Organization of digital rights, the group of the rights has obtained a draft document disclosed. This is part of a closed government consultation on plans to put into practice some of the more controversial powers granted to it under the IPB.
These plans involve expanding the government’s oversight capacity in two key areas.
1. Mass real-time monitoring of Internet service providers and telecommunication customers
According to the draft technical regulation, the British government will be able to intercept data in real time over the Internet and the telephone of one citizen out of 10,000 at a given moment.
This mass monitoring capability will allow the government to monitor 6,500 citizens at any time in real time.
Internet service providers (ISPs) and telecommunications companies will have to provide this information “in an intelligible form” within one working day. This includes encrypted content.
2. Introduction of “stolen” access to encrypted products
ISPs will need to introduce backdoor access to their networks so they can remove encryption.
Based on previous comments from government ministers, it is expected that these provisions will also be applied to encrypted chat services such as WhatsApp, Facebook Messenger, and Apple iMessage.
This constraint of encrypted communications, in particular, is likely to be highly controversial. Not only is a blatant violation of the privacy of individuals ethically questionable at best, but it makes users less secure. A backdoor for law enforcement is also a backdoor for criminal hackers.
The proposals also raise important practical problems …
British companies only?
Will the requirement be applied only to UK companies? If so, then, everyone concerned with privacy will simply use non-British products? This would make such a law entirely ineffective in catching criminals or terrorists.
What it would achieve, however, is to destroy British technology companies whose products depend on encryption. After all, why the hell would someone choose to use a product known (or at least, supposedly) to be destroyed by the UK government?
This point is particularly relevant in the context of Brexit because the technology industry is a sector in which Britain is currently a world leader. Forcing encrypted products made in the UK to include a backdoor must inevitably damage their market position.
The government could try to persuade companies such as Google, Facebook, Amazon, Apple and Microsoft to cooperate with its plans, but what incentive would they have to do it?
This is especially true with Apple, which has vigorously resisted the efforts of its own government to compromise its encryption. Microsoft has also recently shown little inclination to cooperate with the US government when it comes to spying on its customers.
If these American companies do not want to cooperate with the US government in this area, what hope does the British government have for them?
Alternatively, the British government could attempt to force compliance with UK laws on international companies wishing to do business in the UK. However…
The United Kingdom represents a very small percentage of the world market. Damage to the reputation of international companies by complying with the requirements of the United Kingdom is probably not worth the relatively modest loss of income that the withdrawal from the UK market would incur.
Would the British government really be prepared to risk this happening? The financial cost to the British economy could be almost catastrophic.
On top of that, how would voters in the UK respond to news that they would not have bought iPhones and Windows laptops or accessed their Gmail accounts? There would be chaos!
What about Open Source?
The notion of effectively forbidding strong end-to-end encryption becomes even more laughable when considering open source projects such as OpenVPN or Signal Messenger. These are among the most robust encryption products available and can be downloaded from international servers by anyone with an Internet connection.
Many open source programs are the result of community-led development. In the case of something like Signal, which is developed by Open Whisper Systems, the non-profit nature of this software means that the UK government has no leverage in the developers’ persuasion or coercion to Comply with its rules.
Indeed, open source software can be checked to ensure it has not been tampered with. If even a suspicion of suspicion was awakened, it could be returned in new and unbuffered versions.
In accordance with the IPB itself, a warrant will be required before such monitoring can be carried out. This must be issued by a Secretary of State and authorized by a special judicial commissioner.
These commissioners to the courts, however, are a group of retired judges, handpicked by the government. They will not have the technological expertise or understanding of the secret surveillance needed to make informed decisions, so that ministerial issues will be published effectively.
Their role will therefore be simply to ensure that the correct procedures have been followed. Even here, ministers can delay this minimum judicial review for five days simply by declaring the case “urgent”.
In reality, however, the government has done its best not to alert the general public to its plans. The document has been distributed only to the British Government’s Technical Advisory Board and various government agencies such as MI5 and GCHQ. The Technical Advisory Board is made up of representatives from six of the UK’s leading telecommunications companies
It should be noted that the British Government has no legal obligation to consult anyone on its plans.
Despite the rather clandestine nature of the consultation, the plans described in the disclosed document simply confirm that the government is considering moving forward on projects already clearly outlined in the Powers of Inquiry Act.
The fact that these plans are morally reprehensible and extremely impractical does not seem to be there or here. If the government succeeds, it will critically damage British technology companies and seriously weaken the security of users of encrypted products.
It also means that British citizens will live in a state of surveillance that would make George Orwell’s Big Brother proud.