Investigatory Powers bill causes more strife over built-in backdoors

Any CSP could be forced to bake-in a backdoor for the authorities

The draft Investigatory Powers bill, which is currently making its way through Parliament, has been causing concern amongst many folks and businesses with some of its sweeping measures – and the latest nugget to emerge on how the government is trying to leverage surveillance is unlikely to help.

TechCrunch reports that one of the numerous (also draft) Codes of Practice attached to the complex bill – in this case, the one concerning 'equipment interference' – stipulates that CSPs (communication service providers) must "provide a technical capability to give effect to interception, equipment interference, bulk acquisition warrants or communications data acquisition authorisations."

The code further notes that the reason for said "technical capability" is so that companies can swiftly provide relevant details when a warrant is served – although smaller companies (those with under 10,000 customers) "will not be obligated to provide a permanent technical capability, although they may be obligated to give effect to a warrant."

The long and short of it is that the government wants to have sweeping powers over internet and telecoms firms, and could potentially make these businesses include what are effectively backdoors in their systems.

Eric King, deputy director of Privacy International, told TechCrunch: "They can serve a permanent notice to require you to bake into your product a technical capability that would allow you to then hack any one of your customers … And when law enforcement then later come along and say we want you to hack this customer, they've already forced the company to build the system to do that."

Of course, as we are all aware, the problem of building in such weaknesses in systems is the possibility of rogue elements like hackers exploiting them.

Keeping schtum

The second crucial point here is that the bill also stipulates non-disclosure for companies who have their arms twisted in terms of providing details – so in other words, the public won't get to hear about it.

Organisations wouldn't be able to air concerns, go to the press, or anything along those lines, and we'd certainly see no debate such as the Apple versus FBI case which has been in the limelight lately over in the States.

The government wants the Investigatory Powers legislation to come into law before 2016 is out. The initial draft was published last November, and a tweaked bill was brought before Parliament at the start of this month.

Generally speaking, one of the biggest worries is that the bill is so vague with many of its terms and definitions.

Nicola Blackwood MP, chair of the Science & Technology Committee, recently told us: "There are widespread doubts over the definition, not to mention the definability, of a number of the terms used in the draft bill. The government must urgently review the legislation so that the obligations on the industry are clear and proportionate."