The UK government expects communications operators to decrypt data when responding to warrants for their customers' information Credit: Jeremy Kirk/IDG It could put an end to end-to-end encryption in services such as WhatsApp: The U.K. government wants telecommunications providers to help it tap their customers’ communications, removing any encryption the provider applied.The government’s desires are set out in a draft of the regulations obtained by Open Rights Group (ORG), which campaigns for digital civil rights.“These powers could be directed at companies like WhatsApp to limit their encryption. The regulations would make the demands that [Home Secretary] Amber Rudd made to attack end-to-end encryption a reality. But if the powers are exercised, this will be done in secret,” said ORG executive director Jim Killock.The draft of the Investigatory Powers (Technical Capability) Regulations 2017 was circulated by government officials as part of a “targeted consultation” of some of the organizations that would have to comply with the law, the group said. Its requirements will apply to fixed and mobile phone networks, but also the operators of cloud-based messaging services and social networks, according to an analysis of the law by Bird & Bird last November, when the act received royal assent.Operators with over 10,000 users in the U.K. will have to modify their systems to provide government officials with on-demand access to their customers’ communications, according to the draft regulation revealed Friday. Previous surveillance laws in the U.K. have required operators to provide just the communications metadata, information about who is calling whom, when and where. This time, though, the government also wants operators to provide the content of their customers’ communications in an intelligible form, and “to remove electronic protection applied by or on behalf of the telecommunications operator.”That, said ORG, could allow the government to compel companies to introduce backdoors to end-to-end encryption, or put in place other security weaknesses, with little accountability.There will be no pleas of “Sorry officer, the surveillance system broke,” as the draft regulation calls for the spying apparatus to be at least as reliable as the rest of the network.Much of the Investigatory Powers Act — and thus the draft regulation implementing it — applies to companies worldwide as long as one end of the communication is in the U.K., although the government may have difficulty enforcing it, Bird & Bird noted in its analysis of the law.We seek your comments, head to our Facebook page. Related content news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Android Security Mobile Security news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management news Cybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirements Open letter claims current provisions will create new threats that undermine the security of digital products and individuals. By Michael Hill Oct 03, 2023 4 mins Regulation Compliance Vulnerabilities feature The value of threat intelligence — and challenges CISOs face in using it effectively Knowing the who, what, when, and how of bad actors and their methods is a boon to security, but experts say many teams are not always using such intel to their best advantage. By Mary K. Pratt Oct 03, 2023 10 mins CSO and CISO Advanced Persistent Threats Threat and Vulnerability Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe