- Home /
- News /
- 2015 /
- February /
- UK: Government plans to give the security and intelligence agencies direct access to computers to by-pass encryption and to use "remote access" to "obtain information.. in pursuit of intelligence requirements" or to "remove or modify software"
UK: Government plans to give the security and intelligence agencies direct access to computers to by-pass encryption and to use "remote access" to "obtain information.. in pursuit of intelligence requirements" or to "remove or modify software"
07 February 2015
- the code applies to "any interference (whether remotely or otherwise)"
- to "locate and examine, remove, modify or substitute equipment hardware or software"
- to "enable and facilitate surveillance activity by means of the equipment" (p5)
In language strikingly similar to
GCHQ;'s 4Ds (pdf) "Deny/Disrupt/Degrade/Deceive" the Home Office Security Minister said on 6 February 2015 the purpose was to: “identify, track and disrupt the most sophisticated targets”.
See: Codes of practice under Pursuant to section 71 of the Regulation of Investigatory Powers Act 2000:
-
Equipment Interference Code of Practice (pdf)
-
Interception of Communications Code of Practice (pdf)
-
Regulation of Investigatory Powers Act 2000 Consultation: Equipment Interference and Interception of Communications Codes of Practice (pdf)
Tony Bunyan, Statewatch Director, comments:
"The adoption of such sweeping new surveillance powers should be the subject of primary legislation and not sneaked through in a Code of Practice under RIPA 2000 - which is not limited to terrorism and serious crime but covers all crime. They would allow the intelligence and security agencies to access any computer or smartphone not just to carry out surveillance but also to alter and/or change the content..
The wealth of examples from the Snowden revelations concerning GCHQ, the finding of the Investigatory Powers Tribunal of the unlawful data exchange with the NSA, the judgment by the Court of Justice of the European Union in April 2014 that the Mandatory Data Retention Directive was unlawful since it was adopted in 2006 (and we still await any response from the European Commission) and, DRIPA 2014 which legalised the gathering of IP address - confirms the view of seasoned observers that governments are not in control of their intelligence and security agencies, that the agencies will use all available technologies even if there is no legal basis, and that when court judgments find against present practices the law is simply changed to make the "unlawful lawful"
And what guarantees are there that that these new surveillance powers will only be used against terrorists and serious organised criminals and that "function creep", which has happened time and again since 2001, will not see them used against all suspected crimes?"
See on law enforcement agencies use of "remote access" Statewatch analysis:
EU agrees rules for remote computer access by police forces – but fails, as usual, to mention – the security and intelligence agencies by Tony Bunyan (pdf) and
EU: Welcome to the new world of the interception of telecommunications (Statewatch database)
See also:
Security services capable of bypassing encryption, draft code reveals (Guardian. link)