Chris Farrimond, the director of the National Crime Agency in the United Kingdom, confirmed that, thanks to the Investigatory Powers Bill, law enforcement can order a company remove encryption from user data, according to a tweet from Silkie Carlo, policy officer for the National Council for Civil Liberties (Liberty). The bill has been locked in debate since it was introduced in November, according to Liberty.
In meeting in parliament – @IanBrownOII asks head of @NCA_UK if under #IPBill they could force Apple to remove encryption. His answer: yes.
— Silkie Carlo (@silkiecarlo) April 19, 2016
The revelation is quite similar to its U.S. counterpart — the Compliance with Court Orders Act of 2016, which also seeks to force companies to comply with court orders requesting user data, and make it “intelligible.”
Farrimond followed up with Carlo’s tweet, clarifying that authorities would be able to “request” that companies decrypt data, rather than force them to do so.
But as Carlo points out, the bill’s current language, which can change, can hardly be called a “request.” Section 218 of the bill states that anyone given a “national security notice” or a “technical capability notice” from authorities “must comply,” and is not allowed to disclose the notice unless permitted by the government. These notices do not need judicial authorization.
“Thus, were an Apple v FBI scenario to occur in the U.K., Apple would not be able to disclose even the fact that it had been served with a notice, let alone challenge it in court,” according to the Liberty’s briefing of the bill.
Section 217 of the bill offers an example, and says, “the removal by a relevant operator of electronic protection applied by or on behalf of that operator to any communications or data,” meaning a company must strip away all encryption from the data requested by the government.
Both the U.S. and U.K. bills are a direct result of law enforcement’s inability to access information that could, but not always, be crucial to criminal and terrorism investigations. The U.S. bill comes after the shooting in San Bernardino, California, that took the lives of 14 people. One of the shooters, Syed Rizwan Farook, left behind a locked iPhone 5C, but Apple refused a court order to create a special tool to weaken the security on the device, fearing that in the wrong hands, it could threaten the security and privacy of all its customers. The FBI dropped the case as it got access to the phone through to a third-party.
The U.K. and most of Europe are still reeling from recent terror attacks in Brussels and Paris, and while reports say the terrorists are mostly using “burner” phones, anti-encryption legislation is reactionary to the attacks, which have claimed more than a hundred lives.
