Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

UK Prime Minister Criticized for Plans to Ban Encrypted Communications

British prime minister David Cameron on Monday announced that if he’s re-elected in May, he plans on introducing a comprehensive piece of legislation that would ban encrypted online communications that cannot be accessed by authorities.

British prime minister David Cameron on Monday announced that if he’s re-elected in May, he plans on introducing a comprehensive piece of legislation that would ban encrypted online communications that cannot be accessed by authorities.

Following the recent incident in France, in which two extremists shot and killed 12 individuals at the satirical newspaper Charlie Hebdo, officials in Europe and the United States called for increased Internet surveillance to prevent such events in the future.

Cameron revealed plans to give authorities more power to access not only the details of communications, but also their content. The prime minister wants the ability to access all communications so that terrorists don’t have a “safe space” to communicate with each other online.

The official believes that the UK should not allow any form of communication that authorities cannot read.

The Edward Snowden leaks have shown that governments have a lot of methods at their disposal to spy on citizens. In response to these revelations, more and more companies have started offering encrypted communication solutions that provide protection against spying attempts even by intelligence and security agencies. The list includes applications such as SnapChat, Apple’s iMessage, and WhatsApp.

Cameron says such solutions provide terrorists with the means to safely communicate with each other, which is why he believes they should be banned. Unless, of course, they make it possible for authorities to somehow access the encrypted content.

The Data Retention and Investigatory Powers Act, which currently requires service providers to log communications (without content), is only valid until 2016. That is when the UK’s prime minister plans on introducing the new law.

“The attacks in Paris once again demonstrated the scale of the terrorist threat that we face and the need to have robust powers through our security and intelligence agencies and policing in order to keep people safe,” Cameron said.

Advertisement. Scroll to continue reading.

Security experts and civil rights groups disagree

Some privacy advocates have compared the legislation proposed by Cameron to the one of authoritarian governments.

The Electronic Frontier Foundation (EFF) has pointed out that terrorist attacks are often leveraged by governments to call for increased surveillance and the Charlie Hebdo incident is no different. The organization has warned of the negative effects of surveillance on privacy and free speech.

“Mass surveillance doesn’t only infringe on our privacy, but also our ability to speak freely,” the EFF’s Jillian York said. “Let us resist attempts to use this tragic moment as an opportunity to advance law enforcement surveillance powers. Freedom of speech can only thrive when we also have the right to privacy.”

Christopher Boyd, a UK-based malware intelligence analyst for Malwarebytes, believes many security incidents happen not because of a lack of awareness of suspicious individuals, but more because of the difficulty in prioritizing available data.

“Better use of crucial data is more important than casting out the nets and grabbing everything. If law enforcement is so short on resource that they can’t work with the important information they possess, what use is overloading them with data from the general populace?” Boyd told SecurityWeek.

“Removing encrypted communications from the UK would not be advisable, it will hamper every industry and make British companies vulnerable,” the expert noted. “It seems to me to be a case of The Government passing comment on aspects of IT they’re not familiar with. The Govt has spent a fortune over the years educating the public on why secure communications and systems are important, so if this move were implemented it would be a serious shift in policy.”

Martijn Grooten, editor of Virus Bulletin, points out that Cameron doesn’t want to outlaw encryption, but to force companies to allow the government to access the content of communications. However, if UK authorities can access encrypted communications, so can cybercriminals and foreign governments.

“I also think it’s extremely impractical. It is trivial for a UK citizen to set up a VPN, or to use HTTPS to connect to a service abroad, not covered by UK law,” Grooten, who is also based in the UK, told SecurityWeek. “Not allowing these kinds of things would break so many things, even David Cameron would not want that. Hence his plans would hamper the privacy of UK citizens, while doing nothing to stop potential terrorists from communicating securely.”

“It would also be a serious hindrance for any UK online business that wants to attract customers from abroad, as they would have to let the UK government be able to listen in on what is being sent,” he added.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

CISO Strategy

The SEC filed charges against SolarWinds and its CISO over misleading investors about its cybersecurity practices and known risks.

Cybercrime

A global cyber espionage campaign has resulted in the networks of many organizations around the world becoming compromised after the attackers managed to breach...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...