Following a royal rubber stamp of approval, the UK Investigatory Powers Bill will have passed into law. Its passing paves the way for an Orwellian oversight monitoring the minutiae of daily lives, keeping tabs on those that mean to do harm and those simply checking their loved ones’ messages. Everything from internet data such as the websites you visited to the people you communicated with will be collected for analysis. Similarly, security and intelligence agencies have the right to hack phones to bug and collect data.
The bill raises multiple ethical and societal implications which are hotly debated by academia, owners of private enterprise and governing agencies themselves. However, most interestingly, the spotlight has been drawn too closely on the present and its potential near-term effects for companies. A large part of the commentary has not addressed the potential ramifications of advanced computation and data analysis capabilities on currently collected data. With technology companies concerned with current backdoors and weakened encryption pressures, quantum computing could dramatically change security for all.
Weakened encryption by the backdoor
For most companies, it has been a formidable exercise of restraint monitoring the developments of the bill. Nic Scott, managing director of endpoint backup solutions provider Code42, recently attested, “once you create a backdoor for law enforcement purposes, you are also opening the door to other, potentially malicious, parties,” in response to Earl Howe’s bid to establish governmental control on end-to-end encryption.
Technology companies are extremely worried about the heightened security risk the bill will bring to their customers. For the smallest companies, staying one step ahead is even more complex and costly. Moreover, making end-to-end encryption the reserve of investigatory services will harmfully impact UK technology companies’ competitiveness. If encrypted messaging services are designed to make decryption unfeasible and thus (under the bill) unlawful, consumers will flock to safer areas and platforms will lag behind.
Consumers are already exploring VPN providers that geographically protect them from hackers. But for those seeking anonymity and using dubious proxy services that dice with their credentials, they are stuck between a rock and a hard place. Similarly, the Government’s championing of UK data centres may also prove fruitless if consumers want their data stored on centres outside the UK.
Put simply, encryption should be a matter of paramount importance and given more attention from industry than it has currently achieved. Considering the original bill wanted legitimated access “without a warrant”, it is difficult to say how far secret services will go to ensure access. A simple judge’s “sign-off” for even further intrusion, such as unannounced hacking, penalises the many to punish a few bad eggs.
SMEs face a major burden
The IP Bill will prove a significant burden to companies and even the snoopers themselves. For taxpayers, bulk collection of internet collection records could cost £1.2 billion per year, a figure that led to Denmark scrapping its own charter. The figure amounts to just under 1% of the UK’s education budget, a seemingly small figure, but a sum that would pay for thousands of training courses in much-needed STEM subjects and preparing our children for a digital future. Alternatively, £1 billion could also cover the government’s pledge to a new fibre broadband infrastructure with change to spare.
Another point to consider is the spate of attacks on personal data that have hit the headlines of late. TalkTalk was hacked and lost thousands of customers’ credit card details, despite being under multiple security regulations requiring encryption. If a data leak like this is possible with heavily-regulated safeguards in place, a “double-lock” may not be strong enough to ensure our data does not end up in the hands of criminals, with or without a backdoor.
It is more than likely that companies and snoopers will be overwhelmed and “less able to detect recidivists”, bulk captures of metadata will be time-consuming and an excessive usage of experts’ time. For small companies, prohibitive security costs could prevent development and deter investors fearing security problems.
Quantum computing advances and surveillance
With the current state of the bill presenting a whole host of complications, imagine the implications of future and near-future advanced technologies effects on surveillance. Quantum computing may provide a key weapon in snoopers’ arsenals, providing ultrafast decryption methods to communications, browsing histories and much more. Quantum computing is an exciting prospect, it ushers in a new age of capabilities that brings us ever closer to synthetic intelligence. It differs from classical computers with their superposition “qubit” units that have the value of 1 and 0 simultaneously. Most importantly, quantum computing bring us the speed to crack encryption, beyond the reach of normal computers.
Naturally, some of the early adopters of quantum computing will not only be start-ups and technology companies, but also governments and their secret services. The UK Government recently poured more than £200 million into engineering and physical science studies, with £37 million reserved for research into quantum computing. This is not to say that the general economy and private organisations will not benefit. The discovery of programming methods for quantum computing will greatly aid our scientific communities.
Traditionally, encryption on classical computing systems relies on public/private asymmetric encryption methods that strengthen as bit sizes increase. Or, alternatively, they may rely on AES encryption that shares keys as and only when necessary. In short, the “Snoopers’ Charter” may be a surveillance bill fit for this age. But the bulk collection of phone and internet records with quantum-fuelled brute force cracking techniques will make individual privacy a challenging feat.
Time is not on the side of the individual. Snoopers could “hoover up data encrypted using current approaches” awaiting the advent of a functioning quantum computer to overcome modern encryption. Twelve months may be an initial figure, but as is the case with anti-money laundering laws, records of customers are more likely to be extended than shortened. In any case, all parties will need to build up quantum-resistant encryption techniques to protect themselves against advanced snooping.
Safety for sale
In this age, safety is a precious commodity. However, fear, pressure and a romantic view of British spies should not contradict expert advice. Financial burdens could meaningfully damage UK technology companies’ abilities to protect their consumers and keep ahead of the curve.
Moreover, 18 years of unlawful snooping led to a build-up of private encryption usage. Now snoopers want all encryption methods to be the reserve of government faculties - a vicious circle. Policy-makers should heed the advice of technology companies and not associate encryption with criminality, like cash has been with laundering and tax evasion. Perhaps the UK needs a Tim Cook.