Tech companies face criminal charges if they notify users of UK government spying

Last week, it was reported that Yahoo had become the latest company that promised to alert users who it suspected were being spied on by state-sponsored actors. Twitter, Facebook and Google had previously assured their users that they would also warn them of any potential government spying. The UK, it seems, isn't happy about this, and is pushing through a bill that will see the bosses of any company that warns its members that British agencies are monitoring them face up to two years in prison.

Specifically, UK ministers want to make it a criminal offence for tech firms to warn users of requests for access to their communication data made by security organizations such as MI5, MI6 and GCHQ (the Government Communications Headquarters).

A June report by David Anderson QC, the independent reviewer of terrorism legislation, revealed that Twitter's policy requires it to notify its users of requests to access their data "unless persuaded not to do so, typically by a court order." But a note to the bill would make this illegal.

The note says it "will ensure that a communication service provider does not notify the subject of an investigation that a request has been made for their data unless expressly permitted to do so."

The controversial Investigatory Powers Bill, nicknamed the snooper's charter, was unveiled by home secretary Theresa May in November. Part of the proposed legislation would require tech firms to store users' data for up to twelve months, including a record of every internet site visited, and allow government agencies unfettered access to the data. While the bill is being put forward as a deterrent against terrorism, online monitoring at this level has been banned in the US, Canada, and every other European nation.

The bill could also allow the UK government to demand that companies weaken the encryption on messaging services such as WhatsApp and iMessage to enable agencies to evesdrop on conversations, a proposal that Apple is strongly against. "We believe it would be wrong to weaken security for hundreds of millions of law-abiding customers so that it will also be weaker for the very few who pose a threat," Apple said. "In this rapidly evolving cyber-threat environment, companies should remain free to implement strong encryption to protect customers."