On encryption, the UK sets a collision course with Europe

End-to-end encryption is still seen as a danger by British politicians but as a useful protection by Europeans.

Is encryption a threat to law and order, or an essential tool for staying secure online? Two events this week show how much disagreement there still is about it.

First, at a meeting at the Conservative party conference earlier this week the UK's home secretary Amber Rudd said technology experts had been "patronising" and "sneering" at politicians who try to regulate their industry.

She said: "I don't need to understand how encryption works to understand how it's helping -- end-to-end encryption -- the criminals." She went on: "I will engage with the security services to find the best way to combat that."

Her comments are in line with those from Conservative politicians over the past few years, who have regularly made loud noises about limiting access to encryption, and have indeed introduced legislation to limit its usage.

Their argument is that end-to-end encrypted messages, which can only be read by the sender and the recipient, are allowing crooks to plot crimes in a way that police cannot monitor.

Image: iStockphoto

And while the government has also said it doesn't want to ban the use of encryption, or force companies to install 'backdoors' that police can use to snoop on conversations, there is no obvious way to weaken end-to-end encryption without breaking it, making this an intriguing class of mathematics and politics.

The UK's recent Investigatory Powers Act legislation requires tech companies based in the UK to be able to remove any encryption they use to protect their customers' communications when asked to by the authorities.

But the law only applies to companies operating out of the UK, and it's very unclear what effect it will have on the big tech companies based in the US, like Apple or WhatsApp, which use end-to-end encryption to protect the messages sent by their customers.

However, as the UK continues to call for ways to crack down on the use of end-to-end encryption, politicians in Europe are doing exactly the opposite.

Just days after Rudd's comments, the European Parliament passed a resolution warning that more must be done to prevent cyberattacks and that individuals and businesses remain at risk because of a lack of knowledge and resources.

It called on member states to promote practical security measures such as encryption and warned governments not to "impose any obligation on encryption providers that would result in the weakening or compromising of the security of their networks or services, such as the creation or facilitation of 'back doors'".

That's not all: back in July the European Parliament published a draft of a report on electronic communications which also urged the use of strong encryption.

It said tech companies should make sure they can protect customers' communications from unauthorised access or alterations, and that the confidentiality is "guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data".

It goes on: "Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services."

The final version of the document is due later this month and, according to one report, Europe is not likely to water down its stance on encryption.

The increasing use of end-to-end encryption does make it harder for police to monitor plotters, that's for sure. But they also still have plenty of ways to access communications.

Most smartphones and PCs are far from secure, which means in many cases police will be able to hack into them and access communications before they are scrambled with encryption. In the UK, police and intelligence agencies already have this power.

That seems to be a much more proportionate and targeted way of accessing data than by banning end-to-end encryption and obliging everyone to communicate in a less secure way, leaving them at greater risk of criminals and fraudsters and nation state-backed hackers.

It's not clear how this issue is going to be resolved: the UK is unlikely to make much headway in limiting the use of encryption while the rest of Europe's political class is in favour of it.



Southwest Airlines has cancelled 20,000 flights. Now for the really bad news

Southwest Airlines has cancelled 20,000 flights. Now for the really bad news

How to stop spam messages on your iPhone with this almost-secret hidden switch

How to stop spam messages on your iPhone with this almost-secret hidden switch

How to clean any flat screen TV or monitor

How to clean any flat screen TV or monitor