Could govt press-gang you into ‘helping’?
Provision in the UK’s controversial surveillance laws create a potential means for the UK government to press-gang “any” UK computer expert into working with GCHQ. Computer scientists and researchers are concerned about the provision – even though the consensus is that it is unlikely to be applied in practice because it would damage wider co-operation.
The potential ramifications of the bulk interception warrants were brought to our attention by Reg reader Simon Clubley. More specifically, Clubley is concerned about the Bulk Equipment Interference Warrants section of the Investigatory Powers Act 2016 (section 190).
“If you are a security researcher in the UK and the government finds out you have discovered a vulnerability, then it appears you can be forced against your will to hand over your research to GCHQ. It also appears that if you then still try to warn the vendor after being served a warrant, the government can prosecute you,” Clubley explained.
“It doesn’t appear that you need to have any direct connection to the vendor in question,” he added.
Clubley concerns stem from a reading of what he argues is poorly drafted legislation.
According to paragraph 2 of section 190 (Implementation of warrants), it looks like the government can force any individual within the UK (and against their will) to reveal any security vulnerabilities they know about to the government.Note that while paragraph 5 of section 190 makes reference to the duty of telecommunications operators, there does not appear to be any such constraint under paragraph 2 about who can actually be served with the warrant in the first place.
This omission in paragraph 2 of section 190 is what appears to make this ability to issue a warrant forcing cooperation with GCHQ to be much more widely scoped than it would first appear.
El Reg polled computer scientists and security researchers for reactions to Clubley’s analysis.