Compliance Management, Privacy

Snoopers gonna snoop: IP Bill to give phone hacking powers


The Investigatory Powers Bill is set to force technology companies and internet service providers to implement backdoor access on any devices they sell to give law enforcement agencies access to customers' data on demand. 

Section 189 of IP Bill which discusses 'maintenance of technical capability' would grant law enforcement agencies the power to issue a secret order that would be able to to force it to "remove electronic protection applied ... to any communications or data" and to "provide facilities or services of a specified description."

Companies will also be banned from revealing whether they had been made to install backdoor access routes, leaving customers unable to know whether their messages and search history have been under inspection.

The term 'Telecommunications operator' is currently so broadly it would include companies like Apple, which means they and Samsung would have to build secret security backdoors into mobile phones, tablets and computers which would allow officials to access the devices.

The cherry on the icing is coming in the form the controversial measures would be partially paid for by the British taxpayers should the draft document be approved and the Bill is passed in Parliament.

Apple is currently in an ongoing battle with the FBI on the topic, after American security services asked Apple to access the locked phones of the San Bernardino shooters Farook and his wife Tashfeen Malik.

Apple and several other technology companies have insisted that if they create an access point through the encryption it could put the security of the devices at risk. Their stance has led to a running debate between the powers of the security services and the responsibilities of the tech companies creating the phones. While the FBI won the case in court Apple is challenging the move.

In related news, Labour has said they may scupper the Home Secretary's plans for the new spying law. The Times are reporting that the shadow home secretary has warned he may abstain from the vote's second reading in Parliament, insisting there would be “no blank cheque” for its passage through the commons.

Speaking to The Times, Mr Burnham highlighted that the bill needs several changes to be acceptable to Labour MPs. Burnham told that the times he plans to speak to Theresa May, the home secretary, on how the bill must start with a “presumption of privacy”.

And finally, the committee on Civil Liberties, Justice and Home Affairs is set to meet this Thursday to discuss the new EU-US Privacy Shield for commercial transfers of EU personal data to the US. The new Safe Harbour replacement has come under harsh criticisms as the new agreement makes special ‘dispensations' for law enforcement agencies.

Commenting on the IP Bill, Jacob Ginsberg, senior director at Echoworx said that, “Technology providers across the world will agree that this creates a dangerous precedent. The government is proposing to watch citizens as if they were criminals.”

Ginsberg goes on to explain that, “The government should not be allowed to circumvent existing laws that have been put in place to protect law abiding citizens from potentially harmful intrusion. Having the power to sweep someone's phone records without a warrant during bulk data collection is morally wrong. History has shown that the government is subject to attacks just as much, if not more so than other parties.”

Erka Koivunen, security advisor at F-Secure and expert witness to the Joint Committee scrutinising the Investigatory Powers Bill, told SC, “Let us be clear on the British Government's intentions and the consequences of those actions. ‘Equipment interference' is hacking. There is a reason there is a very large security industry dedicated to protecting businesses and their digital assets – because hacking damages businesses. Hacked companies are not the security services' target though – they are a stepping stone to the ultimate target. One imagines that it did little to ease Stellar's, Gemalto's or Belgacom's pain to learn that GCHQ had breached their security in an effort to spy on their customers.

“No company wants their own government or government of a friendly partner to break into their systems or undermine the security of their services. We would encourage the Government to pause and consider the implications of its intentions before it irreparably damages British businesses."

Dr Adrian Davis, managing director EMEA at (ISC)² said,  “The debate has now moved on to ensuring authorities can have a backdoor, to whatever they feel they should have access to. Once the argument is made for a particular set of circumstances – a terrorist shooting, for example – it won't be long before it is made for another, such as surveillance of people suspected of planning such an event. 

"The biggest concern argued by security experts is that once the key to such a backdoor is created, it will be impossible to control who is able to get their hands on it.” 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.