UK government attacks encryption … again
In the aftermath of the attack in London in March 2017, the UK government has, again, indicated that it wants to force companies to weaken encryption. The government wants to be able to access messages sent via services that use end-to-end encryption.
The Home Secretary Amber Rudd stated on BBC One’s Andrew Marr Show that it was “completely unacceptable” that the government is not able to see messages sent via services such as WhatsApp. She also said that companies should do more to prevent the sharing of extremist materials online.
The Investigatory Powers Act, which became law in December 2016, gives the UK government the power to compel companies to re-engineer their products if this is reasonable and technically feasible. This can be ordered through secret Technical Capability Notices (TCNs). Although WhatsApp is based in the US, its parent company Facebook has offices and assets in the UK and the government may use this to apply pressure on the company.
It is likely that companies will push back on attempts to weaken encryption. However, they may be persuaded to take more action against extremist content. This has implications for freedom of expression and there should be a legal and transparent process for government take-down requests.
Rudd met with tech companies on 30 March. EDRi member Open Rights Group (ORG) and other NGOs, including EDRi member Privacy International (PI), have called for transparency of the discussions. There should be no secret arrangements, and civil society should be included in these conversations.
WhatsApp must not be “place for terrorists to hide” (26.03.2017)
EDRi: UK Draft Investigatory Powers Bill: Missed opportunity (18.11.2015)
Letter from NGOs re: Encryption and censorship measures (29.03.2017)
(Contribution by Pam Cowburn, EDRi member Open Rights Group, the United Kingdom)