PI response to UK Government consultation on Technical Capabilities Notices
Among the myriad of surveillance powers it already possesses, the UK government wants the power to stop companies - anywhere in the world - from making security improvements to their services without approval. To fall under this power, the company only has to service UK users, and yet the effects will be felt by every user, every where.
We are responding to the UK Government's consultation to expand its powers around Technical Capabilities Notices and National Security Notices.
Background
Following Edward Snowden's revelations about the illegal and expansive secret powers of the US and UK intelligence agencies, the UK Government took the opportunity to, rather than reflect on what powers are proportionate in the modern era, to expand its arsenal of surveillance powers.
One of the powers it added was the ability to issue Technical Capabilities Notices on communications companies. These secret orders could compel a company to make changes to their service as required by the UK Government, to reduce security, introduce vulnerabilities, or whatever else they are instructed to do. The company would not be allowed to notify anyone.
This type of power should not be possible by any power anywhere. Yet the UK Government alone possesses it.
It's not happy enough with that however.
The new proposal
The government is consulting on a new set of powers. It doesn't want to have to only ask companies to remove security; it wants to stop security innovation cold.
That is, it's not happy that companies can update their systems without notifying the UK Government, and without allowing the UK Government to review the update before it is applied. So it is seeking this additional, and yet again, extraordinary and unprecedented power.
What we are doing
We tried to stop the 2016 secret order power from becoming enshrined in law. We've litigated repeatedly against a series of extraordinary powers held by the UK Government -- but because this one is secret when it is issued, it's really hard for us to act.
We're using this public opportunity to call out both this expansion but also the original power. No government should have the power to suspend security, or to halt security innovation, for users anywhere -- whether in their country or affecting users world-wide.