UK HOME SECRETARY Theresa May has been accused of getting a bit Robin Thicke when it comes to encryption and the official government line on the subject.
May was questioned about the doom-worthy Investigatory Powers Bill during a joint select committee hearing, and managed to murk some already murky waters, according to a report on Wired.
The home secretary let her elbow do the talking as she bluffed her way through some tricky questions. Her appearance is available on Parliament TV. It would appear boring, were it not for the content. This includes how best to handle data, how long companies should hold it, how secure it should be, and how open it should be to access.
"The government doesn't need to know what the encryption is, doesn't need to know the key to the encryption, but if there's a lawful warrant requesting certain information then it is about that information being readable," May said, having already spoken about encryption at length.
"When a warrant is lawfully served ... there's an expectation that [companies] will be able to take reasonable steps to be able to provide the information under that warrant."
Eyebrows were raised over a lot of the wording in the proposed legislation, and May said that what looks confusing was designed to be clear. She said that the bill, should it become an act, would have to be regularly reviewed.
"I think there are aspects in relation to privacy. The safeguards for individuals are various. There are oversight provisions, including an investigatory powers minister and the intelligence and security committee," she said, adding that service providers would be expected to abide by local and international privacy rules as well.
In one exchange May was asked to explain what was meant by this statement in the bill: 'Data includes any information that is not data.' She said that she could understand the confusion, but explained that it means that data in this case would include things like paper.
This was explained, in a way, when May said that the legislation must be somewhat rushed if it is to keep up with technology changes, and that it is designed to be technologically neutral as a result. "We are confident that we will be able to access the information that is necessary," she said.
The confusion and doublespeak has vexed the kind of people who look out for this sort of thing. Loz Kaye, co-founder of tech and politics think-tank Open Intelligence, told us that the plans are doomed to redundancy because they are so badly laid out.
"The government has now repeatedly stated that it doesn't want to ban encryption, no doubt aware that this would be a major media and political battle it could well do without when trying to guide controversial legislation through parliament," he said. "But as we stated in our evidence to the joint committee, this would leave encryption as legal but functionally useless in the UK."
Kaye, like us and other commentators, is concerned about the slapdash delivery of the bill and its occasionally nonsensical text.
"Confusion remains, not least as the bill is full of definitions that are not used by industry, are meaningless to the general public, and are legally vague," he added.
"The home secretary defended leaving definitions in the bill open, so as to 'future proof' the legislation. But now the Home Office must come clean in concrete terms as to what the intentions are."
Jim Killock, executive director of the Open Rights Group, has been drinking from the same fountain, saying that even May appears to be confused about what she wants.
"Theresa May seems to be confused about encryption. The laws she proposes are wide and allow all kinds of demands to be made, on companies abroad as well as in the UK," he said.
"Yet she says she is not asking for new powers, or the power to decrypt messages. If this is the case, perhaps the bill could specifically say that the government will not mandate backdoors or weaken public or private encryption technologies."
Never mind encryption, people, it's time to invest in postcard-sized envelopes. µ
Windows 10, 64-bit OS devices susceptible to rootkit attack
Malware suite likened to Stuxnet worm
Not the biggest fish out there
Redmond says figure is closer to the five million mark