Hackers, govts could exploit snoopers’ charter attacks on encryption – ICO
The UK Information Commissioner’s Office (ICO) has criticized the draft Investigatory Powers Bill, claiming it weakens the right to privacy. It also attacked powers forcing tech firms to break data encryption if the government orders it.
On Tuesday, the ICO told the parliamentary committee reviewing the bill there is also “little justification” for making internet service providers store users’ communications data for 12 months.
The ICO added that access to encrypted services “is vital to help ensure the security of personal data generally.”
The bill initially proposed banning encrypted services, such as WhatsApp and iMessage, but senior government ministers have since refuted the claim.
Home Secretary Theresa May told the BBC that encryption services would not be banned in the bill.
“Encryption is important for people to be able to keep themselves safe when they are dealing with these modern communications in the digital age,” said May.
However, she emphasized the government would be given “proper authorization to issue warrants,” meaning that companies will be forced to hand over the contents of encrypted messages.
The ICO expressed concern that individuals would lose confidence in the government if it is allowed access to encrypted messages, saying the implementation of the clause would have “detrimental consequences to the security of data and safeguards which are essential to the public’s continued confidence in the handling and use of their personal information.”
“The information commissioner has stressed the importance of encryption to guard against the compromise of personal information,” it added.
“Weakening encryption can have significant consequences for individuals. The constant stream of security breaches only serves to highlight how important encryption is towards safeguarding personal information. Weakened encryption safeguards could be exploited by hackers and nation states intent on harming the UK’s interests.”
Their concerns mirror those of tech giant Apple, which created iMessage. Apple issued a warning to the British government when the bill was first unveiled, calling for intrusive powers to be dropped.
“The creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers. A key left under the doormat would not just be there for the good guys. The bad guys would find it, too,” Apple claimed in a statement.