The government is seeking to update the Investigatory Powers Act (IPA) 2016.
It wants messaging services to clear security features with the Home Office before releasing them to customers.
The act lets the Home Office demand security features are disabled, without telling the public. Under the update, this would have to be immediate.
Currently, there has to be a review, there can also be an independent oversight process and a technology company can appeal before taking any action.
Because of the secrecy surrounding these demands, little is known about how many have been issued and whether they have been complied with.
But many messaging services currently offer end-to-end encryption – so messages can be unscrambled by only the devices sending and receiving them.
WhatsApp and Signal are among the platforms to have opposed a clause in the Online Safety Bill allowing the communications regulator to require companies to install technology to scan for child-abuse material in encrypted messaging apps and other services.
They will not comply with it, they say, with Signal threatening to “walk” from the UK.
Apple has also opposed the plan.
The government has opened an eight-week consultation on the proposed amendments to the IPA., which already enables the storage of internet browsing records for 12 months and authorises the bulk collection of personal data.
They are “not about the creation of new powers” but making the act more relevant to current technology, it says.
Apple has consistently opposed the act, originally dubbed a “snooper’s charter” by critics. Its submission to the current consultation is nine pages long, opposing:
- having to tell the Home Office of any changes to product security features before they are released
- the requirement for non-UK-based companies to comply with changes that would affect their product globally – such as providing a backdoor to end-to-end encryption
- having to take action immediately if a notice to disable or block a feature is received from the Home Office, rather than waiting until after the demand has been reviewed or appealed against
- It would not make changes to security features specifically for one country that would weaken a product for all users.
- Some changes would require issuing a software update so could not be made secretly
- The proposals “constitute a serious and direct threat to data security and information privacy” that would affect people outside the UK
Cyber-security expert Prof Alan Woodward, from Surrey University, said technology companies were unlikely to accept the proposals.
“There is a degree of arrogance and ignorance from the government if they believe some of the larger tech companies will comply with the new requirements without a major fight,” he added.
The Home Office told the BBC that the Investigatory Powers Act was designed to “protect the public from criminals, child sex abusers and terrorists”.
It added, “we keep all legislation under review to ensure it is as strong as it can be and this consultation is part of that process – no decisions have yet been made”.
Read from: https://www.bbc.com/news/technology-66256081