UK spies: You know how we said bulk device hacking would be used sparingly? Well, things have ‘evolved’…

UK spies are planning to increase their use of bulk equipment interference, as the range of encrypted hardware and software applications they can’t tap into increases.

Equipment interference (EI) – formerly known as computer network exploitation – is the phrase used for spies poking around in devices, like phones or computers, and media like USB sticks.

theresa may https://www.flickr.com/photos/policyexchange/10725847516/in/photostream/ licensed under https://creativecommons.org/licenses/by/2.0/

UK’s new Snoopers’ Charter just passed an encryption backdoor law by the backdoor

READ MORE

It allows them to gather up info they claim would otherwise be “lost” as it can’t be obtained other ways – crucially, it means they can access encrypted data they cannot grab via the more traditional route of interception.

At the time the Investigatory Powers Bill was passing through Parliament – it was signed into law in 2016 – EI hadn’t been used, but it was already seen an alternative to bulk interception.

However, it was expected to be authorised through targeted or targeted thematic warrants; as then-independent reviewer of terrorism David Anderson wrote at the time, “bulk EI is likely to be only sparingly used”.

Since then, though, GCHQ’s use of these bulk powers has “evolved”, according to a letter (PDF) to members of parliament’s Intelligence and Security Committee, by security minister Ben Wallace.

During the passage of the Investigatory Powers legislation, he said, the government anticipated bulk EI warrants would be “the exception”, and “be limited to overseas ‘discovery’ based EI operations”.

But with encryption increasingly commonplace, the spies want the exception to edge towards becoming the rule.

“Since the passage of the Bill, the communications environment has continued to evolve, particularly in terms of the range of hardware devices and software applications which need to be targeted,” Wallace said.

“In addition, the deployment of less traditional devices, and usage of these technologies by individuals of interest has advanced significantly.”

Wallace said GCHQ had reviewed “current operational and technical realities” and “revisited” its previous position.

“It will be necessary to conduct a higher proportion of ongoing overseas focused operational activity using the bulk EI regime than was originally envisaged,” he said.

This was predicted by David Anderson, QC in his 2016 report (PDF), as he acknowledged that the logic of bulk interception could apply to bulk EI.

“There will be foreign-focused cases where there is significant value to be gained, operationally, from it – but in which it won’t be possible to make a sufficiently precise assessment to proceed on the basis of the thematic EU power,” he said.

Anderson added that bulk EU would require “particularly rigorous and technically-informed oversight” from both the secretary of state and the judicial commissioners who form the other part of the recently introduced “double lock” mechanism.

Wallace said in his letter that the government had told the Investigatory Powers Commissioner, Adrian Fulford, about the proposals, and that Fulford “has proposed enhanced post facto safeguards for this activity”.

Writing on Twitter today, Anderson praised GCHQ’s transparency on the matter, but added that IPCO would need to investigate in more detail.

Others countered that it suggested there were major concerns about the legality of the new practices.

Wallace’s letter insisted the interpretation was “fully in line” with the IP Act and the EI Code of Practice, and that the judicial double lock process would apply the additional controls and safeguards of the regime. ®

Sponsored: Five steps to dealing with the insider threat

READ MORE HERE