- Developers of encrypted messages may be considered hostile actors in the UK
- An independent review of national security legislation warns of overreach
- Encryption repeatedly targeted by UK lawmakers
Developers of apps that use end-to-end encryption to protect private communications may be considered hostile actors in the UK.
That’s the stark warning from Jonathan Hall KC, the government’s independent reviewer of state threat legislation and independent reviewer of terrorism legislation, in a new report on national security laws.
In his independent review of the Counter-Terrorism and Border Security Act and the recently implemented National Security Act, Hall KC highlights the incredibly broad scope of powers given to authorities.
He warns that developers of apps like Signal and WhatsApp could technically fall within the legal definition of “hostile activity” simply because their technology “makes[s] It is more difficult for British security and intelligence services to monitor communications.”
He writes: “It is a reasonable assumption that this would be in the interest of a foreign state, even if the foreign state has never considered this potential benefit.”
The report also notes that journalists who “carry confidential information” or material “personally embarrassing to the prime minister on the eve of key treaty negotiations” could face similar investigations.
While it remains to be seen how this report will influence future changes, it comes at a time of increasing pressure from lawmakers against encryption.
Encryption under siege
While the report’s strong wording may come as a shock, it does not exist in a vacuum. Encrypted apps are increasingly in the crosshairs of UK lawmakers, with several pieces of legislation targeting the technology.
Most notably, Apple was served with a Technical Capability Notice under the Investigatory Powers Act (IPA) requiring it to weaken the encryption that protects iCloud data. The legal standoff prompted the tech giant to disable its advanced data protection instead of creating a backdoor.
The Online Safety Act is already known for its controversial age verification requirements. However, its most contentious provisions have yet to be fully implemented, and experts fear that these could undermine encryption even further.
On Monday, parliament debated the law following a petition calling for its repeal. Instead of rolling back the law, MPs pushed for stricter enforcement. During the discussion, lawmakers specifically called for a review of other encryption tools, like the best VPNs.
The potential risks of the law’s tougher stance on encryption were only briefly mentioned during the discussion, suggesting a sharp disconnect between MPs and security experts.
Olivier Crépin-Leblond, of the Internet Society, told TechRadar that he was disappointed with the outcome of the debate. “When it came to Client Side Scanning (CSS), most people felt that this could be one of those ‘light technology fixes’ that could help law enforcement greatly, especially when they showed their frustration with Facebook’s rolling end-to-end encryption,” he said.
“It is clearly not understood that such software can fall prey to hackers.”
Clearly, for many lawmakers, encryption is seen primarily as a hindrance to law enforcement. This is in stark contrast to the view of digital rights experts, who stress that technology is essential to protecting privacy and security in an online landscape where cyber attacks are on the rise.
“The government marks end-to-end encryption as a threat, but what they fail to consider is that breaking it would also be a threat to our national security,” Jemimah Steinfeld, CEO of Index on Censorship, told TechRadar.
She also added that this ignores the vital role of encryption for dissidents, journalists and victims of domestic violence, “not to mention the general population who should have basic privacy.”
With the battle lines drawn, we can expect a challenging year ahead for services like Signal and WhatsApp. Both companies have previously promised to exit the UK market rather than compromise their users’ privacy and security.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
