There has been lots of discussion about the wisdom or lack of wisdom of incorporating “back doors” into devices capable of encrypting information. While the debate rages on, the U.K.’s Investigatory Powers Act that was quietly signed into law this week even though it contains the capability to undermine encryption and demand surveillance backdoors.
According to an article in The Register, any company that receives a “technical capacity notice” will be obliged to do various things on demand for government snoops — such as disclosing details of any system upgrades and removing “electronic protection” on encrypted communications. Thus, by “technical capability,” the government really means backdoors and deliberate security weaknesses so citizens’ encrypted online activities can be intercepted, deciphered and monitored…
At the end of the day, will the U.K. security services (and other governments and individual hackers worldwide) be able to read your email, your messages, your posts and private tweets, and your communications if they believe you pose a threat to national security? Yes, they will.
Details may be found in The Register at http://www.theregister.co.uk/2016/11/30/investigatory_powers_act_backdoors/.
COMMENT: While the new law is a major legal victory for the intelligence community, it probably will not be very effective. First of all, it only applies to companies in the United Kingdom or those who sell products within the U.K. Companies elsewhere will be unaffected and will still be free to sell secure encrypted products and services worldwide.
Second, back doors are never restricted to government use. Information about how to “unlock” a back door will soon leak out and become available to governments and to individual hackers and thieves around the world. Creating a backdoor is about as effective as leaving a key under the doormat; thieves will quickly learn how to unlock the door.
Third, U.K. citizens who realize the impact of providing keys to their secrets to the government and to thieves alike will soon seek better solutions. It might become difficult for U.K. residents to purchase hardware devices that are fully secure without backdoors unless the buyer takes a trip out of the country. However, it will be trivial to download foreign-developed encryption software that has no backdoor and to install that software on cell phones, tablets, laptop computers, desktop computers, and elsewhere. Such products are already available worldwide and even more will become available as millions of UK citizens realize the need for security against all snoops.
Citizens of other countries with repressive governments already do the same. It will be trivial for U.K. residents to obtain secure encryption software without backdoors, the same as citizens of China, Russia, the Arab countries, and elsewhere have done for years.
The first people to install third-party encryption products undoubtedly will be the terrorists, identity thieves, credit card scammers, arms dealers, and others who need encryption for illegal purposes, the very people the government wishes to snoop upon the most. Private, law-abiding citizens won’t be far behind as more and more companies worldwide develop third-party encryption products for a growing marketplace.
Congratulations to Theresa May and to all the MPs who voted in favour of the Investigatory Powers Act: you have shot yourselves in your collective left feet and simultaneously done a disservice to your law-abiding citizens. Meanwhile, you have increased the market for encryption software developed worldwide.