Concerns Over The Passing of New ‘Hacking on Demand’ Law

A recent article in Computer Weekly has highlighted how the Investigatory Powers Bill could see IT companies being forced by law to use hacking on demand to help the UK government with aspects surveillance or face serious criminal charges!
Most people in the UK would find it difficult to deny that we as a country face many different kinds of threats at home and worldwide. What is causing some surprise however is the extent, scope and potential impact of a new UK law that could grant the UK government unprecedented powers over IT Companies and their customers.

What Law?

The Investigatory Powers Bill also known by its critics as “Snoopers’ Charter” is a new law that is has been introduced by the Home Secretary Theresa May. The government say that the legislation which will grant them an unprecedented amount of Internet surveillance powers will help them to fight terrorism, organised crime and paedophilia. The new law which was passed on the 3rd attempt by the government to grant itself far reaching surveillance powers follows on from the rejected Communications Data Bill and the compromise version of the Data Retention and Investigatory Powers Act.
In the lead up to the law being passed in the House of Commons concerns had been expressed also that MPS were given only 2 weeks to read an additional 1,200 pages of accompanying documentation prior to having to vote on it

What Is The Problem?

Some of the main concerns that IT companies have with the legislation centre upon the fact that it could be used to force them to essentially hack on demand on behalf of the government. The legislation also includes some potentially serious penalties for individuals at IT companies who fail to co-operate with or disclose the fact that they have been given surveillance requests by the government. Some parts of the law that are causing concern among IT professionals include:

  • Any UK ICT business can be secretly forced to carry out equipment interference and make changes to their products and systems to allow security protection to be broken, and to allow their “bulk personal datasets” to be stolen and added to intelligence systems.
  • IT companies could be made to push malware code to devices e.g. disguised as fake updates.
  • Universities, schools and businesses could be served with hacking notices.
  • Simply disclosing the fact that you have received a notice by the government to act on their behalf in this way could result in maximum jail term of 5 years.
  • IT start-ups could be required to build in government hacking or interception systems from the start.
  • There may be no safeguards for companies or IT staff who take part in e.g. hacking or the planting of malware.

What Does This Mean For Your Business?

This could of course mean that, depending what kind or organisation you work for you could be asked to take part in hacking and surveillance activities. Your details could be collected covertly as part of this legally enforced surveillance, and you could be using IT products and software that could no longer be described as being completely secure. On the positive side of things, if the law is used well and successfully to counter e.g. terrorism and organised crime there could be wider benefits for all in our daily lives.