The U.K. government continues to tie itself in ugly knots about encryption. The question is why?
Earlier this year Prime Minister David Cameron made comments on the tech widely interpreted as an intention by a Conservative-led government to seek to ban encryption — after he asserted he would not allow a means of communication that “even in extremis, with a signed warrant from the Home Secretary personally… cannot [be] read”.
After the security industry rallied en masse to point out the folly of outlawing encryption, Downing Street press officers sought to limit the damage by claiming the PM had not, in fact, been singling out any particular technologies for a ban. Yet a government source also declined to confirm categorically that a future Tory government would not try to ban encryption.
So plenty of spin, but no clear policy position.
Cameron then took his ‘access in extremis’ rhetoric over the pond, to try to push the U.S. government to join in an apparent effort to either weaken encryption or apply pressure on tech companies to avoid adopting end-to-end encryption. However this effort appeared to flounder, with no public agreement from Obama on a joint encryption-weakening front.
Tory rhetoric against end-to-end encryption has also failed to sway increasing numbers of tech companies from deploying zero access architecture as a strategy to safeguard user privacy in an era of government surveillance activities undermining trust in consumer services.
Yet the latest comments on encryption emanating from the U.K. government show the Conservatives are still banging their drum against end-to-end encryption.
Speaking during a debate on encryption in the House of Lords yesterday, Baroness Shields, the Minister for Internet Safety and Security — and a former European VP at Facebook — dubbed the rise of end-to-end encryption as “alarming”.
“There is an alarming movement towards end-to-end encrypted applications,” she said. “It is absolutely essential that these companies which understand and build those stacks of technology are able to decrypt that information and provide it to law enforcement in extremis.”
Shields’ comments came in response to a question which made direct reference to the use of messaging app WhatsApp by ISIL extremists.
“The Prime Minister did not advocate banning encryption; he expressed concern that many companies are building end-to-end encrypted applications and services and not retaining the keys,” added Shields.
Despite reiterating Tory attacks on end-to-end encryption, Shields did specify that it is not, in fact, government policy to push for the creation of backdoors in services.
“This is not about creating back doors; this is about companies being able to access communications on their network when presented with a warrant,” she said.
“The Government do not advocate or require the provision of a back-door key or support arbitrarily weakening the security of internet applications and services in such a way. Such tools threaten the integrity of the internet itself. Current law requires that companies must be able to provide targeted access, subject to warrant, to the communications of those who seek to commit crimes or do serious harm in the UK or to its citizens.”
So current U.K. government policy on encryption can be summed up as: no encryption ban, no government-mandated backdoors, but no end-to-end encryption please, we’re British…
In short, a mess.
And a mess that is drastically out of step with — for example — the recent UN report on encryption which dubbed the technology as crucial for human rights and freedom of speech in the digital era.
One reason for the U.K. government continuing to apply pressure on strong encryption is it is preparing to introduce sweeping new comms data capture powers in new surveillance legislation this fall, with its forthcoming Investigatory Powers bill about to be debated by politicians. Ergo government ministers — and domestic intelligence agencies — have been stepping up their security rhetoric in lock-step ahead of that process in a bid to sway MPs.
Thing is, the U.K. government may wish to roll back the march of end-to-end encryption but, for all its rhetoric, there’s little it can do on its own to prevent this happening.
Last month Andrew Parker, the head of the domestic intelligence agency MI5 said as much — speaking during an interview on BBC Radio 4 in which he conceded that international agreement and arrangements would be needed to gain access to comms when companies are based overseas, as indeed most inevitably are.
However there are murkier ways for Cameron and co to gain that ‘access in extremis’ which they continue to agitate for — by, for instance, capturing even more comms data so there are more data-points to triangulate. The cumulative mountain of digital meta data that can be harvested yields more than enough breadcrumbs for spies to make a meal. Or a killing.
An independent review of domestic terrorism legislation which reported this summer — commissioned by the government ahead of it tabling new intercept legislation — suggested, for instance, sanctioning certain “ingenious or intrusive techniques” for intelligence agencies to workaround encryption. Even, potentially, hacking — with the report arguing that the power to access comms needs to exist, albeit that it should not be “made easy” for the state to do so.
So, seen from that perspective, continued U.K. political rhetoric against encryption can be interpreted as something of a decoy manoeuvre — with the aim being to distract attention from, and justify the wider thrust to legislate for, more expansive data capture powers.
And, ultimately, to cement the legality of mass surveillance (aka bulk data capture and retention) at the core of the U.K. state.
Comment