The British government is preparing to implement one of the most far-reaching web surveillance programs in the world, according to draft technical capability notice paper leaked last night.
All communications companies would be obliged to provide real-time access to security services and the police of the full content of anyone's web browsing with one working day's notice. They would also be obliged to hand over any ‘secondary data' relating to that individual.
And the measures won't necessarily be targeted, either: the plans include powers to provide real-time interception of communications traffic of up to 10,000 users users at a time.
The proposals mean that the government is planning to outlaw end-to-end encryption, mandating a ‘back door' into any encryption product or service used in the UK, which could be unlocked by telecoms companies and internet service providers (ISPs) at any time on the request of the authorities.
The powers would be enacted under statutory instruments already enabled under the Investigatory Powers Act 2016, passed at the end of November. However, they would need to be laid before Parliament under what is known as the ‘affirmative procedure'. That means that they would, at least, require the formal approval of both Houses of Parliament before becoming law.
The government is currently conducting a behind-closed-doors consultation with select telcos and ISPs who make up the telco side of the Technical Advisory Board - BSkyB, BT, Cable & Wireless, O2, Virgin Media and Vodafone.
The draft proposals were leaked to the Open Rights Group, who wasted no time in publishing them.
Sections eight and nine of the leaked draft consultation document make it abundantly clear what the government is planning.
Section eight would require ‘relevant telecommunications operators "To provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data, or to permit the person to whom the warrant is addressed to remove such electronic protection".
Section nine, meanwhile, obliges the same telecoms operators "To provide and maintain the capability to simultaneously intercept, or obtain secondary data from, communications relating to up to one in 10,000 of the persons to whom the telecommunications operator provides the telecommunications service to which the communications relate".
The ‘targeted consultation', conducted under Section 253 (6) of the Investigatory Powers Act, will only run for four weeks, concluding on 19 May. All responses should be emailed to [email protected].
Join Computing and Forcepoint at 3pm on 18 May for our joint webinar, "Hybrid networks: Securing digital transformation".
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software