UK may demand tech world tell it about upcoming security features
Campaigners say proposals to reform laws are 'dangerous' and an attack on safety
The UK government has set in train plans to introduce legislation requiring tech companies to let it know when they plan to introduce new security technologies and could potentially force them to disable when required.
The measures were announced just minutes ago in the King's Speech – when the country's monarch reads out a declaration that is written by the ruling political party, marking the start of the parliamentary year. The proposed changes could give the Home Office advance access to technical details of security measures employed by popular big tech platforms so it can access user data and monitor nefarious activity.
In guidance notes to the legislative program [PDF], the government said its Investigatory Powers (Amendment) Bill would reform the "notices regime," so it could anticipate the risk to public safety posed by the "rolling out of technology by multinational companies that precludes lawful access to data." The government claimed getting forward notice of security technologies would "reduce the risk of the most serious offences such as child sexual exploitation and abuse or terrorism."
The bill is also set to update the conditions for use of Internet Connections Records held by service providers. The government said new measures would "ensure that these can be used effectively to detect the most serious types of criminal activity and national security threats, underpinned by a robust independent oversight regime."
Additionally, the government said it wants to increase the resilience of the warrant authorization processes to "ensure the security and intelligence agencies, as well as the National Crime Agency, can always get lawful access to information in a timely way."
The Open Rights Group, a digital rights campaign organization, said the proposed laws — which are yet to be debated and voted on in Parliament — could mean that global tech companies are forced to get permission from the UK government if they want to make changes to security features in their products and services, in effect becoming a further attack on strong end-to-end encryption, which keeps communications and transactions safe and private.
Abigail Burke, platform power program manager, said: "End-to-end encryption keeps our data and our communications safe and secure. The proposed reforms to the Investigatory Powers Act are the government's latest attack on this technology."
- UK Online Safety Bill to become law – and encryption busting clause is still there
- Element users are asking for protection against government encryption busting
- Get your staff's consent before you monitor them, tech inquiry warns
- Now Apple takes a bite out of encryption-bypassing 'spy clause' in UK internet law
"If enacted, these reforms pose a threat to companies' ability to keep our data safe and increase the risk of criminal attacks. We urge the government to engage with civil society and tech companies, and to reconsider these potentially dangerous proposals," she said.
The amendments to the controversial Investigatory Powers Act follow the passing of the Online Safety Bill into law. The new rules give the government powers to introduce online child protection laws, one that includes clause 122, the infamous "spy clause," albeit with some caveats, despite the protests from tech companies and privacy campaigners. ®