UK Proposes Online Surveillance In Real-Time

The "live" surveillance of British web users' internet communications has been proposed in a draft technical paper prepared by the government.

If made law, such access would occur via the Investigatory Powers (IP) Act, which includes provisions for the removal of encryption on content.

The paper was allegedly leaked to civil liberties body the Open Rights Group, which received the document on 4 May. The Home Office denied there was anything new in the consultation.

Phone companies and Internet service providers would be asked to provide "data in near real time" within one working day, according to one clause in the technical capabilities paper, which sounds similar to what Snowden reported in the US.

Such access would need to be sanctioned by secretaries of state and a judge appointed by the prime minister.

The paper also echoes the IP Act itself, noting that tech companies would be required to remove - or enable the removal - of encryption from communications as they would need to be provided "in an intelligible form" without "electronic protection". Cryptographers often describe such access as a "backdoor" in the security of communications services.

The idea is controversial because some argue it could be exploited by hackers, endangering innocent users.

Under the terms of the Investigatory Powers Act, telecoms firms would have to carry out the requirements of any notices to these effects in secret, so the public would be unaware that such access had been given.

Simultaneous surveillance could occur in bulk, but be limited to one in every 10,000 users of a given service - a maximum of roughly 900 of BT's 9 million British broadband customers, for instance.

A consultation about the paper - due to end on 19 May, is allegedly under way at the moment, though this was not publicly announced by the government.

It does not have a legal obligation notify the public about draft regulations, which would have to be passed by both Houses of Parliament in order to become law. However, the paper suggests that the regulations have already been seen by the UK's Technical Advisory Board.

A BT spokesman confirmed the company had received "a copy of draft regulations, to be made under the Investigatory Powers Act 2016, in relation to technical capability notices" - but did not comment further.

Security Risk

"The public has a right to know about government powers that could put their privacy and security at risk," said Jim Killock, executive director of the Open Rights Group, explaining the decision to publish the document.

"It seems very clear that the Home Office intends to use these to remove end-to-end encryption - or more accurately to require tech companies to remove it," said Dr Cian Murphy, a legal expert at the University of Bristol who has criticised the scope of the IP act.

"I do read the regulations as the Home Office wanting to be able to have near real-time access to web chat and other forms of communication," he told the BBC.

Home Secretary Amber Rudd has previously argued that the Investigatory Powers Act is necessary to curb "new opportunities for terrorists" afforded by the Internet.

In March, Ms. Rudd's comments that encrypted messaging services like WhatsApp should not be places "for terrorists to hide" caused much debate.

Surveillance of some mobile phone user data in "as near real-time as possible" has already been available to law enforcement authorities for many years, noted Dr Steven Murdoch at University College London.

The UK's Internet Service Providers' Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others, said it would be "consulting its members and submitting a response to the draft regulations".

BBC

You Might Also Read:

The British IP Bill & Protection From Government Snoopers:

What Does Brexit Mean For British Data Privacy?:

MI5's Uncontrolled Bulk Data Collection:

 

« Bank Data Breaches Are Up And It's An Inside Job
Major Defence Company Adopts Blockchain »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Protective Intelligence

Protective Intelligence

Protective Intelligence brings together a group of information security specialists with a passion for delivering high-quality solutions.

Caldew Consulting

Caldew Consulting

Caldew specialise in providing information assurance and cyber security consultancy, covering the full spectrum of the security life cycle.

Titus

Titus

Titus is a global leader in enterprise-grade data protection solutions.

Ahope

Ahope

Ahope is a mobile security solution provider in Korea with a long history of security solution development.

Cobalt Strike

Cobalt Strike

Cobalt Strike is penetration testing software designed to execute targeted attacks.

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

Norsk Akkreditering

Norsk Akkreditering

Norsk Akkreditering is the national accreditation body for Norway. The directory of members provides details of organisations offering certification services for ISO 27001.

Casque SNR

Casque SNR

CASQUE SNR is the next generation of Identity Assurance that has potential to supersede existing solutions. It provides Identity Assurance for both people and things.

DDLS

DDLS

DDLS is Australia's largest provider of corporate IT, process training and cybersecurity training courses and certification programs.

Cryptyk

Cryptyk

CRYPTYK CLOUD is the first complete enterprise-class cloud security solution that includes cloud storage and broad protection against all external and internal threats.

RhodeCode

RhodeCode

RhodeCode is an open source repository management platform. It provides unified security and team collaboration across Git, Subversion, and Mercurial.

Global Resources

Global Resources

Global Resources' planning and management capabilities support city, regional, and national utility and infrastructure management, and information systems and cyber security service delivery.

MTI

MTI

MTI is a solutions and service provider, specialising in data & cyber security, datacentre modernisation, modern workplace, IT managed services and IT transformation services.

Cyber Security Council UAE

Cyber Security Council UAE

The Cyber Security Council's vision is to protect UAE cyberspace, maintain confidence in our digital infrastructure and institutions, and build a cyber-resilient society.

Brightworks Group

Brightworks Group

BrightWorks Group offer comprehensive technology operations and security operations consulting services, tailored to meet your specific needs.

Mitra Informatics Integration (MII)

Mitra Informatics Integration (MII)

Mitra Informatics Integration is the information communication technology solution business of the Metrodata Group.