On-Prem

Public Sector

UK may demand tech world tell it about upcoming security features

Campaigners say proposals to reform laws are 'dangerous' and an attack on safety


The UK government has set in train plans to introduce legislation requiring tech companies to let it know when they plan to introduce new security technologies and could potentially force them to disable when required.

The measures were announced just minutes ago in the King's Speech – when the country's monarch reads out a declaration that is written by the ruling political party, marking the start of the parliamentary year. The proposed changes could give the Home Office advance access to technical details of security measures employed by popular big tech platforms so it can access user data and monitor nefarious activity.

In guidance notes to the legislative program [PDF], the government said its Investigatory Powers (Amendment) Bill would reform the "notices regime," so it could anticipate the risk to public safety posed by the "rolling out of technology by multinational companies that precludes lawful access to data." The government claimed getting forward notice of security technologies would "reduce the risk of the most serious offences such as child sexual exploitation and abuse or terrorism."

The bill is also set to update the conditions for use of Internet Connections Records held by service providers. The government said new measures would "ensure that these can be used effectively to detect the most serious types of criminal activity and national security threats, underpinned by a robust independent oversight regime."

Additionally, the government said it wants to increase the resilience of the warrant authorization processes to "ensure the security and intelligence agencies, as well as the National Crime Agency, can always get lawful access to information in a timely way."

The Open Rights Group, a digital rights campaign organization, said the proposed laws — which are yet to be debated and voted on in Parliament — could mean that global tech companies are forced to get permission from the UK government if they want to make changes to security features in their products and services, in effect becoming a further attack on strong end-to-end encryption, which keeps communications and transactions safe and private.

Abigail Burke, platform power program manager, said: "End-to-end encryption keeps our data and our communications safe and secure. The proposed reforms to the Investigatory Powers Act are the government's latest attack on this technology."

"If enacted, these reforms pose a threat to companies' ability to keep our data safe and increase the risk of criminal attacks. We urge the government to engage with civil society and tech companies, and to reconsider these potentially dangerous proposals," she said.

The amendments to the controversial Investigatory Powers Act follow the passing of the Online Safety Bill into law. The new rules give the government powers to introduce online child protection laws, one that includes clause 122, the infamous "spy clause," albeit with some caveats, despite the protests from tech companies and privacy campaigners. ®

Send us news
150 Comments

What does it mean to build in security from the ground up?

As if secure design is the only bullet point in a list of software engineering best practices

Why UK Online Safety Act may not be safe for bloggers

Individual publishers could be held liable for visitors' off-topic posts, legal eagle argues

Google: How to make any AMD Zen CPU always generate 4 as a random number

Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least

Trump admin's purge of US cyber advisory boards was 'foolish,' says ex-Navy admiral

‘No one was kicked off the NTSB in the middle of investigating a crash’

Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant'

When cloud customers don't clean up after themselves, part 97

Biden signs sweeping cybersecurity order, just in time for Trump to gut it

Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive

I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice

Remote position, webcam not working, then glitchy AI face ... Red alert!

UK Home Office silent on alleged Apple backdoor order

Blighty’s latest stab at encryption? A secret order to pry open iCloud, sources claim

Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek

Oh someone's in DeepShi...

Google's 7-year slog to improve Chrome extensions still hasn't satisfied developers

Makers of content blockers, privacy add-ons say promises weren't kept

Infosec was literally the last item in Trump's policy plan, yet major changes are likely on his watch

Everyone agrees defense matters. How to do it is up for debate

Cisco patches two critical Identity Services Engine flaws

One gives root access, the other lets you steal info and reconfig nodes, in the right (or should that be wrong) circumstances