The governments of the United States, United Kingdom, and The Netherlands all want backdoor access to encrypted data. They want the encryption keys to snoop on private communications. As you’ll see in a moment each country is using national security as a means of gaining support in hopes of passing new laws to give them legal access to encrypted communications. The UK’s Prime Minister, David Cameron, would like to take things a step further and ban encryption all together in Britain. China plans to require all companies to turn over encryption keys by 2020.
Encryption in the United Kingdom
The Prime Minister of the United Kingdom, David Cameron, has been outspoken in his feelings toward encryption. In fact he wants to ban encryption in Britain. Mr. Cameron points at recent terrorist events to demonstrate the need to ban strong encryption in the UK. We can all understand the need to secure citizens safety but what will the price be if you take away everyone’s right to privacy at the same time. This is something the UK has been wrestling with for years now.
The Conservative Party in the UK presented the Draft Communications Data Bill, also known as the Snooper’s Bill, in 2012 and expected it to be law by 2014. That didn’t work out as Deputy Prime Minister, Nick Clegg, withdrew his support for the bill. The difference is that the Conservative Party is now in power and plans to revive the Snooper’s Bill to be presented later this year. This time their efforts will be more difficult to thwart.
Encryption in the United States
The Director of the Federal Bureau of Investigation (FBI), James Comey Jr., and the Deputy Attorney General at the Justice Department, Sally Quillian Yates, will be testifying in front of the Senate Judiciary Committee tomorrow. Mr Comey has previously voiced his concerns about the actions being taken by technology companies to protect users privacy. He believes that federal law enforcement should have access to your communications, even if they are encrypted. From an FBI press conference last Fall:
“I am a huge believer in the rule of law, but I also believe that no one in this country is beyond the law,” Comey told reporters at FBI headquarters in Washington. “What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law.”
Mr Comey’s comment came shortly after Google and Apple announced that they would no longer unblock the encryption on their devices. They each rolled out a new version of their mobile operating systems that made it impossible for anyone but the user to unlock the phone. You would need to unlock it yourself if so compelled by authorities or a court order. This took Silicon Valley out of the loop when it comes to accessing users encrypted data.
Mr. Comey and Mrs. Yates are expected to testify about the concerns of law enforcement that criminals will hide behind encrypted communications. They want Congress to act by giving them backdoor access to encrypted systems and devices. Perhaps that would help in deterring criminals but it would also put all of our communications at risk. A group of well respected cryptographers and computer scientists are releasing a paper today that will outline the risks of allowing governments like the US and UK access to encrypted data. In short they say that once the data is out there is no getting it back into the bottle. They feel strongly that breaking encryption will leave us all at risk.
Encryption in The Netherlands
The Netherlands is hearing public opinion on a new bill that would update the Intelligence & Security Act of 2002. The new bill would enable the Dutch government to force communications providers to hand over encryption keys. According to a post by Dutch technical security consultant, Matthijs R. Koot, the new bill would force anyone to decrypt data or communications:
“the intelligence services are authorized to compel anyone to help decrypt data in [a computerised system] … or help decrypt conversations, telecommunications or data transfer … ; either by handing over keys or providing decrypted data. Another option to defeat encryption is the use of the hacking power” to break into systems.
It will be some time before the new bill is put to a vote but in the meantime the public in the Netherlands has a chance to voice their opinion. Hopefully they will come out against the new bulk surveillance and let the government know that they don’t want to have their private data accessed through decryption.
Encryption in China
You might expect the Chinese to take a strong stand against encryption. That’s true for citizens of China along with foreign technology companies. China has a five year plan to force all companies that do business in China to turn over encryption keys. When US President Barack Obama voiced concerns the Chinese government responded by saying that the US and UK have been pushing for the same access for years now.
This is from a Bloomberg Business article posted earlier this year:
“Many Western governments, including the governments of the U.S. and the U.K., have for many years asked technology companies to disclose their encryption keys,” Fu Ying, spokeswoman for China’s National People’s Congress, said Wednesday in Beijing. “This step is aimed at preventing and investigating terrorist activities.”
China intends to ban any company that doesn’t provide encryption keys from their communication infrastructure by 2020. That leaves less than five years for the international debate to heat up. In the meantime China is happy to have law enforcement officers use an encrypted version of Alibaba’s mobile operating system for secure mobile messaging.
The Future of Encryption
The ability to encrypt data and communications is a human rights issue. The United Nations published a report on encryption, anonymity, and the human rights framework earlier this year. The asked a number of member nations the following questions:
- Do the rights to privacy and freedom of opinion and expression protect secure online communication?
- Assuming an affirmative answer, to what extent may governments, consistent with human rights law, impose restrictions on encryption and anonymity?
I suggest you read the responses linked from the report. In reading through the responses you can tell than some countries have more than a little work to do when it comes to their stance on encryption. Some respondents didn’t even seem to understand the questions or were perhaps using political jargon in place of actually answering them.
Follow us @VPNFan for the latest online privacy news.