- ‘American Dirt’ controversy inspires meme about Latinx stereotypes in literature Wednesday 9:02 PM
- What is the TikTok ‘flex challenge’? Wednesday 8:03 PM
- GoFundMe to send ‘Target Tori’ on vacation raises more than $30K Wednesday 6:54 PM
- Furries stop domestic assault in viral video Wednesday 6:10 PM
- Gritty under police investigation for allegedly punching a teen fan Wednesday 6:04 PM
- Twitter users throw animal parties with emoji in new meme Wednesday 5:21 PM
- Woman who went viral supporting Soleimani killing exposed as Libyan militia lobbyist Wednesday 5:01 PM
- Jeff Bezos subtweets Saudi prince following phone hack report Wednesday 3:29 PM
- ‘Yeah, good. OK’ Bernie Sanders meme is a new way to dismiss people Wednesday 3:10 PM
- ‘Vanderpump Rules’ recap: Petty displays of affection Wednesday 2:12 PM
- Makeup artist transforms into Timothée Chalamet on TikTok Wednesday 1:54 PM
- Iguanas are falling from trees—and people are selling them online for food Wednesday 1:02 PM
- 75,000 sign petition to fire Wendy Williams after ‘cleft lip’ comment about Joaquin Phoenix Wednesday 12:30 PM
- Kim Kardashian says Kylie Jenner’s setting spray is ‘cheap sh*t’ Wednesday 11:59 AM
- Trump continues to demand Apple unlock iPhones for the government Wednesday 11:46 AM
The British government could use the powers contained in a pending surveillance bill to force tech companies to decrypt user data, a top U.K. law-enforcement official said on Tuesday.
Chris Farrimond, the director of the National Crime Agency, told Parliament that authorities could order a company to strip encryption from data under the Investigatory Powers Bill, which lawmakers have been debating since the Home Office introduced it in November.
Farrimond later attempted to walk back his declaration by claiming that the government could only “request” this assistance, but the bill clearly states that companies receiving so-called “technical capability notices” have no such choice.
Sections 217 and 218 explain these notices and the parameters for issuing them. In Section 217, a list of example uses of the power includes a demand for “the removal by a relevant operator of electronic protection applied by or on behalf of that operator to any communications or data.”
According to section 218, “A person to whom a relevant notice is given must comply with the notice.” Recipients of such notices are also not permitted to disclose them without permission from the government.
The Home Office previously told the Daily Dot that “the bill does not create backdoors” but instead “maintains the existing obligation for telecommunications companies to assist in the execution of warrants.”
“While the Home Office has insisted the IP Bill doesn’t create a mandate,” Drew Mitnick, policy counsel at the digital-rights group Access Now, said in an email, “it also requires the creation of regulations for compliance with the notices, and there’s enough ambiguity in the language for those regulations to be quite sweeping.”
This is similar to the way two leading U.S. senators have described their recently introduced bill requiring companies to provide encrypted user data in an “intelligible” format. Security experts, tech companies, and civil-society groups all say that the bill amounts to a backdoor mandate.
Both the U.S. and U.K. bills are part of a global encryption debate prompted by the spread of unbreakable encryption in mobile operating systems and messaging apps. Recent terrorist attacks in Brussels, Paris, and San Bernardino, California, have led authorities to step up their demands for guaranteed access to encrypted data.
Senior law-enforcement and intelligence officials in many Western countries want their legislatures to require companies to be able to decrypt data when they receive search warrants. But the tech companies, and their allies in the cryptography and civil-liberties communities, strongly oppose those efforts. They warn that the only way to comply would be to weaken their encryption and create new security vulnerabilities.
“The IP Bill should be modified to make clear that the bill does not require limitations on encryption or the creation of backdoors,” Mitnick said. “Orders to remove or weaken encryption would directly harm users’ digital security and their rights to privacy and freedom of expression. Ambiguity in the law would also mean that companies are less likely to develop and implement strong security and users would be less trusting of technology.”
A Home Office spokeswoman did not respond to an email asking about Farrimond’s comments.
Update 12:20pm CT, April 20: Added comments from Access Now.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.