British Draft Law Threatens Data Encryption and Privacy

by Tracy Knauer •

Britain — the country that made path-breaking advances in data encryption during World War II — could weaken modern Internet encryption within its own borders as part of a new Internet data regulation bill that is currently under consideration.

The legislation, the Draft Communications Data Bill, doesn’t focus on data encryption exclusively. It is a general proposal that would provide the government with broad powers to force Internet service providers and online companies to collect information about users.

As the Guardian reports, however, one clause in the bill appears designed to allow the government to restrict use of encryption of users’ data. Under the proposed law, authorities could issue directives to companies “relating to the removal of electronic protection applied … to any communications or data.”

In other words, the government could order companies to remove encryption from any data they manage as part of network communications or in storage.

The Guardian notes that such a policy appears particularly threatening to services that currently offer end-to-end encryption in order to prevent third-party access to users’ data. According to the paper:

Specifically threatened by the technical capability notices are any firm that provides ‘end-to-end’ encryption to its customers. This form of encryption allows a message sent between two individuals to be protected in such a way that no one other than the sender and recipient can read it. Even the company that facilitates the communication cannot decipher messages encrypted in this way.

The proposed regulations would not ban encryption in Britain altogether, or even in most cases; they would simply give the government the power to restrict use of encryption in certain situations. That makes the law less damaging to online privacy than, say, the United States’ silly historical policies on data encryption.

Still, the law would make it much harder for companies that operate in Britain to guarantee that users’ data is safe from eavesdropping by government authorities — as well as from other snoopers who could take advantage of weaker encryption policies to get hold of private information.

Leave a Reply

Your email address will not be published.