the government.
It does not have a legal obligation notify the public about draft regulations, which would have to be passed by both Houses of Parliament in order to become law.
However, the paper suggests that the regulations have already been seen by the UK’s Technical Advisory Board.
A BT spokesman confirmed the company had received “a copy of draft regulations, to be made under the Investigatory Powers Act 2016, in relation to technical capability notices” – but did not comment further.
‘Security risk’
“The public has a right to know about government powers that could put their privacy and security at risk,” said Jim Killock, executive director of the Open Rights Group, explaining the decision to publish the document.
“It seems very clear that the Home Office intends to use these to remove end-to-end encryption – or more accurately to require tech companies to remove it,” said Dr Cian Murphy, a legal expert at the University of Bristol who has criticised the scope of the IP act.
“I do read the regulations as the Home Office wanting to be able to have near real-time access to web chat and other forms of communication,” he told the BBC.
Home Secretary Amber Rudd has previously argued that the Investigatory Powers Act is necessary to curb “new opportunities for terrorists” afforded by the internet.
In March, Ms Rudd’s comments that encrypted messaging services like WhatsApp should not be places “for terrorists to hide” caused much debate.
Surveillance of some mobile phone user data in “as near real-time as possible” has already been available to law enforcement authorities for many years, noted Dr Steven Murdoch at University College London.
The UK’s Internet Service Providers’ Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others, said it would be “consulting its members and submitting a response to the draft regulations”.
Source: http://www.bbc.co.uk/
