Forrester: “We are seeing an erosion of the traditional relationship between tech companies and law enforcement agencies”
- Wednesday, March 2nd, 2016
- Share this article:
The Government published the revised version of its Investigatory Powers Bill yesterday. The Home Office was obliged to revise the draft bill after three committees of MPs expressed concerns that it was not detailed enough, and did not do enough to protect citizens’ privacy.
But while addressing some concerns, the revised version is unlikely to find much favour with tech firms or privacy campaigners. It gives the police increased powers to examine people’s internet browsing records, stating that these can be acquired for a specific investigation so long as it is “necessary and proportionate”. This clause did not appear in the previous versions of the Bill.
The Home Office also claims that the new version of the Bill addresses concerns expressed by tech companies about them having to break their own encryption and provide a backdoor through which law enforcement agencies could access people’s private messages on their phones and other connected device. Apple, of course, is currently embroiled in just such a well-documented row with the FBI in the US right now over its refusal to hack into the iPhone of one of the gunmen responsible for the ISIS-associated shootings in San Bernardino, California two months ago.
The Home Office says that the revised version of the Bill would only require tech companies to remove encryption that they have put in places themselves, where “practicable” for them to do so. But this, some feel, is missing the point. The issue is not who put the encryption in place, but the fact that the law enforcement agencies are asking the company that did so to break its own code.
We spoke to Forrester analyst Enza Iannopollo this afternoon . Her research focuses on the impact of internet regulations and data privacy issues on digital business models, as well as the technologies that underpin them. She told us:
“It’s interesting the discussion around it is happening now when Apple is in front of the FBI and Facebook’s number two in Latin America [regional vice-president Diego Dzodan] was arrested in Brazil for refusing to cooperate with a criminal investigation. We are seeing these requests from law enforcement agencies, and it is an erosion of the traditional relationship between tech companies and law enforcement agencies.
“Tech companies, especially those involved with security, used to work together with law enforcement agencies; there was a good connection between them. But the tech side feels quite strongly that some of the requests and the requirements in the new version of the bill in the UK are pushing companies to do things that create vulnerability in their products. They do not want to do this and there is support for them on this point.
“Apple, for example, has worked very hard on the privacy and security of its products, so they will not be happy to create code that breaks some aspect of their encryption and so the requirements of the bill to break their end-to-end encryption goes beyond what they consider it possible to do.
“Also, customer demand for privacy is much stronger than it used to be. When the Apple case happened we did expect that not everyone would support Apple; some people would be confused because we were talking about terrorism and defending the nation from important threats, but also, other people were concerned about the privacy implications.
“So it will be a complex discussion, and we expect tech companies to react in the same way in the UK and everywhere else to this kind of request from law enforcement agencies, because they are making privacy part of their brand, they don’t want vulnerability in their products, and they want to meet the expectations of the consumer.
“There is no easy way out of this. Apple were in front of the FBI yesterday, and they have a team just to answer questions from law enforcement agencies, and in the case of the iPhone they are trying to provide information, but the law enforcement agencies are asking the tech companies to write new code to break their own encryption and this is something they are not ready to do.”