The UK government is trying to give itself more power to spy on your phone calls, emails, and messages.
That’s according to a technical paper written by the Home Office and leaked to the Open Rights Group, and first reported by The Register. You can read the full document below — but be warned, there’s lots of legal jargon.
The paper is a draft, meaning the government has sent it out to relevant companies like mobile and internet providers and is asking for feedback. But a law called the Investigatory Powers Act means it can do all of this secretly — so if it hadn’t been for one of those companies leaking the draft paper to Open Rights Group, you would never have known about it.
The draft paper gives us a lot of insight into the kind of extensive spying powers the Home Office would like.
Here’s the summary:
Mobile operators and other companies must hand over data in one working day
According to the new regulations, if the government asks an internet provider or mobile company for information about you, that company must hand it over in one working day. The government would need a warrant, and the information might include actually listening in on your calls, reading your messages, plus “secondary data” like the times you make calls and your phone number.
The government really wants real-time emails, calls and messages
Once the government has issued a warrant asking for someone’s information, it really wants that information in near real-time.
The Home Office doesn’t say in the technical paper why it wants all these powers, but it’s easy enough to guess from recent news stories.
In the case of real-time information, take Home Secretary Amber Rudd criticising WhatsApp’s end-to-end encryption, which means the government can’t read messages. Khalid Masood, the terrorist who attacked Westminster in March, used WhatsApp shortly before launching his attack.The Telegraph reported that security services did eventually gain access to his WhatsApp messages and dismissed them as unimportant. So clearly end-to-end encryption wasn’t a total barrier. But according to the public timeline of events, it seems to have taken about a month. That’s why access to near real-time communications matters.
The government wants backdoors
Another requirement is that companies remove “electronic protection” when it comes to handing over data. Translated, that probably means inserting a backdoor of some kind. Again, the government doesn’t state how this might work. It also doesn’t seem to understand that compromising encryption makes innocent people more vulnerable to hackers as well.
The government also said it wants companies to consider spying demands whenever they build new products.
Communications companies must build kit to spy on people
You probably already know that communications companies have equipment designed for mass government spying, it’s just that no one really likes to talk about it. US provider AT&T famously had a secret room where the NSA, the US spying agency, had installed equipment. The UK government wants companies to keep equivalent spying equipment up-to-date, but the paper doesn’t go into much detail about what that kit might look like.
The government also wants to look at your post
The second part of the draft paper deals with spying on your post. The government wants any “UK licensed postal operator,” like the Royal Mail, to open, copy, and reseal post without the recipient knowing about it. This might even apply to companies like Amazon. Ofcom, the body which licenses postal operators, has not immediately responded to a request for clarification.
Activists said the public needs to know about these secret plans
Jim Killock, director of the Open Rights Group, said in a statement that the government might try and force companies like WhatsApp to “limit their encryption” — all in secret.
“The public has a right to know about government powers that could put their privacy and security at risk,” he said. “There needs to be transparency about how such measures are judged to be reasonable, the risks that are imposed on users and companies, and how companies can challenge government demands that are unreasonable.” Because this is a consultation, companies could still challenge some of the proposals in this paper. But as the Open Rights Group said, there isn’t a “clear route of appeal”.
Here’s the full nine-page document: