Remember earlier this week when we mocked the silly reports claiming that the UK government had "backed down"
on its demands for a Snooper's Charter. As we noted at the time, it did not appear they were backing down at all, but pulling out a bogus publicity campaign where they decided to "ditch" some absolutely crazy ideas that never really would have been included in the first place, but still leaving in plenty of terrible ideas.
And, now we know that includes mandatory backdoors into encryption
-- a stupid and dangerous policy that will directly put UK citizens at risk. While, thankfully, those pushing for crypto backdoors in the US have realized that it's a politically untenable idea
, the UK's new "Investigatory Powers Bill" has gone in the other direction, and will mandate encryption backdoors
and ban any encryption offerings where there is no backdoor for law enforcement.
Companies such as Apple, Google and others will no longer be able to offer encryption so advanced that even they cannot decipher it when asked to, the Daily Telegraph can disclose.
Measures in the Investigatory Powers Bill will place in law a requirement on tech firms and service providers to be able to provide unencrypted communications to the police or spy agencies if requested through a warrant.
UK Prime Minister David Cameron and Home Secretary Theresa May will undoubtedly make a big show of this over the next few months, claiming that they need this to keep the public safe, but that's a load of hogwash. Backdooring encryption does the opposite
. It puts everyone at serious risk. It's a technically dangerous solution by technically clueless people. If there are backdoors in encryption you are opening up a massive attack vector for those with malicious intent -- and that doesn't even get into the question of authorities abusing such powers. This has been explained over and over again, and it appears that Cameron's government simply decided to ignore all the technical experts
and go with a "but they have to!" approach.
If you recognize the long history of governments using surveillance powers for nefarious reasons this should worry you. But even if you 100% trust the government, this should worry you, because what they're asking for, on a technological basis, is to make your information significantly less safe and much more open to hackers and online criminals.
A Home Office spokesman said: “The Government is clear we need to find a way to work with industry as technology develops to ensure that, with clear oversight and a robust legal framework, the police and intelligence agencies can access the content of communications of terrorists and criminals in order to resolve police investigations and prevent criminal acts.
“That means ensuring that companies themselves can access the content of communications on their networks when presented with a warrant, as many of them already do for their own business purposes, for example to target advertising. These companies’ reputations rest on their ability to protect their users’ data.”
This belief that law enforcement needs this information to do its job is hogwash. For all of history prior to this, people have had methods of communicating entirely in secret, and since the dawn of civilization it was still possible to track down criminals and conspirators through traditional detective work. This belief that the content of these communications is absolutely necessary would seem to suggest that UK law enforcement is currently terrible at doing its job
. I'd like to believe that's not true.
The big tech companies may now face a pretty big fight in the UK. Over the last few years, they've increasingly ramped up their efforts to provide more real
privacy solutions that can actually protect your information. The UK wants to send things back to the stone age, and that's dangerous. Hopefully, companies like Apple -- which has made a big show of pushing non-backdoored-encryption -- take a stand here and refuse to give in. And, other tech companies that haven't been quite as vocal, including Google, Facebook, Microsoft and Twitter need to speak out against this, potentially to the point of threatening to pull out of the UK if the government doesn't adjust its policy. Without such a strong threat, it seems unlikely the UK government will recognize just how much danger they're putting the public in with this proposal.