UK Government Accused of Being Misleading on New Encryption Bill
Governments around the world, at best, tolerate encryption. If they thought they could outlaw it, they would. Public pronouncements that it is “about the children” or other fairy tales not withstanding, it is about them not being able to snoop at will. That is something that they have been able to do pretty freely until encryption became mainstream.
Under the Investigatory Powers (Amendment) Bill, the UK government would be able to issue notices to tech companies on a global basis, forcing them to inform the government before making any product changes that could negatively their ability to comply with a warrant.
Given that many tech companies make hundreds if not thousands of changes a day or week, trying to figure out which ones might offend the UK government would be, say, a bit of a challenge. In addition, if they were forced not to make any changes that fit into this category until one particular government approved them – well that could be a bit problematic. Especially if other governments decide that if it is good for the UK, it is good for them. Think, say, China.
The UK’s Home Office says that this is not about expanding their powers. Sure. Gotcha.
A briefing note sent to the UK Parliament by a trade organization representing the UK tech sector says that the Home Office’s description of the bill does not reflect the true significance of the changes being ramrodded through Parliament.
Meta, in a pretty clear “screw-you”, accelerated the roll out of end to end encryption for all personal chats and phone calls. If it is in place before the bill becomes law, well, then, the gov is kind of out of luck.
Apple and Meta threatened to pull out of the UK market and they could do that without having major financial impact on the company, but of course, they would not want to do that if there are other options – including to caving to government demands. Smaller companies and UK based companies do not have that luxury.
It is also not clear whether some companies might choose to provide two versions versions of their product, say “secure messenger” and “vulnerable messenger”, one of which would be sold in the UK and one sold in the rest of the world. If they did that and marketed it as “being required by UK law”, that would certainly put pressure on UK officials. Whether they have the guts to do that or not is an open question.
And, of course, if users encrypt their messages before sending them, the whole issue becomes moot, but that would make the whole thing inconvenient. Criminals, of course, could care less about convenience; not getting arrested is far more important to them, so really, all you will do is make law abiding citizens less secure.
Stay tuned to see what the UK does and what the companies that currently do business in the UK do. Most likely (hopefully) there will be some compromise, but if a company like Apple decides to leave the UK, well, that would be big news. Don’t hold your breath on that one. Credit: The Record