More details of how the UK’s new surveillance law will operate have been revealed. The details concerning the use of encryption seem especially silly, possibly written by the staff writers of Monty Python.
Under draft regulations to support the new Investigatory Powers Act, the government will be able to issue ‘technical capability notices’ to companies with more than 10,000 UK users to make it easier for police, spy agencies, Inland Revenue employees, and other government bodies to access UK residents’ private communications.
In particular, the regulations require companies to provide and maintain “the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data, or to permit the person to whom the warrant is addressed to remove such electronic protection.”
In other words, the proposed law wants an unlocked “back door” into all forms of encryption in order to read what is going on. Security experts all agree that any such “back door” that is available to government employees will also become available to hackers, credit card thieves, and foreign governments within a matter of months, if not within weeks. It is similar to leaving a key to your house door under the doormat.
Unlocked “back doors” will not remain secret very long.
Most of the companies that create encryption software are outside the UK. Obviously, they will not be subject to this ridiculous new law and will continue to provide high-quality encryption products to all customers without “back doors.” Large corporations based in the UK will probably be forced to find “back door” solutions because of the threat of legal actions by the UK government. (That means your UK-based email provider, Internet Service Provider, and larger merchants probably will have to comply. Your online activities will be visible to worldwide spies if you do not take special action to “lock your doors.”)
However, smaller companies and private individuals will still be able to obtain high security encryption products without difficulty. An individual’s use of a Virtual Private Network (VPN) will block most government spying.
Read again: “the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data, or to permit the person to whom the warrant is addressed to remove such electronic protection.”
The interesting words in that statement are ‘where practicable’. It appears that enforcement isn’t practicable at all. The entire statement reads like a Monty Python script.
John Cleese – Ministry of Silly Walks