'They don't get it': Cybersecurity experts destroy UK government's stance on encryption

Theresa May pledges to change human rights laws if they 'get in the way'ITN

On 5 June, in the wake of the third terrorist attack in the UK in as many months, UK prime minister Theresa May declined to rule out using Chinese-style censorship to help control the web. "What we need to do is see how we can regulate," she told the Evening Standard.

For tech firms, already shackled by the UK's new spy law, the Investigatory Powers Bill (IPBill), it was likely a shocking admission. This week, during a keynote at 2017's Infosecurity conference in London (6 June), two security experts addressed the controversial subject head-on.

"When a government starts to talk about 'regulating the internet', they don't get it," said Rik Ferguson, a cybersecurity researcher and advisor to Europol.

Advertisement

"We don't own the internet and no one nation, no one government, no one state owns or can influence the internet." He stressed any UK law must be well designed, targeted and have broad agreement from the public.

But he maintained the notion regulation itself should not be fully opposed, saying such laws are already used against online grooming, film certifications and pirating.

"I think that regulation of certain types of content online, mostly in line with existing legislation, is absolutely fine, [...] but it can't be blanket," he said. "The people that you are trying hardest to defend against are the people most likely to be able to find ways around those kinds of blocks."

He continued: "If we begin to erode our own right to individual right to privacy we are letting the terrorists win and that would be, to say the very least, a very unfortunate state of affairs.

"We have the right to have conversations and not have them be overheard by other groups and individuals. It's a right we much fight to protect. There is a line and we must be careful we don't cross it - when regulation becomes censorship."

James Lyne, head of research at cybersecurity firm Sophos and a well-known commentator, said during the presentation the notion of "regulating" the UK's internet is unfeasible.

"When rubber meets road, laws are ostensibly national, that's our ability to influence," he explained.

Advertisement
Rik Ferguson: 'There is a line and we must be careful we don't cross it.'Reuters

Lyne said the biggest concern is ending up with regulation that is "so severely out of step with technical reality."

He noted: "The internet is an inter-connected, borderless, international resource. Not just in the frame of our current debate [...] but in every aspect of cybercrime."

The researcher said there is a "real challenge of mixing policy at the very high level with the technicality that many of us life and breathe" and complained that "lawmakers move in the scale of years, we move in the scale of minutes, hours and days."

He added: "I can at least say I am reassured we are having this debate about where on the spectrum is the right balance of security, intelligence and what scale of data collection there should be.

Advertisement

"I am really glad we are having that in public as opposed to what's really happened over the last 20 years - either blindly throwing a dart and hoping or the decision being made without public scrutiny. I think its progress but I think we have a lot of work to [do] as a community."

Politicians have, for years, decried the effectiveness of strong encryption, arguing it is helping terrorists to communicate in secret. Following fresh terror incidents in the UK, Theresa May called for a clampdown on digital "safe spaces", without explaining what this meant.

"The prime minister's position is both unfortunate and predictable given her record," Dr Paul Bernal, lecturer in Information Technology, Intellectual Property and Media Law at the University of East Anglia Law School, told IBTimes UK in a statement via email.

"Her plan isn't really tenable - it does attack both encryption and the tech firms who use it, which, ultimately, means it attacks all our safety.

"It won't do anything to deal with the real problems, and even though it won't actually work, the efforts put in to try to make it work are themselves likely to have damaging consequences. It feels as though either she's been very badly advised or it's just political posturing. It could be both."

Pictured (L/R) Moderator: Peter Wood, James Lyne, Rik FergusonInfosecurity Europe

© Copyright 2017 IBTimes Co., Ltd. All Rights Reserved.