Concerns Over The Passing of New 'Hacking on Demand' Law
A recent article in Computer Weekly has highlighted how the
Investigatory Powers Bill could see IT companies being forced by law to use hacking on demand to
help the UK government with aspects of surveillance ... or face serious criminal charges!
Most people in the UK would find it difficult to deny that we as a country face many different
kinds of threats at home and worldwide. What is causing some surprise however is the extent, scope
and potential impact of a new UK law that could grant the UK government unprecedented powers over
IT Companies and their customers.
Investigatory Powers Bill also known by its critics as "Snoopers' Charter" is a new law that is
has been introduced by the Home Secretary Theresa May. The government says that the
legislation which will grant them an unprecedented amount of Internet surveillance powers will
help them to fight terrorism, organised crime and paedophilia.
The new law which was passed
on the 3rd attempt by the government to grant itself far reaching surveillance powers follows on
from the rejected Communications Data Bill and the compromise version of the Data Retention and
Investigatory Powers Act.
In the lead up to the law being passed in the House of
Commons concerns had been expressed also that MPS were given only 2 weeks to read an additional
1,200 pages of accompanying documentation prior to having to vote on
What Is The Problem?
Some of the main concerns that
IT companies have with the legislation centre upon the fact that it could be used to force them to
essentially hack on demand on behalf of the government.
The legislation also includes some
potentially serious penalties for individuals at IT companies who fail to co-operate with or
disclose the fact that they have been given surveillance requests by the government.
parts of the law that are causing concern among IT professionals include:
- Any UK ICT
business can be secretly forced to carry out equipment interference and make changes to their
products and systems to allow security protection to be broken, and to allow their “bulk
personal datasets” to be stolen and added to intelligence systems.
- IT companies
could be made to push malware code to devices e.g. disguised as fake updates.
Universities, schools and businesses could be served with hacking notices.
disclosing the fact that you have received a notice by the government to act on their behalf in
this way could result in maximum jail term of 5 years.
- IT start-ups could be
required to build in government hacking or interception systems from the
- There may be no safeguards for companies or IT staff who take part in e.g.
hacking or the planting of malware.
What Does This Mean For Your
This could of course mean that, depending what kind or organisation
you work for you could be asked to take part in hacking and surveillance activities. Your
details could be collected covertly as part of this legally enforced surveillance, and you could
be using IT products and software that could no longer be described as being completely
On the positive side of things, if the law is used well and successfully to counter
e.g. terrorism and organised crime there could be wider benefits for all in our daily