The Investigatory Powers (IP) bill has been given approval by David Anderson in a report. Britain’s spies should be allowed to continue harvesting large amounts of data from emails, the government’s reviewer of terror legislation said. IT security experts from AlienVault, MIRACL and Lieberman Software commented below.
Javvad Malik, Security Advocate at AlienVault:
The areas of contention stem around the ‘how’ with many citing proposed bills underestimate the impact certain aspects could have to technology deployments, leaving the general public more exposed than before.
The second aspect is the lack of confidence that governments have the ability to adhere to the accountability controls put in place to ensure the powers are only used appropriately.
Impact to the business is an interesting area worth exploring. Encryption being the largest source of controversy, particularly where the service provider doesn’t have the key.
The scope of the bill is vague and can be interpreted to cover any business that operates a public or private network. ISP’s / telecoms providers will face the brunt of the bill and will have to field warrants, install new equipment, update technical capabilities, and provide search capabilities.
Similarly, cloud service providers will fall under the same umbrella. This includes social media platforms like Twitter or Facebook. In fact, any online business – even ones that aren’t explicitly telecoms providers can be treated as such and require to comply with data intercept requests. For example, online commerce websites which also provide a facility for customers to communicate with each other e.g. eBay, cab be treated as a telecoms provider.
As the bill comes into force and we start seeing implementations of it, or challenges are made in court, we’ll begin to see and understand the full impact of it.”
Brian Spector, CEO at MIRACL:
Given that most people now place all their personal data online, the IP Bill would grant enormous surveillance capabilities to the government. If the legislation proceeds, it could undermine trust in the Internet as a whole, from service providers, to device manufacturers, to the apps we use as part of our everyday lives. But it also has serious implications for tech companies who, under the proposals, would be legally bound to help UK police and security services access an individual’s device. In addition, any software made by a British company could soon be perceived to be facilitating government spying on its customer’s data. This could make it much harder for British technology and information security companies to compete globally.”
Jonathan Sander, VP of Product Strategy at Lieberman Software:
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.