A proposal by the British government that should shake the tech sector and jeopardize what little trust remains, includes attempts being made to potentially ban forthcoming security updates in major technology systems if those updates would close the loopholes that the government is using to spy.
The latest scheme suggests that tech giants might have to seek approval from the British government before pushing out security fixes. However, if the fix is deemed to interfere with a vulnerability being utilized by security services, the government may lock the updates.
This stance against encryption is not a new development; the British government’s dislike for end-to-end encryption was apparent back in 2017, much to the dismay of privacy advocates and even the then head of MI5.
Our recent video report extensively covers the global attack on encryption.
As described in an old BBC Radio 4 interview, MI5’s ex-chief, despite acknowledging the increased difficulties that strong encryption placed on their roles, underscored its significance to not only national security but also commercial interests.
“If we are to remain secure within cyberspace, amidst its misuse by criminals and governments, it is vital that we establish and maintain the UK as a secure place to operate. Hence, the value of encryption remains high,” Jonathan Evans said.
In spite of this, the government continues to nurture the flawed notion that it can empower surveillance without enabling malicious actors to misuse it.
When met with threats to remove important apps such as Signal due to a forced encryption ban, the government’s unsettling new directive, courtesy of Just Security, surfaced.
As per the new directive, the government has to be notified prior to the launch of vital security updates that could potentially patch known vulnerabilities.
The Secretary of State could then direct the manufacturer to refrain from patching the weaknesses to allow the government continued access for surveillance purposes – a move that could prove hazardous beyond belief.
The irony of prohibiting patches cannot be understated, as tech companies primarily recognize security vulnerabilities when someone else finds and reports them.
Any delay in applying patches means threats proliferate, making the area insecure and unsafe.