Internet Encryption Today
On today’s world-wide web, it’s pretty commonplace to see that little padlock that means the connection to the website or service you’re using is encrypted. Adoption of this has been slow but steady over the years, and while originally used mostly for any services that took payment details or very sensitive information, it’s now the standard for any service dealing with any user data. For example, the likes of Facebook and Microsoft have employed it for all their authenticated services, and Google are even planning to warn users of emails that arrived via an unencrypted connection.
Even the scientific community is making more use of data encryption thanks to a new homomorphic encryption technique developed by a Microsoft research quintet. This particular technique helps to make data encryption more practical for scientific use.
The Investigatory Powers Bill
Encryption techniques used by modern web services act as a tunnel between the user and the service, meaning that unencrypted data is only available at each end of this tunnel. The new Investigatory Powers Bill (IPB) (AKA “Snooper’s Charter”), currently in draft, seems to want to change that on the basis that GCHQ can’t conduct bulk data retention when transmissions are encrypted. The bill would ban end-to-end data encryption, meaning that a back-door mechanism would need to be present at all times.
Regardless of the changes to allowed encryption methods, the bill would enable bulk data retention and bulk equipment interference (AKA “hacking”) for those services based in the UK. Data would be retained for up to 12 months and this would have to be carried out by ISPs, signifying another step towards Orwellian Dystopia.
Add Safe-Harbour Into The Mix
When you add the recent ‘Safe Harbour‘ ruling into the equation, things could get a lot more complicated for digital companies in the UK. Should the IPB become part of UK law, communications firms based in the UK are likely to want to move their servers elsewhere, such as the US. Due to ‘Safe Harbour’, they won’t be able to do this without breaching the ruling made by the European Court of Justice (ECJ), a ruling which rejects laws in the US very similar to those proposed by the IPB.
The sensible answer might be for UK companies to move their servers to the EU, however due to the uncertainty as to whether the UK will remain a member of the EU, this could end up being a very expensive mistake. In fact, even if the UK does retain it’s EU member status, the ECJ could intervene with the IPB on a similar basis to the Safe Harbour ruling, which makes for a very cloudy and unclear future in the digital space. The UK government needs to be very careful in how they approach this combination of discussions, else they may well end up thoroughly isolating the UK from the rest of the world, and creating a ‘digital vacuum’ in the process.