Writing yesterday on the apparent decision of the UK government to rephrase the proposal from ‘banning encryption’ to mandating that telecommunications encryption must be breakable – which Preston Byrne, COO and General Counsel of Erin Industries, pointed out was essentially the same thing – Eris Industries stated that the Snooper’s Charter would “impinge vital and legitimate business interests of our company”, adding “The reported-on compromise on encryption is nothing of the sort and, if enacted, will continue to pose a grave danger to British citizens from all walks of life and an unacceptable risk to business.”
Highlighting the danger of building a weakness into a system, Byrne noted the recent case which suspects two teenage boys of hacking into TalkTalk’s database. Weaknesses would not be used solely by those wishing to protect the public, but would be exploited by those with malicious intent; the encryption itself cannot distinguish between people with good or bad intentions.
If the law was to change, businesses like Erin Industries would not be able to guarantee the safety and security of their data, which is integral for customers to entrust the company with their private data. From transferring money to negotiating business deals, there needs to be an assurance of privacy for users to work. As Byrne wrote:
“For a modern economy to function, the integrity of this data cannot be questioned and the privacy of these communications – across the many channels people use to send them – must be assured.”
Preventing unbreakable encryption, Byrne claims, makes the country less safe, not more so. Personal data for anyone in Britain would be compromised, and SSL, VPNs and other communication infrastructure used by businesses would suffer similarly. It would also not stop people who are flouting the law from creating their own encryption programs, which could be unbreakable.
Byrne also considered the need for this law, as police already have the ability to compel a person to disclose cryptographic keys under the RIPA3. All this law would achieve, Byrne stated, is for the data of people and companies in the UK to be more at risk of malicious actors, resulting in a loss of trust of British software and therefore a loss to British business.
Eris Industries has previously stated that, if the law is passed, they will relocate out of the UK permanently, having temporarily relocated to New York City, and expect many other technological and financial companies to do the same.