I bitch about the surveillance state here in the United States but even it has nothing on mum. The United Kingdom (UK) has pretty much become a real life panopticon. This week alone the UK has proposed two major expansions to Big Brother’s gaze. The first proposal is to ban companies from using effective encryption:
Internet and social media companies will be banned from putting customer communications beyond their own reach under new laws to be unveiled on Wednesday.
Companies such as Apple, Google and others will no longer be able to offer encryption so advanced that even they cannot decipher it when asked to, the Daily Telegraph can disclose.
Measures in the Investigatory Powers Bill will place in law a requirement on tech firms and service providers to be able to provide unencrypted communications to the police or spy agencies if requested through a warrant.
The only way to comply with such a restriction is to put their users’ data at risk. If one unauthorized party can access encrypted data then any unauthorized party potentially can. Weaknesses in cryptographic systems aren’t selective. If, for example, you have a special law enforcement key that all user data is encrypted with anybody who obtains that key will be able to gain access to every user’s data. You turn the system form one where a very limited amount of data can be nabbed if any single key is compromised to one where all data can be nabbed if one of the keys is compromised.
But that’s not all. The UK is also proposing to require all Internet Service Providers (ISP) to keep records on their customer’s Internet usage for one year:
On Wednesday, the UK’s Home Secretary Theresa May announced the Draft Investigatory Powers Bill, which, if made into law, will force internet service providers to retain the web browsing history of every customer for up to one year. Those records can then be requested by law enforcement.
These two proposals would complement each other well. The first one gives law enforcement unfettered access to user data and the second one ensures data continues to exist for one year. Of course the second proposal pushes notable costs onto ISPs because storing that much data for so long isn’t free. But I very much doubt the UK government cares about such things.
More and more it’s obviously why 1984 took place in London. I won’t be surprised if (I should probably say when) a law is proposed in the UK that makes it a criminal offense to utilize strong cryptographic tools like Tor, PGP, OTR, etc.