British prime minister David Cameron on Monday announced that if he’s re-elected in May, he plans on introducing a comprehensive piece of legislation that would ban encrypted online communications that cannot be accessed by authorities.
Following the recent incident in France, in which two extremists shot and killed 12 individuals at the satirical newspaper Charlie Hebdo, officials in Europe and the United States called for increased Internet surveillance to prevent such events in the future.
Cameron revealed plans to give authorities more power to access not only the details of communications, but also their content. The prime minister wants the ability to access all communications so that terrorists don’t have a “safe space” to communicate with each other online.
The official believes that the UK should not allow any form of communication that authorities cannot read.
The Edward Snowden leaks have shown that governments have a lot of methods at their disposal to spy on citizens. In response to these revelations, more and more companies have started offering encrypted communication solutions that provide protection against spying attempts even by intelligence and security agencies. The list includes applications such as SnapChat, Apple’s iMessage, and WhatsApp.
Cameron says such solutions provide terrorists with the means to safely communicate with each other, which is why he believes they should be banned. Unless, of course, they make it possible for authorities to somehow access the encrypted content.
The Data Retention and Investigatory Powers Act, which currently requires service providers to log communications (without content), is only valid until 2016. That is when the UK’s prime minister plans on introducing the new law.
“The attacks in Paris once again demonstrated the scale of the terrorist threat that we face and the need to have robust powers through our security and intelligence agencies and policing in order to keep people safe,” Cameron said.
Security experts and civil rights groups disagree
Some privacy advocates have compared the legislation proposed by Cameron to the one of authoritarian governments.
The Electronic Frontier Foundation (EFF) has pointed out that terrorist attacks are often leveraged by governments to call for increased surveillance and the Charlie Hebdo incident is no different. The organization has warned of the negative effects of surveillance on privacy and free speech.
“Mass surveillance doesn’t only infringe on our privacy, but also our ability to speak freely,” the EFF’s Jillian York said. “Let us resist attempts to use this tragic moment as an opportunity to advance law enforcement surveillance powers. Freedom of speech can only thrive when we also have the right to privacy.”
Christopher Boyd, a UK-based malware intelligence analyst for Malwarebytes, believes many security incidents happen not because of a lack of awareness of suspicious individuals, but more because of the difficulty in prioritizing available data.
“Better use of crucial data is more important than casting out the nets and grabbing everything. If law enforcement is so short on resource that they can’t work with the important information they possess, what use is overloading them with data from the general populace?” Boyd told SecurityWeek.
“Removing encrypted communications from the UK would not be advisable, it will hamper every industry and make British companies vulnerable,” the expert noted. “It seems to me to be a case of The Government passing comment on aspects of IT they’re not familiar with. The Govt has spent a fortune over the years educating the public on why secure communications and systems are important, so if this move were implemented it would be a serious shift in policy.”
Martijn Grooten, editor of Virus Bulletin, points out that Cameron doesn’t want to outlaw encryption, but to force companies to allow the government to access the content of communications. However, if UK authorities can access encrypted communications, so can cybercriminals and foreign governments.
“I also think it’s extremely impractical. It is trivial for a UK citizen to set up a VPN, or to use HTTPS to connect to a service abroad, not covered by UK law,” Grooten, who is also based in the UK, told SecurityWeek. “Not allowing these kinds of things would break so many things, even David Cameron would not want that. Hence his plans would hamper the privacy of UK citizens, while doing nothing to stop potential terrorists from communicating securely.”
“It would also be a serious hindrance for any UK online business that wants to attract customers from abroad, as they would have to let the UK government be able to listen in on what is being sent,” he added.