By now, we all know that the Prime Minister has the laudable aim of making the UK a science and technology superpower. Well, someone should tell the Home Office – and fast. The much-maligned Online Safety Bill is going through legislative ‘ping pong’ this evening, and yet many elements of it are going to have dire and unforeseen consequences that are going to hurt Britain’s competitiveness as a tech player for many years to come.
The Bill contains a provision that is going to give Ofcom, the UK’s state communications regulator, powers to mandate a form of technology that doesn’t actually exist (or is at least completely unproven – oh and which many cryptographers say is mathematically impossible). The rationale is that law enforcement bodies want to be able to get into the messages that criminal gangs, terrorist organisations and other malicious actors, and should be able to use technology that can scan messages with end-to-end encryption (e2ee). This, it goes without saying, is a noble aim. But I’m far from the first person in CapX to remind the government, as David Hume did, that one cannot derive an ought from an is. A ‘backdoor’ into e2ee that can let in the government, will also let in the Chinese, the Russians, and the 14-year-old hacker in his parents’ basement.
However, the Home Office has simply refused to believe this. This may stem from the patchy track record of some of the big tech firms in these spaces, but the excellent new Department for Science, Innovation and Technology has, according to some recent briefings, digested and understood the technological reality in a way their colleagues in the Home Office have not.
The impressive DSIT Secretary of State, Michelle Donelan, has tried her best both in letters to MPs, and on the media, to describe this fabled e2ee scanning as a ‘last resort that we may never use’. Some independent experts, such as Ciaran Martin, former head of the National Cyber Security Centre, agree, saying that the utterances from DSIT mean in practical terms the powers to access private messages would not be deployed. He said, ‘The government is still technically taking the power but is placing so many conditions on its use it cannot to my mind ever be used’.
This looks like an attempt to give Ofcom cover to not use the powers they will be granted, though I’m sure we all know how tempting a toy is to play with once it has been given to us. And at the end of the day (literally, because this is being voted on this evening), the government is still handing regulators the power to force a fictional technology on to companies operating in the UK with only the vaguest safeguards along the lines of ‘things have to be technically feasible’.
Why does this matter? Imagine that you are a tech giant, looking at the UK and its desires to be a hub of new science and tech R&D. The state regulator is now able to pick what technology companies use, as well as their already considerable powers to issue massive fines and impose criminal liability on named directors to force compliance. If we also allow them to pick the technical details of how that compliance is achieved, what is even left for the company to decide for itself?
In the pursuit of a noble end, catching paedophiles, terrorists, criminals, and presumably eventually those who commit the farcical ‘non-crime hate incidents’, the government is running the risk of having e2ee services like Signal and WhatsApp pull out of the UK, and shredding our ability to attract investment and talent from the best and most innovative companies in the world, with a painful corollary of weakening personal privacy and even journalistic integrity.
If you want to stop this dire outcome, and you are a member of Parliament, you could do no better than supporting David Davis’ excellent amendment this evening. He is trying to add a very proportionate test to ensure ‘accredited technology’ wouldn’t ‘circumvent end-to-end encryption’. This isn’t about carving messaging out but ensuring that we don’t become international tech pariahs by not breaking a technology most of the world relies on. In so doing, he may also help ensure that tech talent and investment doesn’t end up circumventing the UK.
Click here to subscribe to our daily briefing – the best pieces from CapX and across the web.
CapX depends on the generosity of its readers. If you value what we do, please consider making a donation.
