UK plans to ban end-to-end encryption
It became known that the new UK government plans to re-engage in encryption on the Web. The parliament will consider a regulatory legal act that will oblige social networks and communication service providers to provide decrypted data to state organizations upon request.
/ Flickr / Kārlis Dambrāns / CC
The law includes instant messengers, such as Facebook Messenger, WhatsApp platform, iMessage. But there is a problem that companies that use e2e encryption to protect user information cannot provide the data they want in an accessible form, because they do not have the keys necessary for decryption.
')
WhatsApp representatives have so far refused to comment on the situation. Declined to comment at Apple. But Apple is known for its user data protection policy when it didn’t provide access to the locked US special services.
The technical details of the implementation of data access are also still unclear. One of the scenarios considered is to oblige companies to build backdoors for e2e encryption or implement various kinds of vulnerabilities. However, according to representatives of the ministry, the government refused from such a scenario. To some extent, this contributed to the technical report Keys Under Doormats from scientists, experts, professionally dealing with the problems of information security.
It noted that exclusive access to user data is impossible without the appearance of unacceptable security risks. Here is one of the key paragraphs of the conclusion:
In this regard, the most likely outcome seems to be an option when social platforms are asked to refrain from using complex encryption methods. In addition, this option has already been discussed in the past year.
“Apparently, the law will oblige providers to provide encryption that can be cracked — that is, end-to-end encryption,” said parliamentarian Paul Strasburger.
Perhaps many services operating in the UK will have to remove the words "end-to-end encryption" from marketing materials. In any case, voting on this issue will be held after June 8, when the new British government will officially take office.
PS A few more materials on the topic from our blog:
/ Flickr / Kārlis Dambrāns / CCThe law includes instant messengers, such as Facebook Messenger, WhatsApp platform, iMessage. But there is a problem that companies that use e2e encryption to protect user information cannot provide the data they want in an accessible form, because they do not have the keys necessary for decryption.
')
WhatsApp representatives have so far refused to comment on the situation. Declined to comment at Apple. But Apple is known for its user data protection policy when it didn’t provide access to the locked US special services.
The technical details of the implementation of data access are also still unclear. One of the scenarios considered is to oblige companies to build backdoors for e2e encryption or implement various kinds of vulnerabilities. However, according to representatives of the ministry, the government refused from such a scenario. To some extent, this contributed to the technical report Keys Under Doormats from scientists, experts, professionally dealing with the problems of information security.
It noted that exclusive access to user data is impossible without the appearance of unacceptable security risks. Here is one of the key paragraphs of the conclusion:
“In this case, security issues will have to be sacrificed, since it is impossible to guarantee the access of state agencies to data without creating the threat of hacking by intruders. Moreover, organizing the access of different law enforcement agencies in several countries is an incredibly difficult task for an international company. ”
In this regard, the most likely outcome seems to be an option when social platforms are asked to refrain from using complex encryption methods. In addition, this option has already been discussed in the past year.
“Apparently, the law will oblige providers to provide encryption that can be cracked — that is, end-to-end encryption,” said parliamentarian Paul Strasburger.
Perhaps many services operating in the UK will have to remove the words "end-to-end encryption" from marketing materials. In any case, voting on this issue will be held after June 8, when the new British government will officially take office.
PS A few more materials on the topic from our blog:
- SD-WAN as a competitor to traditional MPLS
- Interview with Maxim Hizhinsky - C ++ system developer DPI
- How to safely share passwords on your network
- Professor Guillermo Francia on the cybersecurity of national infrastructure
- SCAT DPI vs Cisco SCE 8000
- What will happen to Internet providers after July 1, 2018
Source: https://habr.com/ru/post/329748/
All Articles