New battle in ‘Crypto Wars’ heating up in wake of Manchester attack
Another round of the encryption policy debate, spurred on by the investigation into “a network” of terrorists in Monday night’s bombing in Manchester, is underway with European leaders threatening to pass further laws that would allow governments increased access to data regardless of the security that sits on devices.
A report Tuesday from The Sun predicts the U.K. government will implement increased backdoor powers immediately after the upcoming June 8 election. The reported new powers, which will impact companies with over 10,000 customers, have been in the making for over a month.
“We will do this as soon as we can after the election, as long as we get back in,” one government minister told The Sun. “The level of threat clearly proves there is no more time to waste now. The social media companies have been laughing in our faces for too long.”
The latest European flare up in the encryption debate closely echoes last year’s fight in the U.S., which came following the deadly 2015 attacks in San Bernardino, California. The FBI and Apple entered a very public fight about accessing the attacker’s iPhone. The debate ended once the FBI paid a third party to bypass the phone’s security measures.
The European Union is currently holding formal talks on encryption according to Bijan Madhani, senior policy counsel at the Computer Communications Industry Association, an industry group whose members include large companies like Google and Facebook.
In March, Luigi Soreca, director for internal security at the European Commission, said during a panel in Washington, D.C. that any encryption policy talks are part of a wider tech-based conversation.
“There are options being assessed,” Soreca said at George Washington University. “Some talk about lawful interception 2.0 to make sure some instruments are made available, or lawful hacking in specific cases under judicial order and judicial oversight.”
More and more, the encryption debate is seen as one part of a larger puzzle about law enforcement and intelligence agencies operate in the 21st century. One of the puzzle’s most prominent pieces is government efforts aimed at breaking into smartphones, desktop computers and any device where targeted data is held without the need to mandate encryption backdoors. As a result, governments around the world are pouring resources into hacking capabilities.
Politicians from the United Kingdom, France, Germany, Russia, among others, have either called for or created mandates for backdoors into encrypted data. The U.K.’s Investigatory Powers Act of 2016, for example, granted government the power to force tech firms to remove encryption if the government wants to access data.
“One of the things the U.K. bill does is what may be an authorization to command companies to either not include encryption or to modify in some way the encryption they use in their products,” said Ross Schulman, the co-director of the cybersecurity initiative at New America’s Open Technology Institute. “There is some debate about the actual extent of the powers. It’s not entirely clear how far some of the escape hatches extend.”
Questions exist about language in the bill potentially providing for exceptions on the grounds of technical feasibility and reasonableness, grounds that companies like Apple, Google or Facebook could fight.
“We definitely don’t know the scope of that law at the moment,” Schulman said. “It’s entirely likely that any back and forth over the scope of that law will happen under the cover of secrecy such that we may not ever know what the result of it is.”