UK Releases Snooping Bill, Attempts To Mislead Everyone
from the and-off-we-go dept
Earlier today we reported on a story in the Telegraph, claiming that the upcoming “Investigatory Powers Bill” in the UK would mandate encryption backdoors. The full draft of the bill has been released and the UK government is prattling on about how it doesn’t “ban” encryption. But note the subtle difference in language here. No one expected a ban on encryption: they expected backdoors. The bill is actually stupidly vague on this point. Here’s what the explanation says about “communication service providers in the UK and overseas.”
First it notes that under RIPA (the Regulation of Investigatory Powers Act), “CSPs” are already required to maintain “the ability to remove any encryption applied by the CSP to whom the notice relates.” In other words, the government is already claiming mandates to backdoor encryption, and then goes on to note:
The Investigatory Powers Bill will bring together these obligations in a single, comprehensive piece of legislation. It will provide an explicit obligation on CSPs to assist in giving effect to equipment interference warrants. Only intercepting agencies will have the ability to serve such warrants, which must be authorised by the Secretary of State. The draft Bill will not impose any additional requirements in relation to encryption over and above the existing obligations in RIPA.
The draft Bill will provide for the Secretary of State to require CSPs to maintain permanent capabilities relating to the powers under the draft Bill. This will replace the current obligation to maintain a permanent interception capability and will provide a clear basis in law for CSPs to maintain infrastructure and facilities to give effect to interception and other warrants.
The new power will also require CSPs to provide wider assistance to law enforcement and the security and intelligence agencies in the interests of national security. This will replace the general power of direction under the Telecommunications Act 1984. The new power will be subject to strict safeguards that will prevent it from being used to authorise any activity for the purpose of interference with privacy, such as authorising or requiring the disclosure of communications data.
So… is that mandating backdoors? It seems pretty likely that the government will use this combination of factors to do exactly that, but claiming that such backdoors are already required under RIPA — and thus it’s not “expanding” those powers, even as it also says that the new bill requires providing “wider assistance to law enforcement” and “intelligence agencies.” The explanation does note that “overseas” companies may have some exceptions, but again it’s vague. First it notes that “the draft Bill places the same obligations on all companies providing services to the UK or in control of communications systems in the UK” but then the vague exception: “the draft Bill will include explicit provision to take account of any potential conflict of laws that overseas companies may face.”
Right. Clears everything up.
Meanwhile the draft bill has tons of other problematic language, including requirements for data retention for your web browsing history. Also, it broadens GCHQ’s ability to hack into computers around the globe, with the innocuous sounding phrase “authorisations to interfere with property.” Specifically with regards to the GCHQ, the bill states:
GCHQ can ‘make use of’ as well as ‘monitor or interfere with electromagnetic, acoustic and other emissions and any equipment producing such emissions and to obtain and provide information derived from or related to such emissions or equipment and from encrypted material’. This clarifies that GCHQ may, in the performance of its functions, make use of communications services in the manner in which it was intended they would be used. This could be used for public communications as well as for investigative purposes.
Home Secretary Theresa May’s introduction to the draft claims that:
Powers to intercept communications, acquire communications data and interfere with equipment are essential to tackle child sexual exploitation, to dismantle serious crime cartels, take drugs and guns off our streets and prevent terrorist attacks.
In fact, the draft is weirdly peppered with “case studies” about gangs, criminals, exploited children and more as if to scream out “WE’RE SPYING ON YOU FOR YOUR OWN GOOD AND THE CHILDREN, SO SUBMIT.” This bill is not about protecting the public. It’s about giving much more surveillance and spying power to the government. It’s about fearmongering to get you to give up your privacy and safety so that the government can have more powers over the general public.