The UK government is set to announce new laws that would force tech companies to hold a special key that unencrypts data held on devices, before passing it over to intelligence agencies.
Companies such as Apple, Google, Microsoft and others would no longer be able to offer "unbreakable" encryption in products sold in the UK, according to the Daily Telegraph.
The Investigatory Powers Bill (or Snooper's Charter in common parlance) would require technology firms and ISPs to provide unencrypted communications to law enforcement or intelligence agencies when they produce a warrant.
The bill would also require ISPs to retain the browsing history of customers - but not the specific pages they visit - for up to a year.
Devices with end-to-end encryption that is nearly impossible to break using current techniques provide a "safe space" for criminals, terrorists and paedophiles, the government believes.
Prime Minister David Cameron pleaded with the public and MPs to back the law, despite overwhelming criticism that it would violate user privacy and would essentially make many online tasks, such as online banking, impossible to fully secure.
"As Prime Minister I would just say to people please, let's not have a situation where we give terrorists, criminals, child abductors, safe spaces to communicate," he told ITV's This Morning show. "It's not a safe space for them to communicate on a fixed line telephone or a mobile phone, we shouldn't allow the internet to be a safe space for them to communicate and do bad things."
Secret encryption keys have a terrible history of being discovered. In 2007, a number of encryption keys were posted on the internet that allowed people to subvert the security around Blu-ray and HD DVD encryption.
Efforts to keep the keys under wraps led to a Streisand effect, with many web pages, blogs and wikis spreading the encryption keys far beyond a coterie of techies.
Mike Weston, CEO of data science consultancy Profusion, said the Investigatory Powers Bill is a very concerning piece of legislation for both the tech industry and consumers.
"Limiting what encryption can be used is a victory for the security services, hackers and companies intent on misusing personal data," he said. "Not a week goes by when it isn't made readily apparent that the protection currently afforded to personal data is inadequate. Seeking to limit what companies can do to encrypt data is a stunningly short-sighted approach."
He added that the UK's position on data protection is in sharp contrast to the rest of Europe.
"Countries like Germany have recognised that greater emphasis needs to be placed on protecting the rights of users online and how personal information is collected and used," said Weston.
He added that the UK is taking a much more regressive path by seeking to increase oversight, the burden on businesses to collect, hold and make accessible personal information, and limit how companies protect data. "It will be an incredibly worrying situation if this Bill passes without any judicial oversight covering warrants," he added.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
2022 Public Sector Identity Index ReportWhitepaper UK Report
-
UK, US condemn Iran for ‘unprecedented’ cyber attack against AlbaniaNews The Balkan nation has cut ties with Iran following the hack, which took down national infrastructure and exposed government information
-
Majority of UK's top business leaders are failing to manage supply chain security risksNews New findings from a DCMS review have sparked concern in government which could see new laws introduced to protect Britain's digital supply chains
-
Department of Health and Human Services must improve cyber security info sharingNews GAO report finds HHS has made progress, but better coordination would increase health care security
-
Government 'must be held to account' over illegal Snooper's CharterNews Gov should be given until April to make changes to the Investigatory Powers Act, court told
-
UK faces challenges to bulk spying in European Court of Human RightsNews Privacy groups argue bulk data collection breaches Article 8 in landmark court case
-
NHS gets £21m to boost cyber defences after WannaCry ransomwareNews Government funding comes hand-in-hand with stricter data security measures
-
Liberty wins right to challenge Snooper’s CharterNews Campaign group's crowdfunded challenge gets High Court go-ahead
