Snooper's Charter: Tech companies will have to give police 'back-door' access to customers' data

Companies will not be allowed to tell customers if their messages are being shared with police

Internet service providers and technology companies will be forced to install "back-door" flaws into their products, so British police and security services can access them on demand.

The move was announced in draft documents published in support of Theresa May's controversial Investigatory Powers Bill, announced in November 2015.

Companies will also be banned from revealing whether they had been made to install "back-door" access routes, leaving customers unable to know whether their messages and search history are truly secure.

And if the draft documents are approved and the Bill known as the "Snoopers' Charter" is passed in Parliament, the controversial measures will be partially paid for by British taxpayers.

Theresa May on Isis

The move, intended to prevent criminals and terrorists from networking and organising illegal activities online, follows a legal dispute between the FBI and technology company Apple over a similar issue.

An American court ruled that Apple had to help the FBI bypass encryption on an iPhone belonging to Syed Farook, one of the San Bernadino killers. Farook and his wife killed 14 people in a mass shooting in December 2015. 

But Apple launched a highly-publicised appeal, arguing that while they could unlock the phone, it would set a dangerous precedent and compromise their customers' privacy and security. 

When announced, the Investigatory Powers Bill also sparked an immediate backlash from privacy campaigners. It requires internet and phone companies to store the search history of web users for a year and hand this information over to the police upon request, and made explicit for the first time the power of the police to hack phones and computers.

The new documents, expanding on Theresa May's initial proposal, indicate how companies will be forced to help the police hack into their own customers' data.

Any firm with more than 10,000 customers providing a "telecommunications service" to UK citizens could be subject to the legislation, forcing them to provide the "technical capability" for "interception" of personal data. Apple, Google, Facebook and a number of broadband companies are among the organisations affected by the measures.

They would also be bound by an effective gagging order, "under a duty not to disclose the existence and contents" of the order to hand over personal data.

An independent "investigatory powers commissioner" would be available to assess cases where companies felt their rights were being infringed, while the orders would have to be reviewed every two years regardless of circumstance.

However, there is no apparent way for private citizens to find out if their personal data is being scrutinised by the police, let alone appeal against this process.

Comments