The new Investigatory Powers Bill could ban WhatsApp and iMessage as they currently exist and lead to the weakening of security.
Introducing the Bill this week, Home Secretary Theresa May said that it didn’t include a controversial proposal to ban the encryption that ensures that messages can’t be read as they are sent between devices. But it does include rules that could allow the Government to force companies to create technology that allows those messages to be read, weakening encryption.
The Bill gives wide-ranging powers to the Home Secretary to force companies to make services that that can be more easily read by intelligence agencies.
Section 189 of the law allows the Government to impose “obligations” on companies that provide telecommunications services. That can include “the removal of electronic protection”, as well as a range of others.
It isn’t clear how that law would be used in practice. But it could allow for the breaking of encryption so that messages can be read.
Some of those powers were already available. But the new legislation repeats them – despite the suggestion that the ban on encryption has been dropped – as well as strengthening some of the ways that Government can impose such obligations.
At the moment, services including WhatsApp and Apple’s iMessage use end-to-end encryption. That means that the phones that are sending each other use keys to ensure that nobody else – including WhatsApp and Apple themselves – can’t read messages.
When end-to-end encryption is used, it isn’t possible to set up a system so that it only allows for the breaking of messages from a specific phone, or of messages sent between two specific people. Instead, allowing for the viewing of just two messages would entail entirely re-engineering the system so that WhatsApp and Apple had the keys to unlock any message, sitting in the middle of all messages.
Technology companies are understood to be concerned about that setup, because if they are able to read through messages then the same system could be used by members of staff or hackers to read through the messages of all of a services’ users.
Earlier this year, a report from some of the world’s leading computer experts said that weakening encryption “will open doors through which criminals and malicious nation states can attack the very individuals law enforcement seeks to defend”.
“If law enforcement’s keys guaranteed access to everything, an attacker who gained access to these keys would enjoy the same privilege,” the report argued.
Apparently partly in response to that criticism, the US Government has mostly walked back its attempts to weaken encryption.