A leaked technical draft of the United Kingdom’s Investigatory Powers Act may provide the government with the ability to demand technology companies provide a backdoor into encrypted messaging services like WhatsApp.
The draft, published by privacy advocacy organization Open Rights Group, details how government organizations and law enforcement could force companies like WhatsApp to “modify” its services to allow for the capture and collection of metadata.
The draft subjects all telecommunications companies and platforms with more than 10,000 users in the U.K. to "provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data."
It also requires communications providers to introduce systems that would allow government agencies to intercept metadata from between one and 10,000 users simultaneously and in real-time.
“These powers could be directed at companies like WhatsApp to limit their encryption,” Open Rights Group Executive Director Jim Killock said in a statement. “The regulations would make the demands that Amber Rudd made to attack end-to-end encryption a reality. But if the powers are exercised, this will be done in secret.”
According to Open Rights Group, the details of the bill that would allow the government to demand tech companies break their own encryption protocols is a “targeted consultation” and has not been publicized to the tech industry or public.
The Secretary of State also does not need to publicly disclose if the powers are invoked, but instead only has to consult with a small selection of organizations listed within the Investigatory Powers Act.
Open Rights Group suggested the bill may also limit or discourage companies from developing strong security methods and encryption protocols that would further protect users, and could be required to get government approval for future security developments.
Members of the U.K. government have been pushing for an encryption backdoor for years, and calls for such access have only grown louder in the wake a several tragic terrorist attacks throughout Europe.
Former U.K. Prime Minister David Cameron suggested blocking encrypted messaging services within the country unless they provided a government backdoor following the Charlie Hebdo shooting in 2015.
In the wake terrorist attack in Westminster earlier this year, U.K. Interior Minister Amber Rudd said it is “completely unacceptable” that the government cannot access the content of end-to-end encrypted messaging apps after it was discovered the attacker had WhatsApp on his phone.
These requests would undermine the very concept of encrypted messaging services, which provide secure communications by requiring users to have an encryption key to decode messages. Without the key, the messages would appear as a jumble of undecipherable characters.
If a third-party had access to those messages without a key, the premise of the protection would no longer work and would put users at risk of an unauthorized person abusing that access. If encryption is cracked for one instance, the protection is no longer valid.
“I can’t build an access technology that only works with proper legal authorization, or only for people with a particular citizenship or the proper morality. The technology just doesn’t work that way. If a backdoor exists, then anyone can exploit it,” Bruce Schneier, a security technologist, wrote of encryption.
0 comments: