- Fans call out Madonna for edited Eurovision video Tuesday 9:36 PM
- Partnered Twitch streamer temporarily banned for airing troll’s racist message Tuesday 8:45 PM
- Reddit theory says fans are wrong about who won ‘Game of Thrones’ Tuesday 6:52 PM
- Elon Musk hires ‘absolute unit’ sheep meme creator to be Tesla’s social media manager Tuesday 6:12 PM
- Jason Momoa stands by his Khaleesi after the ‘Game of Thrones’ finale Tuesday 4:05 PM
- Airbnb, 23andMe partner for creepy heritage travel recommendations Tuesday 3:26 PM
- Rep. Katie Porter goes viral again for trouncing Ben Carson (updated) Tuesday 3:26 PM
- This deepfake takes Bill Hader’s Schwarzenegger impression to the next level Tuesday 2:58 PM
- Wanda Sykes rails against Trump and offers much-needed perspective in ‘Not Normal’ Tuesday 2:41 PM
- Man arrested after allegedly threatening to shoot YouTube employees Tuesday 2:13 PM
- Some House Dems are backing away from the Save the Internet Act Tuesday 1:40 PM
- Thousands sign petition calling for Danny DeVito to play Wolverine Tuesday 1:02 PM
- Jason Mitchell fired from ‘Desperados’ and ‘The Chi’ after misconduct allegations Tuesday 12:36 PM
- Police raid Black woman’s house after white neighbor complains about loud Malcolm X speeches Tuesday 12:20 PM
- ‘Transfixed’ says it’s a ‘breakthrough’ series, but it still fetishizes trans bodies Tuesday 11:04 AM
U.K. official confirms surveillance bill would let cops force companies to decrypt data
Comments by a senior U.K. law-enforcement officer confirm what many companies have feared.
The British government could use the powers contained in a pending surveillance bill to force tech companies to decrypt user data, a top U.K. law-enforcement official said on Tuesday.
Chris Farrimond, the director of the National Crime Agency, told Parliament that authorities could order a company to strip encryption from data under the Investigatory Powers Bill, which lawmakers have been debating since the Home Office introduced it in November.
Farrimond later attempted to walk back his declaration by claiming that the government could only “request” this assistance, but the bill clearly states that companies receiving so-called “technical capability notices” have no such choice.
Sections 217 and 218 explain these notices and the parameters for issuing them. In Section 217, a list of example uses of the power includes a demand for “the removal by a relevant operator of electronic protection applied by or on behalf of that operator to any communications or data.”
According to section 218, “A person to whom a relevant notice is given must comply with the notice.” Recipients of such notices are also not permitted to disclose them without permission from the government.
The Home Office previously told the Daily Dot that “the bill does not create backdoors” but instead “maintains the existing obligation for telecommunications companies to assist in the execution of warrants.”
“While the Home Office has insisted the IP Bill doesn’t create a mandate,” Drew Mitnick, policy counsel at the digital-rights group Access Now, said in an email, “it also requires the creation of regulations for compliance with the notices, and there’s enough ambiguity in the language for those regulations to be quite sweeping.”
This is similar to the way two leading U.S. senators have described their recently introduced bill requiring companies to provide encrypted user data in an “intelligible” format. Security experts, tech companies, and civil-society groups all say that the bill amounts to a backdoor mandate.
Both the U.S. and U.K. bills are part of a global encryption debate prompted by the spread of unbreakable encryption in mobile operating systems and messaging apps. Recent terrorist attacks in Brussels, Paris, and San Bernardino, California, have led authorities to step up their demands for guaranteed access to encrypted data.
Senior law-enforcement and intelligence officials in many Western countries want their legislatures to require companies to be able to decrypt data when they receive search warrants. But the tech companies, and their allies in the cryptography and civil-liberties communities, strongly oppose those efforts. They warn that the only way to comply would be to weaken their encryption and create new security vulnerabilities.
“The IP Bill should be modified to make clear that the bill does not require limitations on encryption or the creation of backdoors,” Mitnick said. “Orders to remove or weaken encryption would directly harm users’ digital security and their rights to privacy and freedom of expression. Ambiguity in the law would also mean that companies are less likely to develop and implement strong security and users would be less trusting of technology.”
A Home Office spokeswoman did not respond to an email asking about Farrimond’s comments.
Update 12:20pm CT, April 20: Added comments from Access Now.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.