UK seeks end to end-to-end encryption

UK seeks end to end-to-end encryption

It could put an end to end-to-end encryption in services such as WhatsApp: The U.K. government wants telecommunications providers to help it tap their customers' communications, removing any encryption the provider applied.

The government's desires are set out in a draft of the regulations obtained by Open Rights Group (ORG), which campaigns for digital civil rights.

"These powers could be directed at companies like WhatsApp to limit their encryption. The regulations would make the demands that [Home Secretary] Amber Rudd made to attack end-to-end encryption a reality. But if the powers are exercised, this will be done in secret," said ORG executive director Jim Killock.

The draft of the Investigatory Powers (Technical Capability) Regulations 2017 was circulated by government officials as part of a "targeted consultation" of some of the organizations that would have to comply with the law, the group said.

Its requirements will apply to fixed and mobile phone networks, but also the operators of cloud-based messaging services and social networks, according to an analysis of the law by Bird & Bird last November, when the act received royal assent.

Operators with over 10,000 users in the U.K. will have to modify their systems to provide government officials with on-demand access to their customers' communications, according to the draft regulation revealed Friday.

Previous surveillance laws in the U.K. have required operators to provide just the communications metadata, information about who is calling whom, when and where. This time, though, the government also wants operators to provide the content of their customers' communications in an intelligible form, and "to remove electronic protection applied by or on behalf of the telecommunications operator."

That, said ORG, could allow the government to compel companies to introduce backdoors to end-to-end encryption, or put in place other security weaknesses, with little accountability.

There will be no pleas of "Sorry officer, the surveillance system broke," as the draft regulation calls for the spying apparatus to be at least as reliable as the rest of the network.

Much of the Investigatory Powers Act -- and thus the draft regulation implementing it -- applies to companies worldwide as long as one end of the communication is in the U.K., although the government may have difficulty enforcing it, Bird & Bird noted in its analysis of the law.

IDG Insider

PREVIOUS ARTICLE

«Trump presidency offers lessons in how not to lead

NEXT ARTICLE

New Android security report is alarming, but not because of the amount of malware»

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should companies have Bitcoins on hand in preparation for a Ransomware attack?