Tuesday saw the first debate of the Investigatory Powers Bill in the House of Commons.
The debate raised some useful arguments, but many speeches avoided the key point: that the Bill would bring in a huge, unparalleled extension of surveillance powers that had never been debated by MPs before.
The Open Rights Group, ORG, will be proposing amendments to change the Bill. It's unfit for purpose at the moment, permitting and extending mass surveillance. We're particularly concerned about the lack of discussion of the filter which turns
retained data into a massive searchable police database of your location, phone and Internet data. We've delved into the significant new powers for the police below.
The debate on the Investigatory Powers Bill has focused a lot on the new extension to police powers, and the collection of Internet Connection Records to keep a log of everyone's web browsing. Critics like myself worry about the ability this
creates to see into everyone's most intimate thoughts and feelings; while proponents are prone to say that the police will never have time to look at irrelevant material about innocent people.
However, the really novel and threatening part of this proposal isn't being given anywhere near the level of attention needed.
The truly groundbreaking proposal is the filter , which could be seen as a government Google search to trawl your call records, Internet and location data. The filter is clearly named so that it sounds helpful, perhaps boring or else maybe
something that filters down information so that it is privacy friendly. It is anything but. It is so intrusive and worrying, I would rather you think of the Filter as the PHILTRE: the Police Held Internet Lets Them Read Everything.
Remember when these proposals started, back in the late 2000s, under the last Labour government? Maybe not, but that's how long Home Office officials have been trying to make this happen. Their original plan was to build a single database that would
store everything they could find about who you email, message and what you read?, and where you are, as logged by your mobile phone. Place all that information in a single searchable database and the dangers become obvious. So obvious that the
Conservative opposition was up in arms.
How on earth would you stop abuse, if all this information was placed into a single database? Surely, it would lead to fishing trips, or police searches to find lists of all the environmental protesters, trades unionists or libertarians, and to identify
who it is that seem to be their leaders? How would you stop the police from producing pre-arrest lists of miscreants before demonstrations, or from deciding to infiltrate certain public meetings? Indeed, who would be able to resist using the database
from working out who was at the location of relatively petty offenses, perhaps of littering or vandalism, or calculating who had been speeding by examining everyone's mobile phone location data.
So the current government does not want try to hoard everyone's data into a single database. Instead, they've come up with the PHILTRE, which can query lots of smaller, separate databases held by each private company. As this PHILTRE can be applied to
separate data stores, all at once, we are in effect back with a proposal for a single government database and all the same problems -- but in a way that government can claim that it is not a single government database .
But as long as the data can be queried and sorted in parallel, it becomes immensely powerful and just as intrusive. For instance, for a journalist to protect against revealing a whistleblower, they would need to avoid not just phoning them, but meeting
them while both were carrying their mobiles and creating matching location logs. All of the profiling and fishing expeditions are just as easily achievable.
Most worrying is the authorisation process. Police, agencies and tax authorities will continue to authorise their own access of our personal data, just as they do today with phone call records -- there's not a judge anywhere near the day to day use of
this search facility.
The Home Office is selling this Google-style search through the population's mind as a privacy enhancement. Only the relevant search results will be returned. Masses of irrelevant information about other people will not have to be given to officers. They
give the example of mobile phone mast data -- where the filter could cut the required information down to just that about the person you need to know about.
This might sometimes be true. But two things make me suspect this is a highly partial story. For one thing, the search engine can tell you about the kinds of things it thinks it might tell you -- perhaps social graphs, location histories, dodgy website
visits, organisations supported -- before you ask it. This is to educate and help police get the right information. It is also an invitation to make increasing use of the tool. If it is limited in its purpose, this seems an unnecessary step.
Secondly, there are no limits to what results the search engine might be asked to produce. Nothing for instance, says that only a single person or place can be searched against, so that only one person's contacts might be returned, or just the people at
a single crime scene. Thus the prospect of fishing trips is given no legislative limit. The only serious limit is that this information might be kept for no longer than 12 months.
For years privacy campaigners have been trying to explain how your web history and location data can be dangerous tools for personal and whole population surveillance. Now it seems the UK government wants to engage in a whole population experiment to
show us what it really means. Parliament, the courts, but most of all, you, can help stop them.
Myles Jackman who once described online pornography as the canary in the coalmine of free speech and is best known for his cutting edge practice in obscenity law and sexual freedom of expression, has been appointed as the Legal Director for Open
Myles was awarded the Law Society's Junior Lawyer of the Year award in 2012 having represented Michael Peacock and Simon Walsh in their landmark obscenity prosecutions, the #ObscenityTrial and the #PornTrial. He has campaigned for reform in this area,
accusing the legal system of being twenty years behind social values and technological change in the area of sexual freedom and privacy.
About his appointment, Myles said:
I am delighted to have been appointed as ORG's Legal Director, since their cutting edge campaigning work for digital freedom and against surveillance chimes perfectly with my personal privacy and freedom of expression agenda.
This is particularly timely given the passage of the current Investigatory Powers Bill with its authorisation for State-sponsored mass hacking and intrusion into individual privacy and personal freedom.
Executive Director Jim Killock said:
I am excited to announce this legal rock star signing. I hope that Myles' recognition outside the legal sphere will attract new supporters to ORG's campaign for digital rights and privacy.
The UK's investigatory powers bill receives its second reading on Tuesday. At present the draft law fails to meet international standards for surveillance powers. It requires significant revisions to do so.
First, a law that gives public authorities generalised access to electronic communications contents compromises the essence of the fundamental right to privacy and may be illegal. The investigatory powers bill does this with its bulk interception
warrants and bulk equipment interference warrants .
Second, international standards require that interception authorisations identify a specific target -- a person or premises -- for surveillance. The investigatory powers bill also fails this standard because it allows targeted interception warrants
to apply to groups or persons, organisations, or premises.
Third, those who authorise interceptions should be able to verify a reasonable suspicion on the basis of a factual case. The investigatory powers bill does not mention reasonable suspicion -- or even suspects -- and there is no need to
demonstrate criminal involvement or a threat to national security.
These are international standards found in judgments of the European court of justice and the European court of human rights, and in the recent opinion of the UN special rapporteur for the right to privacy. At present the bill fails to meet these
standards -- the law is unfit for purpose. The stories you need to read, in one handy email Read more
If the law is not fit for purpose, unnecessary and expensive litigation will follow, and further reform will be required. We urge members of the Commons and the Lords to ensure that the future investigatory powers legislation meets these international
standards. Such a law could lead the world.
Paul Ridge, Jaani Riordan, Patrick Roche, Deborah Russo, Adam Sandell, Joseph Savirimuthu, Anton Schutz, Dr Kirsteen Shields, Bethany Shiner, Gus Silverman, Natasha Simonsen, Martha Spurrier, Alison Stanley, Angela Stevens, Dr Sujitha Subramanian,
Samantha Taylor, Gwawr Thomas, Anna Thwaites, Chris Topping, Dr Maria Tzanou, Anthony Vaughan, Dr Asma Vranaki, John Wadham, Adam Wagner, Amos Waldman, Liam Walker, Tony Ward, Camille Warren, Sue Willman, Dr Maggie Wykes, Adrienne Yong, Dr Alison Young,
Dr Hakeem O Yusuf, Dr Aldo Zammit Borda, Dr Reuven Ziegler, Dr Stephen J Murdoch University College London, Helen Mowatt, Imran Khan, Kemi Spector, Dr Gavin W Anderson University of Glasgow, Colin Murray Newcastle University, Aidan O’Donnell University
of Strathclyde, Professor Daniel Wilsher City University, Mikhil Karnik, Conor McCormick Queen’s University Belfast, Professor Valsamis Mitsilegas Queen Mary University of London, Graeme Hall, Christopher McCorkindale University of Strathclyde,
In Saturday's edition of the New York Times, Matt Apuzzo reports that the Department of Justice is locked in a prolonged standoff with WhatsApp. The government is frustrated by its lack of real-time access to messages protected by the company's
end-to-end encryption . The story may represent a disturbing preview of the next front in the FBI's war against encryption.
It appears that the Department of Justice is considering pursuing another, similarly dangerous legal attack on encryption. The fact that the government is even considering such an action proves that our worst fears were right.
This time they're targeting WhatsApp, the Facebook-owned messaging app which started adding strong end-to-end encryption in 2014 . According to the New York Times, the government has obtained a wiretap order, authorizing real time acquisition of the
WhatsApp messages (probably text chats rather than voice calls, but that's unclear at this stage) in an ongoing criminal investigation. WhatsApp is, of course, unable to provide decrypted text in response to the wiretap order, just as it was unable to
comply with a similar order by a Brazilian court earlier this month. The whole point of end-to-end encryption is that no one but the intended recipient of a message is able to decipher it.
From the New York Times' reporting, it looks like the government has so far only obtained an initial wiretap order--demanding WhatsApp to turn over message content it can't access. The Department of Justice has not yet decided whether to ask the court
for a follow-on order that would compel WhatsApp to decrypt the messages. Presumably, that second order would look similar to the San Bernardino order and direct WhatsApp to write code that would break its own encryption and allow it to provide plain
text in response to the wiretap order.
If the government decides to seek that second order against WhatsApp, it would almost certainly be grounded, not in the All Writs Act but in the technical assistance provision of the Wiretap Act . So while the result of the All Writs Act
litigation in San Bernardino wouldn't directly control the outcome of any Wiretap Act case against WhatsApp, courts apply similar tests in the two contexts. In both All Writs and Wiretap Act cases, courts evaluate whether compliance with an order would
constitute an undue burden. Therefore all the rather convincing arguments Apple has made in San Bernardino would be available to WhatsApp as well.
As of now, we're unable to find any additional publicly available information regarding the order against WhatsApp. The New York Times reports that, unlike in the San Bernardino case, the WhatsApp litigation is being kept under seal. We'll keep an eye
out for any additional documents, and will continue to blog as more becomes public. For now however, we applaud WhatsApp (and Facebook) for standing strong in the face of orders, whether Brazilian or American, to do the impossible or to compromise our
security for the sake of enabling click-of-the-mouse surveillance.
The Special Rapporteur on the right to privacy has heavily criticised the Investigatory Powers Bill in his first report to the Human Rights Council.
The report calls for disproportionate, privacy-intrusive measures such as bulk surveillance and bulk hacking as contemplated in the Investigatory Powers Bill [to] be outlawed rather than legitimised.
Jim Killock, Executive Director of Open Rights Group responded to the report's findings:
The Special Rapporteur's report is yet another damning criticism of the Investigatory Powers Bill. Not only does it call for the disproportionate powers in the Bill to be 'outlawed rather than legitimised', it points out that the Bill does not comply
with recent human rights rulings, which means it could be open to legal challenges.
The report also voices another serious concern -- that the impact of this extreme legislation will be felt around the world, and copied by other countries.
The Government cannot continue to ignore the overwhelming evidence that the IPB is a deeply flawed piece of legislation.
The Honorable John Holdren, Director of White House Office of Science and Technology Policy
The Honorable Susan Rice, United States National Security Advisor
The Honorable Jeffrey Zients, Director of the White House National Economic Council
RE: Civil Society Input on Human Rights and Civil Liberties Protections Online
Dear Mr. Holdren, Ms. Rice, and Mr. Zients,
The undersigned organizations recognize that the U.S. government faces complex security challenges, and we appreciate the role of a variety of stakeholders including technology companies. However, we are writing to you today because we believe that when
the government sits down with private sector entities to discuss the future of free expression and privacy online, civil liberties and human rights advocates need to be at the table, too.
Over the past year, technology companies have been under increasing pressure from a range of policymakers to weaken the security of their products and to aggressively monitor, censor, or report to the government users' communications, with the hope that
such steps will help to prevent or investigate acts of terrorism. This campaign to push the tech sector to police the Internet at the government's behest was recently highlighted by the White House's high-profile visit to Silicon Valley for a
confidential meeting with top tech company CEOs.
In international fora, the United States has consistently promoted a multi-stakeholder approach to decision-making concerning the Internet, an approach that includes not only government and corporate stakeholders, but civil society as well. As this
Administration has regularly asserted, when billions of people rely on the Internet to exercise their human rights to speak freely and communicate privately, it only makes sense that experts and advocates whose primary goal is to protect those rights be
included in discussions about the Internet's future. Such participation helps ensure that governments do not unduly pressure companies to take steps that would harm human rights, and where such pressure is applied, ensures that all stakeholders can
respond accordingly with appropriate evidence and objections, and a suggested path forward.
We are heartened that, based on reporting about the memos circulated to attendees of the recent Silicon Valley meeting, the Administration appears to recognize that there are serious questions raised by enlisting broad voluntary assistance from Internet
companies. The potential threat to human rights is especially acute because so-called U.S. counter-extremism
programs, while framed as not addressing a particular ideology or religion, currently overwhelmingly target Muslim and other marginalized communities and individuals.
However, the best ways to ensure that human rights are protected are:
First, for the Administration to engage in a dialogue with those civil society organizations that focus on the protection of human rights and civil liberties online, to the same extent that it is in dialogue with the Internet companies themselves, and to
provide to civil society any proposals provided to those companies; and
Second, for both the Administration and the companies to be as transparent as possible regarding the steps being taken in response to the government's requests, especially in regard to any changes in the security features of any products or services, or
any changes to policies or practices that determine what speech is censored or reported to the government.
Internet freedom begins at home. When the government sits down secretly with those companies that have practical control over a broad swath of public speech and private communication, and especially if and when those conversations lead to voluntary
surveillance or censorship measures that would be illegal or unconstitutional for the government to undertake itself, the consequences are truly global. The U.S. government may embolden abusive governments around the world to continue exerting pressure
on tech companies to assist in crackdowns on dissent and the targeting of human rights defenders. The U.S. could also set dangerous examples to ally governments who are likewise contemplating new counter extremism measures.
While the United States certainly faces complex national security risks, forfeiting human rights principles and the protections laid down in the Constitution is not the solution. Therefore we look forward to working with your team to ensure that as the
government and the Internet industry discuss how best to address the threats the U.S. faces, the rights of all people--both in the U.S. and around the world--are duly represented.
Julian Huppert is a Lecturer at the University of Cambridge. He was previously the Member of Parliament for Cambridge as a Liberal Democrat, serving as a member of the Home Affairs Select Committee.
Three parliamentary committees have now reported on the Home Secretary's draft Investigatory Powers Bill. All three
have raised major criticisms of both the powers proposed and the way they are set out.
The first was the report of the Science and Technology Committee
, on February 9th, which criticised the lack of clarity in the bill, and highlighted the need for integrity and security in online transactions.
Then we had the Intelligence and Security Committee, with the first report
from the new committee. Long derided as weak, too close to and too trusting of the agencies it was supposed to be overseeing, it caused ripples in the establishment with its short and to the point 15-page report.
In that report they savaged the bill, describing it as a "missed opportunity". They say that "the privacy protections are inconsistent and in our view need strengthening", and that some of the provisions -- equipment
interference, bulk personal data sets, and communications data -- "are too broad and lack sufficient clarity". The proposals around communications data are described as "inconsistent and largely incomprehensible".
Their criticisms are so deep that they express specific concern that it may not be possible to fix the bill by the end of 2016, and suggest the Home Office make sure to take the time to get it right. They say "the draft Bill has perhaps
suffered from a lack of sufficient time and preparation and it is important that this lesson is learned prior to introduction of the new legislation." Given that aspects of this legislation were claimed to be ready to be passed into law in
2012, this is utterly damning.
The largest report was that of the Joint Committee set up specifically to examine this bill, released this morning, February 11th. Whereas the one set up to consider the 2012 draft Communications Data Bill, on which I served, was chaired by the
independently minded Lord Blencathra, this one was chaired by a former chair of the Intelligence and Security Committee (from its rather more cosy and quiescent days), Lord Murphy. They also had a very abridged timetable, and say on numerous
occasions that they simply didn't have the time to properly analyse important sections of the legislation.
Despite this, the 182-page report contains some heavy criticism of the bill, in many cases calling on the government to address criticisms or change the legislation, and they specifically call for some powers to be removed from the bill. In
a rather derisory remark, they say of the Home Office that:
We recommend that more effort should be made to reflect not only the policy aims but also the practical realities of how the internet works on a technical level.
This is the Home Office's third effort to get legislation in this area correct. The first effort was slated by a Joint Committee, and the replacement that was then drawn up was not deemed to be good enough even to present to parliament. This third
version has now faced a triple whammy of criticism, and it is now clear that the Home Office will have to make substantial changes if it wants to get legislation through.
I hope the Home Office will listen to the criticism, especially from the ISC, and produce a better bill for parliament. If they do, we can be in a better place than the one we have now, where RIPA and other obscure legislation gives widespread
uncodified powers in ways that were never intended. If not, I foresee a rocky road for them in parliament, and many embarrassing defeats.
If the Home Office get this right, we can benefit from both better security and better protection for privacy. If they refuse to listen, they have the power to worsen both.
The House of Commons Science and Tech Committee has published its report on the draft Investigatory
Powers Bill, influenced by comments submitted by 50 individuals, companies, and organizations, including EFF. The report is the first of three investigations by different Parliamentary committees. While it was intended to concentrate on the
technological and business ramifications of the bill, their conclusions reflect the key concern of lawmakers, companies, and human rights groups about the bill's dangerously vague wording.
The Investigatory Powers Bill, as written, is so vague as to permit a vast range of surveillance actions, with profoundly insufficient oversight or insight into what Britain's intelligence, military and police intend to do with their powers. It
is, in effect, a carefully-crafted loophole wide enough to drive all of existing mass surveillance practice through. Or, in the words of Richard Clayton, Director of the Cambridge Cloud Cybercrime Centre at the University of Cambridge, in his
submissions to the committee: the present bill forbids almost nothing ... and hides radical new capabilities behind pages of obscuring detail.
The bill is 192 pages long, excluding over 60 pages of explanatory notes. Our comments to the committee focused on just one aspect of the bill, what they call equipment interference. Despite our emphasis on just one small part of the bill,
our analysis revealed multiple ambiguities and broad new powers that would allow the security and intelligence agencies, law enforcement and the armed forces, to target electronic equipment such as computers and smartphones in order to obtain
data, including communications content. The bill also provides for the UK government to compel companies and individuals to comply with its surveillance demands, including those located outside Britain, and to bar companies from revealing that
they were the subject of such demands. As the committee says in its conclusions, We believe the industry case regarding public fear about 'equipment interference' is well founded.
The bill also includes a new mandate for data retention whose breadth is similarly ambiguous. Terms like internet connection records, telecommunications service, relevant communications data, communications content, technical feasibility,
and reasonable practicable were all criticized in the report for their vague and overbroad use. The government's excuse is that it wants to create a future-proof bill, but loose language is bad for businesses trying to understand
what obligations they are under. And it's certainly bad for civil liberties when governments exploit those ambiguities to obtain or hold onto new powers.
The details of these definitions and safeguards surrounding them should not be punted into secondary legislation. As the committee notes, a disturbing degree of detail about the Investigatory Powers Bill is deferred to future Codes of Practice.
We've been down this road before in the UK. IPB's predecessor, the Regulation of Investigatory Powers Act (2000) also placed its devilish details into future statutory instruments, which were often slipped past Parliamentarians with little warning
or debate. The result was years of expansion of RIPA powers, to the point where powers originally intended for the intelligence services were delegated to over four hundred public bodies. Even the head of MI5 , Lady Manningham-Buller, who lobbied
for the RIPA powers, was shocked by the eventual overreach:
I can remember being astonished to read that organizations such as the Milk Marketing Board, and whatever the equivalent is for eggs, would have access to some of the techniques. On the principle governing the use of intrusive techniques which
invade people's privacy, there should be clarity in the law as to what is permitted and they should be used only in cases where the threat justified them and their use was proportionate.
This is why, as the committee says, it is essential that this timetable does not slip and that the Codes of Practice are indeed published alongside the Bill so they can be fully scrutinized and debated.
We would go further: EFF believes that a productive discussion around the Investigatory Powers Bill can only begin once all the cards are on the table. The UK government needs to answer all the questions raised by the committee, including those
currently postponed to Codes of Practice, and embed those answers in a revised bill, which can then be more seriously considered, or it's destined for a future of abuse followed by dismantlement in the courts.
The series of successful challenges in the UK and EU against previous surveillance law and practice shows that vague and unbounded language cannot survive a serious challenge in the courts. If the UK government wants its surveillance rules to
stand the test of time, it needs to build them on a firm foundation of clarity, necessity, and proportionality.
An open letter to the leaders of the world's governments SIGNED by organizations, companies, and individuals:
We encourage you to support the safety and security of users, companies, and governments by strengthening the integrity of communications and systems. In doing so, governments should reject laws, policies, or other mandates or
practices, including secret agreements with companies, that limit access to or undermine encryption and other secure communications tools and technologies.
Governments should not ban or otherwise limit user access to encryption in any form or otherwise prohibit the implementation or use of encryption by grade or type;
Governments should not mandate the design or implementation of "backdoors" or vulnerabilities into tools, technologies, or services;
Governments should not require that tools, technologies, or services are designed or developed to allow for third-party access to unencrypted data or encryption keys;
Governments should not seek to weaken or undermine encryption standards or intentionally influence the establishment of encryption standards except to promote a higher level of information security. No government should mandate
insecure encryption algorithms, standards, tools, or technologies; and
Governments should not, either by private or public agreement, compel or pressure an entity to engage in activity that is inconsistent with the above tenets.
Access Now, ACI-Participa, Advocacy for Principled Action in Government, Alternative Informatics Association, Alternatives, Alternatives Canada, Alternatives International, American Civil Liberties Union, American Library
Association, Amnesty International, ARTICLE 19, La Asociación Colombiana de Usuarios de Internet, Asociación por los Derechos Civiles, Asociatia pentru Tehnologie si Internet (ApTI), Association for Progressive Communications (APC), Association for
Proper Internet Governance, Australian Lawyers for Human Rights, Australian Privacy Foundation, Benetech, Bill of Rights Defense Committee, Bits of Freedom, Blueprint for Free Speech, Bolo Bhi, the Centre for Communication Governance at National Law
University Delhi, Center for Democracy and Technology, Center for Digital Democracy, Center for Financial Privacy and Human Rights, the Center for Internet and Society (CIS), Center for Media, Data and Society at the School of Public Policy of Central
European University, Center for Technology and Society at FGV Rio Law School, Chaos Computer Club, CivSource, Committee to Protect Journalists, Constitutional Alliance, Constitutional Communications, Consumer Action, Consumer Federation of America,
Consumer Watchdog, ContingenteMX, Courage Foundation, Críptica, Datapanik.org, Defending Dissent Foundation, Digitalcourage, Digitale Gesellschaft, Digital Empowerment Foundation, Digital Rights Foundation, DSS216, Electronic Frontier Finland, Electronic
Frontier Foundation, Electronic Frontiers Australia, Electronic Privacy Information Center, Engine, Enjambre Digital, Eticas Research and Consulting, European Digital Rights, Fight for the Future, Föreningen för digitala fri- och rättigheter (DFRI),
Foundation for Internet and Civic Culture (Thai Netizen Network), Freedom House, Freedom of the Press Foundation, Freedom to Read Foundation, Free Press, Free Press Unlimited, Free Software Foundation, Fundacion Acceso, Future of Privacy Forum, Future
Wise, Globe International Center, The Global Network Initiative (GNI), Global Voices Advox, Government Accountability Project, Hiperderecho, Hivos, Human Rights Foundation, Human Rights Watch, Institute for Technology and Society of Rio (ITS Rio),
Instituto Demos, the International Modern Media Institute (IMMI), International Press Institute (IPI), Internet Democracy Project, IPDANDETEC, IT for Change , IT-Political Association of Denmark, Jonction, Jordan Open Source Association, Just Net
Coalition (JNC), Karisma Foundation, Keyboard Frontline, Korean Progressive Network Jinbonet, Localization Lab, Media Alliance, Modern Poland Foundation, Movimento Mega, Myanmar ICT for Development Organization (MIDO), Net Users' Rights Protection
Association (NURPA), New America's Open Technology Institute, Niskanen Center, One World Platform Foundation, OpenMedia, Open Net Korea, Open Rights Group, Panoptykon Foundation, Paradigm Initiative Nigeria, Patient Privacy Rights, PEN American Center,
PEN International, Pirate Parties International, Point of View, Privacy International, Privacy Rights Clearinghouse, Privacy Times, Protection International, La Quadrature du Net, R3D (Red en Defensa de los Derechos Digitales), R Street Institute,
Reinst8, Restore the Fourth, RootsAction.org, Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic (CIPPIC), Security First, SFLC.in, Share Foundation, Simply Secure, Social Media Exchange (SMEX), SonTusDatos (Artículo 12, A.C.),
Student Net Alliance, Sursiendo; Comunicación y Cultura Digital, Swiss Open Systems User Group /ch/open, TechFreedom, The Tor Project, Tully Center for Free Speech at Syracuse University, Usuarios Digitales, Viet Tan, Vrijschrift, WITNESS, World Privacy
Forum, X-Lab, Xnet, Zimbabwe Human Rights Forum
The French government has rejected an amendment to its forthcoming Digital Republic law that required backdoors in encryption systems.
Axelle Lemaire, the Euro nation's digital affairs minister, shot down the amendment during the committee stage of the forthcoming omnibus digital bill, saying it would be counterproductive and would leave personal data unprotected. She said:
Recent events show how the fact of introducing faults deliberately at the request - sometimes even without knowing - the intelligence agencies has an effect that is harming the whole community
Even if the intention [to empower the police] is laudable, it also opens the door to the players who have less laudable intentions, not to mention the potential for economic damage to the credibility of companies planning these flaws. You are right to
fuel the debate, but this is not the right solution according to the Government's opinion.
Lemaire called the proposal a plan to introduce vulnerability by design, and said that while she was aware that law enforcement would like such powers they were not a good idea, and could be used without the proper legal processes that the
government supported. She said that, like the Dutch government, her party supported strong encryption.
The Dutch government has issued a statement in defence of strong encryption, bucking the recent trend of governments and intelligence agencies arguing for
weaker encryption. Ard van der Steur, the Dutch minister of security and justice, wrote that:
The government believes that it is currently not desirable to take legal measures against the development, availability and use of encryption within the Netherlands.
Encryption supports respect for privacy and the secret communication of citizens by providing them a means to communicate protected data confidentially and with integrity. This is also important for the exercise of the freedom of expression. For example,
it enables citizens, but also allows empowers important democratic functions like journalism by allowing confidential communication.
Security experts have welcomed the statement. Nithin Thomas, CEO of London-based security company SQR Systems called the announcement a powerful example that other world governments should follow .
Microsoft will warn email and OneDrive users if it detects apparent attempts by governments to hack into their accounts.
Google, Facebook, Twitter and Yahoo already offer similar government hacker alert systems to the one just introduced by Microsoft. Alerts are far from rare. Google, for example, reportedly tells tens of thousands of users every few months that they've
been targeted by foreign spooks.