If you picked up a copy of the The Times at the weekend, you may have heard the news that an agreement between the US and UK governments will force tech firms to give police and intelligence services access to encrypted messages, but the story is not all that it seems.
While it’s true that the UK and US governments have signed an agreement to share information relating to messages sent on platforms such as Facebook and WhatsApp, that information won’t exactly be the encrypted messages users are sending each other. That’s because platforms like Facebook use end-to-end encryption, which means that as soon as the message has left the sender’s device, it can’t be decrypted without the necessary key – which can be found on the receiver’s device.
Some in the UK government, such as home secretary Priti Patel, have lobbied for a so-called Ghost Protocol for a number of years. This works by having an additional receiver, so that intelligence agencies could then decrypt the messages and read the contents. This is not what’s proposed under this announcement. In fact, no back door of any sort is being implemented as a result of this announcement.
Instead, the UK government will gain access to certain information that the tech giants do have. That’s the simple stuff such as who is messaging who, when messages are being sent, where they’re being sent from, and how often the two are messaging each other. That’s all valuable information to law enforcement, but it’s hardly the big story of the UK government being able to read everyone’s encrypted messages.
What does the new agreement mean for UK consumers?
The new agreement between the US and the UK should be looked at with concern, given it does invade a user’s individual privacy, but it’s not exactly unexpected. Last year, the US passed the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which was instrumental in making this deal between the countries possible. It also comes as the nations of the Five Eyes intelligence community commit to share even more data with each other.
For now, the UK government can do little in order to compel US tech giants to do anything in regards to invading the privacy of their users, even those within the UK. That’s because those companies are predominantly governed by US laws, and no law exists within the US that would compel messaging providers to break their end-to-end encryption. This deal with the UK does nothing to change that.