Plans to seize encryption keys from crime suspects will leave them vulnerable to theft and misuse
Government snooping plans will cost the taxpayer "hundreds of millions" of pounds, according to a report published on Monday.
Under powers proposed in the Regulation of Investigatory Powers (RIP) bill -- currently going through Parliament -- law enforcers can seize encryption keys from anyone suspected of criminal activity. Failure to hand over such keys could result in a two-year prison sentence.
The report -- commissioned by the Foundation for Information Policy Research (FIPR) and written by encryption expert Dr Brian Gladman -- claims the government has woefully miscalculated the cost and complexity of safe-guarding public encryption keys.
According to Gladman, the government hasn't planned where it will keep seized keys, which will leave individual's encryption keys vulnerable to theft and misuse, and also present a huge bill to taxpayers. "It will be measured in hundreds of millions of pounds," he warns.
"The government knows the importance of protecting keys, and yet it has chosen to keep Parliament in the dark," he says. "It is hard not to conclude that this is a desperate attempt to prevent an unworkable policy from collapsing under the weight of its own incompetence."
The Home Office rejects the questions raised by the report, asserting that the potential security risks and costs have been exaggerated. "We would dismiss this," a spokesman says. "In cases that do require a key, this would be offered the highest level of protection. We would also dismiss the claims about the costs." He could offer no details on how the government intends to store keys and how much this will cost.
Civil liberty experts remain appalled by the bill. The director of FIPR, Caspar Bowden, thinks the government has not done its homework. "Either the Home Office has completely overlooked the issue of technical security for keys seized by a multitude of public authorities, or Parliament is being hopelessly misled about the costs of implementation," he says.
Solicitor Nicholas Bohm believes the system threatens privacy and security. "The government evidently thinks that it will be satisfactory for anyone with a seized key -- from a policeman to a trading standards officer -- to lock a floppy disk away in the top drawer of their desk," he says.