The long debates into the Investigatory Powers Bill continue, although now the Home Secretary that so passionately brought the bill forward is the Prime Minister, concerns are growing that their could be an impact on personal data privacy. Even more so since on the 13th July Earl Howe suggested that “intelligence agencies must retain the ability to require telecoms operators to remove encryption in limited circumstances, subject to strong controls and safeguards, to address the increasing technical sophistication of those who would seek to do us harm." The suggestion that backdoors in encryption will be made for security purposes opens up new concerns for security professionals since it fundamentally weakens cybersecurity, leaving data exposed should anyone other than the intended intelligence agencies gain access to that backdoor.
Although the government’s and the new Prime Minister’s view is that this bill would keep the country safer, the potential negative effect on the innocent is often seen as something too large to accept. Many companies have already taken action to avoid the impending success of the ‘Charter’, Eris Industries, a Blockchain Infrastructure company, announced it would leave the UK due to surveillance concerns, and the same occurred with social media start-up Ind.ie.
But what of the data collected? How can ISPs ensure that the 12 month backlog of user activity they will be obliged to keep is protected fully? There will be an expectation that extra layers of security will be put in place to protect what must be huge swaths of user data, but what form that protection takes will, understandably, be kept under wraps.