Government lays out plans for real time surveillance without encryption in leaked document


The government is seeking to compel telecommunications operators to provide real time access to named individuals’ communications within one working day, including encrypted messages, under the recently passed Investigatory Powers Act.

It also seeks the capability to "provide and maintain the capability to simultaneously intercept, or obtain secondary data" from 6,500 people at any one time.

The draft document, published by the Open Rights Group today, outlines the technical capability the government will use to enforce the recently passed Investigatory Powers Act.

Authorities seeking to surveil someone will need authorisation from the home secretary, overseen by a judge appointed by the prime minister, in order to obtain a warrant.

For some context, figures from the Home Office published by The Guardian show there were 517,236 authorisations in 2014 of requests for communications data from the police and other public bodies and a further 2,765 interception warrants authorised by ministers.

The document also shows that the government is continuing its war on encryption. It demands telcos "provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data, or to permit the person to whom the warrant is addressed to remove such electronic protection".

The Investigatory Powers Act is branded the Snooper's Charter because of its unprecedented surveillance capabilities, such as bulk collections of communications data, the capability to bug computers and phones and compelling web and phone companies (CSPs) to store records of websites visited by every customer for 12 months, bypassing encryption where possible.

Read next: Snooper's Charter: What you need to know about the Investigatory Powers Act

The home secretary Amber Rudd has been very public in her demands that tech companies like WhatsApp build backdoors so that security services can access content when it needs to, so the measures outlined here should come as no surprise.

The good news for law-abiding citizens who treasure their privacy is that CSPs have no way of removing encryption from messages sent via channels such as WhatsApp, which is an American company unbeholden to UK law.

The bad news is that under the new regulations the CSPs must maintain a log of everyone's browsing history over the past 12 months, a treasure trove of information for cyber criminals if a 'backdoor' was to be installed.

Read next: It's too late to stop the Snooper's Charter, so how should you protect yourself?

During its passage through Parliament the Investigatory Powers Bill, and the politicians backing it, constantly struggled to define what it meant by encryption and how it planned to technically bypass it when intercepting communications.

Simply put, either a message is encrypted or it is not. If there is a backdoor for security services, there is essentially a backdoor for anyone with the right skills to exploit it, it is a Pandora's box.

The Liberal Democrats criticised the leaked document, with president Sal Brinton telling The Register: "This lays bare the extreme mass surveillance this Conservative government is planning after the election.

"It is a full frontal assault on civil liberties and people's privacy. The security services need to be able to keep people safe. But these disproportionate powers are straight out of an Orwellian nightmare and have no place in a democratic society."

Civil rights group Liberty is currently pursuing a legal challenge against the act.

Read next: The Snooper's Charter still has an encryption problem: Parliament continues to grapple with end-to-end encryption in the Investigatory Powers Bill

The Home Office has no obligation to consult the public at this stage and the technical capabilities will only be reviewed by the Technical Advisory Board. Anyone "appearing to the Secretary of State to be likely to be subject to any obligations specified in the regulations", namely the biggest telecommunications providers O2, BT, BSkyB and Vodafone. Responses must be made by May 19.

The rules will have to then be approved by both houses of Parliament before becoming law.

This story, "Government lays out plans for real time surveillance without encryption in leaked document" was originally published by


Copyright © 2017 IDG Communications, Inc.

Shop Tech Products at Amazon