The Don’t Spy On Us coalition, which Big Brother Watch are a member of, have written to the Home Secretary calling for any plans to weaken encryption in the draft Investigatory Powers Bill to be scrapped.
The indication that the draft Bill will require companies to hand over encrypted data have raised concerns amongst academics, industry experts and civil society groups. These proposals, it is believed, would undermine cyber-security in the UK, putting us at odds with a number of our allies, including the United States and the Netherlands, who have both declared their intentions to protect encryption.
In order to ensure we have a secure internet, Don’t Spy On Us have called for an unambiguous statement of support for strong encryption by the Home Secretary.
You can read the full text of the letter here:
Dear Home Secretary,
Today, 195 experts, organisations and companies in more than 40 countries published an open letter asking world leaders to support strong encryption and to reject any law, policy, or mandate that would undermine digital security.
Strong encryption is the cornerstone of our country’s cyber-security. Encryption protects billions of people every day against threats that include criminals trying to steal our phones and laptops, cyber criminals trying to defraud us and foreign intelligence agencies targeting companies’ valuable trade secrets.
Many countries have been considering the impact increased encryption has on wider policy issues, including those for cyber security, as well as for law enforcement. In recent months, key allies have been voicing their support for policies that promote, rather than weaken, strong encryption.
In the United States, President Obama concluded that it is not possible to give US law enforcement and intelligence agencies an encryption backdoor without also creating an opening that China, Russia, and cyber-criminals could exploit. His administration has confirmed “they will not be seeking legislation” on this issue.
In the Netherlands, a policy review after the recent Paris terrorist attacks concluded that “restrictive” measures would put “citizens at risk” and have “undesirable consequences for the security of information stored and communicated and the integrity of ICT systems, which are increasingly of importance for the functioning of society”.
In Finland, similar conclusions have been reached after concerns were expressed by businesses that their ability to compete on international markets would be hampered should they be compelled to surrender decryption keys or introduce backdoors in their software or hardware. The Working Group set up by the Finish Government concluded they will not recommend encryption backdoors.
The approach taken by the draft Investigatory Powers Bill runs contrary to this growing consensus. Maintenance of technical capability provisions (Clause 189) of the draft Bill can permit the Secretary of State to impose obligations on companies which would include the “removal of electronic protection”.
Civil society groups, industry and academics have all resoundingly condemned proposals that would weaken the security of systems by inserting backdoors.
One of the key principles of the Don’t Spy On Us coalition is the need for a secure web for all. Weakening the general security and privacy of communications systems erodes protections for everyone, and undermines trust in digital services. Secret operations by government agencies should be targeted, and not attack widely used technologies, protocols and standards.
In evidence to the Joint Committee on the draft Investigatory Powers Bill, Facebook, Google, Microsoft, Twitter and Yahoo stated that they: “reject any proposals that would require companies to deliberately weaken the security of their products via backdoors, forced decryption, or any other means”. Apple wrote in similar terms, that “in this rapidly evolving cyber-threat environment, companies should remain free to implement strong encryption to protect customers” and that current proposals could “immobilise substantial portions of the tech sector and spark serious international conflicts”.
We urgently request the current approach to this issue in the draft Investigatory Powers Bill is reconsidered, and that a clear, unambiguous statement is made to reassure those concerned that there will be no further law, policy, or mandate that would undermine digital security.
We would be grateful if you could respond to this correspondence within 14 days.
Thomas Hughes, Executive Director, ARTICLE 19
Renate Samson, Chief Executive, Big Brother Watch
Eric King, Director, Don’t Spy on Us
Jo Glanville, Director, English PEN
Shami Chakrabarti, Director, Liberty
Jim Killock, Executive Director, Open Rights Group
Gus Hosein, Executive Director, Privacy International