UK Proposes Online Surveillance In Real-Time

The "live" surveillance of British web users' internet communications has been proposed in a draft technical paper prepared by the government.

If made law, such access would occur via the Investigatory Powers (IP) Act, which includes provisions for the removal of encryption on content.

The paper was allegedly leaked to civil liberties body the Open Rights Group, which received the document on 4 May. The Home Office denied there was anything new in the consultation.

Phone companies and Internet service providers would be asked to provide "data in near real time" within one working day, according to one clause in the technical capabilities paper, which sounds similar to what Snowden reported in the US.

Such access would need to be sanctioned by secretaries of state and a judge appointed by the prime minister.

The paper also echoes the IP Act itself, noting that tech companies would be required to remove - or enable the removal - of encryption from communications as they would need to be provided "in an intelligible form" without "electronic protection". Cryptographers often describe such access as a "backdoor" in the security of communications services.

The idea is controversial because some argue it could be exploited by hackers, endangering innocent users.

Under the terms of the Investigatory Powers Act, telecoms firms would have to carry out the requirements of any notices to these effects in secret, so the public would be unaware that such access had been given.

Simultaneous surveillance could occur in bulk, but be limited to one in every 10,000 users of a given service - a maximum of roughly 900 of BT's 9 million British broadband customers, for instance.

A consultation about the paper - due to end on 19 May, is allegedly under way at the moment, though this was not publicly announced by the government.

It does not have a legal obligation notify the public about draft regulations, which would have to be passed by both Houses of Parliament in order to become law. However, the paper suggests that the regulations have already been seen by the UK's Technical Advisory Board.

A BT spokesman confirmed the company had received "a copy of draft regulations, to be made under the Investigatory Powers Act 2016, in relation to technical capability notices" - but did not comment further.

Security Risk

"The public has a right to know about government powers that could put their privacy and security at risk," said Jim Killock, executive director of the Open Rights Group, explaining the decision to publish the document.

"It seems very clear that the Home Office intends to use these to remove end-to-end encryption - or more accurately to require tech companies to remove it," said Dr Cian Murphy, a legal expert at the University of Bristol who has criticised the scope of the IP act.

"I do read the regulations as the Home Office wanting to be able to have near real-time access to web chat and other forms of communication," he told the BBC.

Home Secretary Amber Rudd has previously argued that the Investigatory Powers Act is necessary to curb "new opportunities for terrorists" afforded by the Internet.

In March, Ms. Rudd's comments that encrypted messaging services like WhatsApp should not be places "for terrorists to hide" caused much debate.

Surveillance of some mobile phone user data in "as near real-time as possible" has already been available to law enforcement authorities for many years, noted Dr Steven Murdoch at University College London.

The UK's Internet Service Providers' Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others, said it would be "consulting its members and submitting a response to the draft regulations".

BBC

You Might Also Read:

The British IP Bill & Protection From Government Snoopers:

What Does Brexit Mean For British Data Privacy?:

MI5's Uncontrolled Bulk Data Collection:

 

« Bank Data Breaches Are Up And It's An Inside Job
Major Defence Company Adopts Blockchain »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

Juniper Networks

Juniper Networks

Juniper Networks is the industry leader in network innovation. We provide network infrastructure and network security solutions.

Cloud53

Cloud53

Cloud53 specialise in improving operational IT through strategic use of Cloud technologies and services.

Global Digital Forensics (GDF)

Global Digital Forensics (GDF)

GDF specialise in Digital Forensics and e-Discovery. Other services include Data Breach Response and Cyber Security.

Planit Testing

Planit Testing

Planit is a leader in Quality Assurance and a specialist in software testing and training services.

LexisNexis Risk Solutions

LexisNexis Risk Solutions

LexisNexis Risk Solutions provides technology solutions for Anti-Money Laundering, Fraud Mitigation, Anti-Bribery and Corruption, Identity Management, Tracing and Investigation.

IDnext

IDnext

IDnext is the open and independent platform to support innovative approaches in the world of the Digital identity.

Industrial Cyber-Physical Systems Center (iCyPhy)

Industrial Cyber-Physical Systems Center (iCyPhy)

The goal of iCyPhy is to conduct pre-competitive research on architectures and design, modeling, and analysis techniques for cyber-physical systems.

Cybernetic Global Intelligence (CGI)

Cybernetic Global Intelligence (CGI)

CGI is a global IT Security firm that helps companies protect their data and minimize their vulnerability to cyber threats through a range of services such as Security Audits and Managed Services.

Austrian Trust Circle

Austrian Trust Circle

Austrian Trust Circle is an initiative of CERT.at and the Austrian Federal Chancellery and consists of Security Information Exchanges in the areas of the strategic information infrastructure.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

K2 Cyber Security

K2 Cyber Security

K2 Cyber Security delivers the Next Generation Application Workload Protection Platform to secure web applications and container workloads against sophisticated attacks.

SecurityGate

SecurityGate

SecurityGate.io is the only Integrated Risk Management platform built for OT/ICS cybersecurity.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

Zenity

Zenity

Zenity is the first and only security governance platform for low-code/no-code applications.

Telarus

Telarus

Telarus is a Technology Services Brokerage that holds contracts with the world's leading cloud voice, contact center, cybersecurity, mobility and IoT providers.

Telenor Cyberdefence

Telenor Cyberdefence

Telenor Cyberdefence is a newly established (2024) cloud-born Managed Security Service Provider focused on the Nordic markets.