ao link
Business Reporter
Business Reporter
Business Reporter
News
Technology
AI & Automation
Communication
Digital Transformation
Industrial Innovations
IoT
Mobile
Smart Cities
Cyber Security Site
Management
Best of Business
Energy
Future of Work
Healthcare
Human Resources
Future of Enterprise
Retail
Customer Experience
Risk Management
Supply Chain
Finance
FS, Banking & FinTech
CFO
Fraud Prevention
Insurance
Payments
Sustainability
ESG
UN SDGs
Sustainability Talks
Responsible Business
Resources
Print Reports
White Papers
Business Learning
Events
Talk Shows
Supply Chain
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Digital Transformation
Upcoming Episodes
On-Demand
Hosts
Speakers
MarTech
Upcoming
On-Demand
Hosts
Speakers
FinTech
Upcoming
On-Demand
Hosts
Speakers
teiss (Cyber Security)
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Jobs
Search Business Report
My Account
Remember Login
Register|Reset Password
My Account
Remember Login
Register|Reset Password
News
Technology
AI & Automation
Communication
Digital Transformation
Industrial Innovations
IoT
Mobile
Smart Cities
Cyber Security Site
Management
Best of Business
Energy
Future of Work
Healthcare
Human Resources
Future of Enterprise
Retail
Customer Experience
Risk Management
Supply Chain
Finance
FS, Banking & FinTech
CFO
Fraud Prevention
Insurance
Payments
Sustainability
ESG
UN SDGs
Sustainability Talks
Responsible Business
Resources
Print Reports
White Papers
Business Learning
Events
Talk Shows
Supply Chain
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Digital Transformation
Upcoming Episodes
On-Demand
Hosts
Speakers
MarTech
Upcoming
On-Demand
Hosts
Speakers
FinTech
Upcoming
On-Demand
Hosts
Speakers
teiss (Cyber Security)
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Jobs

The Investigatory Powers Act: a precarious balancing act

Management
Linked InTwitterFacebook

Nick France at Sectigo explores security vs privacy in the Investigatory Powers Act amendments

 

The Investigatory Powers Act (IPA) of 2016 was tasked with combining various existing powers used by law enforcement and security agencies for communication data collection and interception.

 

On April 25th 2024, several new laws were passed as an update to the IPA, to enhance the powers available for use by law enforcement agencies. While the Government has reiterated that individual data will be accessed only when it is proportionate and necessary, concerns have been raised regarding impact on tech companies, data privacy and public trust.

 

The amendments explained

New revisions to the IPA, which concern how authorities access communication data, have now received royal assent. The focus is on granting law enforcement agencies greater access to encrypted information like messages and files, with the aim of bolstering national security.

 

One key amendment involves improving the efficiency in gaining "exceptional lawful access". While the specifics are yet to be determined, it can be argued that this may require tech companies to develop tools that could bypass encryption. This raises concerns about weakening encryption security across the industry.

 

Another change involves updates to the conditions in which Internet Connection Records (IRC) can be accessed and used. ICR refers to communication data regarding a service that a user connects to when on the internet - be it a website or a messaging service. The new IPA laws seem to extend the scope and speed in which this information can be accessed, posing questions regarding data privacy, and the situations in which these updated laws are applied. 

 

While these adjustments aim to maintain security, vigilance and keep pace with evolving security threats, we also need to balance concerns about weakening overall encryption standards, online security and potential harm to user trust in tech companies.

 

The revisions that have been passed leave us with key questions about the exact implementation of "exceptional lawful access" and the extent of government control over companies’ security practices. Ultimately, the focus is on whether these amendments can effectively address security threats while maintaining a balance with online privacy.

 

Tech collaboration

Finding a solution without sacrificing security

As outlined, one of the most concerning areas of the new amendments lies in the concept of "exceptional lawful access."

 

For example, mandating tech companies to create backdoors in encryption fundamentally undermines its core function. Encryption operates on a binary system – data is either secure or vulnerable, and backdoors inherently introduce vulnerabilities, not just for UK citizens but potentially for everyone globally. This would significantly weaken the overall effectiveness of encryption as a security tool, jeopardising the confidentiality of sensitive information across various sectors.

 

A more constructive approach lies in fostering genuine collaboration within the tech industry. Instead of resorting to coercion and potentially weakening encryption, the government should leverage the expertise of a diverse pool of tech specialists. These experts possess a deep understanding of both the intricacies of encryption and the business needs of the tech industry. By engaging with them, the government can gain valuable insights on how to strengthen national security without compromising user privacy and trust. 

 

Specialised knowledge would be invaluable in navigating the complexities of international enforcement. Tech companies often operate across borders, and collaboration with these experts would be crucial in establishing a framework for lawful access that considers international legal considerations.

 

Furthermore, their input can help mitigate any potential slowdown in technological innovation. Forcing companies to create backdoors is a blunt instrument that can stifle innovation in the long run. Collaboration, on the other hand, can pave the way for the development of new security solutions that address the evolving needs of law enforcement while maintaining the integrity of encryption.

 

Public apathy vs. awakening

Will increased surveillance ignite a backlash?

The current public perception towards surveillance in the UK is a complex issue. On one hand, there seems to be a level of acceptance for the widespread use of CCTV cameras and dash cams. However, this relative apathy could rapidly transform as people become increasingly aware of the vast amount of data they generate and the profound impact it has on their lives. 

 

The amendments risk further eroding public trust in a significant way. As individuals realise the government can now access and use their readily shared data for investigative purposes, - including expanded powers to request ICR from communication service providers - can lessen the sense of security and privacy, and replace this with a feeling of vulnerability. This erosion of trust can have far-reaching consequences.

 

People might start questioning the purpose and limitations of this data collection. Is it for public safety, or is it for monitoring dissent? This lack of transparency can erode trust in the government and its ultimate goal to disrupt serious crime.

 

A potential backlash could manifest in several ways. Increased public scrutiny of government surveillance programs could be the first step. We may also see a rise in activism, with people demanding stricter data protection laws and clearer guidelines on how their information is used. It’s likely that social media would become a platform for raising awareness and mobilising public opinion.

 

A chilling effect on innovation

Can trust and security coexist?

The amendments may also cast a long shadow over innovation in the tech sector. Companies are understandably apprehensive about being forced into a precarious situation of balancing regulatory compliance with the need to serve their users.

 

On one hand, organisations face the prospect of betraying user trust by creating encryption backdoors, a move that could damage their reputation and alienate their user base. On the other hand, they risk facing sanctions for refusing to patch vulnerabilities, or failing to provide data deemed necessary by the government.

 

This creates a difficult choice, potentially leading companies to prioritise self-preservation over pursuing potentially risky advancements in technology. 

 

Weakening trust in tech companies can trigger a vicious cycle. Users and businesses alike become hesitant to engage with companies perceived as collaborating with increased government surveillance. This exodus of trust can have a ripple effect, driving valuable tech talent and promising business opportunities towards more privacy-conscious environments.

 

Ultimately, the amendments may achieve the opposite of their intended purpose. By jeopardising both national security and economic growth in the pursuit of heightened surveillance, the amendments could leave the UK in a more vulnerable position than ever before.

 

By pushing for greater data control without due regard for privacy rights, the UK risks losing its competitive edge in the global tech landscape.

 

Countries with stricter data protection regulations are already establishing themselves as havens for tech companies prioritising user privacy. This could put the UK at a significant disadvantage, hindering its ability to attract and retain top tech talent and potentially stifling the development of innovative new technologies.

 

Finding a sustainable path forward

The amendments to the IPA walk a tightrope between security and privacy. National security is indeed paramount, but it should not come at the cost of crippling innovation and eroding public trust.

 

Collaboration with a diverse range of tech experts, coupled with a clear framework for data access and responsible vulnerability disclosure, can be a step towards a more secure and innovative future.

 

The government must tread carefully, ensuring that the path to security does not lead to a future shrouded in fear and stifled by a lack of trust.

 

 

Nick France is CTO at Sectigo

 

Main image courtesy of iStockPhoto.com and drante

cyber securityManagementresponsible business
Linked InTwitterFacebook

Most Viewed

Business Reporter

23-29 Hendon Lane, London, N3 1RT

23-29 Hendon Lane, London, N3 1RT

020 8349 4363

Cookie Policy
Terms of Business
17 Global Goals
Campaign Schedule
Lead Generation Media Kit
Sustainability Report
Contact Us
Privacy Policy
Terms and Conditions
Breakfast Briefing Media Kit
Media Kit
BR Studio
Content Guide
Traffic Drivers
Case Study

© 2024, Lyonsdown Limited. Business Reporter® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543

We use cookies so we can provide you with the best online experience. By continuing to browse this site you are agreeing to our use of cookies. Click on the banner to find out more.
Cookie Settings