Proposed U.K. law lets authorities snoop on communications, defeat encryption

The United Kingdom’s Investigatory Powers Bill faced a firestorm of criticism this week after a leak of documents detailing the law’s surveillance powers. According to the International Business Times, it would permit U.K. law enforcement agencies to request the content of telephone calls, text messages, and internet browsing activity, and require some telecoms and services to provide a way around encryption.

The leak included a nine-page draft titled “technical capability notice,” which required internet providers and phone companies to “provide and maintain the capability to ensure the interception, in their entirety, of all communications […] in their entirety, of all secondary data authorized by or required by the warrant.” Telecom companies would be expected to hand over data within 24 hours, in some cases, and would be required to store data for 12 months.

The Investigatory Powers Bill also targets end-to-end encryption, the digital method of obfuscation used to secure communications. Telecom companies — including U.S. companies which operate in the U.K., potentially — would be required to “disclose, where practicable, the content of communications […] in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator.”

There are some limits to what U.K. authorities could do. Surveillance requests would have to be approved by either a senior police official or the Secretary of State, and would be overseen by a judge appointed by the Prime Minister. Telecommunications firms which solely provide service to banking, insurance, investment, or other financial services won’t be subject to the law, and warrants won’t be imposed on carriers with fewer than 10,000 customers.

Still, advocacy groups criticized the bill for “disproportionate powers […] straight out of an Orwellian nightmare.” Jim Killock, executive director of the U.K.’s Open Rights Group, told the International Business Times that “[the powers] could be directed at companies like WhatsApp to limit their encryption.”

“The public has a right to know about the government powers that could put their privacy and security at risk,” he said. “There needs to be transparency about how such measures are judged to be reasonable, the risks that are imposed on users […] and how companies can challenge the demands.”

The documents, which were drafted in consultation with the U.K.’s Technical Advisory Board, have yet to be approved by the U.K.’s parliament. But the bill is expected to become law by late May, after a brief “consultation” period.

In March, following the terrorist attack in London which left many people injured and one killed, British Home Secretary Amber Rudd announced the U.K. government’s intention to persuade WhatsApp to provide a way for authorities to read encrypted messages.

“We need to make sure that organizations like WhatsApp, and there are plenty others like that, don’t provide a secret place for terrorists to communicate with each other,” Rudd told The Guardian.