Tuesday, November 10, 2015
Does the Surveillance Bill pose a threat to our internet security?
The Guardian has an interesting postscript to this piece by Simon Jenkins, which I blogged about a few days ago in which they quote Apple’s chief executive, Tim Cook and his warning that allowing spies a backdoor route into citizens’ communications could have “very dire consequences”.
Mr. Cook has questioning a key element of the draft investigatory powers bill, which places a new legal obligation on companies to assist in these operations to bypass encryption. He says that companies have to be able to encrypt in order to protect people and that halting or weakening encryption will hurt “the good people” rather than those who want to do bad things, and who “know where to go”:
“You can just look around and see all the data breaches that are going on. These things are becoming more frequent,” Cook told the Daily Telegraph. “They can not only result in privacy breaches but also security issues. We believe very strongly in end-to-end encryption and no back doors. We don’t think people want us to read their messages. We don’t feel we have the right to read their emails.
“Any back door is a back door for everyone. Everybody wants to crack down on terrorists. Everybody wants to be secure. The question is how. Opening a back door can have very dire consequences.”
The Bill allows the police and security authorities to access records tracking every UK citizen’s use of the internet without any judicial check. It includes new powers requiring internet and phone companies to keep “internet connection records” – which track every website visited but not every page – for a maximum of 12 months but will not require a warrant for the police, security services or other bodies to access the data.
However, Cook's warning that you cannot weaken cryptography but need to strengthen it to stay ahead of those that want to break it is well worth listening to.
Mr. Cook has questioning a key element of the draft investigatory powers bill, which places a new legal obligation on companies to assist in these operations to bypass encryption. He says that companies have to be able to encrypt in order to protect people and that halting or weakening encryption will hurt “the good people” rather than those who want to do bad things, and who “know where to go”:
“You can just look around and see all the data breaches that are going on. These things are becoming more frequent,” Cook told the Daily Telegraph. “They can not only result in privacy breaches but also security issues. We believe very strongly in end-to-end encryption and no back doors. We don’t think people want us to read their messages. We don’t feel we have the right to read their emails.
“Any back door is a back door for everyone. Everybody wants to crack down on terrorists. Everybody wants to be secure. The question is how. Opening a back door can have very dire consequences.”
The Bill allows the police and security authorities to access records tracking every UK citizen’s use of the internet without any judicial check. It includes new powers requiring internet and phone companies to keep “internet connection records” – which track every website visited but not every page – for a maximum of 12 months but will not require a warrant for the police, security services or other bodies to access the data.
However, Cook's warning that you cannot weaken cryptography but need to strengthen it to stay ahead of those that want to break it is well worth listening to.