March 27, 2017 | Jim Killock

Amber Rudd already has sweeping powers to attack encryption

Amber Rudd has engaged in another attack on people’s security by suggesting that companies must be able to ‘remove’ encryption.

Amber Rudd MPThe striking thing is that if she was genuinely serious about her suggestion, she would not be making public demands; she would be signing legal orders to force companies to change their products. She would not be telling us about this.

Last year, the UK Government passed the Investigatory Powers Act, which gives British law enforcement and intelligence agencies vast surveillance powers.

These powers already purport to grant the minister the ability to issue a “Technical Capability Notice” with which Amber Rudd could instruct WhatsApp to re-engineer their product to be surveillance-friendly.

The TCN could, for instance, instruct WhatsApp to enable an invisible “third recipient” in the case of targeted individuals. Thus, even without asking providers to remove or weaken encryption, the UK believes it has found a way to legally compel companies to provide information from supposedly secure products.

There are enormous problems with TCNs. They can be “appealed” to a technical committee but it is unclear how well the process will ever deal with wider security concerns, or risks to the companies or their users. The process seems focused on ‘feasibility’ rather than whether introducing weaknesses is a good idea.

Fundamentally, anything which enables GCHQ to listen in could be available to someone else, whether another government, or perhaps a criminal who learns how to abuse the weakness.

These notices are not subject to any public guidance about their use. Unlike interception of communications, equipment interference (hacking), bulk communications data acquisition (mass surveillance), bulk personal datasets (everything government knows about you) and National Security Notices (orders to act), which have public codes of practice and the Home Office claims to be “consulting on” there is no obligation for a Code of Practice on TCNs which might give some insight into how these issues might be balanced.

Those codes that have been published for consultation contain 415 pages of dense detail, a mere 15 paragraphs of explanatory information, while the public, lawyers and business have been given a mere six weeks to work out what they mean.

As you can imagine, the powers outlined the codes for interception of communications, equipment interference and bulk communications data acquisition will grant Ms Rudd many avenues to surveil the likes of Adrian Elms.

We should use Amber Rudd’s cheap rhetoric as a launch pad to ask ourselves why she has such sweeping powers, and what the constraints really amount to.

Join ORG

Help us to challenge politicians’ dangerous and misleading comments about encryption. Join ORG today!

Comments (2)

  1. Will:
    Mar 27, 2017 at 04:36 PM

    What is "surveillance-friendly"? That sounds nice & comfortable. I like friendly.

    Did you mean "insecure" or "privacy-busting"?

    Improve your language, please.

    Control-freaks will use any excuse, and treat the public as if we are all enemies. And people who behave like sheep, perhaps they are the enemies of freedom.

    May should know about the Investigatory Powers Act; wasn't she the Home Secretary that pushed it through after years of others trying?

    It seems the opposition was feeble. (Or was it 'managed'?)

    Just now it looks more as if the Westminster nut-case attack is being used as just another psy-op. See how quickly govt. adverstising campaigns have been put together - they must have been pre-planned for just such a context, to stoke up fear & suspicion.

    If we give up our hard-fought freedoms for "a little temporary safety" the forces of 'terror' and of Big Government are winning, it is already 1984, plus.

  2. Filipescu Mircea Alexandru:
    Mar 27, 2017 at 06:07 PM

    If a few years ago, someone would have told me I'd see the UK literally turning into communist China, I would have said they're crazy. After the last few months, I'm awed to say that I have lived to see it happen.