If David Cameron has his way, encryption technology will be a black-market commodity in the U.K.
The British Prime Minister reiterated his opposition to security measures baked in to tech products Monday. Per politics.co.uk:
Tory MP Henry Bellingham asked the prime minister whether the attacks in Tunisia meant it was time "companies such as Google, Facebook and Twitter… understand that their current privacy policies are completely unsustainable?"
Cameron agreed, saying that the security services must always be able to "get to the bottom" of online communications.
According to a piece by Rob Price over at Business Insider, refusing to hand over passwords or encryption keys is already a jailable offense in the U.K.
But Cameron doesn't want to have to rely on people handing their passwords over, even under threat of legal sanction. And he doesn't want pesky encryption technology preventing the government from reading citizens' communications. From the Business Insider piece:
In the aftermath of the Charlie Hebdo massacre in Paris earlier this year, Cameron first signalled his intention to take action against strong encryption products. In a speech, he asked whether "we want to allow a means of communication between two people which even in extemis with a signed warrant from the home secretary personally that we cannot read? … My answer to that question is no, we must not. The first duty of any government is to keep our country and our people safe."
Cameron plans in the fall to bring forth legislation called the Investigatory Powers Bill, which strengthens government surveillance powers and could include a nix on encrypted communications.
Aside from the detriment to civil liberties, many of the companies whose products rely on encryption—Facebook, Apple, Google, etc.—aren't based in the U.K. and would be unlikely to undermine their own customers' security to please the British government.
Apple's CEO, Tim Cook, went so far as to post an open letter on Apple's website, stating, "We have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will."
And there's a (potentially) bigger snag in Cameron's scheme, as James Ball noted in The Guardian: "Encryption is what protects your private details when you send your bank details to a server. It's required for governments and companies when they store customer information, to protect it from hackers and others." Without encryption, services like online banking and credit card processing would be vulnerable not just to legitimate government action, but to malfeasants and miscreants as well. That could have devastating consequences. Says Ball:
If Cameron is proposing an end to encryption in the UK, then any information sent across the internet would be open for any company, government, or script kiddie with 10 minutes "hacking" experience to access. It would spell the end of e-commerce, private online communications and any hope of the UK having any cybersecurity whatsoever.
Cameron isn't alone in wanting to weaken encryption, but his push to ban it outright is a new extreme. As Ball opined, he "either knows his anti-terror talk is unworkable and is looking for headlines, or he hasn't got a clue."