Slashdot Mirror
UK Gov Says New Home Sec Will Have Powers To Ban End-to-end Encryption (theregister.co.uk)
An anonymous reader writes: During a committee stage debate in the UK's House of Lords yesterday, the government revealed that the Investigatory Powers Bill will provide any Secretary of State with the ability to force communication service providers (CSPs) to remove or disable end-to-end encryption. Earl Howe, a Minister of State for Defence and the British government's Deputy Leader in the House of Lords, gave the first explicit admission that the new legislation would provide the government with the ability to force CSPs to "develop and maintain a technical capability to remove encryption that has been applied to communications or data".
This power, if applied, would be imposed upon domestic CSPs by the new Home Secretary, Amber Rudd, who was formerly the secretary of state for Energy and Climate Change. Rudd is now only the fifth woman to hold one of the great offices of state in the UK. As she was only appointed on Wednesday evening, she has yet to offer her thoughts on the matter.
This power, if applied, would be imposed upon domestic CSPs by the new Home Secretary, Amber Rudd, who was formerly the secretary of state for Energy and Climate Change. Rudd is now only the fifth woman to hold one of the great offices of state in the UK. As she was only appointed on Wednesday evening, she has yet to offer her thoughts on the matter.
... so much for anybody ever using a British ISP for anything. Aren't "conservatives" supposed to support corporate interests, instead of killing businesses outright?
Are they going to force Google, Microsoft, and Mozilla to add in British-government-controlled certificate authorities to their browsers distributed in the UK? Or force hardware vendors to provide access to decrypted data on end-users' machines? I don't think they've thought through how little control over the process CSPs have.
I'm also wondering - does the financial sector get a pass from these directives? If not, good luck keeping London as the de-facto headquarters for the financial sector in Europe. If so, I wonder how they plan to restrict encryption to only the financial center?
Browser makers should just allow encryption plug-ins/extensions (just like they allow other extensions).
That way the browser maker is not responsible for the encryption and has no backdoor to it.
Where are we going and why are we in a handbasket?