UK government says encryption must be removable under Espionage Act
During a debate over the new Espionage Act, or the Investigatory Powers Bill, the British government clarified that a company can be required under the law to lift encryption. This would also include end-to-end encryption.
“This is a crucial power,” Lord Howe said during the debate. “Without this power, the ability for police and secret services to intercept communications in comprehensible form would be greatly diluted,” he added. He explained that there must be an opportunity to access that information, if necessary and proportionate, write TechCrunch and The Register.
In the course of the debate, it further emerged that this is not a ban on encryption, which appeared to have been included in the bill earlier. During the debate, Howe did not elaborate on whether the power would also mean that companies are expected to take this into account when offering future services. He only stated that this depends on the circumstances of the case.
The debate did not address how end-to-end encryption should be removed. This is technically not possible for a company without offering a weakened form of encryption. This was also the position of Lord Strasburger, who argued that the government’s position would mean that companies should only offer crackable encryption, which can no longer be end-to-end encryption.
Finally, Howe also discussed the possibility of equipment interference, a power in the bill that creates the possibility to hack a device of a suspect. According to him, this could offer a solution in the event that interception of information is not possible. After all, once there is access to a device, end-to-end encryption can also be circumvented. Debate of the bill continues on July 19, and an independent report is in the works on collecting information and accessing devices in bulk. This is expected in the summer.
Tweet from Lord Strasburger following the debate