British Government’s Investigatory Powers Bill could become self serving and significantly weaken our defenses and fundamentally break down certain human rights protections

(January 26, 2016) –  Responding to the recent draft Investigatory Powers Bill that gives British government the power to prohibit companies from providing truly secure online communications,  Jeremy Samide — the Michael Dukakis Leadership Fellow and the lead consultant to SteathCare Labs — presented his view on the matter. The draft bill is expected to be introduced in Parliament early in 2016, according to Amie Stepanovich from The Christian Science Monitor

Below is Jeremy’s view. 

jeremy edit

Photo: Jeremy Samide — the Michael Dukakis Leadership Fellow and the lead consultant to SteathCare Labs in the Boston Global Forum’s Global Cybersecurity Day event on December 12, 2015 at Harvard University Faculty Club.

Encryption and the war on privacy continue to take center stage where ongoing debates and town hall style meetings dispute the pros and cons.  This new bill drafted by the UK Government, dubbed the Investigatory Powers Bill, seems to be flexing its muscles in an attempt to control the Internet.  This legislation is looking to expand its surveillance powers and blatantly prohibit any company around the world from using strong encryption for the safety, security and protection of their communications, data and the ultimate privacy of their customers.  This type of legislation could become self serving and significantly weakens our defenses and fundamentally breaks down certain human rights protections such as our privacy over the Internet.  The development of stronger encryption is on the rise as organizations, journalists and everyday people are desperate for new ways to maintain their privacy from prying eyes like malicious hackers, unfriendly governments, thieves and scammers.  Crackable, weak encryption is not the answer that will make us safer as many Governments believe to be the case.  This will only enable the hackers and cyber criminals in their pursuit to attack our critical infrastructure such as financial, energy, transportation, defense, communications, emergency services, food and agriculture, water, government and other sectors.  Hackers today are relentless, motivated, well funded and in most cases, state sponsored and will stop at nothing to disrupt, destroy and or steal our data.  Today, federal law enforcement, legislators and governments around the world continue to grapple over the encryption debate.  Both the FBI Director, James Comey and California Sen. Dianne Feinstein have testified that encryption continues to be ‘an insurmountable barrier for legal and national security investigators.’  As Sen. Feinstein put it, ‘encryption ought to be able to be pierced.’  Allowing federal law enforcement or even the US Government to create or hold back doors into encryption technology has been heavily debated this past year.  The argument presented is that if federal law enforcement or any government would possess the keys to encryption only weakens the companies that develop it as well as the hundreds of millions of users that use it.  The FBI, US Government as well as scores of other foreign governments have clearly demonstrated their lack of cyber security prowess by losing millions of sensitive records, defaced websites and unauthorized access to sensitive systems in 2015 alone.  Giving these institutions the ‘keys to the kingdom’ could have serious repercussions.  As governments and legislators continue to draft and debate policy that is masked as mass surveillance, the community at large will continue the development of stronger encryption, untraceable messaging systems and true anonymity over the Internet causing an epic war on privacy and security.

Even in the wake of the Paris terrorist attacks last year, France recently rejected an amendment to its Digital Republic Bill insisting mandatory hardware backdoors to bypass encryption.

Privacy concerns loom in the final throws of the US cyber security information sharing bill (CISA).  Final passage of a law to thwart cyber attacks has been delayed as legislators battle over how to best protect the privacy of American’s personal information.  In the past year, Congress has past three versions of the bill in the wake of high profile cyber attacks on US companies and the federal government.  Headlining cyber attacks like OPM, Target, Home Depot, Sony, T-Mobile, JP Morgan and the Internal Revenue Service are amongst the few that have triggered the debate on Capitol Hill.  Albeit widespread agreement in Congress for the need to pass a comprehensive cyber security bill, a final compromise is taking much longer than expected due to disagreements over which elements have the strongest policy provisions.  It has been widely known and argued by many security experts that this bill will be ‘dead on arrival’ as governments, the intelligence communities, the military and federal law enforcement agencies tend to share very little with each other, let alone the public. Although sharing information under this bill is voluntary, some privacy experts argue that this newly drafted cyber security legislation is more of a mass surveillance bill than an information sharing initiative.  Historically, the government does not play well with the private sector when it comes to sharing intelligence deemed critical in the eyes of Defense, Intelligence and law enforcement agencies.  Privacy needs to be of the utmost importance of any cyber bill that is drafted.

California is contemplating banning the sale of encrypted smartphones.  A state in which many technology giants call headquarters, like Apple and Google, are facing legislation that would ban the sale of devices that come with unbreakable encryption.  As a part of the legislation, a smartphone that could not be decrypted ‘on demand’ would subject the seller to a $2,500 fine.  Should the bill become a law, companies like Apple and Google would be banned from selling iPhones and Android devices on their own turf.  You have to appreciate the irony here, not only for these two companies but all of the other technology companies that reside in California that participate in developing strong encryption that integrate with these devices as well as many others.