New UK Law to Forbid Apple & Google from Creating Encryption that Can't be Opened for Law Enforcement or Spy Agencies
If you've been following the DOJ's case against Apple over unlocking an iPhone 5s, it almost looks like Apple at times might be able to stave off the government's demands. We reported on a new twist this past weekend where Judge James Orenstein wrote: "In light of the fact that the defendant against whom evidence from the subject telephone was to be used has pleaded guilty, I respectfully direct the government to explain why the application is not moot. To the extent the response requires the disclosure of information occurring before a grand jury, the government may file its response under seal, along with a redacted version suitable for public access." While we await that showdown that should take this week in court, the UK Government is preparing to introduce a new law that wouldn't allow the likes of Apple or Google to offer encryption so advanced that even they cannot decipher it when asked to.
Officially, measures in the new Investigatory Powers Bill will place in law a requirement on tech firms and service providers to be able to provide unencrypted communications to the police or spy agencies if requested through a warrant.
The move follows concerns that a growing number of encryption services are now completely inaccessible apart from to the users themselves. It came as David Cameron, the Prime Minister, pleaded with the public and MPs to back his raft of new surveillance measures. He said terrorists, pedophiles and criminals must not be allowed a "safe space" online.
Ministers have no plans to ban encryption services because they have an important role in the protection of legitimate online activity such as banking and personal data.
But there is concern over some aspects of so-called end-to-end encryption where only the sender and recipient of messages can decipher them. Terrorists and criminals are increasingly using such technology to communicate beyond the reach of MI5 or the police.
With the UK being the first to introduce such a cybersecurity bill, will the U.S. be next to table such legislation? Keep in mind that the U.K. didn't have to deal with companies that created the operating systems that rule the world such as iOS, OS X, Android and Windows. So the fight in the U.K can't be compared to that of the U.S. But I'm sure that the DOJ and other government agencies are going to applaud the new UK law when it goes into action this week and begin a new leg in their battle against the likes of Apple and others.
The bottom line is that this fight is far from over in the U.S. – but the pressure will be on to create universal cybersecurity laws to fight terrorism and other high danger crime around the globe, so stay tuned. For more on this, see the full Telegraph report here.