In Britain, lawmakers are completing legislation that could force tech companies to bypass encryption protections in the name of national security. The law — called a “snooper’s charter” by opponents — may compel companies to aid the country’s law enforcement agencies by hacking people’s smartphones and computers, among other powers.
And on Tuesday, French politicians will debate proposals to update antiterrorism laws that may hand tech executives prison sentences of up to five years, as well as fine their companies around $390,000, if they refuse to provide encrypted information to the country’s investigators.
Amendments to the French law — itself a response to the attacks in November — may still pass without the encryption proposals, which are opposed by France’s left-wing government.
But politicians and industry executives say Apple’s fight with the F.B.I. has focused a spotlight on how companies’ efforts to protect users’ messages and other data have made it increasingly difficult for European intelligence agencies to obtain such information.
“When we’re able to recover a cellphone, but authorities have no way of accessing its data, it obviously cripples the work of our surveillance agencies,” said Philippe Goujon, a French politician behind the recent encryption proposals.
“Sure, this could have repercussions internationally,” he added. “But there are other countries in the world that have similar legislation.”
Europe’s attempts to get access to encrypted data have not gone unchallenged by Apple.
Timothy D. Cook, Apple’s chief executive, has, for instance, met with a string of European politicians, including France’s prime minister, Manuel Valls, and Britain’s home secretary, Theresa May, in recent months to lobby for tough encryption technology.
And to show that the company is trying to be cooperative, Apple’s executives have also provided unencrypted information, including so-called metadata on people’s phone calls and GPS coordinates, as part of terrorism investigations in Europe, according to a person with knowledge of the matter, who spoke on the condition of anonymity because he was not authorized to speak publicly.
Such efforts, in part, have paid off with some European governments that remain skeptical of plans to weaken companies’ encryption technology in the name of national security.
Germany, which has some of the world’s toughest privacy rules, has balked at the proposals Britain and France are considering, while the Dutch government published an open letter this year expressly stating its opposition to back doors in encryption services provided by the likes of Apple.
Such loopholes, the Dutch government said, would “also make encrypted files vulnerable to criminals, terrorists and foreign intelligence services.”
As pressure in parts of Europe mounts over access to encrypted data, industry watchers say attention is expected to focus on Britain — a top international market for most American tech companies — where expanded powers for the country’s intelligence services are likely to come into force by the end of the year. The legislation is the brainchild of the ruling Conservative Party, which has a sufficient parliamentary majority to enact the regulatory changes.
Under the proposals, the Investigatory Powers Bill would force Internet and telecommunications companies to hold records of websites visited by people in Britain over the last 12 months. It also would provide the country’s intelligence agencies with a legal mandate for the bulk collection of large quantities of data, while allowing them to hack individual devices under certain situations.
Ms. May, Britain’s home secretary, told lawmakers this year that such powers were required to defend the country’s security. She added that the legislation offered sufficient transparency and oversight about how British spies conducted their activities to calm people’s privacy concerns.
But for Apple and other Silicon Valley companies, the proposal also includes new powers that can permit the British government to demand that companies remove encryption protections where “reasonably practicable” to gain access to digital communications.
The British government stresses that such rules would not undermine companies’ services because they may not apply to so-called end-to-end encryption, technology used by the likes of Apple’s iMessage and FaceTime services, as well as Facebook’s WhatsApp Internet messenger.
But in a series of appeals to the British Parliament, several American tech giants, including Microsoft, Twitter and Yahoo, have complained that the proposals could force them to create backdoor access for the country’s spies, or face falling afoul of the new national security rules.
“A key left under the doormat would not just be there for the good guys,” Apple wrote in its recent statement to British lawmakers. “The bad guys would find it, too.”
Such concerns, security experts say, could be compounded if other national governments — either in Europe or farther afield — followed Britain’s lead by passing similar legislation.
“If these encryption plans go through, then who’s to stop France or other countries’ asking for the same thing?” said Ross Anderson, a professor of security engineering at the University of Cambridge who wrote a paper with other experts last year that criticized the American and British governments’ plans to weaken encryption. “When you give one country backdoor access, where do you stop?”
Source | NYT