New UK Draft Law Prohibits “Unbreakable Encryption”

The US took a step in the right direction on the issue of encryption a few weeks ago, when the government officially announced they would not be seeking “backdoors” into encrypted communications (at least not for now).

It comes as a bit of a surprise, then, that the UK has just announced draft legislation that bans strong encryption built into technology, and would mandate the exact “encryption backdoors” the US decided against.

The UK’s draft legislation is called the Investigatory Powers Bill and means that companies – including tech giants like Google and Apple – will not be able to offer encryption they can’t break. These companies must be able to decipher their encryption, and access the communications that run across their devices if requested to do so (by police or other officials).  This means they cannot build end-to-end encryption into their products. Many popular products, such as Apple’s iPhone, currently employ end-to-end encryption technology.

As stated by the Telegraph, this law will “For the first time, place a duty on companies to be able to access their customer data in law.”

The legislation’s purpose is to assist law enforcement efforts. It additionally requires Internet companies to retain their customers’ web history for a period of up to a year, continuing a scary trend of data retention. Similar, invasive laws have recently been proposed or passed in Australia, Germany and France.

Unsurprisingly, there has been a great deal of backlash against the UK’s bill, with many prominent people speaking out against it. Some have even gone as far as to suggest that Apple should stop selling iPhones in the UK.

As a company that believes strongly in online privacy and security, we are upset by this legislation. Encryption is a powerful tool, and building in this “backdoor” access weakens encryption, leaving users vulnerable to privacy violations and surveillance.

Update – November 2015: Apple’s CEO Tim Cook has come out in strong opposition to the Investigatory Powers Bill, speaking out against it and warning of its potential “dire consequences.”  He emphasized the bill will create vulnerabilities for consumers, stating that “Any back door is a back door for everyone.”

Dell’s CEO Micheal Dell also joined the conversation, stating that he is strongly opposed to encryption backdoors and describing them as a “horrible idea.”

In the days since the bill was announced there have also been some concerns over the costs to ISPs, calling into question if implementation is even feasible.

Update – December 2015: A group of tech giants – including Google, Facebook, Microsoft, Twitter and Yahoo – criticized the Investigatory Powers Bill. On December 21 they argued for “significant modifications” and did not want to sign up to proposals regarding bulk surveillance, weaker encryption and other measures. They further explained that surveillance laws might “undermined trust” with their customers, and expressed concerns about the vague language and requirement for overseas companies to hand over data to the UK government.

Update – February 2016: The Investigatory Powers bill is still highly controversial and facing criticism. A committee of politicians, called the Joint Select Committee (JSC), have been looking into this bill and published recommendations on ways in which the bill should be amended. As reported in an International Business Times article they said “the new measure should be allowed, but only after significant work is done to clarify the bill.” Specifically, they are asking for more details about encryption.  The Intelligence and Security Committee also recently published a report on the bill, which cited concerns that the bill does not include provisions to protect the privacy of UK citizens. The UK Parliament’s Science and Technology Committee also said it could damage the countries technology sector.

Update – March 2016: Unfortunate news today as the Investigatory Powers Bill, or “Snooper’s Charter” as it’s often called, passed its second reading in parliament. This passage comes despite widespread criticism to the bill, including an open letter signed by 200 lawyers claiming the draft law “fails to meet international standards for surveillance powers” and needed a great deal of revision. The vote in favor of the draft law was overwhelming, coming in at 281:15. The Labour and the SNP parties abstained from voting. Learn more about the vote, and where the parties stand.

Update – June 2016: The Investigatory Powers Bill passed through the House of Commons on June 7, 2016. The vote was strongly in favor – 444 to 69 – although several concerns over the bill continued to be expressed. Some amendments were included in the bill, which “put privacy at the heart of the bill.” Provisions for a “double-lock” procedure, which would require additional approval on warrants, was also mentioned. Despite these changes, the bill still allows for surveillance, with broad and “intrusive” powers. The bill will next go to the House of Lords for review and amendment prior to additional voting. You can read more details here.