Encryption is a touchy subject for the Home Office
Theresa May's Modern Crime Prevention Strategy: strong on rhetoric, light on security measures


The publication of the Modern Crime Prevention Strategy by the Home Office yesterday was meant to make clear how the government will tackle crime. Actually, it just knocked another couple of nails into the privacy coffin.
You can read the whole depressing thing here, though you can skip to chapter eight, about using data and tech to prevent crime.
This got off to a bad enough start with the opening paragraph, which read: "Data and technology are not drivers of crime in themselves. Rather, they are tools that are critical to successfully preventing crime."
Erm, really? So hackers are not driven to access databases in order to profit from the information contained within them then? The fact that we nearly all have mobile devices which unlock our bank accounts, for example, does not drive hackers to develop methods of attacking them?
Seriously, who wrote this drivel? "Finding and correcting weak spots in online banking systems will make fraud less profitable to organised criminals", they insist. Actually, patching vulnerabilities makes accessing those systems harder but it does not make successful fraud any less profitable.
The real driver behind the strategic thinking of the government is revealed soon enough in chapter eight though. "We need a culture change in which everyone recognises that, in a more connected society, we all have a part to play in preventing crime", it says.
Translated from spin to reality that would read: all your data belongs to us'.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
How so? The Home Office is implementing the National Law Enforcement Data Programme, which is collecting all data from the Police National Computer, Police National Database and Automatic Number-Plate Recognition systems and putting it onto a single platform.
The ANPR datacentre has information on more than 22 billion car journeys, the vast majority of which will have been perfectly legal and not involved in any criminal activity at all, even after the Surveillance Camera Commissioner called into question the legality of collecting data on vehicles not known to be of interest to law enforcement last year.
It's all part of the predictive policing concept that sits at the heart of the strategy when it comes to the use of technology and data. Data that will be used to map criminal networks, identify trends, patterns and relationships. Remember that if you've done nothing wrong, you have nothing to fear, as you watch Minority Report once more.
The biggest load of drivel to emerge from chapter eight, however, is probably summed up in the paragraph that insists "members of the public... have a responsibility to follow some basic rules" such as "choosing the more secure products, installing security software on all our devices, downloading software updates (particularly on our smartphones) and using strong passwords".
No mention of using strong encryption on our smartphones, I note. Nor any mention of the government's desire to build backdoors into such encryption via the Investigatory Powers Bill, should spies need to access people's data.
Businesses, the report says, need to "take responsibility for ensuring their products and services don't create opportunities for criminals", which is as clear as very murky mud. So is the next line, which states they must do this "as well as protecting their own networks and making it as easy as possible for customers to avoid unnecessary risks".
The government fails to elaborate here on what kind of steps businesses should take outside of this vague guidance, steps as simple and necessary as encryption, for example.
Not that the strategy document ignores encryption altogether. It does recognise that it presents "opportunities for the public to protect their information from cyber criminals, and also for protecting government data, and making public services and communications with citizens secure" all of which is a good thing.
However, this is immediately followed by the big but: "Encryption also can present challenges, such as when the authorities want access to data that indicates criminal activity. We are monitoring the increasing sophistication of encryption techniques."
What it doesn't do, of course, is make any mention of the Investigatory Powers Bill and how the exact same government plans to weaken encryption so that actually it's of absolutely no use to anyone.
Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.
Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.
You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly
-
Government 'must be held to account' over illegal Snooper's Charter
News Gov should be given until April to make changes to the Investigatory Powers Act, court told
By Dale Walker
-
UK faces challenges to bulk spying in European Court of Human Rights
News Privacy groups argue bulk data collection breaches Article 8 in landmark court case
By Dale Walker
-
Liberty wins right to challenge Snooper’s Charter
News Campaign group's crowdfunded challenge gets High Court go-ahead
By Rene Millman
-
The government needs to abandon its war on WhatsApp
Opinion Encryption might seem like an easy target, but mess with it at your peril
By Adam Shepherd
-
“Deeply misguided”: tech industry rejects Rudd’s attack on encryption
Analysis Experts warn that banning encryption leaves UK open to hackers
By Adam Shepherd
-
The fight against the Investigatory Powers Bill isn't over yet
Opinion The Snooper's Charter may have been struck down - but it will be back
By Adam Shepherd
-
Investigatory Powers Bill passes through Parliament
News Now only Royal Assent is required to enshrine Snooper's Charter in UK law
By Joe Curtis
-
GCHQ, MI5 and MI6 "unlawfully" collected data for over a decade
News Tribunal rules GCHQ, MI5 and MI6 surveillance breached Article 8 of the ECHR
By Dale Walker