The British media is reporting that UK's Home Office has adopted a plan that will allow police forces and secret service agents to hack into and monitor traffic from private and business computers without the need of warrants. The plan is bound to attract a lot of anger from civil liberties and human rights protection groups, as well as the general public.
The proposal was initiated by the Council of the European Union, and also gives law enforcement agencies from other countries the power to request that British officers install spyware on the computers of UK residents that are suspected of serious crimes and forward the obtained data. Such practices are officially called “remote searching,” and include remotely snooping traffic from private wireless networks.
Even though remote searching has existed in Britain since the '90s, when it was introduced as an amendment to the Computer Misuse Act, it has rarely been used until now and has been strictly controlled under the Regulation of Investigatory Powers Act. According to the new proposal, police forces or MI5 agents will be able to conduct such intrusive surveillance based merely on the decision of a senior officer that it is “proportionate” and necessary to the investigation of an offense that is punishable with a minimum sentence of three years in jail.
In order to conduct the remote searching, the police will be able to act much like the cyber-criminals do, by developing malicious code, distributing the spyware via e-mail attachments, installing keylogging software or intercepting WLAN traffic.
Graham Cluley, senior technology consultant for Sophos, has outlined the serious issues that antivirus vendors will face by not being able to differentiate from malicious code developed by the police and other malware authors. “We will continue to defend computer users against malware and spyware, regardless of who might have written or installed the code,” Mr. Cluley concluded.
Police officials claim that such measures are necessary in order to investigate criminals that make use of the Internet in their illegal activities, such as sex offenders, identity thieves, fraudsters, or terrorists. Meanwhile, numerous government officials, civil liberties groups, as well as security researchers, have expressed serious concern over these poorly controlled powers, claiming that the risk of abuse is very high. They argue that the parliament should regulate them through a new act, and that warrants should be mandatory.
“The public will want this to be controlled by new legislation and judicial authorization. Without those safeguards, it’s a devastating blow to any notion of personal privacy,” Shami Chakrabarti, director of the Liberty human rights protection group, warned. “Law enforcement agencies should be forced to seek approval from a court, who would have to be convinced that there was sufficient reasons to surreptitiously break into a computer belonging to a member of the public,” Graham Cluley also noted.
“The exercise of such intrusive powers raises serious privacy issues. The government must explain how they would work in practice, and what safeguards will be in place to prevent abuse,” UK's Shadow Home Secretary, Dominic Grieve, commented, while spokespersons for the Home Office pointed out that the proposal's details were still being worked out with the other EU states.
The UK public has lately raised numerous privacy and civil liberties concerns regarding various decisions of the government. The biometric identity cards, the national database of phone records, and Internet traffic details, as well as the national DNA database holding biological samples of over 4 million UK citizens are amongst the heavily criticized ones. Even the European Court of Human Rights has recently ruled that Britain's law regarding the retention of DNA records and fingerprints of citizens who were never convicted of a crime represented a violation of the right to respect for private and family life.