UK government still wants to have its encrypted cake and eat it
When the UK government started to prepare the ground for the latest version of the Snoopers’ Charter, the Investigatory Powers Bill, Prime Minister David Cameron was quite adamant that the government should be able to decipher encrypted material. According to The Guardian, the technologically ignorant PM is on record as saying: “In extremis, it has been possible to read someone’s letter, to listen to someone’s call, to listen in on mobile communications. The question remains: are we going to allow a means of communications where it simply is not possible to do that? My answer to that question is: no, we must not.”
That sparked off a furore. Experts agreed that what Cameron was demanding was technically impossible and if the government was suggesting that backdoors be implemented in encryption, well then tech giant Apple would leave the UK. It was also pointed out to the government that weakening encryption would jeopardise e-commerce and online banking since besides enabling surveillance by the forces of order, it would also render encrypted materials accessible to those with more venal or malicious intentions.
As a response to the government’s ignorance and the threat to secure online retail therapy and banking, as well as secure communications, a petition was launched on the UK Parliament website under the heading “Government to abandon all ideas of trying to ban strong encryption.“.
The text of the petition reads as follows:
Strong encryption is used every day by citizens, businesses, the government, even this very web site. Encryption exists, and like trying to ban multiplication, it is pointless to try to stop it. A ban, or forcing back doors, can only harm law abiding citizens and have no impact on criminals.
“If a British citizen with an iPhone purchased in France and roaming in Germany iMessages a Chinese citizen roaming in Sweden using an iPhone purchased in Denmark, which government’s keys need to be inserted in the iMessage communications by an American company (Apple) legally based in Luxembourg using servers hosted in Eire?”
As the petition has now reached over 10,000 signatures, the government, in the shape of the Home Office (prop. Theresa May), has now issued the response below to the petition.
The Government is not seeking to ban or limit encryption. The Government recognises the important role that encryption plays in keeping people’s personal data and intellectual property safe online.
This Government recognises the importance of encryption, which helps keep people’s personal data and intellectual property safe from theft by cyber means. It is fundamental to our everyday use of the internet. Without the development of strong encryption allowing the secure transfer of banking details there would be no online commerce. As Baroness Shields made clear in the House of Lords on 27 October 2015, the Government does not require the provision of a back-door key or support arbitrarily weakening the security of internet services.
Clearly as technology evolves at an ever increasing rate, it is only right that we make sure we keep up, to keep our citizens safe. There shouldn’t be a guaranteed safe space for terrorists, criminals and paedophiles to operate beyond the reach of law.
The Government is clear we need to find a way to work with industry as technology develops to ensure that, with clear oversight and a robust legal framework, the police and intelligence agencies can, subject to a warrant which can only be issued using a strict authorisation process where it is necessary and proportionate, access the content of communications of terrorists and criminals in order to resolve police investigations and prevent criminal acts.
There are already requirements in law for Communication Service Providers in certain circumstances to remove encryption that they have themselves applied from intercepted communications. This is subject to authorisation by the Secretary of State who must consider the interception of communications to be necessary and proportionate. The Investigatory Powers Bill will not ban or further limit encryption.
The key passage of the response seems to be “we need to find a way to work with industry as technology develops to ensure that, with clear oversight and a robust legal framework, the police and intelligence agencies can, subject to a warrant which can only be issued using a strict authorisation process where it is necessary and proportionate, access the content of communications of terrorists and criminals in order to resolve police investigations and prevent criminal acts.”
This shows that the government has not given up on its desire to crack encrypted communications. Even though experts have told ministers and mandarins that reading encrypted content, the Home Office thinks – like a monoglot Englishman in a foreign restaurant – that all it has to do is repeat its demands, possibly in a louder voice, and the world will comply with its wishes.
However, all the above response to the petition shows is that the Home Secretary and her civil servants are hopelessly out of their depth on matters of technology and have perfected that British government art of wilfully ignoring expert opinion.
The response of the Home Office and the technical expertise of British government ministers contrasts starkly with last week’s action by the French Secretary of State for Digital Affairs and her specifically ruling out the use of encryption backdoors on behalf of the French government as a whole (news passim).