UK government looks to ban strong encryption from devices


The UK government is set to announce new laws that would force tech companies to hold a special key that unencrypts data held on devices, before passing it over to intelligence agencies.

Companies such as Apple, Google, Microsoft and others would no longer be able to offer "unbreakable" encryption in products sold in the UK, according to the Daily Telegraph.

The Investigatory Powers Bill (or Snooper's Charter in common parlance) would require technology firms and ISPs to provide unencrypted communications to law enforcement or intelligence agencies when they produce a warrant.

The bill would also require ISPs to retain the browsing history of customers - but not the specific pages they visit - for up to a year.

Devices with end-to-end encryption that is nearly impossible to break using current techniques provide a "safe space" for criminals, terrorists and paedophiles, the government believes.

Prime Minister David Cameron pleaded with the public and MPs to back the law, despite overwhelming criticism that it would violate user privacy and would essentially make many online tasks, such as online banking, impossible to fully secure.

"As Prime Minister I would just say to people please, let's not have a situation where we give terrorists, criminals, child abductors, safe spaces to communicate," he told ITV's This Morning show. "It's not a safe space for them to communicate on a fixed line telephone or a mobile phone, we shouldn't allow the internet to be a safe space for them to communicate and do bad things."

Secret encryption keys have a terrible history of being discovered. In 2007, a number of encryption keys were posted on the internet that allowed people to subvert the security around Blu-ray and HD DVD encryption.

Efforts to keep the keys under wraps led to a Streisand effect, with many web pages, blogs and wikis spreading the encryption keys far beyond a coterie of techies.

Mike Weston, CEO of data science consultancy Profusion, said the Investigatory Powers Bill is a very concerning piece of legislation for both the tech industry and consumers.

"Limiting what encryption can be used is a victory for the security services, hackers and companies intent on misusing personal data," he said. "Not a week goes by when it isn't made readily apparent that the protection currently afforded to personal data is inadequate. Seeking to limit what companies can do to encrypt data is a stunningly short-sighted approach."

He added that the UK's position on data protection is in sharp contrast to the rest of Europe.

"Countries like Germany have recognised that greater emphasis needs to be placed on protecting the rights of users online and how personal information is collected and used," said Weston.

He added that the UK is taking a much more regressive path by seeking to increase oversight, the burden on businesses to collect, hold and make accessible personal information, and limit how companies protect data. "It will be an incredibly worrying situation if this Bill passes without any judicial oversight covering warrants," he added.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.