UK Proposes Online Surveillance In Real-Time

The "live" surveillance of British web users' internet communications has been proposed in a draft technical paper prepared by the government.

If made law, such access would occur via the Investigatory Powers (IP) Act, which includes provisions for the removal of encryption on content.

The paper was allegedly leaked to civil liberties body the Open Rights Group, which received the document on 4 May. The Home Office denied there was anything new in the consultation.

Phone companies and Internet service providers would be asked to provide "data in near real time" within one working day, according to one clause in the technical capabilities paper, which sounds similar to what Snowden reported in the US.

Such access would need to be sanctioned by secretaries of state and a judge appointed by the prime minister.

The paper also echoes the IP Act itself, noting that tech companies would be required to remove - or enable the removal - of encryption from communications as they would need to be provided "in an intelligible form" without "electronic protection". Cryptographers often describe such access as a "backdoor" in the security of communications services.

The idea is controversial because some argue it could be exploited by hackers, endangering innocent users.

Under the terms of the Investigatory Powers Act, telecoms firms would have to carry out the requirements of any notices to these effects in secret, so the public would be unaware that such access had been given.

Simultaneous surveillance could occur in bulk, but be limited to one in every 10,000 users of a given service - a maximum of roughly 900 of BT's 9 million British broadband customers, for instance.

A consultation about the paper - due to end on 19 May, is allegedly under way at the moment, though this was not publicly announced by the government.

It does not have a legal obligation notify the public about draft regulations, which would have to be passed by both Houses of Parliament in order to become law. However, the paper suggests that the regulations have already been seen by the UK's Technical Advisory Board.

A BT spokesman confirmed the company had received "a copy of draft regulations, to be made under the Investigatory Powers Act 2016, in relation to technical capability notices" - but did not comment further.

Security Risk

"The public has a right to know about government powers that could put their privacy and security at risk," said Jim Killock, executive director of the Open Rights Group, explaining the decision to publish the document.

"It seems very clear that the Home Office intends to use these to remove end-to-end encryption - or more accurately to require tech companies to remove it," said Dr Cian Murphy, a legal expert at the University of Bristol who has criticised the scope of the IP act.

"I do read the regulations as the Home Office wanting to be able to have near real-time access to web chat and other forms of communication," he told the BBC.

Home Secretary Amber Rudd has previously argued that the Investigatory Powers Act is necessary to curb "new opportunities for terrorists" afforded by the Internet.

In March, Ms. Rudd's comments that encrypted messaging services like WhatsApp should not be places "for terrorists to hide" caused much debate.

Surveillance of some mobile phone user data in "as near real-time as possible" has already been available to law enforcement authorities for many years, noted Dr Steven Murdoch at University College London.

The UK's Internet Service Providers' Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others, said it would be "consulting its members and submitting a response to the draft regulations".

BBC

You Might Also Read:

The British IP Bill & Protection From Government Snoopers:

What Does Brexit Mean For British Data Privacy?:

MI5's Uncontrolled Bulk Data Collection:

 

« Bank Data Breaches Are Up And It's An Inside Job
Major Defence Company Adopts Blockchain »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

GSMA - IoT Security Guidelines

GSMA - IoT Security Guidelines

GSMA has created a set of security guidelines for the benefit of service providers who are looking to develop new IoT products and services.

ForgeRock

ForgeRock

ForgeRock, the leader in digital identity, delivers comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world.

Netskope

Netskope

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data.

CybelAngel

CybelAngel

CybelAngel is a leading digital risk protection platform that detects and resolves external threats before these wreak havoc.

MIT Internet Policy Research Initiative (IPRI)

MIT Internet Policy Research Initiative (IPRI)

IPRI's mission is to work with policy makers and technologists to increase the trustworthiness and effectiveness of interconnected digital systems

HumanFirewall

HumanFirewall

HumanFirewall makes it possible for every individual to take part in securing their organisation. With HumanFirewall, achieving security has never been easier.

YL Ventures

YL Ventures

YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead.

Earlybird Venture Capital

Earlybird Venture Capital

Earlybird is a venture capital investor focused on European technology innovators.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

Teleport

Teleport

Teleport is a remote-first technology company. We enable engineers to quickly access any computing resource anywhere on the planet.

Gunnison Consulting Group

Gunnison Consulting Group

Gunnison Consulting Group serves the Federal Government with high quality IT consulting services.

Lumifi

Lumifi

Lumifi provide end-to-end cybersecurity resilience solutions with a specialty in managed detection and response (MDR) services.

Identity Digital

Identity Digital

Identity Digital simplifies and connects a fragmented online world with domain names and related technologies that allow people and businesses to build, market and own their digital identities.

Theos Cyber Solutions

Theos Cyber Solutions

Theos Cyber provides service-first cybersecurity solutions to digital businesses in Asia.

Antivirus Tales

Antivirus Tales

Antivirus Tales offers a platform to resolve all types of antivirus-related issues. The platform also provide various blog articles and informative guides to fix antivirus software errors.

Tamnoon

Tamnoon

Tamnoon is the Managed Cloud Detection and Response platform that helps you turn CNAPP and CSPM alerts into action and fortify your cloud security posture.