U.K. Prime Minister David Cameron has been weathering a Twitter storm of mockery for comments he made yesterday in which he appeared to suggest it would be the intention of a future Conservative government to ban strong encryption.
“Are we going to allow a means of communication between people which even in extremis, with a signed warrant from the Home Secretary personally, that we cannot read?” he said in a public speech. “No we must not. The first duty of any government is to keep our country and our people safe.”
Internet security experts chipped in en masse on social media to point out the pyrrhic folly of Cameron thinking he can ban encryption, while others noted the heightened hypocrisy of a politician using last week’s terror attacks in Paris as a foil to attempt to undermine citizens’ digital privacy rights at home.
TechCrunch understands alarm at the potential implications of Cameron’s comments even extended to the U.K.’s VC investment community — which makes sense, given that Internet businesses wouldn’t be able to function without encryption. So in a move that will shock precisely no one, the back channel back-peddling has begun.
Downing Street sources said the PM’s words had been misinterpreted, and that he was not, in fact, singling out encryption, or any particular Internet companies, for a ban. Although another government source declined to confirm to TechCrunch that a future Conservative government would not be seeking to ban encryption when we asked directly. So the Tories are evidently not committing to ending all encryption-banning rhetorical outbursts in future.
The game being played here is not just with popular opinion on the election campaign trail — ahead of the U.K.’s General Election this May, as the Tories cack-handedly try to capitalize on fear of terrorism by tilting at digital windmills. It’s also an attempt to apply political pressure on foreign owned Internet companies to provide U.K. security services with backdoors into their services.
Last November the incoming head of the U.K.’s GCHQ spy agency made a direct public appeal to U.S. Internet companies to co-operate with government counter terrorism efforts and hand over data on users when asked.
Yesterday Cameron was evidently trying to speed that same plough. However if, as government sources are (sort of) suggesting, he does not in fact have an intention to ban encryption, but is hoping that Internet companies will agree to put backdoors into services themselves, there are undoubtedly some digital services that U.K. spooks will not be able to peek into — i.e. those that use end-to-end encryption or companies that refuse to co-operate with requests to install backdoors — and, really, there is not a whole lot U.K. politicians will be able to do about that.
That said, the Prime Minister has previously committed a future Tory government to re-introduce more comprehensive powers of digital comms data capture, and to extend the emergency surveillance legislation (DRIPA) that was rushed through the U.K. parliament last year. Under DRIPA, companies providing a service to the U.K. are technically required to provide access to data.
The difficulty (for government) comes in trying to enforce such a legal requirement if a company does not have a physical presence in the U.K. And even where a company does have a presence, no U.K. government is going to want to be seen banning mainstream apps. That’s never a good look — unless you’re heading up a totalitarian regime.
Indeed, government sources were very keen to stress that it is not Cameron’s intention to ban Internet companies in the U.K. They added that the government is working closely with Internet companies to ensure compliance with DRIPA — describing the approach it is taking, led by a special envoy, Sir Nigel Sheinwald, appointed last September, as “co-operative”.
At the time of Sheinwald’s appointment the government noted:
A number of overseas companies have asserted that their ability to work with the UK government is being severely constrained by international conflicts of jurisdiction. For example, where they think they have a British law saying that they should share data, and an American law saying that they shouldn’t. So we intend to appoint a senior diplomat to work with America and other countries to address these concerns and ensure that lawful and justified transfer of information across borders takes place to protect our people’s safety and security.
What’s the long and the short of all this? Cameron’s non-specific anti-encryption drum banging is not worth the paper it wasn’t written on. And Internet companies should definitely expect a lot more rhetoric about how they risk aiding and abetting terrorists if they don’t give in to U.K. government requests to perforate the security of their users.
So, really, expect a whole lot more tilting at windmills before this digital debate is done.
Stronger encryption is growing not diminishing, so the “challenge”, as U.K. government sources put it, that strong encryption poses to security services’ digital surveillance programs is not going away.
Politics meet technology.