No Backdoors But UK Government Still Wants Encryption Decrypted On Request…

Yesterday the U.K. Home Secretary, Theresa May, spent two hours giving evidence to a joint select committee tasked with scrutinizing proposed new surveillance legislation.

The draft Investigatory Powers Bill, covering the operation of surveillance capabilities deployed by domestic security and law enforcement agencies, is currently before parliament — with the government aiming to legislate by the end of this year.

During the committee session May was asked to clarify the implications of the draft bill’s wording for encryption. Various concerns have been raised about this — not least because it includes a clause that communications providers might be required to “remove electronic protection of data”.

Does this mean the government wants backdoors inserted into services or the handing over of encryption keys, May was asked by the committee. No, she replied: “We are not saying to them that government wants keys to their encryption — no, absolutely not.”

Encryption that can be decrypted on request

However the clarity the committee was seeking on the encryption point failed to materialize, as May reiterated the government’s position that the expectation will be that a lawfully served warrant will result in unencrypted data being handed over by the company served with the warrant.

“Where we are lawfully serving a warrant on a provider so that they are required to provide certain information to the authorities, and that warrant has been gone through the proper authorization process — so it’s entirely lawful — the company should take reasonable steps to ensure that they are able to comply with the warrant that has been served on them. That is the position today and it will be the position tomorrow under the legislation,” said May.

“As a government we believe encryption is important. It is important that data can be kept safe and secure. We are not proposing in this bill to make any changes in relation to the issue of encryption. And the legal position around that. The current legal position in respect of encryption will be repeated in the legislation of the bill. The only difference will be that the current legal position is set out in secondary legislation and it will be, obviously, in the bill,” she added.

full post at TechCrunch