On encryption, the UK sets a collision course with Europe

光一科技终止并购重组事项
Image: iStockphoto
Is encryption a threat to law and order, or an essential tool for staying secure online? Two events this week show how much disagreement there still is about it.
不断出现的安全事故、客户的安全顾虑、法律法规遵循的压力,让信息安全专家和管理团队疲于奔命、甚至极度痛苦。
First, at a meeting at the Conservative party conference earlier this week the UK’s home secretary Amber Rudd said technology experts had been “patronising” and “sneering” at politicians who try to regulate their industry.
She said: “I don’t need to understand how encryption works to understand how it’s helping — end-to-end encryption — the criminals.” She went on: “I will engage with the security services to find the best way to combat that.”
Her comments are in line with those from Conservative politicians over the past few years, who have regularly made loud noises about limiting access to encryption, and have indeed introduced legislation to limit its usage.
Their argument is that end-to-end encrypted messages, which can only be read by the sender and the recipient, are allowing crooks to plot crimes in a way that police cannot monitor.
And while the government has also said it doesn’t want to ban the use of encryption, or force companies to install ‘backdoors’ that police can use to snoop on conversations, there is no obvious way to weaken end-to-end encryption without breaking it, making this an intriguing class of mathematics and politics.
The UK’s recent Investigatory Powers Act legislation requires tech companies based in the UK to be able to remove any encryption they use to protect their customers’ communications when asked to by the authorities.
But the law only applies to companies operating out of the UK, and it’s very unclear what effect it will have on the big tech companies based in the US, like Apple or WhatsApp, which use end-to-end encryption to protect the messages sent by their customers.
However, as the UK continues to call for ways to crack down on the use of end-to-end encryption, politicians in Europe are doing exactly the opposite.
Just days after Rudd’s comments, the European Parliament passed a resolution warning that more must be done to prevent cyberattacks and that individuals and businesses remain at risk because of a lack of knowledge and resources.
It called on member states to promote practical security measures such as encryption and warned governments not to “impose any obligation on encryption providers that would result in the weakening or compromising of the security of their networks or services, such as the creation or facilitation of ‘back doors'”.
That’s not all: back in July the European Parliament published a draft of a report on electronic communications which also urged the use of strong encryption.
It said tech companies should make sure they can protect customers’ communications from unauthorised access or alterations, and that the confidentiality is “guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data”.
It goes on: “Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.”
The final version of the document is due later this month and, according to one report, Europe is not likely to water down its stance on encryption.

The increasing use of end-to-end encryption does make it harder for police to monitor plotters, that’s for sure. But they also still have plenty of ways to access communications.
Most smartphones and PCs are far from secure, which means in many cases police will be able to hack into them and access communications before they are scrambled with encryption. In the UK, police and intelligence agencies already have this power.
That seems to be a much more proportionate and targeted way of accessing data than by banning end-to-end encryption and obliging everyone to communicate in a less secure way, leaving them at greater risk of criminals and fraudsters and nation state-backed hackers.
It’s not clear how this issue is going to be resolved: the UK is unlikely to make much headway in limiting the use of encryption while the rest of Europe’s political class is in favour of it.
READ MORE ON WEB SURVEILLANCE Encryption: In the battle between maths and politics there is only one winnerThe new art of war: How trolls, hackers and spies are rewriting the rules of conflictInside the secret digital arms race: Facing the threat of a global cyberwarSurveillance laws need rethink, but bulk collection of web data will continueThe undercover war on your internet secrets: How online surveillance cracked our trust in the web
企业必须意识到,盲目信任员工必然将对企业数据安全造成威胁,进而加剧风险、影响其商业利益,最了解你的人伤你最深。

猜您喜欢

易维帮助台助力盟广信息践行高效IT服务管理
信息安全第一课——丢弃毁坏的U盘
CyberSecurity Law Introduction 网络安全法宣传视频系列
出生在马来西亚的大熊猫将回国
MEDIACOMCC GARYSCANNONBEACH
教授海外学术交流遇谍记-国家安全法、保密意识、防间谍宣传