The UK government may soon pass new orders which will force companies to remove encryption from customer data and hand them over to the government on a platter.
The government is planning on curbing enterprise encryption in the aftermath of the Manchester terror attack which claimed 22 lives.
First reported by The Sun, the government is planning to introduce, before the Parliament, a series of new orders collectively titled Technical Capability Notices, after the elections are over. The new orders will allow the government to obtain encrypted messages and content from companies as and when required.
This means companies in the UK will have to create encryption backdoors to allow government access to such data. Both UK-based enterprises, as well as multinational entities which hold customer data in the UK, have resisted previous attempts by the government to bypass encrypted customer data, fearing that such backdoors will also be exploited by hackers and enemy states.
Once the Technical Capability Notices are passed by the Parliament, new orders will require only warrants signed by the Home Secretary and approvals from a senior judge. The new set of orders has the backing of security chiefs who want more powers to track online communications without having to seize devices.
The news comes at a time when enterprises, especially those facilitating social media interactions, are implementing stricter encryption protocols to ward off hackers and keep customer data protected at all costs. Earlier this month, WhatsApp quietly added a new encryption mechanism to make it increasingly difficult for anyone to access data uploaded to the iCloud drive. The new update sealed off backdoor tricks used by Federal agencies and hackers who could gain access to such data by hacking into iCloud servers and downloading data dumps.
A document leaked by the Open Rights Group has also laid bare the UK government’s attempts to utilize new surveillance techniques to track as many as 6,000 people at any given time. As per the draft Investigatory Powers (Technical Capability) Regulations 2017, the Government aims to ‘remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data, or to permit the person to whom the warrant is addressed to remove such electronic protection.’
At the same time, the draft bill proposes to empower the government to ‘provide and maintain the capability to simultaneously intercept, or obtain secondary data from, communications relating to up to 1 in 10,000 of the persons to whom the telecommunications operator provides the telecommunications service to which the communications relate.’