A leaked draft of proposed regulations shows that the UK government is after greater communication surveillance powers, and that in order to get them, it will legally require UK communications companies to provide the technical capabilities.
The regulations would compel UK postal, phone and ISP companies, but also entities that facilitate communication (e.g. apps) to provide real-time access to targeted customers’ communications, and this includes providing backdoors into encrypted ones (if the encryption capability is provided by the operator).
“[The telecommunications service operators would be obligated] To provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data, or to permit the person to whom the warrant is addressed to remove such electronic protection,” the draft says.
Also, “To provide and maintain the capability to simultaneously intercept, or obtain secondary data from, communications relating to up to 1 in 10,000 of the persons to whom the telecommunications operator provides the telecommunications service to which the communications relate.”
The real-time surveillance capabilities would, under this legislation, have to be made available by the operators within one working day from the release of the warrant (authorized by the Secretary of State, and approved by Judicial Commissioners).
The draft of the regulations has been already approved by the UK Technical Advisory Board, which includes representatives of six of the biggest telecom companies (O2, BT, BSkyB, Cable and Wireless, Vodafone, Virgin Media), as well as representatives of UK government agencies that would take advantage of these surveillance powers.
“This is a ‘targeted consultation’ – and has not been publicised to the tech industry or public. The Secretary of State is in fact not under any obligation to consult the public,” noted the Open Rights Group, a UK privacy and free speech rights organization that leaked the document.
“Selective, secret consultations have no place in open Government,” the Group’s Executive Director Jim Killock commented. “These powers could be directed at companies like WhatsApp to limit their encryption. The regulations would make the demands that Amber Rudd made to attack end-to-end encryption a reality. But if the powers are exercised, this will be done in secret.”
“The public has a right to know about government powers that could put their privacy and security at risk. There needs to be transparency about how such measures are judged to be reasonable, the risks that are imposed on users and companies, and how companies can challenge government demands that are unreasonable,” he added.
Under the IP Act, these technical capability notices directed at the telecoms can be challenged on technical grounds, to an Advisory Board. But, Open Rights Group points out, “the criteria for making a sound judgement of risk to all parties are not set out in the Act, nor the draft regulations; nor is there a clear route of appeal.”
Consultation for the draft concludes on May 19, and the members of the public that wish their voice to be heard on it can send their opinions to firstname.lastname@example.org.
The final version of the regulations will be laid before the Parliament for approval.