In another step towards total government control of its people, the UK is planning to enforce Part 3, Section 49 of the Regulation of Investigatory Powers Act, which will authorise authorities to obtain encryption keys or any encrypted data in unencrypted form in relation to any anti-terrorism investigations.
While this privacy freak understands the nation’s requirement to be able to obtain data that can assist with the aversion of, or investigation into any terrorist activity, I worry about the consequences. ARS Technica’s article on this subject explains that one possible use of this law could be to obtain encryption keys for banking records where funds for terrorist activities are involved. The issue here is that the authorities would then have the keys to decrypt any information, not just that pertaining to the funds in question.
I can imagine that a lot of businesses and individuals will be concerned at the implications these new laws introduce and, given that the laws will only apply to data that resides in the UK, might consider moving their data offshore. This would obviously have an impact on the economy with businesses moving their hosting and data infrastructure to countries that offer more protection and anonymity.
Alternatively, I see a huge surge in the use of encryption technologies that provide a mechanism for plausible deniability. TrueCrypt, for example, allows you to create hidden and unidentifiable partitions of encrypted data, and even supports partitions that provide access to different data sets depending on the password provided. This allows you to store your personal data in an embedded partition, and should anyone coerce you to provide the password, you provide the “safe” password, which gives them access to the outer partition, keeping your personal data hidden.