The US took a step in the right direction on the issue of encryption a few weeks ago, when the government officially announced they would not be seeking “backdoors” into encrypted communications (at least not for now).
It comes as a bit of a surprise, then, that the UK has just announced draft legislation that bans strong encryption built into technology, and would mandates the exact “encryption backdoors” the US decided against.
The UK’s new legislation is called the Investigatory Powers Bill and means that companies – including tech giants like Google and Apple – will not be able to offer encryption they can’t break. These companies must be able to decipher their encryption, and access the communications that run across their devices if requested to do so (by police or other officials). This means they cannot build end-to-end encryption into their products. Many popular products, such as Apple’s iPhone, currently employ end-to-end encryption technology.
As stated by the Telegraph, this law will “For the first time, place a duty on companies to be able to access their customer data in law.”
The legislation’s purpose is to assist law enforcement efforts. The law additionally requires Internet companies to retain their customers’ web history for a period or up to a year, continuing a scary trend of data retention. Similar, invasive laws have recently been passed in Australia, Germany and France.
Unsurprisingly, there has been a great deal of backlash against this legislation, with many prominent people speaking out against it. Some have even gone as far as to suggest that Apple should stop selling iPhones in the UK.
As a company that believes strongly in online privacy and security, we are upset by this draft law. Building this “backdoor” access into technology weakens encryption, leaving users vulnerable to privacy violations and surveillance.