Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[phi2008]

The UK government has secretly drawn up more details of its new bulk surveillance powers – awarding itself the ability to monitor Brits' live communications, and insert encryption backdoors by the backdoor.

In its draft technical capability notices paper [PDF], all communications companies – including phone networks and ISPs – will be obliged to provide real-time access to the full content of any named individual within one working day, as well as any "secondary data" relating to that person.

That includes encrypted content – which means that UK organizations will not be allowed to introduce true end-to-end encryption of their users' data but will be legally required to introduce a backdoor to their systems so the authorities can read any and all communications.

In addition, comms providers will be required to make bulk surveillance possible by introducing systems that can provide real-time interception of 1 in 10,000 of its customers. Or in other words, the UK government will be able to simultaneously spy on 6,500 folks in Blighty at any given moment.

According to the draft, telcos and other comms platforms must "provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data."

The live surveillance of individuals will require authorization from senior police or secretaries of state, overseen by a judge appointed by the prime minister. And there are a few safeguards built into the system following strong opposition to earlier drafts of the Investigatory Powers Act.

...

https://www.theregister.co.uk/2017/05/04/uk_bulk_surveillance_powers_draft/

 

[burakkucat]

Ah, now there's a General Election next month. 

So what are the odds that someone is attempting to influence the result by "leaking" certain information . . . 

[Ronski]

Or it could be fake news hopefully.

[WWWombat]

Seems to me that this SI is more about the technical requirements necessary for an SP to comply with interception that is really authorised by the main act. It doesn't do anything to give new powers, in any way, over what can be intercepted, when. Instead, it indicates what the obligations are when warrants are issued under various sections of the act.

I can imagine similar technical requirements for older generations of telecoms equipment, affecting PSTN and PLMN voice communications. All put into place when the GPO and GEC, Plessey and STC were the key partners in the requirement to "provide, modify, test, develop or maintain any apparatus, systems or other facilities".

The biggest new information is almost certainly in the scaling - the ability to monitor 1 in 10,000.

The clause relating to removing encryption adds the "where practicable" text. I guess it depends on your level of cynicism (*) as to whether this requires backdoors, or "merely" tells operators to make use of them if they exist.
(*) - IMO: If the clause was going to be used to force the use of backdoors, I'd expect some language like "all reasonable steps" and "to the greatest extent possible" in there.

For example, the Ofcom regulations relating to keeping a network up & running 24x7 includes this wording (this for next-generation new-builds):

"We would expect the PATS provider to take all reasonably practicable steps to maintain to the greatest extent possible, network integrity and service reliability but only for the aspects of the network it controls.

"We expect PTN and PATS providers to come to their own agreements about how long backup should last in order for them to feel comfortable that they have taken all reasonable practicable steps to provide uninterrupted access to emergency services. However, to provide an indication of what level of time we would consider practicable and reasonable, we support the option chosen by many new build fibre providers that are generally initially supplying backup lasting 4 hours."

Language that only states "where practicable" suggests passive, reactive actions. That Ofcom regulation has stronger wording that forces proactive steps.