Plans for extensive Government spying powers revealed in leaked report*
The Government is planning to force social media and internet companies to break encryption to help spies monitor communications, a leaked report has revealed. In an extension of the security agencies' abilities under the Investigatory Powers Act, the Government could force companies to change their technology so they can comply with warrants.

The secret document, which was only shared with a handful of communications companies, was revealed by privacy advocates the Open Rights Group. The organisation said it could mean encrypted messaging apps such as WhatsApp having to limit encryption.

What is it? | Encryption

End to end encryption is a way of transmitting a message so that it can only be read by the intended recipient, and not intercepted by accessing the servers or the networks via which the message is sent.

Rather than being sent as plain text, the message is scrambled as a long series of digits that needs a key only held by the sender and the recipient to understand it.

The keys are ephemeral, meaning they disappear after the message is unscrambled so that it cannot be unlocked afterwards.

WhatsApp users can also verify that their communications are not being intercepted by scanning a code on the other user’s phone.

Encrypted messages and phone calls have infuriated security services, since they have relied on tapping into communications data.
The measures, if passed into law, will require internet and mobile companies with more than 10,000 customers to hand over customers' information within 24 hours of receiving an order from the security services. It dictates the material must be "in an intelligible form", suggesting they must be decrypted.

Many technology and communications companies have introduced end-to-end encryption as a way to secure their customers' information. This means that only the sender and receiver can see the contents of a WhatsApp message on their devices.

The draft regulations, which are under consultation, would also let agencies listen to phone calls and read messages as they happen, as well as reading post without the recipient knowing.

Law enforcement will also have the power to inspect communications companies' systems to check they have complied with warrants in an honest manner, said Dr Luckasz Olejnik, an independent privacy consultant.

FAQ | Investigatory Powers Act

What are the key measures?

  • Force internet and communications companies to retain customers’ browser history for up to a year
  • Protect the ability of GCHQ and MI5 to bulk collect communications data and to hack in to a suspect’s electronic devices
  • Give a judge the power to sign off warrants for intrusive surveillance

Why is it controversial?

Privacy campaigners see the new requirement for everyone’s internet records to be stored as a major extension of surveillance powers. Some security experts believe that the bulk data storage will overwhelm intelligence analysts, actually rendering them less able to detect recidivists. People are also concerned about the extensive hacking powers granted in the Act

Why is the government doing this?

The government sees the bill as “maintaining intelligence agencies' current capabilities” but ratifying them. Introduced by Theresa May when she was Home Secretary, the Government at the time described it as “one of the most important pieces of legislation” in this parliament and said it goes “to the heart of the Government’s duty to keep the British public safe”

Haven't we been here before?

Mrs May put forward a similar bill during the coalition in 2013 - also nicknamed the Snoopers’ Charter. It was blocked by the Liberal Democrats over concerns about how extensive its powers were
The UK Government is determined to crack down on the technology, claiming it threatens security. Technology companies including Apple and WhatsApp say this will threaten the security and privacy of customers.

"These powers could be directed at companies like WhatsApp to limit their encryption," said Jim Killock, executive director of the Open Rights Group. "If the powers are exercised, this will be done in secret. The public has a right to know about government powers that could put their privacy and security at risk."

Amber Rudd promised to "call time" on encryption in the wake of the Westminster attack after WhatsApp said it could not give the security services access to attacker Khalid Masood's last message. Rudd said WhatsApp's refusal was "completely unacceptable".

The security services managed to read Masood's final message without WhatsApp's assistance, but it took around a month to crack it.

It comes as the Government is pushing to work with internet companies crack down on illegal behaviour online. The Home Affairs select committee said earlier this week that social media firms should help pay for digital crimes and face fines for not quickly removing illegal material.
The Home Office did not comment.