Basing country-wide policy decisions on a hypothetical need to equip a small number of MI5 spies is at the very least questionable. And yet David Cameron and his government continue to use the need for UK agencies to fight terrorists as a blunt instrument to bludgeon all dissenters. First it was the Communications Data Bill (referred to as the Snoopers’ Charter). Now it is the Investigatory Powers Bill. The bill threatens to put any company operating in Britain on the back foot by removing encryption and secure data transfers, and by forcing companies to store social networking, messaging and calling records on all individuals for 12 months.
Of course there certainly is a need to equip agencies around the world to better combat crime and especially terrorism, but as always there is more to this discussion than politicians like to admit. Or perhaps more than they have thought about.
Clearly encryption is not just about criminals communicating and plotting under cover of darkness. Today virtually every aspect of business, telecoms and IT uses encryption to keep our citizens and our businesses safe and workable. For UK businesses or in fact any enterprise that has a UK operation, the removal of encryption will make it much easier for the criminally minded to steal personal data or gain unfair competitive advantage. In other cases, the removal of encryption, or even the perception of its removal, could undermine confidence in an entire industry.
Take the obvious example of banking. Not only is this a huge industry in Britain, it is also fundamental to all business. Thanks to the growth of the Internet many people now do the majority of their banking online. It’s fast, easy and convenient. And of course it runs over encryption, to keep users’ banking details secure. Remove encryption and who in their right mind will do their banking online? The problem of course is you cannot easily separate the encrypted traffic of criminals from the encrypted traffic of everyday folk who just want to pay a bill.
Such has been the discussion so far. But there are yet other considerations and repercussions once we stat to lift the lid off this particular can of worms.
Firstly and looking at this from the other side for a minute, we already have a massive invasion of privacy that people either don’t know about or don’t care about. For example if you have a Facebook app on your phone then you have already given Facebook permission to read all your text messages and modify your contacts. Similarly users of Gmail have granted Google permission to modify their contacts. Mobile apps are increasingly accessing each others’ data about the user and acting as surveillance devices. Why is nobody complaining? Because rather than calling it a “Snoopers Charter”, it’s a 5 page agreement called “I Agree” which you glimpse briefly when you install an app. So it seems people don’t actually care about snooping if it makes their life convenient.
Secondly the Snoopers charter affects UK Mobile Operators in several ways and nether has yet been thought through. On the one hand banning encryption could remove a huge headache for mobile operators, as encrypted traffic is incredibly difficult for them to manage or optimise or expedite. Basically such traffic appears to them as a dark pipe, it all looks the same due to its encrypted nature. So removing encryption puts mobile operators back into the game, it enables them to manage their traffic, add value, and of course charge money for that. But the other edge of this sword is the huge outlays operators will incur by being forced to store subscriber data for a year – a key requirement of the Snoopers’ Charter - suddenly costs rack up for operators.
Nobody in the tech industry appears to support the government’s barely thought out policy. In fact just recently the world’s largest technology companies Facebook, Google, Twitter, Yahoo, and Microsoft in a highly unusual show of unity, roundly condemned the UK government position on providing backdoors into private communications. They pointed out that what Cameron is proposing will have huge and far reaching implications for industry. Vodafone actually went further and stated that if mobile operators are responsible for collecting and retaining the private data of their subscribers, pubic trust in mobile operators will be seriously undermined.
The Bill will drag on in parliament over 2016 and there will be endless heated debates. But end to end encryption, with no back doors is the only workable solution - unless we are prepared to give up most everyday online services we take for granted. That train has left the station as our CEO John Giere commented in his recent blog on Donald Trump, the FBI and encryption in the US. Yes we need to support the government’s stated aim of fighting crime and terrorism but you don’t fight bad people by taking basic services away from everybody else. Security is a highly complex debate with multiple facets and multiple repercussions, good and bad, on both businesses and users. Trying to pretend this is all about catching bad guys is a misrepresentation.