The near real-time surveillance of British internet users has been leaked in a paper allegedly put forward by the government.
Security issues continue to dominate national conversation, with Home Secretary Amber Rudd calling for intelligence services to have access to encrypted services like WhatsApp, following the terrorist attack on Westminster Bridge.
If this alleged government leak were to become law then phone companies and internet service providers would need to provide “data in real time” within one working day, according to the document. This access is often described as a backdoor that intelligence services can open and explore unrestricted.
Security policies like this are controversial, however. Some argue it could be exploited by hackers, while others say it is a breach of privacy.
“The public has a right to know about government powers that could put their privacy and security at risk,” said Jim Killock, executive director of the Open Rights Group, explaining the decision to publish the document.
“It seems very clear that the Home Office intends to use these to remove end-to-end encryption – or more accurately to require tech companies to remove it,” said Dr Cian Murphy, a legal expert at the University of Bristol who has criticised the scope of the IP act.
“I do read the regulations as the Home Office wanting to be able to have near real-time access to web chat and other forms of communication,” he told the BBC.
In order for this law to be passed it would need to be sanctioned by secretaries of state and a judge appointed by the prime minister.
Under the terms of the Investigatory Powers Act, telecoms firms would have to carry out the requirements of any notices to these effects in secret, so the public would be unaware that such access had been given.
This surveillance proposal could occur in bulk, but it is limited to one person out of every 10,000 users of any given service. For example, 900 of BT’s 9 million customers.
In the event this web surveillance proposal becomes law, what will the impact of this be on the security of the many platforms used by users on the internet?
Seeking to answer this, David Mytton, CEO of Server Density said: “The ability for the security services to access all communication at any time is a justifiable capability when combined with non-political judicial oversight. The problem comes with the technical implementation. A backdoor for the government is a backdoor that anyone can and will use when it inevitably leaks.”
“Free apps, mostly made by organisations operating outside of the jurisdiction of the British Government, allow anyone to make use of encrypted messaging. And since encryption is just a mathematical concept, anyone with sufficient knowledge and internet access can implement it themselves! All these measures achieve is a weakening the security of major services from banking to email, compromising security for everyone. The real targets simply move to alternatives. It is disappointing when the government fails to listen to technical experts. Simply legislating for these capabilities doesn’t make them technically feasible.”