As the bill was passing through Parliament, several organizations noted their alarm at section 217 which obliged ISPs, telcos and other communications providers to let the government know in advance of any new products and services being deployed CSPs subject to a technical capacity notice must notify the Government of new products and services in advance of their launch, in order to allow consideration of whether it is necessary and proportionate to require the CSP to provide a technical capability on the new service.As per the final wording of the law, comms providers on the receiving end of a "technical capacity notice" will be obliged to do various things on demand for government snoops – such as disclosing details of any system upgrades and removing "electronic protection" on encrypted communications.
This mild panic did bring about some changes to the UK's Investigatory Powers Bill before it was passed. The "anti-encryption" part of what is now UK law has moved from section 217 to sections 254-256 [PDF] and contains some additional safeguards.
The bill was officially unveiled a year ago and passed through the House of Lords earlier this month, but the act of being signed off means that those powers now go into effect.
It adds new surveillance powers including rules that force internet providers to keep complete records of every website that all of their customers visit.
In the police, for instance, any viewer must be at least an inspector or a superintendent.
Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors.