The UK government has the right to compel tech firms to remove end-to-end encryption. However, it is avoiding using existing legislation, because this move is likely to force it into a battle it would eventually lose. We are talking about the Investigatory Powers Act, which came into effect in the end of 2016 and enables the government to force communications providers to remove electronic protection applied to any communications or information.
Indeed, the Open Rights Group reiterates that the existing legislation already allows the UK government to force such cooperation, but using it would lead the government into an argument it will lose, because it will never coerce the global open-source community to comply, for instance. In fact, government time and money would be better spent elsewhere. The Open Rights Group also believes that actually attempting to enforce the law as it stands would require an “illiberal and misconceived” business case to be thrust upon communications providers to force them to undermine their own security technologies. As a result, users would flee a less secure, less competitive platforms and move to other services with less cordial government relationships.
Security experts say that any attempt to use such powers would be bound to introduce major security vulnerabilities, because banning encryption in order to get to the communications of a select few opens access to the communications of many, thus rendering all the Internet users less secure and their lives less private. The matter is that if the developers build a backdoor for the government, the hackers will eventually find a way to break through it as well.
It must also be said that in the initial draft of the new investigatory powers bill, there is only limitation to the government’s power to force the removal of encryption – it must consult with an advisory board with any specific obligation that is “reasonable” and “practicable”. Moreover, the technical capability notice can even be issued to individuals outside the United Kingdom, and force them to do, or not to do, things outside the country.
In response, technology firms warned that the law could end electronic privacy in the UK, after which the government made a small concession to promise that nobody would be compelled to remove encryption of their services if it was not technically feasible. However, a definition of technological feasibility was not provided.