The House of Lords has passed the Investigatory Powers Bill, putting the huge spying powers on their way to becoming law within weeks. The bill forces internet companies to keep records on their users for up to a year, and allows the Government to force companies to hack into or break things they’ve sold so they can be spied on. Jonathan Sander, VP of Product Strategy at Lieberman Software commented below.
Jonathan Sander, VP of Product Strategy at Lieberman Software:
“The Investigatory Powers Bill demonstrates yet again that law – and law makers – have an extremely difficult time keeping up with technology and making constituents well informed. There are two striking aspects to the Investigatory Powers Bill. The Bill managed to keep in the secret back door provisions, which on paper would mean manufacturers of mobile phones and other tech would need to build in a secret key for government spies. If I listed all the spy movies and novels based on the “bad guys get the powerful thing only the good guy government was supposed to have” plot device, it would take all day. If there is a magic key and even if we assume the government itself will not abuse it, we still must assume the bad guys can steal it.
Add to this the fact that it’s likely to be ineffectual. People who really want protection will just use apps that weren’t built in by the manufacturers that don’t have the back door. Then only the uninformed, average user is vulnerable. The other striking thing about the Investigatory Powers Bill is that, like so much other law in cybersecurity, it ignores current thinking on what really reveals terrorist cells and operations. If the recent success in thwarting plots has shown us anything, it’s that the machine learning and data science studying Metadata – who called or texted whom but not the contents of these conversations – has the power to out the bad guys. The Bill will strengthen this program, but it missed the chance to double or even triple those efforts to yield the data we really need, who exactly the bad guys among us are.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.