Weaker Is Not Stronger

Editorial

The biggest tech company is taking on the controversy of the UK’s newly proposed surveillance laws, highlighting the government’s naive approach to data protection

Overall, 2016 looks set to be an interesting year in the realm of technology. The rise of the ‘internet of things’, virtual reality and self-driving cars are some of the few things in tech which the world can look forward to. However, for governments trying to establish better national security in the face of a more dangerous world, the next 12 months may be difficult. Before 2015 was over, Apple raised its concerns about the newly proposed investigatory powers bill brought forward by the UK government. The bill allows greater powers for prosecutors to track down criminals and malicious actors online. The part of the bill which Apple says is most worrying is the obligation for companies to deliberately weaken its encryption to help governments hack criminals’ devices and retrieve data for the purposes of prosecution. This keeps alight the quite fiery debate taking place across the world on the issue of encryption.

It is completely understandable why the UK government would propose such laws even when it seems so injudicious on the issue of cyber security. The action of encrypting data is easier than the task of untangling the complicated numbers and keys, thus why governments are desperate for a collaborative relationship between itself and private companies. Governments simply want the ability to infiltrate the digital possessions of criminal suspects, just as they would be able to in the real world. However, the legal frameworks used in this analogy are practically non-existent in the context of the digital world, hence, why the UK government, along with others across the globe, are trying to establish stronger laws which enable it to commit to one of its fundamental responsibilities that is national security.

But the idea of weakening encryption to strengthen security only serves to under-achieve. As Apple explained in their statement discrediting the bill, “it is wrong to weaken security for hundreds of millions of law-abiding customers so that it will also be weaker for the very few who pose a threat”. Cyber is an environment in which the hackers and malefactors are at an advantage. They remain steps ahead of the security measures designed to impede them. Though amongst all those measures, encryption is one of the few which remains hopeful in keeping the bad actors out, especially as it continues to be improved and harder to breach. But parallel to the rising strength of cryptography is the progressing capabilities of hackers. The dark web, in which new penetration methods and software vulnerabilities swirl around, acts as an incubator producing more and more sophisticated online criminals. So when such an environment exists, where malefactors prowl the internet constantly at ever corner, the risks of leaving the door to a companies’ digital infrastructure and networks ajar, in the hope that only the legal prosecutors will enter and the not malefactors, very much outweigh the apparent benefits.

Therefore, the legislation drafted by the UK government is the not the right one. The private sector needs the flexibility and freedom to engage in its own security practices but at the same time need to meet universal standards. If the TalkTalk saga from last year showed anything, it should have shown how weak laws and data protection standards encourages a sluggish and ignorant approach to data protection. If anything at all, the government should be looking to make sure that more encryption is implemented, rather than less. Since the digital environment is littered with danger, the government should be setting stricter standards for data encryption, encouraging companies to use stronger encryption to protect data and tokenise sensitive information. Ironically, the government should be inspiring the same approach to security as one of the very companies it is attempting to fallaciously regulate.

Apple uses end-to-end encryption with its FaceTime and iMessage services, so strong that even the company itself cannot actually break through it. This better ensures that hackers cannot infiltrate and invade. Even if Apple establishes these rigorous practices to satisfy the many consumers who have become so privacy-conscious as a result of the Snowden revelations, of which has made them uneasy about being spied on, it is still needed to counteract the maliciousness of the hackers which swarm the internet. Therefore, legislation which obligates companies to leave vulnerabilities for the alleged sake of national security is absurd.

The Investigatory Powers bill, with all that it does in updating and modernising past surveillance laws, will be under great scrutiny from not just Apple, but a range of giant tech companies who scowl at the proposals. Their opposition to the proposals should not be interpreted as just a dismissal of excessive government regulation, but should provide as an incentive to shift to better laws which can do a far better job at achieving adequate security. Apple’s concerns will be attended to by a committee of Parliament and address some of the bills fundamental issues. The lesson which can be learnt is that creating policy absent of the harsh realities of the digital world is unwise and will be inevitably opposed with great force from tech giants who would have a stake in such policies. This is important to consider especially when the UK is very much teetering with going solo, as it flirts with exiting the EU and, therefore, freeing itself from European regulation, as well as planning to replace the Human Rights Act with its own ‘British Bill of Rights’, of which may be a major block against the new bill. But even by doing these things, it does not exempt the government from ignoring the concerns of those who would still operate in the country or attend to its citizens, such as Apple. The conflict of interests will only obstruct progress, and so collaboration is the key. Whether this can happen successfully remains to be seen.