Another year, (another government, even), and the UK’s distaste for a secure and private internet isn’t abating. At the same time, there’s the country’s authorities’ appetite for regulating the internet, and that’s just on top of the now perennial “hunger” to take down encryption.
Right now, a proposal is being floated to introduce legislative change that pertains to domain name and IP addresses takedown, and seizure. And seized data would not necessarily require a court order to retain.
The big picture is that on one hand, with a push for weakened (and therefore, by and large useless) encryption, law enforcement would be given unprecedented powers to access content and communications.
On the other hand, “regular” users would become increasingly constrained and boxed-in, in regarding what they are allowed to access online. The justification for both policy trends is always the same – catching criminals (because, allegedly, existing tools are simply not enough), and keeping citizens away from (illegal) content.
It makes no difference if that content is only perceived to be illegal, and so came the UK’s “famed” and multiple attempts to essentially unmask every internet user, regardless of their age, by imposing age verification on adult sites (of course, to “save the children” – who can just use a VPN anyway).
What’s now being proposed is a change to the 1990 Computer Misuse Act. If successful, the government will ensure more powers for itself, blocking domains and IPs and indefinitely seizing content.
Citing illicit and illegal behavior, such as operating botnets and organizing fraudulent activity online, the UK government would like to allow the law enforcement apparatus to take control of any domains or IP addresses they suspect are used by criminals.
The proposal notes that there’s already the Action Fraud and the National Cyber Security Center (NCSC) – but they operates voluntarily.
“However, while these voluntary arrangements are often effective, some stakeholders have suggested that these are not available in all circumstances, and that a formal power is necessary where such arrangements are not available or usable,” reads the document.
It further notes that there are countries in the world – the US among them – where security agencies already have these powers, and that the UK should not be left out of this “circle of collaborating friends.”
“One of the simplest ways of dealing with the criminal use of domain names is to require the registrar responsible for the creation of the domain name to remove it from the list of registered domains,” the proposal says, and adds:
“This will prevent anyone from accessing the website, and prevent criminals from misusing it. The power would also apply to seizing IP addresses as criminals can (and do) on occasions just use IP addresses in their malware.”
And what about the warrantless variation of data retention? The proposal reads:
“Data is preserved voluntarily at the request of law enforcement agencies, and this process works well. However, given the need for electronic evidence to be available for investigations in an increasing number of cases, we believe that it is necessary for the UK’s law enforcement agencies to have access to a power that requires the preservation of data where a person is unwilling to do so voluntarily.”