British Prime Minister David Cameron wants to ban strong encryption in Britain. Citing national security concerns, the PM announced his position on June 29.
Members of Parliament, bringing up a recent attack in Tunisia, asked the Prime Minister whether or not some of the largest tech companies need to change their privacy policies in light of such events, and the Prime Minister agreed they should, according to Politics.co.uk.
British Authorities Already Have Expansive Powers
In Britain, it’s a crime to deny officials access to your password. In fact, in that nation, if the authorities demand the password to one of your devices, you can be sent to jail for failing to turn it over.
The US has a much different set of laws. Thus far, US courts have found that passwords are “knowledge,” which means that citizens are not required to turn them over unless the authorities can present a court order.
That doesn’t mean, however, that the authorities in the US have been any less aggressive in trying to get around encryption than they have in Britain.
When Apple recently provided iPhones with strong encryption by default, US authorities reacted by inventing nightmare scenarios.
Making a very similar argument to Cameron’s, US authorities said that the encryption provides a shield for criminals and, without being able to persuade suspects to give up their passwords, encrypted devices cannot be examined for evidence.
Fear Mongering and Weakening Security
In both Britain and the UK, terrorism has been used as a justification for weakening encryption on consumer devices.
In the US, law enforcement officials went so far as to suggest that pedophiles would actively seek out Apple devices, as the encryption, at least in the minds of officials, would protect such individuals from having evidence gathered against them.
Cameron said that the British government will be rolling out a draft of the new investigatory powers in autumn, but his plans have not been universally popular.
Tech companies have balked at the proposal and a social media company, In.die, has made plans to relocate its operations outside the UK in light of the Investigatory Powers Bill that’s been proposed.
In.die, along with other tech companies, often promise to protect user privacy. With such broad powers being given to governments, it remains unclear how they would be able to keep that promise, save for moving to a more privacy-friendly jurisdiction.
Backdoors Are Dangerous
Encryption experts and the companies that rely upon it to provide security for their customers have been vigorous opponents of installing backdoors in encryption software. While those backdoors might make it easier for law enforcement to catch criminals, the backdoors are likely to be used by criminals themselves.
The Center for Democracy and Technology released a brief on the matter, where they discuss how anyone from cybercriminals to foreign governments could bypass encryption using the backdoors, potentially accessing sensitive user data.
To make it worse, many businesses rely on security to conduct transactions. Others advertise the privacy provided by encryption as a principal benefit of the products that they sell. If a nation implements policies that require manufacturers to deliberately weaken security, it’s likely that businesses in other nations are not going to use their products.
It’s Never Been Needed
Despite the breathless fear mongering, there has never been a case where a backdoor that allows law enforcement to circumvent encryption has been necessary.
The government in the UK has plenty of options allowing it to get user data, beyond the simple fact that refusing to turn over a password is a crime in and of itself in that nation.
Even in more privacy-friendly nations than Britain, such as the US, the government has powers that allow it to get data.
Aside from it being highly unlikely that the data on one particular device would ever be the only way to stop a criminal or convict them of their crimes, the government can still require that the device be unencrypted via a court order. At that point, refusing to comply becomes a crime.
It’s unclear how the proposed British investigatory powers would affect VPN providers. It’s already clear, however, that some tech companies are more than a little nervous about what those powers might entail, and that they’re seeking alternative markets to establish themselves in outside the UK.