The Beginning of the End of End-To-End Encryption

A paper was allegedly leaked to civil liberties body the Open Rights Group on May 4th according to the BBC reports shows a proposal in a draft technical paper prepared by the government that the British web users of the internet communications will be on live surveillance. ┬áIt means if made into law, such access would occur via the Investigatory Powers (IP) Act, which includes provisions for the removal of encryption on content. The soured part of the News is that the Home Office denied there was anything new in the consultation; indicating that Phone companies and internet service providers would be asked to provide “data in near real time” within one working day, according to one clause in the technical capabilities paper and such access would need to be sanctioned by secretaries of state and a judge appointed by the prime minister.

The paper also echoes the IP Act itself, noting that tech companies would be required to remove – or enable the removal – of encryption from communications as they would need to be provided “in an intelligible form” without “electronic protection”. That means it could be exploited by hackers, endangering innocent users.

In the past and present Cryptographers describe such access as a “backdoor” in the security of communications services but this new reports under the terms of the Investigatory Powers Act, telecoms firms would have to carry out the requirements of any notices to these effects in secret, so the public would be unaware that such access had been given.

Simultaneous surveillance could occur in bulk, but be limited to one in every 10,000 users of a given service – a maximum of roughly 900 of BT’s 9 million British broadband customers, for instance.

A BT spokesman confirmed the company had received “a copy of draft regulations, to be made under the Investigatory Powers Act 2016, in relation to technical capability notices” – but did not comment further.

‘Security risk’

“The public has a right to know about government powers that could put their privacy and security at risk,” said Jim Killock, executive director of the Open Rights Group, explaining the decision to publish the document.

“It seems very clear that the Home Office intends to use these to remove end-to-end encryption – or more accurately to require tech companies to remove it,” said Dr Cian Murphy, a legal expert at the University of Bristol who has criticised the scope of the IP act.

“I do read the regulations as the Home Office wanting to be able to have near real-time access to web chat and other forms of communication,” he told the BBC.

Media captionAmber Rudd in March: “Intelligence services need to be able to get into encrypted services like WhatsApp”

Home Secretary Amber Rudd has previously argued that the Investigatory Powers Act is necessary to curb “new opportunities for terrorists” afforded by the internet.

In March, Ms Rudd’s comments that encrypted messaging services like WhatsApp should not be places “for terrorists to hide” caused much debate.

Surveillance of some mobile phone user data in “as near real-time as possible” has already been available to law enforcement authorities for many years, noted Dr Steven Murdoch at University College London.

The UK’s Internet Service Providers’ Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others, said it would be “consulting its members and submitting a response to the draft regulations”.