Five major American tech companies have warned the British government that its draft counterterrorism law endangers civil liberties, international legal harmony, and citizen trust.
“We are concerned that some of the authorities contained in the Bill, as currently drafted, represent a step in the wrong direction,” they wrote in their filing.
“We reject any proposals that would require companies to deliberately weaken the security of their products…”
The companies objected particularly forcefully to a provision in the bill that could allow law enforcement agencies to demand access to encrypted products. Technical experts warn that so-called encryption “backdoors” would endanger users’ privacy and security, but police and intelligence officials in many countries, including the United States and the United Kingdom, have called for guaranteed access to encrypted communications in response to recent terrorist attacks.
“We reject any proposals that would require companies to deliberately weaken the security of their products via backdoors, forced decryption, or any other means,” the tech companies said in their filing. “We therefore have concerns that the Bill includes ‘obligations relating to the removal of electronic protection applied by a relevant operator to any communication or data’ and that these are explicitly intended to apply extraterritorially with limited protections for overseas providers.”
The tech firms, which are part of a coalition called Reform Government Surveillance, also criticized what they called vague language in the bill’s surveillance provisions. “In terms of setting international precedent, we … suggest that the Bill be more explicit in the language it uses, highlighting that any [information] collection should be pursuant to a specific identifier].”
International precedent constituted a significant portion of the companies’ objections. They argued that they should not have to comply with U.K. warrants that would require them to violate their legal obligations in other countries.
The companies also wrote that new authorities for computer hacking could introduce vulnerabilities into British computer networks. Silicon Valley has sharply criticized the National Security Agency and other U.S. agencies for exploiting technical flaws in commercial products instead of warning companies about the flaws.
“We urge the Government to make clear that actions taken under authorization do not introduce new risks or vulnerabilities for users or businesses,” the companies wrote to U.K. lawmakers, “and that the goal of eliminating vulnerabilities is one shared by the U.K. Government.”
Security experts, civil liberties activists, and even former government officials have slammed the Draft Investigatory Powers Bill as it has worked its way through Parliament. William Binney, a former senior NSA official and later whistleblower, compared its provisions to the laws of “totalitarian states.”
Photo via AK Rockefeller/Flickr (CC BY 2.0) | Remix by Jason Reed