The draft, produced by private consultation, was leaked to the Open Rights Group. It details rules that would fall under Section 267(3)(i) of the Investigatory Powers Act.
UK government is secretly planning to break encryption and spy on people’s phones, reveals leaked document https://t.co/qSBQuMG25D #IPAct
— Open Rights Group (@OpenRightsGroup) May 5, 2017
The rules would compel all communications companies — including phone networks and ISPs — to provide real-time access to any named individual's full content within a single working day, as well as any "secondary data" related to that individual, including encrypted content.
This means UK organizations will be precluded from introducing true end-to-end encryption of user data, and legally required to introduce backdoors to their systems, so authorities can monitor any and all communications. Such ease of access was demanded by Home Secretary Amber Rudd in the wake of the March 22 Westminster terrorist attack.
In addition, communication firms would be required to facilitate bulk surveillance by introducing systems capable of providing real-time interception of 1 in 10,000 customers — in essence, the government would be capable of spying on 6,500 individuals simultaneously.
"[Communications companies must] provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data," the document states.
Bad day for tech as leaked gov draft reveal plans to force tech companies to weaken encryption via @OpenRightsGrouphttps://t.co/HqFdn5zalb pic.twitter.com/sLa8XZaCxV
— Pyramid WiFi (@pyramidwifi) May 5, 2017
There are mild safeguards in the proposals, which would theoretically prevent unchecked use and abuse of the powers. Live surveillance would require authorization from the Home and Justice Secretaries, and a judge appointed by the Prime Minister.
While still at draft level, the technical capability notices paper has already been circulated to communications firms as part of a four-week consultation process, and passed through the UK's Technical Advisory Board, comprised of six telecom company representatives (O2, BT, BSkyB, Cable and Wireless, Vodafone and Virgin Media), six representatives of the UK's intercepting agencies, and a board chair.
This means the contents have already been largely agreed to by the bulk of the organizations included in the private consultation, which ends May 19. It remains uncertain whether the Home Office will open up the consultation to the public, or simply forward the document to parliament for formal rubber stamping without external review. Concerned readers may wish to email the UK government directly.
@JonyIveParody Error 404 politician not found
— Gabriel Igliozzi (@gabeiglio) May 3, 2017
Alex Walker, chief technology officer at UK cybersecurity firm Hook.ee, notes a particularly horrifying portion of the paper, covering requirements for postal operators, would allow the government to "open, copy and reseal any postal item."
"It makes me feel sick. The utter ignorance of the people making the decisions is abhorrent. Such measures move beyond the web to encompass the masses — this is blatant Stasi levels of spying. It isn't about the web anymore, this is 100 percent mass surveillance," Mr. Walker told Sputnik.
Despite his nausea, Mr. Walker finds the government's attempts to illegalize encryption somewhat mirthful. He notes that until the 1970s, information was often encrypted by hand — written down according to a set of rules, designed to make information unreadable to anyone who did not possess the necessary "key." Such ciphers were genuinely unbreakable.
"Are the government going to stop people doing encryption by hand now? Encryption is indistinguishable from random gibberish — and there's no way of proving if a code is one or the other. It's impossible to uphold such stupidity. The obvious result of banning encryption would be to shift more and more communications over to the dark web, anyway," he concluded.