Cloud Hosting

UK politicians just like the rest of us rely on encryption all day, every day, to protect their physical safety, keep their conversations private, and safeguard their families and their finances.

But in their determination to criticise tech companies plans, notably Facebook, to make encryption more widely available, politicians appear to think that undermining digital safety for everyone is acceptable collateral damage.

Much of the debate has, understandably, centred on the importance of keeping children safe online. The NSPCCs head of child safety policy, Andy Burrows, has acknowledged that encryption offers privacy benefits, but says it puts children at risk if it is poorly implemented. But the government is not calling for end-to-end encryption to be better implemented it is calling for it not to be implemented at all.

Polemics make for bad policies. Here are the myths about encryption that the governments Online Safety Bill is founded upon:

Myth number one: This is just about encrypted messaging. No. Encryption secures data and communications, but also secures systems and objects that affect your physical world. It protects home security devices such as CCTV cameras and door locks and keeps snoopers away from childrens connected toys. The government cant legislate for a world in which technology ensures we have secure connected things, but not secure messages.

Myth number two: The Online Safety Bill does not weaken encryption. The bill would make providers of encrypted services criminally liable for the acts of their users. Imagine if supermarkets were made liable for crimes committed with kitchen knives they had sold they would stop selling knives rather than face the liability. The Bill creates a strong incentive for companies to weaken or remove encrypted services.

Myth number three: The Online Safety Bill creates a safe encryption backdoor for law enforcement. There is no feasible encryption backdoor that cant also be used by malicious actors. Despite having access to the best cryptographic expertise available, the government cannot come up with one, because safe encryption backdoor is an oxymoron.

We also know that law enforcement agencies have made exaggerated claims about encryption as an obstacle, and admit that often, the biggest hindrance to effective policing is technical capability, not encryption. Politicising and scapegoating encryption diverts attention and resources at a time when a National Audit Office report has highlighted other, more addressable, shortcomings in UK law enforcements technical capability.

Myth number four: Technical experts arent doing enough to help. In a bizarre twist, technologists are now being accused by the home secretary of failing in a duty of care to users by providing them with secure services. But technology stakeholders are contributing constructive, evidence-based proposals, including information on content moderation in encrypted systems, and mitigating terrorists use of encryption.

There are rumblings of dissent. Even the former head of GCHQ says that weakening security for everyone is not the solution. The Information Commissioners Office (ICO) also stepped into the encryption debate with an unequivocal endorsement of end-to-end encryption. The ICO isnt alone; in July 2020, data protection authorities from Australia, Canada, Gibraltar, Hong Kong, Switzerland and China (yes, China) published an open letter stating: Ease of staying in touch must not come at the expense of peoples data protection and privacy rights.

Once we, as citizens, allow those rights to be taken away, we will not get them back. In successive Queens Speeches, the government has, absurdly, claimed it wants to harness the benefits of a free, open and secure internet. Far from doing that, the Online Safety Bill undermines online security, jeopardises those benefits, and puts us all at greater risk in the real world and online.

Robin Wilton is director of internet trust at the Internet Society.

Read more here:
Encryption myths versus realities of Online Safety Bill - ComputerWeekly.com