UK Proposes Online Surveillance In Real-Time

The "live" surveillance of British web users' internet communications has been proposed in a draft technical paper prepared by the government.

If made law, such access would occur via the Investigatory Powers (IP) Act, which includes provisions for the removal of encryption on content.

The paper was allegedly leaked to civil liberties body the Open Rights Group, which received the document on 4 May. The Home Office denied there was anything new in the consultation.

Phone companies and Internet service providers would be asked to provide "data in near real time" within one working day, according to one clause in the technical capabilities paper, which sounds similar to what Snowden reported in the US.

Such access would need to be sanctioned by secretaries of state and a judge appointed by the prime minister.

The paper also echoes the IP Act itself, noting that tech companies would be required to remove - or enable the removal - of encryption from communications as they would need to be provided "in an intelligible form" without "electronic protection". Cryptographers often describe such access as a "backdoor" in the security of communications services.

The idea is controversial because some argue it could be exploited by hackers, endangering innocent users.

Under the terms of the Investigatory Powers Act, telecoms firms would have to carry out the requirements of any notices to these effects in secret, so the public would be unaware that such access had been given.

Simultaneous surveillance could occur in bulk, but be limited to one in every 10,000 users of a given service - a maximum of roughly 900 of BT's 9 million British broadband customers, for instance.

A consultation about the paper - due to end on 19 May, is allegedly under way at the moment, though this was not publicly announced by the government.

It does not have a legal obligation notify the public about draft regulations, which would have to be passed by both Houses of Parliament in order to become law. However, the paper suggests that the regulations have already been seen by the UK's Technical Advisory Board.

A BT spokesman confirmed the company had received "a copy of draft regulations, to be made under the Investigatory Powers Act 2016, in relation to technical capability notices" - but did not comment further.

Security Risk

"The public has a right to know about government powers that could put their privacy and security at risk," said Jim Killock, executive director of the Open Rights Group, explaining the decision to publish the document.

"It seems very clear that the Home Office intends to use these to remove end-to-end encryption - or more accurately to require tech companies to remove it," said Dr Cian Murphy, a legal expert at the University of Bristol who has criticised the scope of the IP act.

"I do read the regulations as the Home Office wanting to be able to have near real-time access to web chat and other forms of communication," he told the BBC.

Home Secretary Amber Rudd has previously argued that the Investigatory Powers Act is necessary to curb "new opportunities for terrorists" afforded by the Internet.

In March, Ms. Rudd's comments that encrypted messaging services like WhatsApp should not be places "for terrorists to hide" caused much debate.

Surveillance of some mobile phone user data in "as near real-time as possible" has already been available to law enforcement authorities for many years, noted Dr Steven Murdoch at University College London.

The UK's Internet Service Providers' Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others, said it would be "consulting its members and submitting a response to the draft regulations".

BBC

You Might Also Read:

The British IP Bill & Protection From Government Snoopers:

What Does Brexit Mean For British Data Privacy?:

MI5's Uncontrolled Bulk Data Collection:

 

« Bank Data Breaches Are Up And It's An Inside Job
Major Defence Company Adopts Blockchain »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

SABSACourses

SABSACourses

SABSA is a development process used for solving complex problems such as IT Operations, Risk Management, Compliance & Audit functions.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

Pervade Software

Pervade Software

Pervade Software is a global provider of dedicated compliance tracking software with monitoring & reporting capabilities.

LEXFO

LEXFO

LEXFO specializes in the security of information systems, assisting clients in protecting information assets using an offensive and innovative approach.

StationX

StationX

StationX is a leading provider of cyber security training, consultancy and services.

AuthenTrend

AuthenTrend

AuthenTrend provide biometric authentication products to achieve high security with extreme ease-of-use for the user.

Air Informatics

Air Informatics

Air Informatics LLC provides security, information management, analytics and informatics for IT and wirelessly enabled airplanes and operations.

Cyber Academy

Cyber Academy

Cyber Academy is one of the first institutions in the SE Europe region that provides a hands-on program in cyber security, blockchain and AI.

CARICERT

CARICERT

CARICERT is the National Cyber Emergency Response Team of Curacao in the Caribbean.

Cycode

Cycode

Cycode is the industry’s first source code control, detection, and response platform.

Kontron

Kontron

Kontron offers a combined portfolio of secure hardware, middleware and services for Internet of Things (IoT) and Industry 4.0 applications.

Stone Forest IT (SFIT)

Stone Forest IT (SFIT)

Stone Forest IT specialises in providing advisory, implementation and managed services for IT infrastructure, IT security solutions, business applications (ERP and CRM) and business analytical tools.

Timus Networks

Timus Networks

Timus Networks enables today's work from anywhere organizations to secure their networks very easily and cost effectively.

SoftwareONE

SoftwareONE

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions.

Virtual Technologies Group (VTG)

Virtual Technologies Group (VTG)

Virtual Technologies Group is a single source, IT product and services provider for SMBs and IT departments, delivering reliable, cost-efficient service, maintenance and support solutions.

MS Tech Solutions

MS Tech Solutions

MS Tech Solutions is a Jamaican-based, multinational consulting company that specializes in the architecture, implementation and management of key network and Information technologies.