Teresa May’s speech outside 10 Downing Street following the Conservative loss of parliamentary majority included an assurance that she would be pressing forward with changes to improve the UK’s security, including more Internet regulation and backdoors to encryption.
Prior to the UK general election (and in the wake of the London and Manchester terror attacks and the reported role that the Internet has played in enabling terrorists), Prime Minister Theresa May and Home Secretary Amber Rudd called for measures to regulate Internet use in the UK more tightly. The suggestion that a lack of regulation, social media platforms not doing enough, and the fact that encryption means that there are some messages that law enforcement are unable to read have lead to Conservative plans to:
- Operate an automated system of censorship for Internet use where algorithms decide what people can access.
- Restrict the use of encryption, and to disable automatic encryption on popular apps, thereby allowing the government / government agencies to view a person’s communications and data without permission from service providers, or the need for third party decryption skills
- Continue with and broaden existing online surveillance activities.
The Investigatory Powers Act 2016 (IPA), dubbed the Snoopers’ Charter, already grants the authorities a range of powers including retention of data, the interception of communications, the request for communications data, equipment interference, bulk warrants for communications data and technical capability notices. The legislation can apply to businesses globally that provide a platform for communications to persons in the UK.
The most public criticism of Mrs May’s plans to push ahead with more Internet regulation and censorship has come from Internet freedom advocates the Open Rights Group (ORG). They have suggested that:
- Mrs May is attempting to restore her damaged projected image as a strong leader, and that she is attempting to divert attention away from the failings of her election campaign, the controversy over having to deal with the DUP, and the upcoming Brexit negotiations.
- Automated Internet censorship could mean that what UK citizens are allowed to see could be decided by private companies rather than the courts.
- The government already has more than enough surveillance powers.
- Enforcing encryption bans, and backdoors being built in tech tools could mean that all of us will then be at a greater risk of becoming victims of cyber crime.
- These proposed measures could be the result of reactionary rather than considered policy making.
- The changes are unrealistic and /or will be too difficult for our law enforcement and intelligence agencies to monitor.
What Does This Mean For Your Business?
The big social media platforms that have been the focus of the government’s plans have at the very least an interest in protecting their reputations. At the same time, they are likely to be cautious about kneejerk reactions to situations, and to be resistant to measures that could restrict freedoms enjoyed by the vast majority of law-abiding users that have made the platforms so popular in the first place. There may also be some truth in the fact that it may be convenient for governments to blame tech companies and social media platforms for security failings.
Stopping or limiting encryption of messages, and building ‘back doors’ in popular devices and systems may sound helpful for governments trying to tackle extremists, but this could mean more security and cyber crime risks for the rest of us, and could lead to more cyber attacks on businesses.