The announced UK Investigatory Powers Bill is said to “force some of the world’s biggest internet companies including Google, Apple and Facebook to hand over encrypted messages from terror suspects”. (The Telegraph »)
To be fair, it should be pointed out that this specific part of the bill is said to be limited to “suspects under investigation”. So it’s not about blanket mass surveillance. But I’m sure that is being covered in other parts of the same bill, said to…
…”address ongoing capability gaps” that are hindering the ability of the security services to fight terrorism and other serious crime. (…)
A Home Office spokesman said the bill was a “landmark piece of legislation to cover the whole investigatory powers landscape in modern communications”.
I guess it’s going to be pretty bad. But back to the encryption issue. Ars Technica points out that…
In the face of these demands, some companies might decide to re-design their systems such that it would be impossible for them to break the encryption even if required to do so by law. This facility is already available from companies offering peer-to-peer encryption. If the UK government goes ahead with this plan, we are likely to see this approach being adopted by more communications providers and messaging apps, which would undermine the effectiveness of the proposed law.
So, the effect of far reaching legislation might actually be that it will be harder for authorities to obtain the information they want. Even in legitimate cases.
In the UK, you can be put in prison if you don’t surrender your encryption key to the authorities. But that isn’t much use when it comes to covert surveillance, is it?
With P2P encryption you can legislate as much as you want. It will not work.
This leaving the UK government with one option: To demand all P2P encryption to – somehow – be corrupted by back doors.
That would be a terrible idea. And if at all possible, it would only work with big, commonly used communication apps and systems. I cannot see how anything other than traditional and time consuming code breaking could be used against open source encryption software in P2P communications.
The only option left for the UK government might be to make such encryption illegal. And trust me, this is an option that will be taken under consideration…
The war on encryption is now entering the madcap phase.
• The Telegraph: Google and Whatsapp will be forced to hand messages to MI5 »
• Ars Technica: New UK law would give government access to encrypted Internet messaging apps »
• Ars Technica: The new war on encryption is based on a lie »