UK Government has another crack at removing data encryption

data spy security hack

The UK government has had another go at removing encryption security features in the telco and OTT communications space, but this time in secret.

According to a document leaked by the Open Rights Group, new surveillance proposals would effectively force MNOs and ISPs to provide real-time communications data of customers within one working day of a warrant being served. The rules would force providers to create and maintain backdoors to encryption features to access the data, effectively negated the point of maintaining such a perimeter in the first place. The talks have been taking place behind closed doors with some of the country’s largest MNOs and ISPs.

While there is a need to assist governments in the quest for national security, this is just another example of government incompetence surrounding the question of security; if there is a backdoor, criminals will eventually find it. The government pursuit of creating a semi-nanny state (putting it nicely) is effectively ignoring the need for consumers to protect themselves against an ever more creative and determined army of cyber criminals, in an effort to achieve its own aims.

The document states:

“To provide and maintain the capability to carry out the interception of communications or the obtaining of secondary data and disclose anything obtained under the warrant to the person to whom the warrant was addressed, or any person acting on that person’s behalf, within one working day, or such longer period as may be specified in the technical capability notice, of the telecommunications operator being informed that the warrant has been issued.”

As this is a targeted consultation, the government is under no obligation to consult the public or the wider TMT industry, but only a small selection of organisations listed in Section 253 (6) of the Investigatory Powers Act 2016. These organizations include BSkyB, BT, Cable and Wireless, O2, Virgin Media and Vodafone, amongst others.

While it should not be considered surprising these conversations are taking place behind closed doors, perhaps concerning is the lack of details which surround what would be considered justifiable or accountable. It is only a draft document for the moment, though the grey areas are quite considerable; flexibility is the enemy when an invasion of an individual’s personal data is at stake.

“The public has a right to know about government powers that could put their privacy and security at risk,” said Open Rights Group Executive Director Jim Killock. “There needs to be transparency about how such measures are judged to be reasonable, the risks that are imposed on users and companies, and how companies can challenge government demands that are unreasonable.

“Businesses and the public need to know they aren’t being put at risk. Sometimes, surveillance capabilities may be justified and safe: but at other times, they might put many more people – who are not suspected of any crime – at risk.

“Selective, secret consultations have no place in open Government.”

The document reveals two things about the UK government. Firstly, the government does not understand what secure means. It means a unbroken perimeter with no assistance to digital criminals. A backdoor for the MNOs and ISPs, might as well be a backdoor for the criminals also; they will find it eventually.

And secondly, the fact this consultation is being taking place is secret is perhaps an indication the government knows there would be public backlash. It demonstrates an us versus them mentality; they might not know what’s good for them, but we do, so we’ll do it anyway. It’s a dangerous game to play, and one which doesn’t belong in government today.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.