New UK Home Sec invokes infosec nerd rage by calling for an end to end-to-end encryption
Yep, Patel continues age-old tradition. Plus: Five Eyes word games
Priti Patel has declared war on encryption safeguards, demanding they be torn up for the convenience of police workers.
Patel, the social conservative appointed Home Secretary by British Prime Minister Boris Johnson last week, used this morning's Daily Telegraph to call for end-to-end encryption to be broken with backdoors inserted for illicit law enforcement access.
In this morning's front-page newspaper story, a sentence attributed to the Five Eyes spying alliance which appeared to support Patel's personal views on breaking encryption was not, however, in the agreed version of the communique, as spotted by tech lawyer Graham Smith.
But curiously, the sentence quoted by the Telegraph about design of encrypted products and services does not actually appear in the final FiveEyes communique. https://t.co/WbpU6QUeej pic.twitter.com/m1QlJS7MtF— Graham Smith (@cyberleagle) July 31, 2019
The sentence quoted by Smith from a low-resolution picture of the Telegraph splash article says: "The Five Eyes nations' communique said: 'Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and usable format'."
El Reg has preserved a copy of the original Five Eyes communique here (PDF), just in case the official version on GOV.UK is altered. The proposal mirrors one floated by GCHQ's Ian Levy some months ago, referred to as the ghost user plan.
On behalf of Patel, the Home Office pointed us to a different version of the communique (PDF) where the wording differs in many respects from what appears to be the agreed ministerial version.
Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney GeneralREAD MORE
"Where systems are deliberately designed using end-to-end encryption, which prevents any form of access to content, no matter what crimes that may enable, we must act," Patel wrote in a separate Telegraph article also published today, specifically referring to Facebook's recently announced plans.
"This use of end-to-end encryption in this way has the potential to have serious consequences for the vital work which companies already undertake to identify and remove child abuse and terrorist content," she continued, invoking the two routinely used justifications - and echoing similar sentiments from former home secretaries - for governments that want to harm individual privacy, safety and security online.
Patel also chucked in some throwaway lines about "proportionality and appropriate safeguards".
Facebook, having been singled out by the Home Secretary, said it would maintain its plans to roll out encryption.
Antigone Davis, Facebook's head of global safety, told The Register: "Facebook appreciates the discussion with the Five Country Ministerial. People should expect that we will do everything we can to keep people safe on our services within the limits of what's possible in an encrypted service. As our CEO Mark Zuckerberg promised, we'll consult with safety experts, law enforcement and governments through 2019 and beyond on the best ways to implement safety measures before fully implementing end-to-end encryption. We'll also work together with other platforms to make sure that as an industry we get this right because many open questions remain. The more we can create a common approach, the better."
Home Sec Amber Rudd: Yeah, I don't understand encryption. So what?READ MORE
It's not looking good for the future
In the UK, laws permitting state workers to covertly spy on individuals and groups of individuals contain no meaningful safeguards. What lax safeguards do exist only kick in after the point at which councils, police and others are allowed to covertly record who you are communicating with, when and over what medium. An audit agency called the Investigatory Powers Commissioner's Office (IPCO) reviews bulk spying logs and occasionally writes strongly worded letters if snoopers look like they broke the law.
No state employee has been arrested, prosecuted or convicted of unlawfully accessing communications or ignoring Britain's lax surveillance laws, despite IPCO finding that such blunders were still getting innocent people arrested and treated like criminals.
Under Patel's control of the Home Office, Britain looks set to continue down its existing path of becoming a less safe and secure country in which to use the internet, set up a business - or carry out infosec threat research. ®