Encryption ban dropped from draft UK surveillance bill
A threatened ban on encryption has been banished from a draft bill on surveillance powers in the UK – but the government plans to explicitly allow bulk surveillance of Internet traffic by security and intelligence agencies.
UK Home Secretary Theresa May began by listing the things the draft bill did not contain as she introduced it in Parliament on Wednesday.
“It will not include powers to force UK companies to capture and retain third-party Internet traffic from companies based overseas. It will not compel overseas communications service providers to meet our domestic data retention requirements for communications data. It will not ban encryption or do anything to undermine the security of people’s data,” she said.
But she does want police and the security and intelligence services to have the right to track Internet communications in the same way they do phone calls.
“It cannot be right that police could find an abducted child if the suspects were using mobile phones to conduct their crime, but if they were using social media or communications apps they would be out of reach,” she said.
How police will be able to do that if companies such as Apple retain the right to offer end-to-end encrypted communications remains to be seen. The devil, as several Members of Parliament remarked in responses to May’s statement, is in the details.
The new proposal is not a return to the draft communications data bill of 2012, May said. That was heavily criticized for containing the kinds of measures she ruled out Wednesday, and ultimately blocked by the ruling Conservative Party’s coalition partners at the time, the Liberal Democrats.
Draft bills are proposals for legislation that have not yet been debated in one of the two houses of Parliament.
Before those debates begin, May’s text will first be examined by a joint committee of the two houses to get it into a form that will encounter less opposition than did its predecessor. The main opposition party, Labour, has already welcomed Wednesday’s proposals – in principle at least.
Deadline
May intends to have the bill passed into law by 31 December 2016, when previous legislation enabling government surveillance of communications expires.
The new draft frames the abilities of the police and security and intelligence services to acquire and retain communications data, to intercept the contents of communications, and to interfere with equipment so as to obtain data covertly from computers.
It also regulates the bulk use of these powers by the intelligence and security services, May said.
One measure likely to attract criticism is the requirement on ISPs to retain 12 months’ worth of ‘Internet connection records’ showing which communications services customers have used.
This is not a record of every Web page visited, May said: “If someone has visited a social media website it will only show they have accessed that site, not the pages they visited or what they said. It is simply the modern equivalent of an itemised phone bill.”
However, in certain cases the police will be allowed to determine whether someone has visited a particular IP address – which will allow them in many cases to determine which website they visited.
In preparing the legislation, the government had consulted with ISPs in the UK and in the US, May said. Whether they are happy with the cost of capturing and storing all that traffic data for the government is unclear.
One of the companies that already knows most about our browsing habits, Google, did not respond to a request for comment. Another, Facebook, said it is reviewing the bill and will follow its progress through Parliament.
Peter Sayer, IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers