- Here’s the best ‘Game of Thrones’ fanfiction 3 Years Ago
- ‘Star Trek: Discovery’ unmasks the time-traveling Red Angel Thursday 8:30 PM
- Everyone is making memes of Meghan McCain saying ‘my father’ on loop Thursday 8:11 PM
- Irony of Georgia’s sperm-reporting bill flies by anti-abortion advocates Thursday 7:11 PM
- Sex scandals are consuming the K-pop industry Thursday 5:44 PM
- Trump supporters are abandoning Fox News over network’s latest hire Thursday 5:20 PM
- QAnon is attacking a random woman in a disturbing and dangerous way Thursday 4:59 PM
- Google celebrates Bach with AI-powered, music-making doodle Thursday 4:53 PM
- RIP: The best free trial in all of streaming entertainment Thursday 2:19 PM
- Which ‘Florida Man’ are you? Thursday 1:06 PM
- Hundreds of millions of Facebook passwords were accessible to employees Thursday 12:55 PM
- ‘Bitch I’m Bella Thorne’ morphs into TikTok dyslexia meme Thursday 12:17 PM
- Marvel is auctioning props and costumes from Netflix’s ‘Defenders’ franchise Thursday 12:12 PM
- Net neutrality advocates plan online watch party for the ‘Save the Internet’ Act Thursday 12:01 PM
- Tim Cook turns his iPad meme into an AirPod meme Thursday 11:46 AM
U.K. official confirms surveillance bill would let cops force companies to decrypt data
Comments by a senior U.K. law-enforcement officer confirm what many companies have feared.
The British government could use the powers contained in a pending surveillance bill to force tech companies to decrypt user data, a top U.K. law-enforcement official said on Tuesday.
Chris Farrimond, the director of the National Crime Agency, told Parliament that authorities could order a company to strip encryption from data under the Investigatory Powers Bill, which lawmakers have been debating since the Home Office introduced it in November.
Farrimond later attempted to walk back his declaration by claiming that the government could only “request” this assistance, but the bill clearly states that companies receiving so-called “technical capability notices” have no such choice.
Sections 217 and 218 explain these notices and the parameters for issuing them. In Section 217, a list of example uses of the power includes a demand for “the removal by a relevant operator of electronic protection applied by or on behalf of that operator to any communications or data.”
According to section 218, “A person to whom a relevant notice is given must comply with the notice.” Recipients of such notices are also not permitted to disclose them without permission from the government.
The Home Office previously told the Daily Dot that “the bill does not create backdoors” but instead “maintains the existing obligation for telecommunications companies to assist in the execution of warrants.”
“While the Home Office has insisted the IP Bill doesn’t create a mandate,” Drew Mitnick, policy counsel at the digital-rights group Access Now, said in an email, “it also requires the creation of regulations for compliance with the notices, and there’s enough ambiguity in the language for those regulations to be quite sweeping.”
This is similar to the way two leading U.S. senators have described their recently introduced bill requiring companies to provide encrypted user data in an “intelligible” format. Security experts, tech companies, and civil-society groups all say that the bill amounts to a backdoor mandate.
Both the U.S. and U.K. bills are part of a global encryption debate prompted by the spread of unbreakable encryption in mobile operating systems and messaging apps. Recent terrorist attacks in Brussels, Paris, and San Bernardino, California, have led authorities to step up their demands for guaranteed access to encrypted data.
Senior law-enforcement and intelligence officials in many Western countries want their legislatures to require companies to be able to decrypt data when they receive search warrants. But the tech companies, and their allies in the cryptography and civil-liberties communities, strongly oppose those efforts. They warn that the only way to comply would be to weaken their encryption and create new security vulnerabilities.
“The IP Bill should be modified to make clear that the bill does not require limitations on encryption or the creation of backdoors,” Mitnick said. “Orders to remove or weaken encryption would directly harm users’ digital security and their rights to privacy and freedom of expression. Ambiguity in the law would also mean that companies are less likely to develop and implement strong security and users would be less trusting of technology.”
A Home Office spokeswoman did not respond to an email asking about Farrimond’s comments.
Update 12:20pm CT, April 20: Added comments from Access Now.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.