UK Government to push through laws forcing social media firms to hand over encrypted data

THE UK government will attempt to push through new laws to compel technology companies to hand over encrypted data. Should the Conservatives win the general election on June 8, then they are reportedly lining up a Technical Capability Notices bill to take to Parliament.

The notices will force messaging services such as WhatsApp and Facebook to hand over encrypted data to terror investigators within weeks. It means that the police and MI5 will have access to private data that was previously protected by end-to-end encryption.

Social media experts and security bodies have warned that the new law will open a back door for hackers to exploit. Companies currently boast that end-to-end encryption is ‘unhackable’. Kaspersky Lab’s principal security researcher David Emm argued, both getting rid of encryption and creating a ‘back door’ are ‘flawed approaches’. “Creating a ‘backdoor’ to decipher encrypted traffic is akin to leaving a key to your front door under the mat outside,” Emm said. “Your intention is for it to be used only by those you have been told about it. But if someone else discovers it, you’d be in trouble.” 

Equally concerned about the prospect of a ban on end-to-end encryption, Andrew Patel, senior manager at F-Secure said such a ban could actually make it more difficult to prevent terrorism. “Agencies tend to collect too much data and have trouble finding signals among all the noise,” he said. “Even in recent cases, terrorist attacks that could have been tracked and stopped with available data were still missed by authorities. Removing end-to-end encryption would not help solve the noise problem – in fact, it might even make it worse.”

Erka Koivunen, chief information security officer at F-Secure added that banning encryption would tear apart the trust model which internet businesses are built on. “Not only would banning end-to-end encryption be a futile attempt to turn back the clock, it would really expose people and businesses to a number of threats. However, perhaps the biggest thing would be the collapse of the trust model in internet-based business.”

Check Also

Feature: Why it’s time to remove local admin rights for the safety of organisations

By Andrey Pozhogin, Endpoint product manager at CyberArk.   The idea of removing local admin …