UK starts laying groundwork for another assault on privacy

UK Home Secretary Priti Patel is reportedly to sign a transatlantic agreement offering the UK Government more clout over the stubborn messaging platforms.

First and foremost, this is not a pact between the UK and US which would compel the messaging platforms to break their encryption protections, but it is a step towards offering the UK Government more opportunity.

According to The Times, Patel will sign an agreement with the US next month which will offer the UK powers to compel US companies which offer messaging services to handover data to police forces, intelligence services and prosecutors. After the Clarifying Lawful Overseas Use of Data (CLOUD) Act was signed into law last year, the US Government was afforded the opportunity to share more data with foreign governments, and this would appear to be the first of such agreements.

This is of course not the first time the UK Government has set its eyes on undermining user privacy. Former-Home Secretary Amber Rudd was the champion of the Government efforts to break the blockage during yesteryear, attempting to force these companies to introduce ‘backdoors’ which would enable the access of information.

There are of course numerous reasons why this would be seen as an awful idea. Firstly, the introduction of a back-door is a vulnerability by design. It doesn’t matter how well secured it is, if there is a vulnerability the nefarious actors in the darker corners of the web will find it.

Secondly, stringent security measures should not be undermined for the sake of it or because the consumer is not driven by security as a reason for using the services. Your correspondent does not buy a car because it has the best airbags, but he would be irked if they didn’t work when called upon.

Finally, governments and public offices have not proven themselves responsible enough to hand over such a potential violation of the human right to privacy. And let’s not forget, Article 8 of the European Convention on Human Rights is solely focused on privacy.

What is worth noting is this pact with the US Government is not a measure to introduce back-doors into encryption software, but you should always bear in mind what the UK Government is driving towards with incremental steps. It is easy to forget the bigger picture when small steps are made, but how often have you looked back and wondered how we got to a certain situation?

The CLOUD Act offers the US agencies the right to collect limited information from the messaging platform providers. Currently, US authorities can request information such as who the user is messaging, when and the frequency. The law does not grant access to the content of the messages, though it is a step towards wielding greater control and influence over the social media companies.

Should Patel sign this agreement, and it is still an if right now, this power would be extended to the UK Government to collect information on UK citizens.

What is worth noting is this is not official, though it would not surprise us. Rudd attempted to revolutionise the relationship between the UK Government and messaging platforms, and this failed spectacularly. This would be a more reasonable approach, taking baby steps towards the ultimate goal.

Telegram faces ban in Russia

Messaging app Telegram is on the ropes in Russia after the state communications watchdog said it filed a lawsuit to limit access after it refused security services access to its users’ secret messages.

According to Reuters, Russia’s FSB Federal Security service had requested information hidden behind the app’s encryption software, but was refused. Citing respect for users privacy, Telegram refused access for the intelligence services who were reportedly following leads of terrorist activity, and now faces being banned in the country.

Telegram is currently listed as the ninth most popular messaging app worldwide, roughly 200 million users, using software which it claims is more secure than mass market applications such as WhatsApp and Line. The team claim to support two layers of secure encryption, which is based on 256-bit symmetric AES encryption, 2048-bit RSA encryption, and Diffie–Hellman secure key exchange.

While the normal chat groups are pretty secure, Telegram states the secret chats feature uses end-to-end encryption, leave no trace on its servers, support self-destructing messages and don’t allow forwarding. On top of this, secret chats are not part of the Telegram cloud and can only be accessed on their devices of origin. In other words, Telegram is pretty confident in its security, so confident it have a £300,000 prize set aside for anyone who can prove they can crack the encryption.

The Russian watchdog, Roskomnadzor, claims that by refusing to offer the information to security services, it is not complying with its legal obligations as an ‘organizer of information distribution’. Since passing new legislation in 2016 which forces messenger services to provide authorities with a backdoor into encryption, Russia has been clamping down heavily on online communications. It’s already battled with Instagram and YouTube earlier this year over videos uploaded by political activist Alexei Anatolievich, while Twitter and Facebook have agreed to host user data locally to comply with encryption laws. Telegram has refused to do so to date.

Should the Russian government be successful, it will force ISPs to block Telegram inside the nation, in a similar manner to what has been done in Iran over the last 12 months. That said, in Iran has been a relatively simple process to navigate around the hurdles using a VPN.

Such threats might make some of the internet giants tremble, but it does not seem to worry CEO Pavel Durov who has long stood by the idea of privacy. While it is certainly not uncommon for CEOs to preach about the best interests of the user, few applications can boast the same depth of security.

While this will certainly be of interest to users in the country and worldwide, investors will also be watching closely as Telegram is also undertaking the world’s biggest initial coin offering, with pre-sales reaching £1.7 billion already. Such attention from the Russian government might have a way of making investors nervous.