Skip to main content

The UK government is getting it wrong with Investigatory Powers Bill

Various regulatory changes have impacted the technology sector in a serious way over the last few months, with the likes of Safe Harbour and new Global Data Protection Regulations (GDPR) dominating conversations.

In the UK the Investigatory Powers Bill - also known as the Snooper's Charter - has also caused some serious debate and, with staunch supporter Theresa May becoming Prime Minister, the bill will continue to feature prominently.

Introduced towards the end of 2015, the controversial IP Bill grants the UK government, security, and intelligence agencies greater powers for monitoring internet usage, bulk data collection and the remote hacking of smartphones. It was widely criticised by technology companies, leading to an updated version being released in March which also caused concern.

Despite its controversy, the bill was voted into law by UK MPs in June and, as the debate continues, Richard Anstey - CTO for EMEA at Intralinks - offers his analysis: “This week the government stated explicitly that the new legislation would give any Secretary of State the power to compel communication service providers to crack or remove end-to-end encryption on communications.

“Governments pushing for ‘backdoors’ to encryption standards only end up limiting encryption strength, which risks damaging the protection it gives to everyone else. It’s not safe to assume that organisations with access to the greatest computing powers to crack encryption keys will necessarily be the well-meaning governments of the world with positive intentions. Even criminal gangs are now able to summon vast computing power through botnets, harnessing ‘zombie’ computing resources whose owners are unaware they are being used for such purposes.

“Moreover, for this to happen, a government demanding access to information flows would need to force internet service providers to change the way their systems work, either by harvesting or substituting encryption keys, by harvesting or weakening the storage of user credentials, or by insisting on being granted master keys that could unlock everything. In any case, this approach would not only risk hurting users, organisations and enterprises but would also erode the usefulness and power of the Internet.

“An encryption scheme is essentially an algorithm and the formulae for these mathematical operations are in the public domain. Nobody can take away that knowledge. You can no more ban a formula than you can ban an idea. And trying to limit encryption strength in the hope of helping governments break it only risks damaging the protection it gives to everyone else and the usefulness and power of the internet as a whole.

"Governments may be able to strong-arm service providers operating in their jurisdiction to dumb down their security – but not only is this damaging to individuals and companies who just want good cyber protection, it is also thoroughly futile on a global scale - it’s just too easy for another provider to spring up in another jurisdiction.”

Image source: Shutterstock/Gil C