Wednesday, 16 March 2016

Fair Warning: Are You Ready to Be Hacked?

As the whole world watches to see whether the US government will prevail in its fight to force Apple to hack locked phones, the UK is on the verge of passing unprecedented legislation that would force almost every company or organisation involved in any form of digital data communications to hack their customers at the whim of government investigators. As Computer Weekly so aptly put it, the legislation will criminalise the refusal to ‘hack on demand’.

Investigative reporter Duncan Campbell reveals that British MPs were given a 1,200-page document with details of the legislation last November (2015); they were expected to read and understand it within two weeks. The goal of those who created the legislation is to ram it through by the end of this year. If they are successful, and the legislation remains unaltered, the results will make what the US National Security Agency did in the pre-Snowden area look pedestrian.

The details of the legislation are too numerous to list here, but in summary, it will require the following:

·        Businesses and IT professionals will be required to hack both domestic and overseas customers on any order issued by the Home Office.
·        Businesses and individuals will be compelled, by order of the government, to conduct equipment interference that will enable government interception of data communications.
·        Businesses and individuals will be compelled, by order of the government, to alter software or hardware systems to allow government hacking.
·        Businesses and other organisations will be required, on government order, to use malware and other deceptive tactics against their own customers to ensure government access to data and data communications.

This is no minor piece of legislation with only symbolism attached. If Campbell's review is accurate, privacy in the digital world will instantly become non-existent. The government will be able to force software developers, hardware manufacturers, and any organisations involved in data transfer to become participants in the act of spying on consumers.

Open the Proverbial Pandora's Box

Anyone following the Apple/FBI saga is familiar with the US government's position that forcing the technology giant to hack its own software is not a big deal because it involves only one phone. The argument is a red herring. Apple maintains, and the UK legislation proves, that writing software capable of circumventing security measures on one device opens the proverbial Pandora's box we used to be afraid of.

Imagine the local data centre that houses your small business website being hit with a government order to open up every server to their scrutiny. Your customers would instantly be at risk without ever knowing their information had been compromised. Furthermore, the government may come to you next.

In an era of cloud computing, global networks and lightning-fast data communications, individual security is as important as it has ever been. Our own government doesn't appear to agree. In light of what we now know about pending legislation, America's fight with Apple pales by comparison.

No comments:

Post a Comment