The UK government is to put forward proposals that will require organizations to limit the effectiveness of data encryption, arguing it weakens security.
The UK government is expected to unveil new measures that will compel organizations to limit the use of undecipherable encryption.
In a speech to Parliament today (November 4th), the home secretary, Theresa May, will argue that there needs to be ways of accessing end-to-end encryption in the most serious of cases.
The Telegraph revealed that: “Measures in the Investigatory Powers Bill will place in law a requirement on tech firms and service providers to be able to provide unencrypted communications to the police or spy agencies if requested through a warrant.”
A general ban on encryption had been mooted, but, despite being supported by some MPs, reportedly including prime minister David Cameron, this idea has since been shelved in favour of making encrypted data more accessible.
Total encryption ban is not on the agenda
In a debate on encryption in the House of Lords last month, Baroness Joanna Shields, UK minister for internet safety and security, confirmed as much, stating that prohibiting encryption in its entirety was no longer being pursued.
“The government do not advocate or require the provision of a back-door key or support arbitrarily weakening the security of internet applications and services in such a way,” she explained.
“Such tools threaten the integrity of the internet itself. Current law requires that companies must be able to provide targeted access, subject to warrant, to the communications of those who seek to commit crimes or do serious harm in the UK or to its citizens.”
Foolproof encryption doesn’t compute with UK law
The issue presently is that while the current law requires organizations to hand over data if a warrant is obtained, tech giants are incapable of doing so because they have made such information inaccessible.
As Apple recently noted in an ongoing case in the US: “[We cannot] take possession of a password protected device … and extract encrypted user data from that device for the government.
“Apple cannot take possession of a password protected device … and extract encrypted user data from that device for the government.”
“Among the security features in iOS 8 is a feature that prevents anyone without the device’s passcode from accessing the encrypted data. This includes Apple.”
However, beyond the technical limitations, there are further legal, moral and economic factors at play, creating an impasse between governments and tech giants.
As Jimmy Wales, founder of Wikipedia, tweeted: “I would like to see Apple refuse to sell iPhone in the UK if gov’t bans end-to-end encryption. Does Parliament dare to be stupid?”
The limits of what the UK can enforce
The likes of Apple and Google, huge, powerful and somewhat borderless – with their principal headquarters based outside of the UK – are uncomfortable with the implications that come with ‘compromising’ the trust customers have in the services and products the offer.
Moreover, it is unclear how the UK government or its courts could effectively enforce what Ms. May is proposing, seeing as they have limited reach beyond their geographical boundaries.
The best they can perhaps do is encourage an overseas organization to see ‘sense’ in their request and willingly comply to decrypt previously secure information.
In light of that fact it is evident that this highly divisive and longstanding debate over security, privacy and basic freedoms, which is international in scope, is set to continue for a while to come, bill or no bill.