IPBill During a committee stage
debate in the UK's House of Lords yesterday, the government revealed
that the Investigatory Powers Bill will provide any Secretary of State
with the ability to force communication service providers (CSPs) to
remove or disable end-to-end encryption.
Earl Howe, a minister of state for defence and deputy
leader in the House of Lords, gave the first explicit admission that
the new legislation would provide the British government with the
ability to force CSPs to “develop and maintain a technical capability to
remove encryption that has been applied to communications or data.”
This power, if applied, would be imposed upon
domestic CSPs by the new Home Secretary, Amber Rudd, who was formerly
the secretary of state for energy and climate change. Rudd is now only
the fifth woman to hold one of the great offices of state in the UK. As
she was only appointed on Wednesday evening, she has yet to offer her
thoughts on the matter.
Present at the House of Lords debate, the Liberal
Democrat member Lord Strasburger complained that “the implication of
what [the government] is saying is that no one may develop end-to-end
encryption. One feature of end-to-end encryption is that the provider
cannot break it; encryption is private between the users at both ends.
He seems to be implying that providers can use only encryption which can
be broken and therefore cannot be end to end, so the next version of
the Apple iPhone would in theory become illegal. I think that there is
quite a lot of work to be done on this.”
Earl Howe responded: “I was certainly not implying
that the government wished to ban end-to-end encryption; in fact, we do
not seek to ban any kind of encryption. However, there will be
circumstances where it is reasonably practicable for a company to build
in a facility to de-encrypt the contents of communication.”
As Labour member Baroness Hayter attempted to
explain: “There will be times when state security undoubtedly needs
access to encrypted information for a specific investigation. This is
not the problem. The problem is whether the government would ever
require a company to engineer such access, enforcing the company to
create a model which, if then followed by other nations with perhaps
less security than ours, would lead to a lowering of standards.”
Earl Howe stated that the government’s central point
was that it did “not think that companies should provide safe spaces to
terrorists and other criminals in which to communicate. They should
maintain the ability when presented with an authorisation under UK law
to access those communications”.
The admission follows Theresa May’s confession last November that,
since the turn of the millennium, secretaries of state have been issuing
secret directions under section 94 of the Telecommunications Act 1984,
without any judicial authorisation. The first glimpse of oversight these
received was published in a report by the Interception of
Communications Commissioner’s Office (IOCCO) last week, which
revealed that at least 23 directions were currently in effect on national security grounds.
Under the Investigatory Powers Bill, section 94 of
the Telecommunications Act will be repealed, but secretaries of state
will have the new power to issue national security and technical
capability notices to much the same effect. Section 94, as Howe
admitted, “has been used for a range of purposes, including for the
acquisition of communications data in bulk” though these are now being
codified in statute.
The oversight being introduced for these powers is an
obvious improvement on the complete lack of oversight before through
the new Investigatory Powers Commissioner, and in a recent amendment to
the bill the government added the need for a Judicial Commission to
approve both national security and technical capability notices.
Not all parties are completely satisfied, however, with IOCCO continuing to recommend — as explained in its
evidence to the bill’s Joint Committee
[PDF] — that an Investigatory Powers Commission, rather than just a
commissioner, would be necessary for the purpose of providing a “clear
legal mandate for the oversight body".
IOCCO explained that: “The reality is that the
Judicial Commissioners will only be performing a very narrow part of the
oversight – the prior authorisation of some of the more intrusive
investigatory powers. The bulk of the oversight will actually be carried
out by inspectors and staff within the Commission who need a clear
legal mandate to require information from public authorities, to launch
and undertake audits, inspections, inquiries, investigations and react
in real time when non-compliance or contraventions of the legislation
are discovered during an inspection.”
Speaking to
The Register shortly before the
debate, Lord Strasburger said: “It’s a tragedy that proper scrutiny and
improvement of the Investigatory Powers Bill is not happening because
politicians and the public are totally distracted by Brexit and the
machinations of the two main parties.”
The bill, noted Strasburger, was “what David Cameron
described as one of the most important bills of the entire parliament,
but it’s progressing with not much attention from anybody. It is not
receive the scrutiny and attention that it absolutely deserves, apart
from the Liberal Democrats and a few cross-benchers in the House of
Lords.” ®