UK data watchdog calls for end-to-end encryption across video chat apps by default

Then backtracks and tells El Reg: 'It's not a formal opinion'

Britain's new Information Commissioner has called for video conferencing companies to enable end-to-end encryption on their products – even as police managers and politicians condemn the technology and demand its removal.

This week the ICO urged tech companies to make end-to-end encryption (E2EE) "available to all users" regardless if they're "enterprise, consumer, paid or free" in a statement jointly backed by seven countries' data protection regulators – even including China.

"Ease of staying in touch must not come at the expense of people's data protection and privacy rights," warned last year's open letter, which was reiterated this week by the ICO.

Calling for E2EE to be applied to widely used communication apps pits these data protection authorities against their own governments and law enforcement agencies, potentially laying the ground for a vicious policy fight in the West.

This week's document said:

The joint signatories acknowledge the reported use by the VTC companies of industry standard encryption as a minimum. They also welcome the development or implementation of end-to-end encryption (where the meeting host creates the key and only they and participants have access to it) in certain circumstances.

It also added that users ought to be given "clear and easily understandable information" about the difference between what it called "standard" encryption and E2EE.

Figures such as Home Secretary Priti Patel and National Crime Agency manager Rob Jones have previously condemned E2EE, while the governments of the Five Eyes espionage alliance (comprising the UK, US, Canada, Australia and New Zealand) have have repeatedly condemned the technology.

Belatedly recognising this, the ICO backtracked when The Register asked about the move, saying:

This work is clear that these observations are specific to this context and these technologies following our engagement with the companies involved and in light of their rapid growth during the pandemic; particularly in health and education settings. It is not a formal opinion with wider application beyond these uses and is clear it does not bind future findings of any future enquiries any of the authorities or their next Commissioners might undertake.

Privacy advocates say E2EE protects users against surveillance by hostile governments and police agencies, and helps secure their data against intrusions by criminals looking to steal and leak personal information from web-facing corporate infrastructure.

The ICO added that it supports "lawful instances of law enforcement and third party data requests," saying: "It is important that any approach to E2EE seeks to reconcile addressing harms with privacy and safety impacts."

Police workers, on the other hand, claim that E2EE would force them to obtain court warrants each and every time they want to spy on criminal suspects, risking judges turning down overbroad demands. At the moment unencrypted conversations can potentially be surveilled by social media companies, with messages of interest forwarded to police and other law enforcement agencies.

A joint review carried out last year by British, Canadian, Australian, Chinese, Swiss, Gibraltarian and Hong Kong data protection regulators called on global tech companies to implement end-to-end encryption as a user safety measure. Microsoft, Google, Cisco and Zoom all responded, while Houseparty (a short-lived video chat app) didn't, its owners since having shut it down.

The ICO and the other data regulators also said they expected video conferencing app providers to carry out "regular testing of security measures" including pentests, audits and deploying bug bounty programs. ®

Broader topics

Narrower topics

Other stories you might like

  • Meg Whitman – former HP and eBay CEO – nominated as US ambassador to Kenya

    Donated $110K to Democrats in recent years

    United States president Joe Biden has announced his intention to nominate former HPE and eBay CEO Meg Whitman as Ambassador Extraordinary and Plenipotentiary to the Republic of Kenya.

    The Biden administration's announcement of the planned nomination reminds us that Whitman has served as CEO of eBay, Hewlett Packard Enterprise, and Quibi. Whitman also serves on the boards of Procter & Gamble, and General Motors.

    The announcement doesn't remind readers that Whitman has form as a Republican politician – she ran for governor of California in 2010, then backed the GOP's Mitt Romney in his 2008 and 2012 bids for the presidency. She later switched political allegiance and backed the presidential campaigns of both Hillary Clinton and Joe Biden.

    Continue reading
  • Ex-Qualcomm Snapdragon chief turns CEO at AI chip startup MemryX

    Meet the new boss

    A former executive leading Qualcomm's Snapdragon computing platforms has departed the company to become CEO at an AI chip startup.

    Keith Kressin will lead product commercialization for MemryX, which was founded in 2019 and makes memory-intensive AI chiplets.

    The company is now out of stealth mode and will soon commercially ship its AI chips to non-tech customers. The company was testing early generations of its chips with industries including auto and robotics.

    Continue reading
  • Aircraft can't land safely due to interference with upcoming 5G C-band broadband service

    Expect flight delays and diversions, US Federal Aviation Administation warns

    The new 5G C-band wireless broadband service expected to rollout on 5 January 2022 in the US will disrupt local radio signals and make it difficult for airplanes to land safely in harsh weather conditions, according to the Federal Aviation Administration.

    Pilots rely on radio altimeter readings to figure out when and where an aircraft should carry out a series of operations to prepare for touchdown. But the upcoming 5G C-band service beaming from cell towers threatens to interfere with these signals, the FAA warned in two reports.

    Flights may have to be delayed or restricted at certain airports as the new broadband service comes into effect next year. The change could affect some 6,834 airplanes and 1,828 helicopters. The cost to operators is expected to be $580,890.

    Continue reading

Biting the hand that feeds IT © 1998–2021