As the UK election campaign heats up, political parties are uniting behind a dangerous expansion of online surveillance.
Messaging apps could be significantly less secure (and some could disappear completely), and the blame lies with Westminster. Parliament is finalizing a series of proposed amendments to the Investigatory Powers Act 2016, the core law governing the UK government's surveillance of citizens' electronic communications. Supporters argue that the amendments are necessary to keep people safe, while opponents say they risk seriously undermining online privacy. To make matters worse, tech companies may struggle to comply with the new rules and could be forced to cease operating in the UK.
These changes have generated little public or political debate and are not expected to affect the current election campaign, which has the support of both the Conservative government and the opposition Labour Party.
That's a shame: after leaving the EU, Britain has positioned itself as a tech leader, embracing innovation and promising to be less regulated than the EU, but instead risks introducing some of the strictest online surveillance rules of any Western democracy.
The revised Investigatory Powers Act would allow the government to tell tech companies to delay or stop “relevant changes” – updates to product features that weaken law enforcement's investigative powers. To ensure features don't slip through the cracks, the Home Office could require tech companies to notify them before making changes to their products.
Stay up to date
Sign up to receive regular emails and keep up to date on CEPA activities.
In practice, such permissions would likely be used to block new security features that could disable existing surveillance technology, which would not only stifle innovation in the technology sector, but would also have dire consequences for ordinary people using products that are not authorized for the release of these features, making them more vulnerable to malicious actors.
Technology companies are also concerned about clashes with other regulatory regimes. In the UK, the requirements of the new Investigatory Powers Act could clash with UK privacy rules, which require companies to “implement appropriate technical and organisational measures (such as encryption) to ensure a level of security commensurate with the risk.”
While oversight and domestic disputes are troubling, the bigger danger is disputes with other jurisdictions. If EU regulators tell multinationals to make “relevant changes”, UK law would forbid them from doing so, and forbid them from telling the EU why they can't make them. Companies would have to decide which jurisdictions they won't comply with, almost certainly leaving all parties unhappy. It would be impossible to work out a solution that works for all involved, since even telling other countries about changes the UK has imposed would be illegal. And because the UK insists that the Home Office's regressive security impediments should apply worldwide, disputes with friends and allies would inevitably arise.
If this sounds unsettling to you, I agree! It could cause enough concern and hardship for companies that they may decide the easiest solution is to just stop offering their services in the UK. Popular apps such as Signal and WhatsApp have already said they would pull out of the UK if they were told to stop encrypting their messages. Despite the dangers, Westminster seems content to press ahead, risking the digital security of millions of Britons in the process.
Heather West is a non-resident senior fellow at CEPA and senior director of cybersecurity and privacy services at the Venable law firm in Washington. She has degrees in both computer science and cognitive science and focuses on data governance, data security, artificial intelligence, and privacy in the digital age.
Bandwidth is CEPA's online journal dedicated to promoting transatlantic cooperation on technology policy. All opinions are those of the authors and do not necessarily represent the position or views of the institutions they represent or of the Centre for European Policy Analysis.
Read more about bandwidth
CEPA's online journal dedicated to promoting transatlantic cooperation on technology policy.
read more
Source link
