surveillance
Data Privacy and Security

UK's 'snooper's charter' changes may lead more to encrypt

The following is a contributed article by Jonathan Parker-Bray, CEO of Criptyque, maker of the Pryvate secure communications app

 

The UK Government’s impending Investigatory Powers Bill aims to give the police greater power to ‘hack’ people’s computers and smartphones and help them get a greater grip on the digital age. It would therefore be highly ironic if its new laws actually pushed technology and technology companies even further down the path of encryption.

However, this could be exactly what happens if technology companies take a positive response to the wording of this revised Bill. The Bill has placed a lot of emphasis on whether it is ‘practicable’ for companies to provide user data, which is an extremely vague statement and has the potential to be far too broad, in that it could include anything that fits the remit of ‘when the government has a warrant and the technology company has the power to do it.’

With that in mind, it would not be at all surprising if security companies’ response to the Government’s demands was to make their products impracticable for them to decrypt.

A topical case in point is the ongoing Apple case in the US. The steps the FBI is asking for, such as updating the iPhone with a new version of iOS that disables brute force attack protections, are entirely practicable by the UK Government’s definition. The FBI has a court order and Apple can decrypt the device, but are arguing that they shouldn’t have to as it will weaken its global security posture. If we look for positives from this case, Apple themselves say they are currently working on solutions that will prevent them having to take similar actions with future devices, this could set a precedent for laws which aim to grant governments accessed being harnessed by the security and technology industry to further secure their products.

In the UK, to ensure immunity to the burdens of the new legislation, security companies may have to make their products secure even from themselves. The only way to protect their users’ data fully in the face of this new law is by ensuring that even the company itself cannot access it. There are several tactics that could help them achieve this, such as making devices or software platforms verify and reject updates that lower security standards. This could lead to the creation of a new wave of security tools that are more intelligent and resilient, and have more power to protect businesses from cybercriminals, rather than making them easier to access as The Government might hope.

PREVIOUS ARTICLE

« What does the Blippar deal mean for Augmented Reality?

NEXT ARTICLE

Perspective: How my injury helped me develop a tech solution »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

How to (really) evaluate a developer's skillset

Adrian Bridgwater’s deconstruction & analysis of enterprise software

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Cloudistics aims to trump Nutanix with 'superconvergence' play

Martin Veitch's inside track on today’s tech trends

Poll

Is your organization fully GDPR compliant?