In Investigatory Powers Bill: technology issues, the UK Parliament's Science and Technology select committee takes the government to task for its signature mass surveillance law, the "Snoopers Charter" whose provisions are so broad and vague that companies can't figure out how much of their customers' data they're supposed to be storing, and whether they're meant to be backdooring all the crypto they distribute.
The draft Bill says that tech companies may be obligated to remove "electronic protection" from any communications or data. That sounds a lot like telling companies to decrypt their customers' communication, but this might not always be technically feasible due to the increased roll-out of end-to-end encryption. In this case, it is customers' devices that hold the keys for decrypting data, and not the companies themselves.
"The Government should clarify and state clearly in the Codes of Practice [which will be published alongside the Bill itself] that it will not be seeking unencrypted content in such cases, in line with the way existing legislation is currently applied," the committee said.
"The evidence we heard suggests there are still many unanswered questions about how this legislation will work in the fast evolving world of communications technology," Blackwood continued. "There are good grounds to believe that without further refinement, there could be many unintended consequences for commerce arising from the current lack of clarity of the terms and scope of the legislation. The final version of the Bill will have to address this if it is [to] provide future-proofed legislation."
Investigatory Powers Bill: technology issues, [Science and Technology Select Committee/House of Commons]
Tech Firms Are Unclear on New UK Surveillance Laws, Warns Government Committee
[Joseph Cox/Motherboard]
