- Encrypted Messaging Developers May Be Considered Hostile Actors in the UK
- Independent review of national security law warns of overreach
- Encryption repeatedly targeted by UK lawmakers
App developers that use end-to-end encryption to protect private communications could be considered hostile actors in the UK.
That’s the stark warning from Jonathan Hall KC, independent reviewer of state threat legislation and independent reviewer of the government’s terrorism legislation, in a new report on national security laws.
In his independent review of the Border Security and Counterterrorism Act and the recently implemented Homeland Security Act, Hall KC highlights the incredibly broad scope of powers granted to authorities.
It warns that developers of apps like Signal and WhatsApp could technically fall within the legal definition of “hostile activity” simply because their technology “makes[s] “It will make it more difficult for UK security and intelligence agencies to monitor communications.”
He writes: “It is a reasonable assumption that this would be in the interest of a foreign state, even if the foreign state has never contemplated this potential advantage.”
The report also notes that journalists who “carry confidential information” or material “that is personally embarrassing to the Prime Minister on the eve of important treaty negotiations” could face similar scrutiny.
While it remains to be seen how this report will influence future amendments, it comes at a time of growing pressure from lawmakers against encryption.
Encryption under siege
While the report’s blunt wording may be surprising, it does not exist in a vacuum. Encrypted apps are increasingly in the crosshairs of UK lawmakers, with several laws targeting the technology.
Notably, Apple received a technical capability notice under the Investigatory Powers Act (IPA) requiring it to weaken the encryption that protects iCloud data. That legal standoff led the tech giant to disable its Advanced Data Protection rather than create a backdoor.
The Online Safety Act is already well known for its controversial age verification requirements. However, its most controversial provisions have not yet been fully implemented and experts fear they could further undermine encryption.
On Monday, Parliament debated the law following a petition calling for its repeal. However, rather than reversing the law, MPs pushed for stricter enforcement. During the discussion, lawmakers specifically called for a review of other encrypted tools, such as the best VPNs.
The potential risks of the law’s tougher stance on encryption were only briefly mentioned during the discussion, suggesting a stark disconnect between parliamentarians and security experts.
Olivier Crépin-Leblond of the Internet Society told TechRadar that he was disappointed by the outcome of the debate. “As far as client-side scanning (CSS) is concerned, most felt that this could be one of the ‘easy tech solutions’ that could help authorities greatly, especially when they showed their frustration over Facebook’s end-to-end encryption,” he said.
“There is clearly no understanding that such software could fall victim to hackers.”
It is clear that for many legislators encryption is seen primarily as an obstacle to law enforcement. This contrasts sharply with the opinion of digital rights experts, who emphasize that technology is vital to protect privacy and security in an online landscape where cyberattacks are increasing.
“The government points to end-to-end encryption as a threat, but what they don’t take into account is that breaking it would also be a threat to our national security,” Jemimah Steinfeld, executive director of Index on Censorship, told TechRadar.
He also added that this ignores the vital role of encryption for dissidents, journalists and victims of domestic abuse, “not to mention the general population who must be provided with basic privacy.”
With the battle lines drawn, we can expect a challenging year for services like Signal and WhatsApp. Both companies have previously pledged to leave the UK market rather than compromise the privacy and security of their users.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
