- Everything we know so far about Peacock, NBC’s new streaming service Tuesday 7:42 PM
- Selena Gomez producing docuseries about immigration for Netflix Tuesday 7:11 PM
- How to stream Manchester City vs. Shakhtar Donetsk in Champions League action Tuesday 6:14 PM
- Milo Yiannopoulos threatens to crash furry convention he is barred from Tuesday 5:54 PM
- How to stream Juventus vs. Atletico Madrid in Champions League action Tuesday 5:52 PM
- How to stream Real Madrid vs. PSG in Champions League action Tuesday 5:24 PM
- No-fly zone implemented over Area 51 ahead of Alienstock festival Tuesday 5:16 PM
- TikTok accused of censoring content about Hong Kong protests Tuesday 5:04 PM
- Smoke ’em, pass ’em, Week 3: At the Bakery Tuesday 4:38 PM
- Alex Trebek says he will be undergoing chemotherapy again Tuesday 4:27 PM
- Dan Crenshaw roasted after attacking Sanders’ call for veteran care Tuesday 4:19 PM
- How to stream NXT for its USA network debut Tuesday 4:12 PM
- This website will show you how AI classifies you Tuesday 3:22 PM
- School tells Black 4-year-old to cut his hair or wear a dress Tuesday 3:17 PM
- Lizzo called a ‘snitch’ for accusing Postmates runner of stealing food Tuesday 2:30 PM
The British government could use the powers contained in a pending surveillance bill to force tech companies to decrypt user data, a top U.K. law-enforcement official said on Tuesday.
Chris Farrimond, the director of the National Crime Agency, told Parliament that authorities could order a company to strip encryption from data under the Investigatory Powers Bill, which lawmakers have been debating since the Home Office introduced it in November.
Farrimond later attempted to walk back his declaration by claiming that the government could only “request” this assistance, but the bill clearly states that companies receiving so-called “technical capability notices” have no such choice.
Sections 217 and 218 explain these notices and the parameters for issuing them. In Section 217, a list of example uses of the power includes a demand for “the removal by a relevant operator of electronic protection applied by or on behalf of that operator to any communications or data.”
According to section 218, “A person to whom a relevant notice is given must comply with the notice.” Recipients of such notices are also not permitted to disclose them without permission from the government.
The Home Office previously told the Daily Dot that “the bill does not create backdoors” but instead “maintains the existing obligation for telecommunications companies to assist in the execution of warrants.”
“While the Home Office has insisted the IP Bill doesn’t create a mandate,” Drew Mitnick, policy counsel at the digital-rights group Access Now, said in an email, “it also requires the creation of regulations for compliance with the notices, and there’s enough ambiguity in the language for those regulations to be quite sweeping.”
This is similar to the way two leading U.S. senators have described their recently introduced bill requiring companies to provide encrypted user data in an “intelligible” format. Security experts, tech companies, and civil-society groups all say that the bill amounts to a backdoor mandate.
Both the U.S. and U.K. bills are part of a global encryption debate prompted by the spread of unbreakable encryption in mobile operating systems and messaging apps. Recent terrorist attacks in Brussels, Paris, and San Bernardino, California, have led authorities to step up their demands for guaranteed access to encrypted data.
Senior law-enforcement and intelligence officials in many Western countries want their legislatures to require companies to be able to decrypt data when they receive search warrants. But the tech companies, and their allies in the cryptography and civil-liberties communities, strongly oppose those efforts. They warn that the only way to comply would be to weaken their encryption and create new security vulnerabilities.
“The IP Bill should be modified to make clear that the bill does not require limitations on encryption or the creation of backdoors,” Mitnick said. “Orders to remove or weaken encryption would directly harm users’ digital security and their rights to privacy and freedom of expression. Ambiguity in the law would also mean that companies are less likely to develop and implement strong security and users would be less trusting of technology.”
A Home Office spokeswoman did not respond to an email asking about Farrimond’s comments.
Update 12:20pm CT, April 20: Added comments from Access Now.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.