Tech firms offered reassurance on encryption over revised spying laws


Technology firms will not be forced to weaken security by undermining encryption under proposed new spying laws.

Sources said a revised version of the Investigatory Powers Bill will put beyond doubt that companies can only be asked to remove encryption that they themselves have applied, and only where it is "practicable" for them to do so.

It comes after Apple was embroiled in a legal battle with the FBI in the US over access to an iPhone linked to one of two assailants who killed 14 people in a shooting in California in December.

The Government has always said no additional requirements will be imposed in relation to encryption over and above the existing obligations. The Bill is expected to spell out the current position more explicitly.

Increasingly advanced encryption has been identified as a headache for security services, with suggestions it risks leaving them locked out of some areas of cyber space.

The clarification on encryption comes as ministers are poised to unveil a string of amendments to the legislation after the findings of three parliamentary inquiries on the first draft sparked calls for Home Secretary Theresa May to return to the drawing board.

The revised bill, which will be laid in Parliament on Tuesday, will reflect the majority of the recommendations made by three committees which raised concerns about privacy and clarity.

One amendment will see another purpose for which authorities can access web data known as internet connection records added - the pursuit of "investigative leads". ICRs detail services a device connects to but not users' full browsing history or the content of a communication.

Senior law enforcement officers had argued that proposed rules around ICRs appeared to preclude access to details that could be valuable in missing people inquiries and human trafficking investigations.

The first "operational case" for bulk powers will also be published, giving unprecedented detail on why intelligence agencies need existing powers to hoover up large volumes of data and how they are used.

Officials say it is clearer, with tighter technical definitions and strict codes of practice; includes stronger privacy safeguards including a requirement for security services, as well as the police, to obtain a senior judge's permission before accessing communications data to identify a journalist's source; and explicitly prevents UK agencies from asking foreign intelligence bodies to undertake activity on their behalf unless they have a warrant approved by a secretary of state and judicial commissioner.

New safeguards for interception and equipment interference warrants - used to hack into suspects' devices - will be introduced, reducing the period of time within which urgent warrants must be reviewed by a judicial commissioner from five to three days.

Where recommendations have not been accepted, the Government argues they would compromise the capabilities of law enforcement and intelligence services.

A source said: "We have strengthened safeguards, enhanced privacy protections and bolstered oversight arrangements.

"This is world-leading legislation, setting out in unprecedented detail the powers available to the police and security services to gather and access communications and communications data, subject to a robust regulatory regime.

"Terrorists and criminals are operating online and we need to ensure the police and security services can keep pace with the modern world and continue to protect the British public from the many serious threats we face."

Unveiled by the Government last year, the Bill is an attempt to bring surveillance tactics used by police and intelligence agencies in the digital age under one legal umbrella.

James Blessing, chairman of the Internet Service Providers' Association, warned that stored data could provide a "rich vein" of information for fraudsters.