British Prime Minister David Cameron’s plan to improve national security by creating a back door to encrypted-messaging apps drew strong criticism from industry groups—and even parts of his own government.
With the attacks on Charlie Hebdo in Paris still fresh on people’s minds, it’s understandable that there might be proposals for new legislation in nearby countries to help deal with terrorism. But that doesn’t mean that everyone has to like them.
On Monday, British Prime Minister David Cameron proposed legislation to ban encrypted-messaging services that cannot be accessed by government authorities. The government’s current power to monitor communications expires next year, and Cameron said he will work to enact such a law if he remains prime minister after the 2015 elections.
“The next government will have to legislate again in 2016,” Cameron said, according to a Press Association story published in the Daily Mail. “If I am prime minister, I will make sure that it is a comprehensive piece of legislation that makes sure we do not allow terrorists safe space to communicate with each other.”
Secretive messaging platforms like Snapchat and Secret have gained popularity in recent years, but those platforms have relatively weak security, according to research released in November by the Electronic Frontier Foundation (EFF). However, the widely used Apple iMessage is known for having security strong enough to cause problems for law enforcement officials, who have been unable to intercept information, even when backed by a warrant.
Groups Raise Concerns
Cameron’s proposal drew an immediate outcry from technology and security associations in the U.K.—and even in parts of his own government.
U.K. Information Commissioner Christopher Graham was among the fiercest critics of the proposal, saying that further analysis was needed.
“We must avoid knee-jerk reactions,” Graham said, according to The Independent. “In particular, I am concerned about any compromising of effective encryption for consumers of online services.”
The Open Rights Group (ORG)—something like the British equivalent of EFF—suggests that giving government authorities back-door access to encrypted messaging would create a level of vulnerability that far outweighs the security benefits.
“The problem with key escrow or the use of master keys is that they leave a particular encryption method with a secret back door, and give every criminal the certain knowledge that this back door exists,” ORG’s Jim Killock writes in a blog post. “Criminals then know that they can find a way to break into encrypted material, given a certain amount of effort. Thus the barrier to breaking in becomes time and money, so is a question of the value of the material you want access to.”
And, in a statement, the Internet Services Providers’ Association argued that legislation like Cameron is proposing risks “undermining the UK’s status as a good and safe place to do business.”
“In the wake of an increasing number of cyber attacks and government initiatives to raise the awareness of cyber risks, encryption is widely accepted as a key measure to safely do business online,” ISPA said in a statement. “Business, individuals, and governments around the world rely on encryption to carry out everyday tasks and services, [and] forcing companies to weaken encryption measures would weaken protection against cyber criminals, foreign intelligence agencies, and others.”