Last week Channel 4 news reported a fear Big Brother Watch has been articulating for some time, namely that the Communications Data Bill will require black boxes to be installed so that if a message is sent encrypted, it can still be read.
An excellent technical summary is here but the essential point is that the Home Office is planning to make itself the ‘man in the middle’ between your PC and the Internet. The term ‘man in the middle attack’ is a well known problem for internet security, but the wider concern is that the plan is at risk of being useless by developments already underway.
As reported by the Economist last year, ensuring that communications can be sent and received securely is an essential part of a global, digital economy and fraudsters have used dodgy certificates in the past to enable both state-sponsored attacks and corporate fraud. Accordingly, it’s a loophole that is being rapidly closed.
In addition, it makes the black boxes hugely lucrative to both criminal and foreign interests who would not be afraid of ‘collateral damage’ in obtaining them. Once obtained, they would be in an unprecedented position to attack the UK and its interests.
There’s also a serious question about how businesses with sensitive intellectual property would feel about trusting their security to the same officials who put 23m people’s tax details in the post on an unencrypted CD.
Technologically at risk of being out of date before it’s installed, hugely costly and a threat to Britain’s already ailing economy. The civil liberties argument is not the only reason to be very afraid of the draft Communications Data Bill – and the list is growing.