UK Government Using Manchester Attacks As An Excuse To Kill Encryption

from the say-what-now? dept

It's no secret that there are those in the current UK government who are just itching to kill encryption. Earlier this year, Home Secretary Amber Rudd made some profoundly ill-informed comments about how encryption on the internet was "completely unacceptable" and saying that they needed to stop companies from providing end-to-end encryption. And, in the recently leaked Tory Manifesto, it was made clear that the current government sees breaking encryption as a priority:

In addition, we do not believe that there should be a safe space for terrorists to be able to communicate online and will work to prevent them from having this capability.

As has been explained time and time again, the only way you prevent bad guys from having encryption is by preventing everyone from having effective encryption... and that makes everyone significantly less safe. Seriously, the only way to do this is to put dangerous vulnerabilities into encryption that will certainly be hacked fairly quickly. This doesn't make people safer. It makes them less safe.

But, of course, like so many politicians these days (of all major parties) it appears that the Conservative Party in the UK can't let a good tragedy go to waste. The Independent is reporting that, because of the attack in Manchester this week, the party is ramping up its plans to outlaw encrypted communications:

Government officials appear to have briefed newspapers that they will put many of the most invasive parts of the relatively new Investigatory Powers Act into effect after the bombing at Manchester Arena. The specific powers being discussed – named Technical Capability Orders – require big technology and internet companies to break their own security so that messages can be read by intelligence agencies.

Again, in case you're just joining us, requiring that internet companies "break their own security so that messages can be read by intelligence agencies" is the nice way of saying "kill real encryption." It means that these companies will be deliberately forced to leave vulnerabilities in encryption that will be a goldmine for hackers of all kinds, from foreign surveillance to online criminals.

And, so far, there is zero evidence that the Manchester attack had anything to do with encryption. And, even if it did, so what? If the UK forced companies to break encryption, people planning terrorist attacks would just switch to other encryption products that don't have corporate entities in the UK. Or they'd come up with other ways to communicate. It will do basically nothing to stop terrorist attacks, but will instead make it much, much easier for all sorts of people with nefarious intent to hack into the private communications of everyone.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: amber rudd, encryption, manchester, privacy, security, theresa may, uk