The UK and the EU are at loggerheads once again, but it’s not what you might think. This isn’t another Brexit debate, but a tussle over encryption.
The British government is keen to exploit flaws in tech services for intelligence-gathering and surveillance operations. Home Secretary Amber Rudd, backed by Downing Street, has persistently called for access to WhatsApp, a service used by terrorists in the March attack at Westminster.
But on Monday, a European Parliament committee proposed an amendment to incoming legislation that would prevent member states from trying to decrypt encrypted communications, as well as compelling tech companies that don’t already use end-to-end encryption to do so.
The proposal would protect internet companies from national governments pressuring them to create security flaws, or backdoors, that they could use to hack into people’s emails or other messages.
The different approaches are emblematic of a debate raging around the world, boiling down to whether tech companies poke security holes in their products so that governments can spy on potential terrorists, or whether they should keep communications locked up tight so as to protect the privacy and safety of internet users. You saw it in the fight that Apple put up against the FBI’s efforts to compel the company to create a backdoor into a terrorist’s iPhone.
While the UK wants to ensure that terrorists have no place to hide, the EU is determined to protect the privacy of law-abiding internet users.
Fear, terror and technology
With four terrorist incidents in the country over the last four months, the British government and intelligence agencies are under pressure to explain why they were unable to thwart the attacks. They blame technology.
Following the June 4 attack on London Bridge, Prime Minister Theresa May stood outside Downing Street and in her speech, pointed her finger at “the internet — and the big companies that provide internet-based services” for providing a safe space for extremist ideologies to flourish.
“As the nature of the threat we face becomes more complex, more fragmented, more hidden, especially online, the strategy needs to keep up,” she said, calling for more online regulations.
May has long been in favor of increasing the UK’s surveillance powers, introducing two bills nicknamed the “Snooper’s Charter.” The second of these bills, the Investigatory Powers Act, passed into law under her own leadership of the country.
The Prime Minister wants the internet to be weak and penetrable, say her critics. They also claim she is using this issue right now to reinforce her own image as “strong and stable” — her slogan during the recent election campaign.
“To push on with these extreme proposals for internet clampdowns would appear to be a distraction from the current political situation and from effective measures against terror,” said Jim Killock, director of human rights nonprofit Open Rights Group.
Flaws with backdoors
The biggest objection to her proposals is that they will make the internet less safe for users. If governments can exploit backdoors to get to your private communications, so too could criminals or rogue states.
“Government’s intrusion into private communications might look useful on paper in order to fight crime, but such legislation is usually the product of people who don’t know how technology works,” said Marty P. Kamden, CMO of NordVPN. “Backdoors would bring along new security holes, and could result in even more crime.”
Another risk of this style of surveillance is that it could force terrorists to use alternative, less pleasant communication services, added Killock. Pushing them underground completely would only make them even harder to monitor than they are right now, he argued.
Unsurprisingly, tech companies don’t like the idea of creating security holes in their products either. In 2015, Facebook, Google, Microsoft, Twitter and Yahoo teamed up to submit written evidence to Parliament arguing that encryption is necessary for keeping users safe. Apple Chief Executive Tim Cook has also been outspoken on the subject.
But when it comes to legislation, Silicon Valley companies don’t have the last word.
The EU fights back
Fortunately for them, the EU does. In this case, the EU is on their side.
The proposals tabled by members of the European Parliament this week are amendments to draft privacy legislation, and forbid member states from “decryption, reverse engineering or monitoring” of encrypted communications, or compelling tech companies to do so.
“Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services,” one proposal reads.
Not only could these proposals scupper the UK’s plans, but they could conflict with surveillance activities allowed by the Investigatory Powers Act.
“This latest move to ban backdoors in encryption appears to be a calculated slap in the face for Theresa May and her plans for an Orwellian future,” said BestVPN.com cybersecurity expert Douglas Crawford.
Because of Brexit, it’s hard to know how EU rules on privacy and data will apply once the UK leaves the European Union. But without support from other countries, it’s highly unlikely that the British government alone would be able to compel tech companies to create backdoors to allow them to bypass encryption.
The UK’s own new surveillance plans are also not yet a done deal. The small and fragile majority the Conservative party currently holds in Parliament means greater consensus and more debate will be needed in order to pass new laws, said Killock.
“We hope that this will mean our parliamentarians will reject reactionary policymaking and look for long-term, effective solutions that directly address the complex causes of terrorism,” he said.
Tech companies and government representatives didn’t respond to requests for comment.
CNET Magazine: Check out a sample of the stories in CNET’s newsstand edition.
Logging Out: Welcome to the crossroads of online life and the afterlife.