UK plans to ban end-to-end encryption
It became known that the new government of Great Britain plans to tackle the issues of encryption on the Web again. The parliament will consider a regulatory act that will oblige social networks and communication service providers to provide decrypted data to government organizations upon request. / Flickr / Kārlis Dambrāns / CC
Messengers, such as Facebook Messenger, WhatsApp platform, iMessage, fall under the law. But there is a problem, which is that companies using e2e encryption to protect user information cannot provide the government-desired data in an accessible form, since they do not have the keys necessary for decryption.
WhatsApp representatives have so far refused
comment on the situation. Apple declined to comment. But Apple is known for its user data protection policy when it did not provide access to US intelligence services to locked iPhone.
The technical details of implementing data access are also unclear. One of the scenarios considered is to oblige companies to embed backdoors for e2e encryption or to implement various kinds of vulnerabilities. However, according to representatives of the ministry, the government refused this scenario . To some extent, this was facilitated by the Keys Under Doormats technical report from academic experts professionally involved in information security issues.
It noted that exclusive access to user data is impossible without the appearance of unacceptable security risks. Here is one of the key paragraphs of the conclusion:
In connection with this, the most likely outcome seems to be the option when social platforms are offered to refrain from using complex encryption methods. In addition, this option has already been discussed last year.
“Apparently, the law will oblige providers to provide encryption that can be hacked - that is, end-to-end encryption,” MP Paul Strasburger commented on this situation.
Perhaps many services operating in the UK will have to remove the words “end-to-end encryption” from marketing materials. In any case, a vote on this issue will be held after June 8, when the new British government officially takes office.
PS A few more materials on the topic from our blog:
comment on the situation. Apple declined to comment. But Apple is known for its user data protection policy when it did not provide access to US intelligence services to locked iPhone.
The technical details of implementing data access are also unclear. One of the scenarios considered is to oblige companies to embed backdoors for e2e encryption or to implement various kinds of vulnerabilities. However, according to representatives of the ministry, the government refused this scenario . To some extent, this was facilitated by the Keys Under Doormats technical report from academic experts professionally involved in information security issues.
It noted that exclusive access to user data is impossible without the appearance of unacceptable security risks. Here is one of the key paragraphs of the conclusion:
“In this case, you will have to compromise on security issues, since it is impossible to guarantee access of state agencies to data without creating a threat of hacking by intruders. Moreover, organizing access for different law enforcement agencies in several countries is an incredibly difficult task for an international company. ”
In connection with this, the most likely outcome seems to be the option when social platforms are offered to refrain from using complex encryption methods. In addition, this option has already been discussed last year.
“Apparently, the law will oblige providers to provide encryption that can be hacked - that is, end-to-end encryption,” MP Paul Strasburger commented on this situation.
Perhaps many services operating in the UK will have to remove the words “end-to-end encryption” from marketing materials. In any case, a vote on this issue will be held after June 8, when the new British government officially takes office.
PS A few more materials on the topic from our blog:
- SD-WAN as a competitor to traditional MPLS
- Interview with Maxim Khizhinsky - C ++ DPI System Developer
- How to securely share passwords on your network
- Professor Guillermo Francia on the cybersecurity of national infrastructure
- SCAT DPI vs Cisco SCE 8000
- What will happen to Internet providers after July 1, 2018