Original Author: Assent Risk Management
Original Links: http://www.assenttechrisk.co.uk/2015/11/the-uk-encryption-debate-2015/
As the end of 2015 fast approaches, we look again at the Encryption debate.
In light of terror organisations committing terrible acts in Europe and around the world, has the balance of Privacy V Protection finally tipped?
The National Security Problem with Encryption
The ability to encrypt digital data has been fundamental in the development of services such as online shopping and Internet messaging using platforms such as email, web chat apps or video calling.
However as much as we enjoy the privacy and protection encryption has to offer, it can also be misused, as a tool to conceal information and make it inaccessible to authorities.
The governments of some countries including the USA, have long recognised the danger of encrypted data that their security services are unable to access, and have legislated for it.
For example, we advise our consultancy clients to check the rules in the countries their delegates travel to, before arriving at the airport with encrypted laptops or memory.
Encrypted Messaging Services
Attention turned to encrypted messaging services back in 2011 when London was hit by riots, which spread to other parts of the UK including Manchester, Nottingham and the West Midlands.
It was thought that the Blackberry Messaging service, which uses end-to-end encryption, had been key in permitting the riots to be organised without any visibility.
And only in January of this year, 2015, our Tech Risk consultancy pondered “Is Encryption About to be Banned in the UK?” following the first major terrorist event in Paris. (Read more: http://www.assenttechrisk.co.uk/2015/01/encryption-banned-uk/)
However, Privacy campaigners were quick to raise concerns about governments and security services being able to access the personal information of UK citizens, and the legislation that provided procedures with acceptable safe guards are yet to emerge.
The Call for Backdoors
Some American voices including the head of the FBI have a different solution in mind, which would require developers to build in back-doors to allow authorities access to PIN locked smart phones.
Privacy concerns aside, some technical experts believe it impossible to provide a ‘back-door’ for the authorities, without compromising the device and making it vulnerable to hackers and cyber criminals.
However in October 2015 the UK government seemed ruled out this move, while still applying pressure on companies to be able to decrypt messages sent using their services.
Apple is just one tech company who has made a feature of the added security provided by it’s devices and services; so there is no clear compromise yet.
The Investigatory Powers Bill
So as 2015 ends, a bill is passing through parliament that will overhaul the way private communications data is collected, stored and used in the UK.
It will require service providers to keep a record of user activity such as which websites have been visited, for how long, which pages were accessed etc. However this doesn’t necessarily include the content of messages or activity within the websites.
The key thing is that this data will be stored for every user for the period of a year regardless of any suspicion or cause, therefore allowing authorities the ability to view historic data for the first time.
Other pieces of existing legislation are also incorporated in to this bill, making it a single comprehensive piece of legislation for the modern age.
It’s passage through parliament is unlikely to go smoothly, as this bill represents a huge change in privacy and protection.