Privacy protection or criminal activity prevention? UK Government faces battle against tech companies on a hot matter
UK Government drafted a plan for a new law that would legalize hacking “deeds” on computer systems by law enforcement authorities. Giant tech companies such as Google, Facebook and Microsoft – just to name a few- are ready to riot, a report by ZDNet.
Provided with a warrant, armed forces, police and security services – according to the draft Investigatory Powers Bill – would be able to hack computer systems based in the UK but also abroad in order to retrieve useful intelligence. The Government reasons that the need for intercepting encrypted communications between criminals requires law enforcement authorities to be guaranteed the freedom of obtaining data – as part of the wider internet surveillance legislation – even through hacking.
Tech companies, on the other hand, are concerned that the plan might establish a dangerous precedent for other countries to follow and will create conflicting legal obligations between countries, leaving companies unable to decide which jurisdiction to comply with; it might also anger customers who trust the security of their services and may be impossible to implement in any case.
Facebook, Google, Microsoft, Twitter and Yahoo! appealed to the committee of MPs which is examining the legislation, warning that the predicament would lead to a treacherous path scattered with “terms and conditions of use,” clauses and sub-clauses; in other words it seems to add a parachute, a layer of risks and vulnerabilities on every product and service provided. At the same time, companies recognize the lack of protection guaranteed over cyber security and against vulnerabilities that could later be exploited.
Apple highlighted how this could cause diplomatic rows when a warrant is emitted by a country and executed by another in the search for sensitive data. The Government needs to clear the air around how the powers in the bill will be applied, especially because the legislation they want to put in place could endanger users’ privacy and security not only in the UK.
Vodafone indicated how the equipment interference elements are probably the most controversial of all the powers attributed to authorities by the draft bill and questioned that this will largely reduce communications companies’ freedom to operate their services and will, moreover, force them to have a “backdoor” in all products and services provided to customers. High indignation in the air – or either. And it does not stop here. Vodafone added that such interferences into users’ privacy would require an operator to be involved in the data-intercepting operations, creating a stark contradiction, where service providers – who should protect customers’ data – are in fact the main responsible for security breaches and vulnerabilities exploitation.
Another set of challenges was stressed by Firefox maker, Mozilla, who argued that, on the one hand, “bulk systems intrusions” opens to the unexpected delivery of malware to users; on the other opposite – hand, Mozilla’s open-source nature would mean that if the software developer was to “create a version of Firefox that was modified to permit surreptitious intrusion subject to a government order”, certainly the Mozilla community will find out.
Is the draft bill legalising mass surveillance and dangerously limiting long-fought-for fundamental freedoms? The Orwellian’s theorem seems closer than ever.