The UK government has secretly drawn up more details of its new bulk surveillance powers – awarding itself the ability to monitor Brits’ live communications, and insert encryption backdoors by the backdoor.
In its draft technical capability notices paper [PDF], all communications companies – including phone networks and ISPs – will be obliged to provide real-time access to the full content of any named individual within one working day, as well as any “secondary data” relating to that person.
That includes encrypted content – which means that UK organizations will not be allowed to introduce true end-to-end encryption of their users’ data but will be legally required to introduce a backdoor to their systems so the authorities can read any and all communications.
In addition, comms providers will be required to make bulk surveillance possible by introducing systems that can provide real-time interception of 1 in 10,000 of its customers. Or in other words, the UK government will be able to simultaneously spy on 6,500 folks in Blighty at any given moment.
According to the draft, telcos and other comms platforms must “provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data.”
The live surveillance of individuals will require authorization from secretaries of state, overseen by a judge appointed by the prime minister. And there are a few safeguards built into the system following strong opposition to earlier drafts of the Investigatory Powers Act.