'You can't just uninvent encryption'
5 Nov 2015 at 06:34, John Leyden
IPB The encryption bothering parts of the UK's Investigatory Powers Bill have left IT security experts flabbergasted.
Introducing the draft internet surveillance law in the House of Commons on Wednesday, Home Secretary Theresa May presented it as consolidating and updating existing investigatory powers. She spun it as a break from measures in the ultimately unsuccessful Communications Data Bill of 2012, adding "it will not ban encryption or do anything to undermine the security of people's data." The reality is far more complex and less reassuring than this bland assurance might suggest.
The draft law [pdf] states it "will not impose any additional requirements in relation to encryption over and above the existing obligations in RIPA [the Regulation of Investigatory Powers Act, 2000]" before summarising what these entail:
RIPA requires CSPs [communications service providers] to provide communications data when served with a notice, to assist in giving effect to interception warrants, and to maintain permanent interception capabilities, including maintaining the ability to remove any encryption applied by the CSP to whom the notice relates.
Full Article
