Leaked Doc Shows UK Gov Plans for Real-Time Mass Snooping
The UK government is planning even more intrusive powers than those expected to follow the passing of the Snoopers’ Charter, including the mass surveillance of citizens in near real-time, according to a leaked document.
It outlines a plan to force ISPs and network operators to provide access to all communications of suspects within one working day, and to do so for 1 in 10,000 customers, which reportedly equates to around 6500 Brits at any one time.
That’s nothing short of real-time mass surveillance, although there are some checks and balances in place; for example each order will require approval from a secretary of state and then a judicial commissioner appointed by the Prime Minister.
The question remains how these aims will be achieved in practice given that many users will be on end-to-end encryption protected services like WhatsApp.
The current order will oblige comms operators:
“To provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data, or to permit the person to whom the warrant is addressed to remove such electronic protection.”
It’s difficult to see how the government could enforce such measures, or even ban end-to-end encryption services outright, given most are operated from the US and firms like Apple have firmly refused to engineer backdoors in the past.
However, the way in which the government is ‘consulting’ over the proposed powers would indicate it’s hoping to force them through with minimal public scrutiny.
The document was not publicly available before ORG published it and has been circulated only with the government’s “technical advisory board”, which effectively means the country’s major ISPs/telecoms operators and intelligence officials.
The ORG is urging the public to tell the Home Office what it thinks by May 19 with an email to firstname.lastname@example.org
Source: Information Security Magazine