It could signal the end of encryption. The Investigatory Powers Bill (IP Bill) currently going through the UK Parliament could change the Cloud forever. Called the ‘spy law’ and the ‘snoopers charter’ by some, the IP Bill finds itself going through Parliament during the honeymoon period of new Prime Minister Theresa May.
So what is the IP Bill? Fiercely criticised by everyone from civil liberties groups as being a bullet through both free expression and privacy, and by tech firms as a huge threat to their industry, the IP Bill makes surveillance a fully legal activity. It does this in two ways.
The first is that all internet service providers (ISPs) would have to, by law, hold every single user’s internet browsing history for 12 months, and make it available to UK security services on demand. This kind of bulk collection of data on UK citizens is unprecedented. The second – and perhaps more importantly for the Cloud as an industry – is that apps, phones and data storage services will have to give the security services and police backdoors into their encryption methods.
The knock-on effects of that could be devastating to a UK tech industry already grappling with the prospect of the Brexit. For the Cloud, encryption is everything. It’s why the Cloud is trusted with personal files, sensitive data, messaging and much more. In the last few years, encryption has gone mainstream, with almost all Cloud-related platforms and products now purpose-built specifically for encryption. For consumers, encryption defends against companies that mine users’ data and sell it on to third parties, and for the Cloud industry as a whole, it prevents malicious hackers who target both consumers’ date, and corporate servers.
If/when the IP Bill is passed – and if it’s enforced – the UK data storage market may be forced to store its data offshore, ironically within the EU borders. For why would anyone want to store their data in a country where it could be legally snooped-on, or where hacking would be easier? Others have deemed the IP Bill impossible to implement in practice; tech companies that flat-out refuse to comply will get plenty of backing, as Apple did recently in refusing to co-operate with the FBI over an encrypted iPhone.
It’s another case of unintended consequences; if the government really wants to protect against cyber-attacks, the Cloud needs much more encryption, not less, and no backdoors.