Re: Encryption
Yeah that was another one that threw me, they cannot have both of these states. Quick transcript I pulled from that point.
May: When a warrant is lawfully served on them there is an expectation that they will be able to take reasonable steps to ensure that they can comply with that warrant ie that they can provide the information that is being requested in that lawful warrant in a form that is legible for the authorities.
Dr ? : So your not looking to them to provide a back door for the agencies or a key as it were?
May: No, there is no suggestion. Were not saying to them that government wants keys to their encryption. No Absolutely not.
Chair: ...So whatever information the warrant demands is then readable by those who need to read it, that the encryption facilities of the company are safeguarded.
May: The government doesn't need to know what the in encryption is, doesn't need to know the keys to the encryption. But if there is a lawful warrant requesting certain information ... it is about that information being readable.
That cannot work. IF companies provide a service that enables end-to-end encryption they cannot break this without having a back-door as the actual keys would be created at the client on each end, hence end-to-end, not end-to-eve-to-end. So restating again the only way a company would then be able to comply with a warrant of this nature and provide it to them in a readable format is if the company has a back-door. Which makes it just as good as handing the keys/back-door over to the government.
Biting the hand that feeds IT
