The expert view Davey Winder
The Investigatory Powers Act extends the compulsory retention of data right down to “Internet Connection Records,” which means a list of the sites each and every one of us has been browsing. These records are far more intrusive than just the kind of metadata we are always assured that law enforcement is concerned about. In fact, it means that an ISP could be required to generate a detailed site-level browsing history of an individual or organisation.
If that’s not bad enough, and honestly it really is, with every ISP being obligated to maintain a database of such browsing information to enable federated searches by law enforcement, it also broadens the threatscape for attackers. There is no requirement, as far as I can tell, for those databases to be encrypted. Indeed, that they must be available for searching by government agency upon legal request suggests that they won’t be.
I’m guessing we won’t have long to wait for the first reports of an ISP being hacked and the IPA database being compromised. And, talking of encryption, at least we should be happy that there was no explicit requirement for backdoor access to be built into encryption services. Apart from the fact that there was.
A “technical capability notice” could require removal of encryption applied by or on behalf of a service provider. Remember that an ISP might “provide” an end-to-end encryption service and that would then become liable for such a notice. That this needs the approval of a judicial commissioner is neither here nor there – I can’t imagine them turning such a request down for the most part.
The IPA requires service providers subject to such a notice to notify the government of any new services and products in advance of their launch so that it can “allow consideration of whether it is necessary and proportionate to require the CSP to provide a technical capability on the new service”. Oh yes, and a technical capability is defined as including the removal of electronic protection from encrypted communications...