Encryption

U.K. Pols Still Devoted to Destroying Citizens' Encryption, Privacy, and Security

Government would be able to demand tech companies provide data access.

|

Theresa May
Andrew Parsons/ZUMA Press/Newscom

Contra some previous reporting, some political leaders in the United Kingdom have not abandoned efforts to force tech companies to build "back doors" in communication systems and software to make it easier for authorities to engage in surveillance or access citizens' private data.

Great Britain is hammering out legislation to actually expand and establish surveillance authorities as official law in the wake of Edward Snowden's whistleblowing about what the government had been secretly already doing. The Investigatory Powers bill originally included demands that tech companies provide "back doors" in encryption protections so that authorities could access user and customer data upon demand, all in an effort to fight crime and terrorism.

Tech companies and privacy advocates (and those who intersect with both groups) have been loudly decrying efforts to weaken encryption, because logically, a "back door" that exists for government purposes can eventually be accessed by people besides the "proper authorities." Encryption back doors weaken everybody's data security, leaving them vulnerable to hackers, whether they are criminals looking to steal identities or access bank accounts or malevolent authoritarian governments looking to crack down on those who use the internet to engage in activism.

It had appeared in June that Great Britain officials had abandoned efforts to require "back doors" in its latest draft of the bill (often referred to as the "Snooper's Charter"). But new reporting indicates that it's very much alive in the House of Lords. It's not being formally called a "back door," but the intent is very obvious. Via TechCrunch:

The UK government has explicitly confirmed that a surveillance bill now making its way through the second chamber could be used to require a company to remove encryption. And even, in some circumstances, to force a comms service provider not to use end-to-end encryption to secure a future service they are developing. The details were revealed during debate of the Investigatory Powers Bill at a committee session in the House of Lords this week.

This cements concerns over the phrasing of a clause in the bill that refers to the 'removal of electronic protection', which critics, including from the technology and security industries, have long been warning risks outlawing the use of strong encryption in the UK.

The government's counter argument has been that there should be no safe spaces for terrorists and criminals to operate online, i.e. where their communications are definitively out of the reach of security and law enforcement agencies.

That same argument is used in the United States by authorities who want to weaken encryption here as well. As with the United States, those who demand back doors seem unwilling or completely disinterested in engaging at all with the reality that demanding special access to encrypted data has a massive potential to increasing citizens' vulnerability to crime and civil rights violations. The draft legislation by Sens. Dianne Feinstein (D-Calif.) and Richard Burr (R-N.C.) that would have set up very similar rules here in the United States had absolutely no concern about the many very, very awful consequences of weakening encryption. All they cared about is making sure the government had access to information.

Even worse for U.K.'s citizenry, one of the biggest proponents of this expanded surveillance authority is now the country's prime minister. Theresa May has the same attitude toward data privacy, and accuses critics of the surveillance state of endorsing terrorism.

In the United States, similar legislation is down but don't ever count it out. Feinstein and Burr have no chance of passing their encryption bill as stand-alone legislation. But privacy advocates will have to worry about it quietly showing up as amendments to other, unrelated legislation. That's exactly how the heavily opposed Cybersecurity Information Sharing Act (CISA), which expanded private data sharing between companies and the U.S. government, became law. There are clearly those in the Senate who want to keep pushing for government-mandated access.