Regulation of encryption

Regulation of encryption in the UK has been suggested, proposed, and legislated for on numerous occasions.

Key escrow

Compelled decryption

David Cameron speech in Paris

In a January 2015 speech, David Cameron called for a reintroduction of the bill extended to ban communication methods that cannot be intercepted:

“In extremis, it has been possible to read someone’s letter, to listen to someone’s call, to mobile communications … The question remains: are we going to allow a means of communications where it simply is not possible to do that? My answer to that question is: no, we must not. The first duty of any government is to keep our country and our people safe.”[1]

This has been interpreted as a proposal to prevent use, within the UK, of communications services that use effective end-to-end encryption that prevents interception, but might apply to any communication service that is unwilling or unable to comply with a RIPA interception warrant or equivalent.

Asked about plans to block encryption technologies in the UK, the Home Secretary said:[2]

...we will use all the legal powers that are available to ensure that, where appropriate, the police and the security and intelligence agencies have the maximum ability to intercept the communications of suspects, while ensuring that such intrusive techniques are, of course, properly overseen.

Intercept obligation on communication providers

Prior to publication of the bill, a report in the Daily Telegraph[3] "Internet firms to be banned from offering unbreakable encryption" reintroduced speculation that encryption would be regulated. The language of the draft bill, rather than specifying any change in the use of encryption, however the language would oblige service providers to assist in interception which would necessitate an effect on the way in which encryption might be deployed.

The explanatory notes on the draft bill state that existing obligations to Communications Service Providers under RIPA, served with an interception notice, includes "maintaining the ability to remove any encryption applied by the CSP" (Clause 62 note).

See also