This site may earn affiliate commissions from the links on this page. Terms of employ.

Last January, in the wake of the terrorist attacks in Paris, UK Prime Minister David Cameron began advocating for limiting or preventing ordinary citizens from using terminate-to-end encryption that the authorities could non interruption. At present, the authorities has introduced legislation that would ban companies like Apple from offering end-to-stop encryption. What makes this particularly ironic is the discovery of other documents from before this year that show the United kingdom of great britain and northern ireland encouraging enterprise and governments to adopt encryption.

Both the BBC and the Telegraph have sounded off almost the new powers the authorities is seeking. According to the BBC, the new law (the Investigatory Powers Bill) would give regime investigators "to see if someone used Snapchat at 07:30 GMT on their smartphone at home and so ii hours later looked at Twitter'south website via their laptop at work, but neither the text typed into the app, nor the specific pages looked at on the social network would be accessible."

That kind of power isn't what has privacy advocates and security researchers worried, however. the IPB likewise requires that companies must take "reasonable" steps to provide data when a warrant is issued, fifty-fifty if that warrant applies to encrypted advice. Companies like Apple tree literally can't take "reasonable" steps to provide law enforcement with information because they no longer take the ability to peer into their ain encrypted devices without user-provided information.

UK's David Cameron

U.k. Prime Government minister David Cameron has made killing encryption a major initiative

While the beak doesn't explicitly ban encryption, there's been enormous business organization about how things will play out if the government demands admission to fabric that Apple tree, Google, or another manufacturer literally tin can't provide. A Domicile Role spokesperson speaking to the Telegraph said this:

The Government is clear we need to find a way to work with industry equally engineering develops to ensure that, with clear oversight and a robust legal framework, the police and intelligence agencies tin access the content of communications of terrorists and criminals in order to resolve constabulary investigations and prevent criminal acts. That means ensuring that companies themselves can access the content of communications on their networks when presented with a warrant, as many of them already do for their ain business purposes, for example to target ad. These companies' reputations residual on their power to protect their users' information." (Accent added).

Apple's own encryption system can't be made compliant with the new law without changes, which is why and so many companies accept been against these types of laws in the outset place. Implementing encryption methods with backstairs decryption only weakens the unabridged stack. There'due south no mode to create vulnerabilities that are guaranteed to remain in the easily of the white hats, no affair who those whitehats happen to be.

ISPs will exist forced to retain this data for i year, including the aforementioned data on browsing activities.

Do as we say, not equally we practise

Meanwhile, in an amusing twist, a recent report on secure voice communications prepared by the UK government notes that the public telephone network (PSTN) hasn't been considered secure for over a decade. The report contains an unabridged section devoted to the security challenges of creating a secure voice communication organisation — and it sheds low-cal on the kind of hoops Apple might be expected to leap through.

From the report:

The power to support lawful interception and business practice monitoring is a fundamental requirement of secure voice engineering and it is oft overlooked. Solutions which perform cease-to-finish encryption generally demand to rely on key escrow to support lawful interception.

Information technology goes on to note that the IETF (Net Technology Task Force) has developed a new protocol, MIKEY SAKKE (Multimedia Cyberspace KEYing – Sakai Kasahara Key Exchange). Mikey Sakke is designed using elliptic-curve mathematics. That's fascinating, considering the NSA recently issued directives warning companies not to rely overmuch on elliptic key cryptography. That's non to say that the GCHQ recommended standards are already broken, but the GCHQ may be contemplating shifting to encryption methods that the NSA has already compromised. Alternately, information technology could be advocating for the adoption of such standards precisely because it wants the power to crack its ain code.

Proper encryption implementation is incredibly difficult — the final thing nosotros need is regime-mandated backdoors making an already tough situation worse.