Cryptography

(asked on 15th October 2020) - View Source

Question to the Home Office:

To ask Her Majesty's Government what is the status of technical capability notices in the light of the international statement End-to-end encryption and public safety, signed by the Home Secretary on 11 October.


Answered by
Baroness Williams of Trafford Portrait
Baroness Williams of Trafford
Captain of the Honourable Corps of Gentlemen-at-Arms (HM Household) (Chief Whip, House of Lords)
This question was answered on 28th October 2020

The Investigatory Powers Act 2016 allows the Government to place obligations on telecommunications operators or postal operators through a Technical Capability Notice.

The Act governs these notices and provides extensive privacy safeguards and a robust oversight regime, including approval of notices by an independent Judicial Commissioner.

The respective Codes of Practice for the Interception of Communications, Communications Data and Equipment Interference set out that the Secretary of State may give a relevant telecommunications operator or postal operator a Technical Capability Notice, the purpose of which is to maintain a technical capability to ensure when a warrant is served or authorisation or notice is given, companies can give effect to it securely and quickly.

For reasons of national security, it would not be appropriate to disclose the number of Technical Capability Notices, or the specific circumstances in which they may be issued.

The UK Government has set out, in detail, how these particular powers can be used, including through the Written testimony of the Director of National Security to the US Senate Judiciary Committee on 10 December 2019. This Testimony can be read in full here:

https://www.gov.uk/government/publications/open-letter-to-mark-zuckerberg/written-testimony-of-chloe-squires-director-national-security-home-office

The Testimony details the potentially catastrophic impact on public safety where companies deploy end-to-end encryption in such a way that precludes access to the content of their users’ communications under any circumstances. It makes clear that we believe that the only way to make progress on this shared challenge is to engender ongoing, detailed dialogue with tech companies that focuses on reasonable proposals. We believe such engagement is likely to identify opportunities that, without compromising the wider safety and security of systems for lawful users, can provide ways to gain specific, targeted and lawful access to information about what terrorists, child sex abusers and the perpetrators of other serious crimes are doing online.

The international statement on end-to-end encryption and public safety, published on 11 October, affirms this position. It calls on tech companies to work with governments to find solutions to ensure the safety of our citizens without eroding user privacy or cyber security.

Reticulating Splines