- Black man films ‘Crosswalk Cathy’ yelling racist slurs at him Tuesday 6:47 PM
- Guerrilla artists turn John Oliver billboard ad into right-wing meme Tuesday 4:20 PM
- Netflix lines up unnecessarily good cast for ‘Green Eggs and Ham’ Tuesday 3:48 PM
- Netflix drops trailer for Mötley Crüe biopic ‘The Dirt’—and the cast is wild Tuesday 3:41 PM
- QAnon’s repetitive posts are alienating even his most ardent supporters Tuesday 3:36 PM
- Noah Cyrus cries on Instagram after Lil Xan’s baby announcement Tuesday 2:26 PM
- The ‘Well yes, but actually no’ meme is here to help you explain things Tuesday 12:07 PM
- Judge orders Roger Stone to appear in court after his Instagram post Tuesday 11:24 AM
- I worked with the migrant caravan—and Trump is the cause of his national emergency Tuesday 11:09 AM
- How to watch Liverpool vs. Bayern Munich online for free Tuesday 11:08 AM
- ‘Patriot Act’ volume 2 proves Hasan Minhaj is the next big star of the news-comedy genre Tuesday 11:01 AM
- ‘Friends From College’ canceled after 2 seasons at Netflix Tuesday 10:53 AM
- Allow your wallet to be your spirit guide during this rad anime sale Tuesday 10:43 AM
- Man stages fake DUI trial to propose to girlfriend, and people are asking why Tuesday 10:40 AM
- Bernie Sanders’ website full of 404s on launch day Tuesday 10:23 AM
U.K. official confirms surveillance bill would let cops force companies to decrypt data
Comments by a senior U.K. law-enforcement officer confirm what many companies have feared.
The British government could use the powers contained in a pending surveillance bill to force tech companies to decrypt user data, a top U.K. law-enforcement official said on Tuesday.
Chris Farrimond, the director of the National Crime Agency, told Parliament that authorities could order a company to strip encryption from data under the Investigatory Powers Bill, which lawmakers have been debating since the Home Office introduced it in November.
Farrimond later attempted to walk back his declaration by claiming that the government could only “request” this assistance, but the bill clearly states that companies receiving so-called “technical capability notices” have no such choice.
Sections 217 and 218 explain these notices and the parameters for issuing them. In Section 217, a list of example uses of the power includes a demand for “the removal by a relevant operator of electronic protection applied by or on behalf of that operator to any communications or data.”
According to section 218, “A person to whom a relevant notice is given must comply with the notice.” Recipients of such notices are also not permitted to disclose them without permission from the government.
The Home Office previously told the Daily Dot that “the bill does not create backdoors” but instead “maintains the existing obligation for telecommunications companies to assist in the execution of warrants.”
“While the Home Office has insisted the IP Bill doesn’t create a mandate,” Drew Mitnick, policy counsel at the digital-rights group Access Now, said in an email, “it also requires the creation of regulations for compliance with the notices, and there’s enough ambiguity in the language for those regulations to be quite sweeping.”
This is similar to the way two leading U.S. senators have described their recently introduced bill requiring companies to provide encrypted user data in an “intelligible” format. Security experts, tech companies, and civil-society groups all say that the bill amounts to a backdoor mandate.
Both the U.S. and U.K. bills are part of a global encryption debate prompted by the spread of unbreakable encryption in mobile operating systems and messaging apps. Recent terrorist attacks in Brussels, Paris, and San Bernardino, California, have led authorities to step up their demands for guaranteed access to encrypted data.
Senior law-enforcement and intelligence officials in many Western countries want their legislatures to require companies to be able to decrypt data when they receive search warrants. But the tech companies, and their allies in the cryptography and civil-liberties communities, strongly oppose those efforts. They warn that the only way to comply would be to weaken their encryption and create new security vulnerabilities.
“The IP Bill should be modified to make clear that the bill does not require limitations on encryption or the creation of backdoors,” Mitnick said. “Orders to remove or weaken encryption would directly harm users’ digital security and their rights to privacy and freedom of expression. Ambiguity in the law would also mean that companies are less likely to develop and implement strong security and users would be less trusting of technology.”
A Home Office spokeswoman did not respond to an email asking about Farrimond’s comments.
Update 12:20pm CT, April 20: Added comments from Access Now.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.