Modern field guide to security and privacy

Opinion: Britain can't pwn the world

The draft Investigatory Powers Bill gives Britain the power to prohibit companies from providing truly secure online communications, thus undermining the Web. But no country should have the right to pwn – hacker speak for "own" – the Internet.

Toby Melville/Reuters

While many believe that the release of Hong Kong in 1984 marked the end of the British Empire, it seems Britain has now shifted to conquering cyberspace.

A provision that would give the British government a new empire on which the sun never sets – the Internet – is hiding in the country's draft Investigatory Powers Bill. 

The draft bill, expected to be introduced in Parliament early in 2016, renews and expands British authorities to conduct surveillance, including bulk surveillance. Several British and international digital rights groups, including Access Now, have already provided comments to key committees on the broad scope of the draft bill as well as the lack of sufficient human rights protections and oversight therein.

A key section in the controversial surveillance bill is designed to allow the government to prohibit any company, anywhere in the world, from offering communications services in Britain that are protected by the strongest security. 

These obligations would apply to any "operator" that does business in Britain, which includes Internet businesses from across the globe. Specifically, these businesses could be banned from implementing end-to-end encryption – a form of encryption that protects against third-party access to private messages or transactions.

This is a threat to privacy and security across the globe.

All around the world, journalists, activists, and everyday people use end-to-end encryption to keep unauthorized parties – such as unfriendly governments, corrupt law enforcement, malicious hackers, would-be-blackmailers, thieves, or scammers – from accessing their private information. End-to-end encryption is mainly offered by companies committed to security and/or privacy. Silent Circle offers one end-to-end encrypted application. Signal has another. Apple's iMessage made it the default. And the list goes on.

Should the draft Investigatory Powers Bill become law in Britain, all of the companies that offer these services will have to make some hard decisions. Large companies that can afford it could build and maintain a totally different, and less secure, service for people who live there. But smaller companies would either have to cut off service to Britain altogether, or build in system vulnerabilities that negatively impact their users all around the world. Since the Internet is primarily made up of small companies and not high-profit empires, this would effectively allow the British government to impose their own standards on the rest of the world. The weak British security standard would become the de facto standard for most companies. The Internet would fall at the feet of one government.

Even more troubling, it may not be only one government for long. In the US, members of Congress and the US intelligence community have been talking about implementing similar authorities. Already, China has taken lessons from Britain and the US on surveillance and passed a law to mandate "decryption technical assistance," requiring that companies retain access to all user content. Without pushback from the public, India, France, and other countries may also take steps this year to weaken encryption. And other countries with different approaches for undermining security may further complicate an already complicated issue.

The result could be the irreversible rotting out of the basic services we have come to rely on in our everyday lives: services for banking, shopping, messaging, and social networking. Dangerously, passing antiencryption laws could give other countries justification to go even further, passing laws like mandatory data localization that would do additional damage to the foundation for the modern Internet. Broken up and riddled with security holes, the systems we have come to rely upon could ultimately collapse.

And for what? No government is going to be able to get rid of all end-to-end encrypted services. These services would still be available to those with the know-how and the funding to develop or procure them. Criminals would likely be the first to root out other ways to prevent authorities from accessing their communications. Instead of targeting and taking out the bad guys, these antiencryption laws would have a disproportionate negative impact on innocent users – people like you and me who just want to make sure that our private information stays private.

We can no longer sit idle while our governments wage war against the Internet and the innocent people who use it. It's time to wake up to the cybersecurity threat of what’s been called "cyber colonialism." Countries can – and should – take preventive measures to secure the Internet by passing laws to protect the development, production, and use of strong encryption. They should also disavow future legislation to mandate backdoors or any other requirements to weaken our security. We can start in the US, where many Internet companies are based.

As Britain's own Sir Tim Berners-Lee rightly argues, practices that target encryption would undermine the World Wide Web. No government, including Britain's, should have the power to pwn the Internet, and destroy it in the process.

Amie Stepanovich is the US policy manager for Access. Follow her on Twitter @astepanovich.

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.