The government doesn’t want to ban encryption, but it doeswant to stop companies using ‘strong’ encryption it can’t break.
The Investigatory Powers Bill, which is due to be published Wednesday, won’t stop companies protecting data and messages by encrypting them, officials have now said. However companies will have to be able to unlock them if asked by the security agencies, according to reports — which arguably amounts to more or less the same thing.
Briefing the Telegraph, officials have said they will stop companies from using end-to-end encryption, which places a higher level of protection on data and messages than regular encryption.
End-to-end encryption allows companies to encrypt messages so they can only be opened and read by the user — for example Apple can’t read the iMessages you send, only the participants in a conversation can.
Apple’s website says its services including iMessages and FaceTime, across all of its devices, use the encryption method “so unlike other companies” it doesn’t have the ability to look through customer messages and it “wouldn’t be able to comply with a wiretap order even if we wanted to”.
Officials, including Prime Minister David Cameron, have argued that companies shouldn’t be allowed to encrypt data to a level where they can’t read what it says. The argument put forward byCameron is that terrorists shouldn’t be allowed any “safe space” online where their communications can’t be access by security agencies.
A general ban on encryption has been ruled out, however, as banks and financial companies transfer encrypted data. This was supported by Baroness Shields in the House of Lords who said there is “no intention” of banning encryption but companies must be able to “decrypt that information and provide it to law enforcement in extremis”. As such, the government will seek to ensure that all encrypted information is sent in a manner that can be decrypted.
A Home Office spokesman told the Telegraph that the government wants to “find a way to work with industry” to ensures that “terrorists and criminals in order to resolve police investigations and prevent criminal acts”.
“That means ensuring that companies themselves can access the content of communications on their networks when presented with a warrant, as many of them already do for their own business purposes, for example to target advertising. These companies’ reputations rest on their ability to protect their users’ data.”
Other measures that may be included in the proposed legislation include increased legal hacking powers for security services, increased data retention, and also whether politicians or judges should sign warrants to approve surveillance.