In the wake of recent atrocities in Paris, UK Prime Minister David Cameron has called for greater government control over services that let people communicate privately.
Promising to introduce powers beyond what the scuttled Communications Data Bill promised, the as-of-yet unnamed proposals call for security services to have near-instant access to communications data – who is talking to who and when – as well as the contents of people’s messages.
This would include everything things like WhatsApp, Snapchat, iMessage, BBM (if people still use that). As Cameron has said that there should be “no means of communication” that can’t be monitored, methods by which people could circumvent any blocked services, VPNs or proxies, would presumably be verboten in Dave’s brave new world too.
Without knowing the full extent of the proposals, it’s hard to say. While ‘no means of communication’ appears to leave little room for doubt, the specifics about how this might happen (Will VPNs be banned? Will all encryption be reversible upon receipt of a warrant?) have yet to be announced.
Pending such details, could the UK Government block or snoop on every messaging app out there?
Jim Killock, director of privacy campaigners Open Rights Group argues that forcing companies to build back door access to services, should UK security bods require access to encrypted messages at the drop of the hat, will actually make British subjects less safe.
Killock said: “[A] means of gaining access to encrypted material could be to require ‘master keys’ for encrypted material. This is called ‘key escrow’.
“The problem with key escrow or the use of master keys is that they leave a particular encryption method with a secret backdoor, and give every criminal the certain knowledge that this backdoor exists. Criminals then know that they can find a way to break into encrypted material, given a certain amount of effort. Thus the barrier to breaking in becomes time and money, so is a question of the value of the material you want access to.”
Nicholas Lansman, secretary general of ISPA, the trade group that represents the UK’s ISPs, agreed, saying that restricting the effectiveness of encryption would make the UK a less attractive place for companies to do business.
Lansman said: “In the wake of an increasing number of cyber-attacks and government initiatives to raise the awareness of cyber risks, encryption is widely accepted as a key measure to do business safely online.
“Business, individuals and governments around the world rely on encryption to carry out everyday tasks and services, forcing companies to weaken encryption measures would weaken protection against cyber criminals, foreign intelligence agencies and others.”
But even with encryption in place, Snapchat’s history when it comes to safeguarding its users privacy has been pretty woeful.
Part of the appeal of Snapchat is its supposedly ephemeral nature; you send messages and once they’re opened they self-destruct, Mission Impossible style, hence why it’s been a hit with horny teens who want to swap n00dz. But if a teenager from Texas can easily crack it, it’s unlikely that terrorists will want to use it.
Similarly, Facebook already hand over plenty of data to governments. From January to June last year, details on over 2,600 users or accounts were requested and in over 71 per cent of cases, Facebook willingly coughed up the goods. Hardly an attractive destination for somebody planning acts of terror, or anything they’d rather keep secret.
The prospects don’t look good, but until the Prime Minister explains exactly what he means in detail, it’s impossible to guess at how feasible or sensible the plans are.
Until then, the Counter-Terrorism and Security Bill, which has the support of the Liberal Democrats, continues its journey through the gears of Parliament.
The Bill is currently due to be read through line-by-line on January 20. After then it will enter the final approval stages in the House of Lords and pending any amendments it will become an Act of Parliament later this year.
In relation to data retention, proposes to amend the terms of DRIPA (Data Retention and Investigatory Powers Act 2014), meaning police will be able to identify which IP addresses belong to senders and recipients (essentially who is talking to who) but not the actual content of messages.
DRIPA was railroaded through after the European Court of Justice kicked the previous RIPA laws, which allowed for blanket retention of everyone’s IP data, to the kerb. DRIPA, a temporary measure, is due to expire in 2016 but the Counter-Terrorism and Security Bill comes with no such sunset clause.