The UK government is pretty damn serious about its secret surveillance plans.
You might remember that a few months ago the “Snoopers’ Charter” — a.k.a. the Investigatory Powers Act — was passed into law.
Among other things, it forces tech companies to hand over your web history with a retention notice and remove encryption, upon request.
The latter is particularly worrying for services like WhatsApp, which offer end-to-end encryption.
Well, now we know the extent of the government’s intrusion into your data.
Open Rights Group (ORG), a privacy advocacy group, has published a leaked copy of the draft technical capability notices paper.
In a nutshell, the document details how all communications companies will be forced to break their encryption and be legally required to create a backdoor so authorities can read all communications.
Companies like WhatsApp could be forced to “modify” their products to enable intercept and metadata collection.
“These powers could be directed at companies like WhatsApp to limit their encryption,” Jim Killock, ORG’s executive director, said in a statement.
“The regulations would make the demands that [Home Secretary] Amber Rudd made to attack end-to-end encryption a reality. But if the powers are exercised, this will be done in secret.”
The draft says that all telecommunications companies and platforms over 10,000 UK users, thus including WhatsApp, must “provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data.”
Moreover, communication providers will be required to introduce systems that allow the government to spy on up to 1 in 10,000 customers — simultaneously.
Basically, the UK government will be able to snoop in real-time on 10,000 people in the UK, whenever it wants to.
The Home Secretary is responsible for asking the company to break encryption. The company must comply with the order but not reveal they’ve been asked by the government.
“The powers would also limit the ability of companies to develop stronger security and encryption,” ORG said in a statement. “They could be forced to run future development plans past the Government.”