Home
 » ISP News » 
Sponsored

EU and UK ISPs Oppose Moves to Ban End-to-End Encryption

Monday, October 7th, 2019 (2:09 pm) - Score 2,607
security internet connected uk devices

A demand for Facebook and other companies to delay or cease plans for implementing end-to-end encryption across their internet messaging services, which was made by the UK, USA and Australian governments, has today prompted the European ISP Association (EuroISPA) to “oppose” any weakening of encryption.

Encryption is of course used all over the place, for everything from securing your credit card transactions to keeping your messages private, as well as for cryptographic protocols such as Transport Layer Security (TLS) and Hypertext Transfer Protocol Secure (HTTPS).

Encryption is thus an essential tool, the last line of defence against criminals intent upon gaining unlawful access to our personal data, and one that works best when the decryption keys are kept hidden, sometimes even from the service owner so as to both avoid any chance of employee abuse (i.e. the bigger the company, the bigger the risk of leaks); as well as to obstruct hackers.

On the flip side governments have long been concerned that such technology can be used to conceal conversations between criminals and terrorists, which makes it harder for the police and spies to catch them. Finding a balance on this front is difficult because encryption is, at its most basic, just clever math and there’s absolutely nothing that anybody could do to stop people making their own encryption (this is common).

Nevertheless on Friday 4th October 2019 the three aforementioned governments issued a somewhat controversial response to Facebook’s “Privacy First” proposals, which were published in March 2019 and included a plan to adopt end-to-end encryption on their messaging service (much like most of their rivals have done).

Extract from the Open Letter

We support strong encryption, which is used by billions of people every day for services such as banking, commerce, and communications. We also respect promises made by technology companies to protect users’ data. Law abiding citizens have a legitimate expectation that their privacy will be protected.

However, as your March blog post recognized, we must ensure that technology companies protect their users and others affected by their users’ online activities. Security enhancements to the virtual world should not make us more vulnerable in the physical world.

We must find a way to balance the need to secure data with public safety and the need for law enforcement to access the information they need to safeguard the public, investigate crimes, and prevent future criminal activity. Not doing so hinders our law enforcement agencies’ ability to stop criminals and abusers in their tracks.

Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes. This puts our citizens and societies at risk by severely eroding a company’s ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse, terrorism, and foreign adversaries’ attempts to undermine democratic values and institutions, preventing the prosecution of offenders and safeguarding of victims. It also impedes law enforcement’s ability to investigate these and other serious crimes.

Risks to public safety from Facebook’s proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children.

The letter proceeded to “call on” Facebook and others not to implement end-to-end encryption and set out how they’d only be satisfied with an encryption system that the social media giant could decrypt, upon request from law enforcement (i.e. the master keys would be controlled by Facebook officials rather than hidden from all in an end-to-end setup).

As security experts so often warn, you can’t allow one state or group to have special access and then expect that not to be abused by others (e.g. hackers or less democratic countries). On this point the Government are perhaps guilty of not being very worldly, since weakening the encryption supplied by British firms will do little to stop its use by criminals or terrorists.

Encryption is not Apple, Facebook or Twitter. As mentioned earlier, encryption is a method that anybody can setup and use. A clever terrorist probably has better ways to keep in touch with their fellow nut-jobs than to post a private message on Twitter or Facebook (they’ve been known to create their own apps – even a novice can do it), although the latter has previously acted as a useful promotional platform for such groups.

Maximilian Schubert, President of EuroISPA, said:

“EuroISPA’s members continuously work with law enforcement towards making the online sphere a safer space for businesses as well as individuals. At the same time, EuroISPA firmly supports strong encryption, as it plays a fundamental role in ensuring cybersecurity and users’ privacy”.

Meanwhile it could be argued that the security services already have a wealth of data at their disposal but what they lack is the manpower to monitor suspects in the off-line world. We recall one police force saying that it’s possible for up to 60 officers to be involved with the monitoring of just a 1 individual and when you have thousands of potential targets.. that’s a problem.

Equally we can’t always assume that we will be governed by a truly democratic system that protects our freedoms and privacy. Giving a future anti-democratic government such control over what we can access and how we communicate would thus seem to be unwise.

In any case, whichever side of the fence you reside, defining end-to-end encryption in law will be tricky without breaking things on a much wider scale. At the same time Criminals, who by their definition don’t have even the slightest interest in following the law, will almost certainly switch to using another service that still deploys end-to-end encryption (or make their own); there’s no shortage of choices.

Add to Diigo
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
9 Responses
  1. Avatar FibreBob

    Clever math? Are we in America now?

  2. Avatar Spurple

    We need end to end encryption to guarantee the foundations of our free and democratic societies. No matter how compelling the security reasons cited for such a large scale sacrifice of the right to privacy, it is not worth it for the potential for abuse and the immense totalitarian power it would grant a bad government.

    Advances in computing will mean a total elimination of any private communication if we can’t have encryption.

    • Avatar Timeless

      isnt that the point though? lve always seen these ideas from the government less about security and more about control of information.

  3. Avatar anon

    Why don’t they just make clever math illegal?

  4. Avatar Lewis

    Are we turning into China?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £20.00 (*22.00)
    Avg. Speed 50Mbps, Unlimited
    Gift: None
  • Vodafone £22.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • TalkTalk £22.45 (*36.00)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
  • Post Office £22.90 (*37.00)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
  • Direct Save Telecom £22.95 (*29.95)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2510)
  2. FTTP (2200)
  3. FTTC (1658)
  4. Building Digital UK (1607)
  5. Politics (1428)
  6. Openreach (1418)
  7. Business (1238)
  8. Statistics (1099)
  9. FTTH (1074)
  10. Mobile Broadband (1039)
  11. Fibre Optic (968)
  12. Ofcom Regulation (915)
  13. Wireless Internet (908)
  14. 4G (900)
  15. Virgin Media (857)
  16. Sky Broadband (595)
  17. EE (592)
  18. TalkTalk (580)
  19. Vodafone (518)
  20. Security (413)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact