Draft Communications Bill reveals Home Office's mass surveillance plans going ahead - but government remains tongue-tied about how technology will actually work
The government today published a draft version of a bill that, if signed into law in its current form, would force Internet Service Providers (ISPs) and mobile phone network providers in Britain to install 'black boxes' in order to collect and store information on everyone's internet and phone activity, and give the police the ability to self-authorise access to this information. However, the Home Office failed to explain whether or not companies like Facebook, Google and Twitter will be brought under the Regulation of Investigatory Powers Act (RIPA), and how they intend to deal with HTTPS encryption.
Faith in the integrity of HTTPS encryption is what makes online banking and the entire e-commerce industry possible, and Google uses it to secure its Gmail service, as do most webmail providers. The need for easy access to Gmail has been one of the Home Office's primary justifications for the Communications Bill, but technology experts are dubious as to whether it is possible to technically and lawfully break HTTPS on a nationwide scale. At this morning's Home Office briefing, Director of the Office for Security and Counter-Terrorism Charles Farr was asked about how the black box technology would handle HTTPS encryption. His only response was: "It will."
At a press and MP briefing at Parliament today, Julian Huppert MP said that he couldn't believe the bill could even be put before the House in its current form. David Davis MP remarked that, given that the RIPA process is already "a disgrace", the Home Office should be introducing a bill that introduces warrant requirements to RIPA rather than making it even easier for the police to access citizens' communications data. He also revealed that David Maclean, "the most right-wing politician the Home Office ever saw", will be chairing the committee on the bill.
Dr Gus Hosein, Executive Director of Privacy International, said:
"In the UK, we've historically operated under the presumption that the government has no business peering into the lives of citizens unless there is good reason to - that people are innocent until proven guilty. This legislation would reverse that presumption and fundamentally change the relationship between citizen and state, and their relationship with their internet and mobile service providers. Yet there are still big question marks over whether Facebook and Google will be brought under RIPA, and how far the government is willing to go in undermining internet security in order to fulfil its insatiable desire for data."