‘Security at risk: If govt can get into our communications & break encryption, so can others’

The UK’s intention to break into services like WhatsApp is a huge danger to privacy and security of individuals that puts the government on a collision course with the biggest world tech companies, says Loz Kaye of Open Intelligence think-tank.

A leaked draft document has revealed that the British government has been secretly planning to effectively ban encryption so that it will have unfettered access to people’s private communications.

Read more

‘Like terrorist attack or hosting Olympics’: UK braces for election cyberattacks – report

The Home Office’s reaction was the following: “There is nothing new in this consultation. These regulations do not create any new powers on encryption. They relate to technical details of powers that are set out in the Investigatory Powers Act, which was approved by Parliament in November 2016.”

RT: What’s your reaction to this statement from the Home Office?

Loz Kaye: The government has said that there is nothing new in this information. That isn’t really the case. It is now incredibly clear that the government intends to break encryption. That was always ambiguous when it came to the Investigatory Powers Act. That was our worst fears when we were looking at the text, but the government was constantly flip flopping on this. At first, David Cameron said that he wanted to basically break encryption, then said he didn’t. And now, we’ve got also the Home Secretary saying that. But now, we know the British government wants to break into services like WhatsApp. This is a huge danger to the privacy of individuals, but also to the security of individuals, and also puts the government on collision course with some of the biggest tech companies of the world.

RT: Do you think the measures mentioned in the draft are very serious? How would businesses react?

LK: The measures that are contained within this document are very complex and will be very difficult for businesses to carry out. Essentially, it is about a real-time interception – or as close to as possible – of a significant amount of customers. So that is one in 10,000 customers. But this has to be done in a way that, also, the customers themselves aren’t aware, but also, essentially, that the quality is as good and as useful as if the security services were receiving the information first-hand. So, this is an incredible burden to put on businesses. In Open Intelligence, we’ve always believed that the biggest players, the biggest telecommunications providers, have, in fact, already been well-prepared and, in fact, complicit in this. We essentially know that from the picture of what we’ve learnt from [Edward] Snowden. What it will mean is that any new companies wanting to come into telecommunications, also getting over 10,000 customers, will suddenly have incredible burdens.

What I also know is  – I am speaking to you here from Greater Manchester – I’ve talked to people within tech companies here – I can’t reveal sources, but they have been hugely concerned about the burden it puts on their businesses. But, also, what it means for their customers. Essentially, they feel like they are being forced into betraying their customers. This isn’t good for business, but it isn’t even good for our security.

RT: The entire project is aimed at boosting security. Why do you suggest this will only weaken security of the individuals?

LK: The government has constantly said that we’re having to give up our rights and our privacy because of security concerns. Of course, we’re all concerned about terrorism right now. But the response has to be targeted – not blanket surveillance. But why this puts it at risk is because it is putting, essentially, in ways to get into our communications. If the government can get into our communications, if our telecommunications can get into our communications, can break encryption, so can others. That is cybercriminals, that’s also foreign governments, that’s terrorists. This doesn’t make us safer; it puts us at risk. But what’s also noticeable about these numbers is that, still, in terms of the numbers that could be actually surveilled simultaneously. That is only hundreds within the company that operates with millions of customers.

Bizarrely, these technical measures point to a picture that is simultaneously hugely invasive, but can actually also not capture the kind of information you need about thousands. We know that thousands are on the watch list in France, for example. So, we need an utter rethink to actually combat terrorism. We’re swimming in information. It is analysis we need. I am afraid the British government is going down a very dangerous route for our country. Indeed, also for technology in the world.