India’s new mass surveillance project may expand government’s control over internet rights
It remains unclear as to how the government intends to go about collecting citizens’ data and what it intends to do with it iStock

British politicians will reportedly seek to rush through anti-encryption powers in the wake of the Manchester terror attack, forcing technology firms in the UK to break their own security in order to comply with compel notices issued by police and intelligence services.

Ministers will ask Parliament to sweep in new orders – dubbed Technical Capability Notices (TCNs) – as soon as the election is over, according to The Sun newspaper. The news emerged days after a suicide bomber killed 22 people during a pop concert in Manchester Arena.

Technology firms currently use strong encryption, known as "end-to-end", in chat applications including WhatsApp, Skype and iMessage to protect users' privacy and bolster security.

The government claims the protections allow terror groups to communicate in secret.

"We will do this as soon as we can after the election, as long as we get back in," one government source reportedly told The Sun, adding: "The level of threat clearly proves there is no more time to waste now. Social media companies have been laughing in our faces for too long."

The fine print of such Technical Capability Notices was leaked in early May by UK campaigners from the Open Rights Group. It places a demand on communications firms with over 10,000 users to store data and, when needed, "remove electronic protection" applied by the operator.

The order first appeared as part of the Investigatory Powers Bill (IPBill), a piece of surveillance legislation which gained royal assent late last year, however some parts still need to be approved by parliament before coming into effect. Critics call the bill a "Snooper's Charter."

"The authorities need it"

In an interview with Sky News after the Manchester terror attack, former UK national security adviser Lord Ricketts said law enforcement need more access to encrypted communications. Ironically, in the same segment he claimed the security services are inundated with data.

He said: "What strikes me most of all here is if anyone ever doubted why the authorities need access to communications data this investigation is showing it. There must have been a lot of communication going on between various people in the network and the authorities need it.

"They [the security services] are constantly doing an exercise in prioritisation. With thousands of people to follow the security authorities can't be on top of all of them."

Internet server cables
Tech firms would have to store data for 12 months under IPBill iStock

On 24 May, in response to the claims, Jim Killock, director of the Open Rights Group, wrote in a blog post there "must be limits" to the powers held by the authorities.

He said: "Our core concern is that using Technical Capability Notices to force companies to limit or bypass encryption or otherwise weaken the security of their products will put all of us at greater risk.

"Criminals could exploit the same weaknesses. Changes to technology at companies merely need to be 'feasible' rather than 'safe' or 'sensible' for users or providers.

"The UK appears to be deliberately walking into an international dispute, where much of the legal debate will be entirely hidden from view, as the notices are served in secret, and it is not clear what appeal routes to public courts really exist. Other governments, from Turkey to China, will take note.

"We urge politicians to take a detailed and considered look at TCNs and the use of vulnerabilities, to ensure that the consequences of their use can be properly evaluated and challenged."

Big Brother Watch, another UK campaigning organisation, tweeted: "Here we go all over again with demands to scrap encryption. Encryption must not be defined as a zero sum game #encryption."

It is believed that over 60 people were injured in the Manchester attack – with a dozen under the age of 16. The government raised the threat level from "severe" to "critical" and armed forces were later deployed to high-risk areas in the UK, including airports and train stations.