Confusion as Defence Minister Calls for Ban of End-to-End Encryption

Brace for political double-speak. The Minister for Defence, Earl Howe, has reignited concerns that the Government’s controversial Investigatory Powers Bill could force UK ISPs and Internet content providers to weaken end-to-end encryption services by saying they may have to “develop and maintain a technical capability to remove encryption.”

End-to-end encryption services are used all over the Internet in order to keep communications secure from abuse, be that your financial transactions or any messages you send to friends over online chat services. It is an essential tool and one that only works if the decryption keys are kept hidden, often even from the service provider.

Similarly if we weaken encryption then the encrypted software and systems supplied by firms in the UK may be perceived as unsafe and that could hurt international business. However terrorists and criminals can also use these features and the Government are naturally worried about that.

Up until now the Government had appeared to be softening their stance and were suggesting that British companies might not be forced to weaken end-to-end encryption. Sadly all that has been thrown back into confusion after Earl Howe gave a master class in political double-speak during Wednesday’s IPBill debate in the House of Lords.

Earl Howe said:

“It is important to emphasise that any encryption arrangements that a communications service provider has not itself applied, or had applied on its behalf, would almost inevitably fall outside these provisions because it would not be reasonably practicable for the company to de-encrypt.

Many of the biggest companies in the world rely on strong encryption to provide safe and secure communications and e-commerce, but nevertheless retain the ability to access the contents of their users’ communications for their own business purposes—and, indeed, those companies’ reputations rest on their ability to protect their users’ data. In many cases, we are not asking companies to do something that they would not do in the normal course of their business.

The Bill makes absolutely clear that a telecommunications operator would not be obligated to remove encryption where it is not reasonably practicable for it to do so. … Depending on the individual company and circumstances of the case, it may be entirely sensible for the Government to work with them to determine whether it would be reasonably practicable to take steps to develop and maintain a technical capability to remove encryption that has been applied to communications or data.”

As security experts so often warn, you can’t allow one state or group to have special access and then expect that not to be abused by others (e.g. hackers or less democratic countries). On this point the Government are perhaps guilty of not being very worldly, since weakening the encryption supplied by British firms will do very little to stop its use by criminals and terrorists.

UK law cannot extend too far outside of its own borders and thus there will always be remote servers and services that cyber criminals and terrorists can use, including those that aren’t controlled by any country, company or government. No law will cover the entirety of the perceived problem and so the Government instead risks weakening the security of ordinary citizens and legitimate businesses.

Mind you people will always have the ability to find and use a more secure service than those provided by their own home country, which is often necessary in order to protect that most vital of things – personal privacy. We recall this was once a civil liberty of some sort, not least to help defend people against reckless dictators and unwarranted political censorship.

Lest we not forget that Ciaran Martin, Director General of Cyber Security at GCHQ, last year told UK companies to improve their security because the country faced a “chronic, advanced and persistent” threat from hackers and attacks on critical infrastructure. Mixed messages, or as Apple’s CEO said..

Tim Cook, Apple’s CEO, said:

“To protect people who use any products, you have to encrypt. You can just look around and see all the data breaches that are going on [ISPr ED: For example, the cyber-attack on TalkTalk]. These things are becoming more frequent. They can not only result in privacy breaches but also security issues. We believe very strongly in end to end encryption and no back doors.

We don’t think people want us to read their messages. We don’t feel we have the right to read their emails. Any backdoor is a backdoor for everyone. Everybody wants to crack down on terrorists. Everybody wants to be secure. The question is how. Opening a backdoor can have very dire consequences.

It’s not the case that encryption is a rare thing that only two or three rich companies own and you can regulate them in some way. Encryption is widely available … If you halt or weaken encryption, the people that you hurt are not the folks that want to do bad things. It’s the good people. The other people know where to go.”

The Government’s newly appointed Home Secretary, Amber Rudd MP, will now have the fun of implementing this new bill before the end of the year. Luckily for her most MPs appear to have given it their support, although it’s debateable whether many of them really understand the technical realities of what they’re voting to approve.