As Europe, and the world, start coming to terms with the horrific terror attack in Paris, politicians are trying to formulate a policy response. In the UK that has comprised of a rush to bring in legislation to allow further snooping powers by Prime Minister David Cameron, and his Home Secretary Theresa May. If they get their way, Apple and other software makers may be forced to remove, or weaken, the privacy and security measures we enjoy today.
The UK's proposed legislation could punch a big hole through digital security
The new law would require ISPs and mobile phone companies to keep records of individual users’ communications data for 12 months. The retained data would include Internet browsing history, email’s, voice calls, social media interactions, online gaming and mobile phone messaging. The Police, the Serious and Organised Crime Agency, the intelligence agencies, and HM Revenue and Customs (the Government department who administrate tax collection, some benefits, and the minimum wage,) would be able to access the data.
In the UK security services can already retain email and phone communication data via a recently introduced law called the Data Retention and Investigatory Powers Act. This new law will allow matching IP addresses to individual users.
These are laws that senior Conservative politicians have consistently tried to get through Parliament. They have so far been rebuffed by their partners in the coalition government, the Liberal Democrats, amidst civil liberty concerns. Those fears have been raised by others, too.
Emma Carr, Director of UK civil liberties campaign group Big Brother Watch commented Sunday:
The Government is introducing legislation to solve the important problem of who is using a specific Internet Protocol address, but the powers within the Snoopers Charter go too far, as recognised by a number of Political figures and two Parliamentary committees.
As well civil liberty concerns, there are also issues about the practicality of implementing what Prime Minister Cameron is proposing. He seems to want a back door into every piece of software, including popular iOS apps such as WhatsApp and Snapchat, so that the security services can get in and intercept messages, rather jeopardising the walled garden Apple have built. Apple often points out that their walled garden reduces the likelihood of security vulenrabilities in approved software, but these new laws could mean they have to build in those vulnerabilities, which the company—and users—will not like.
Cory Doctrow, at Bong Boing, has raised concerns that even secure online banking could be at risk. That may be a bit hyperbolic, but demanding developers build software with inbuilt vulnerabilities clearly puts ordinary users at unnecessary risk.
Jim Killock, Executive Director of Open Rights Group (the UK equivelant of the Electronic Frontier Foundaiton) commented Monday:
Cameron’s plans appear dangerous, ill-thought out and scary. Having the power to undermine encryption will have consequences for everyone’s personal security. It could affect not only our personal communications but also the security of sensitive information such as bank records, making us all more vulnerable to criminal attacks.
The political climate is hardly making for good decision making. The UK is hurtling towards its most competitive general election in years, with multiple parties in play, and now all under the cloud of a terrorist atrocity just next door. (Remember, it is quicker for some Brits to get to Paris, than it is other parts of the UK.) No party wants to go into an election being branded "weak" on terrorism.
It's been suggested within Westminster that the political standoff probably means the legislation cannot happen until May's General Election is done and dusted. However, that doesn't mean it won't return afterwards. Both the the Conservative and Labour parties, from whom the Prime Minister will come, support stronger snooping measures, as do their potential Home Secretaries.
The likelihood is that at some point soon further draconian measure will become law. The backlash against government getting more of our private data, and making it more easily accesible to anyone else who wants to exploit the built-in security weaknesses required by the law, is already happening and now we're facing the possiblity that it could get even worse.