Today a new report*, commissioned by Home Secretary Theresa May and carried out by David Anderson QC, ruled that surveillance activities by the police and security services should be maintained and agencies should have the right to gather bulk communications data. The analysis, brought about by the actions of NSA whistleblower Edward Snowden in 2013 and given added impetus by May’s so-called ‘snoopers’ charter’, will provide a basis for the formation of a draft bill due this Autumn.
Elements of the report discuss the use of encryption** and Sol Cates, CSO of data security expert Vormetric, has made the following comments:
“I’m heartened by today’s news that the independent review of surveillance powers found that the UK’s security agencies should not have backdoors built into encrypted online communications. The report validates the contention that backdoors to encryption can’t be effectively limited to government’s use, but will inevitably be compromised by those with the right skills or connections. That said, it does concede that intelligence agencies’ requests for encryption keys – which enable messages to be read – should be regulated by law.
“One essential point to raise here – one that is being little addressed in this debate – is that serious malicious parties will be able to stay safe even if backdoors are added to every commercial solution on the market. The argument about encryption backdoors is nothing new – and has been trundling on since the 1990s. The fact is that encryption algorithms and open source libraries are freely available today throughout the web. It only takes moderate development talent to use these tools to create one-off secure data storage and communications capabilities.
“Like it or not, the encryption genie is out of the bottle! From a business perspective, in today’s incredibly risky cybersecurity environment, encryption remains one of the smartest moves a company can make. As we know by now, breaches and theft of data can cause major legal, financial and reputational harm – or even ruin.
* https://terrorismlegislationreviewer.independent.gov.uk/wp-content/uploads/2015/06/IPR-Report-Web-Accessible1.pdf
** http://www.computerworlduk.com/news/security/no-encryption-back-doors-for-security-agencies-says-anderson-report-3615398/
