All posts by Paul Stradling

News

Tech Tip – How To Use Notepad To Test Your Antivirus

Here’s a simple tip using Notepad to check if your antivirus is working as it should:

– Open Notepad.

– Type X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* into notepad.

– Save the file as either e.g., test.exe or test.bat (cyber criminals often exploit bat as well as exe files to launch malicious scripts).

– Scan the file with your antivirus and if it detects the file as a virus, this is good sign that it is working as it should. However, that doesn’t mean you can always 100% trust it and should nevertheless still observe the usual levels of security and hygeine – this is just a quick test!

News

Tech Insight : What Is Microsoft Azure?

In this insight, we look at what Microsoft Azure is, plus what it offers businesses.

Azure 

Microsoft Azure (formerly Windows Azure) is Microsoft’s public cloud computing platform. Public cloud refers to cloud computing services offered over the public Internet and available to anyone, i.e. the services are shared with multiple customers rather than just controlled and used by one (i.e. private cloud). Azure is the second most popular cloud provider globally, lagging behind Amazon Web Services (AWS), yet ahead of Google Cloud Platform (GCP) and IBM. It is used by over 55 per cent of all Fortune 500 companies.

Hybrid 

Microsoft’s Azure is also a hybrid cloud – it used its on-premises datacentre (a private cloud) alongside a public cloud and allows data and applications to be shared between them. Microsoft says its “seamless” hybrid arrangement is on-premises, across multiple clouds, and at the ‘edge.’ Edge computing refers to a computing architecture and distributed computing framework where computing and data storage is done near the source of the data.

Services 

Microsoft Azure offers users Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS) and serverless cloud computing.

Within these options, Azure offers a range of services to users which they can choose from or run existing applications in the public cloud. Some of the services that Azure offers include:

– Compute – users can deploy and manage Virtual Machines (VM), containers and batch jobs, and support remote application access.

– Mobile – Developers can use these products help to build cloud applications for mobile devices.

– Web – Services supporting the development and deployment of web applications and features for search, content delivery, API management, notification, and reporting.

– Storage – Scalable cloud storage for structured and unstructured data, also big data projects, persistent storage, and archival storage.

– Analytics – Distributed analytics and storage services, and features for real-time analytics, big data analytics, machine learning (ML), business intelligence (BI), internet of things (IoT), and more.

Other Azure services include ‘Networking’ (virtual networking and gateways), ‘Media’ and content delivery network (CDN) such as on-demand streaming, ‘Integration’ for backup and site recovery, ‘Identity’ to help with encryption keys and other sensitive information, the IoT, and ‘DevOps’ software development processes. Also, Azure offers ‘Development’ for app developers, e.g. code sharing, ‘Security,’ AI, and ML services, ‘Containers’ (packages all dependencies of a software component and runs them in an isolated environment), ‘Databases,’ ‘Migration,’ ‘Management’ and governance, mixed reality, ‘Blockchain,’ and ‘Microsoft InTune.’ Third-party software is also available through Azure.

How? 

To use all the Azure services, customers sign up to a monthly, pay-as-you-go subscription for one of several different support plans ranging from basic to premier. There are also situations where there is different tiering pricing depending on requirements.

How Does It Compare To AWS? 

Opinions vary about the comparison. Although Azure’s history of outages has been noted, it is considered to have more functionality and be easier to use than AWS, and uses familiar technologies like Windows, Active Directory and Linux.

What Does This Mean For Your Business? 

Effective use of the cloud is now important for a wide range of businesses and offers a range of benefits. Microsoft’s Azure offers users a hybrid environment with a wide range of services. It also offers the benefit of familiar technologies and the confidence of the Microsoft brand, plus the fact that it’s the second most popular cloud provider that’s also trusted by most Fortune 500 companies. Usage of the cloud offers businesses greater scope, scalability, security, and flexibility and has become particularly valued with remote and hybrid working, so Azure can provide UK business with many of the tools they need to be more competitive. That said, it’s not the only option, with many businesses also choosing other big cloud providers like AWS, Google, and IBM.

News

Tech News : Major NHS Supplier Hit By Ransomware Attack

Advanced, an IT supplier to the NHS, has been hit by a ransomware attack that could take a month to recover from.

What Happened? 

Birmingham-based ‘Advance’ provides digital services to the NHS such as patient check-in and NHS 111. The company’s Adastra software works with 85 per cent of NHS 111 services.

Advanced reported spotting a hack at 07:00 BST on 4 August, followed by a number of outages, before confirming in a statement on August 5 that the incident was linked to a cyber-attack.

Outages 

Advanced described the outages as the result of “a cybersecurity incident” caused by ransomware which caused “an issue on infrastructure hosting products used by our Health & Care customers. Those products identified as being affected are Adastra, Caresys, Carenotes, Cross Care and Staff Plan.”  These services are:

Adastra – clinical patient management software with records relating to 40 million patients.

Caresys – care home management software used by over 1,000 care organisations.

Carenotes – electronic patient record software used by over 40,000 clinicians.

Crosscare – a clinical management system for hospices and private practice used by 70 adult and children’s hospices across the UK.

Staffplan – care management software used by over 1,000 care organisations.

Financially Motivated 

Advanced has reported in its FAQs about the incident that, based on the intelligence it had received, the “threat actor” who carried out the ransomware was “purely financially motivated” rather than being a state sponsored attacker, for example.

Services Offline 

The ransomware attack, which Advanced says was contained to “a small number of servers”, meant that affected services had to be taken offline. Customers were, therefore, unable to access their systems and had to rely upon contingency measures. An NHS England spokesperson has reported that “While Advanced has confirmed that the incident impacting their software is ransomware, the NHS has tried and tested contingency plans in place including robust defences to protect our own networks, as we work with the National Cyber Security Centre to fully understand the impact.”   

Working With Other Agencies 

Advanced has said that it is working with forensic partners including Mandiant and the Microsoft DART teams to conduct an investigation, and is in contact with the NHS, NCSC, other governmental entities, and has contacted the ICO.

3 to 4 Weeks 

Advanced reports that for NHS 111 and other urgent care customers using Adastra and NHS Trusts using eFinancials, services would be back online in a few days, but for its other NHS customers and Care organisations it will be “necessary to maintain existing contingency plans for at least three to four more weeks”. 

Fears For Data Security 

It is not clear from reports whether any ransom has been paid, with Advanced simply saying “our investigation is underway.” Bearing in mind the vast numbers of patient records and the sensitivity of that data there are now serious fears about whether data has been stolen and what the consequences could be.

Health Organisations A Target 

Health services around the world are often targets for cyber-attacks, and a Kroll study has reported that the number of health organisations (globally) targeted by cyber-attacks rose by 90 per cent in the three months to 30 June compared with the first quarter of 2022. Examples of health services being targeted include:

– In 2017, North Korean attackers hit the NHS with ransomware, severely disrupting more than 80 hospital trusts and 8 percent of GP practices, costing the NHS an estimated £92m through services lost during the attack and IT costs in the aftermath.

– In October 2020, Philadelphia company eResearchTechnology (which made software used to try and develop COVID-19 vaccines and treatments) was hit by a ransomware attack. Employees were locked out of systems and the attack had a knock-on effect that was felt by IQVIA, the research organisation helping with AstraZeneca’s Covid vaccine trial, and Bristol Myers Squibb, a drug-maker involved in the development of a quick test for COVID-19.

– Emsisoft’s Brett Callow has reported that, in 2020 and 2021 in the US, there were at least 168 ransomware attacks affecting 1,763 clinics, hospitals and health care organisations.

What Does This Mean For Your Business? 

It may be the case that health services are often targeted because there are many different suppliers plus services are vital, so there may be a better chance of extracting a ransom, also there is a lot of potentially valuable data to steal and health services are often playing catch-up with cybersecurity.

Ransomware attacks tend to be initiated using phishing emails, so it is important that all staff are aware of the dangers of clicking on suspicious links. This story also highlights the importance of making sure that data is regularly and securely backed up (to a secure cloud-based service) and that disaster recovery and business continuity plans have procedures for ransomware attacks built-in to them. Businesses should also note that paying the ransom is a high-risk option and certainly offers no guarantee that any files will be unlocked/returned.

Other precautions that businesses can take to guard against these ransomware attacks include keeping antivirus software and Operating Systems up to date and patched (and re-starting the computer at least once per week), using a modern and secure browser, using detection and recovery software, e.g. Microsoft 365 protection and Windows Security.

News

Tech News : New WhatsApp Feature : Leave Silently

New privacy features being rolled out this month mean that WhatsApp users can now leave group chats silently.

Three New Privacy Features 

WhatsApp has announced the introduction of three new privacy features: Leave Groups Silently, Choose Who Can See When You’re Online, and Screenshot Blocking For View Once Messages.

  1. Leave Groups Silently – For users of group chats. Now, instead of notifying the full group when leaving (which can be a little awkward), it’s only a case of the group admins needing to be notified.
  2. Choose Who Can See When You’re Online – Although WhatsApp says “: Seeing when friends or family are online helps us feel connected to one another” it acknowledges that there are times when users would prefer to keep their online presence private. This new feature gives users the ability to select who can and can’t see when they’re online.
  3. Screenshot Blocking For View Once Messages – WhatsApp says this feature is essentially an added layer of protection to what already “an incredibly popular” privacy feature. WhatsApp says it is currently testing this feature.

Privacy 

WhatsApp is keen to remind users that these features are in a long line of steps designed to protect their privacy, which have recently included disappearing messages that self-destruct, end-to-end encrypted backups when users want to save their chat history, 2-step verification, and the ability to block and report unwanted chats.

Snapchat 

On the same day as WhatsApp’s new privacy features were announced, competitor Snapchat announced its new ‘Family Centre’ child safety tool which allows parents to see their children’s friend list and who is communicating with them. Snapchat’s new tool to provide “insights” into teen users’ lives (rather than oversight of them) requires the teen’s account to agree to link up with an account belonging to someone over 25.

Back in May, WhatsApp introduced emojis and the ability to share files within WhatsApp up to 2GB as part of a push by Facebook/Meta to stay at the top of the free encrypted messaging app market and compete with rivals like Snapchat. For example, in January, Snapchat announced a major update (for iOS) which included improved calling, ‘Chat Replies,’ Bitmoji Reactions (to allow for more expression), and Poll Stickers to enable emoji-powered polls in Snaps and Stories to survey friends. Meta also wants to consolidate and leverage the power of its other popular apps by integrating and making Messenger, WhatsApp, and Instagram interoperable.

Online Safety Bill and WhatsApp 

With WhatsApp being one of the end-to-end encrypted apps that’s been the target of UK government pressure for ‘back doors’ for monitoring messages to be introduced, along with the Online Safety Bill threatening to weaken encryption, WhatsApp’s made it clear that it won’t be pressured. For example, in recent a BBC interview, WhatsApp’s CEO, Will Cathcart, said that the platform’s security wouldn’t be weakened on government orders, and these new privacy features are one of the many that WhatsApp has been letting users know that the privacy of the app is non-negotiable in a way that benefits users.

What Does This Mean For Your Business? 

With WhatsApp being Meta-owned, plus being under pressure by the government to weaken encryption, as well as having to compete with Snapchat, it’s no surprise that its new features are privacy-based and a way of emphasising to users that it’s not going to compromise on privacy and security. For example, WhatsApp used the same announcement to say, “we’re also kicking off a campaign to educate people about the new features and our continued commitment to protecting your private conversations on WhatsApp.”  That said, features such as being able to ‘silently’ leave a group are going to make using WhatsApp a more comfortable user experience, which is increasingly important to WhatsApp as it tries to continue wooing business users.

News

Featured Article : Ofcom Investigates Whether 999 Calls Work (Via VoIP) During Emergencies

Communications regulator Ofcom has opened an investigation to make sure that telecoms providers are complying with rules to ensure that there is always uninterrupted access to 999 calls.

Investigation Into Compliance With General Condition A3.2(b) 

The new investigation will essentially decide whether providers are operating in a way that meets with General Condition A3.2(b), which relates to the General Conditions of Entitlement. These are the regulatory conditions that all providers of electronic communications networks and services must comply with if they want to provide services in the UK. General Condition A3.2(b) says that Regulated Providers “must take all necessary measures to ensure uninterrupted access to Emergency Organisations” (e.g. the relevant public police, fire, ambulance and coastguard services for a locality) as part of any voice Communications Services offered.

History 

As far back as 2007, Ofcom set out its regulations for providers of VoIP services to make sure that people can call ordinary fixed or mobile phones with the objective of contacting the emergency services and that a high level of emergency services access is maintained.

Storms Exposed VoIP Weakness 

Fast forward to storms Arwen and Eunice in the UK in February, where it became apparent that power outages meant that routers went offline, and calls weren’t possible with a broadband-only connection. This is the main weakness of VoIP compared to old-style analogue copper phone lines.

Rollout Paused As A Result 

At the time of the storms, the rollout of BT’s Digital Voice and the move to switch every home phone in the UK to an internet-based connection instead of a traditional copper-wire landline was under way, with the target of switching off the old PTSN by the end of December 2025. The result involved BT announcing in March that it was pausing the digital rollout of Digital Voice switch-overs for customers who didn’t want to move to the new technology straight away and BT setting out new plans for more resilient back-up options.

Consultation and Updated Rules 

In May 2018, Ofcom consulted on guidance on GCA3.2(b), which set out how providers could meet the obligation to ensure uninterrupted access to emergency organisations during a power outage for customers using VoIP technology. This led to the development of a set of principles that providers would need to abide by, which included:

– Being able to offer at least one solution to enable access to emergency organisations for a minimum of one hour in the event of a power outage in the premises. The solution should be suitable for customers’ needs and should be offered free of charge to those who are at risk as they are dependent on their landline.

– Also, providers were then required to take steps to identify at-risk customers and engage in effective communications to ensure that they understood the risk and the protection solution.

As far back as 2011, Ofcom had proposals relating to the provision of a battery back-up for customers to use to enable calls to emergency services in the event of power outages, with this being something that Ofcom has expected providers to supply since 2018.

The New Investigation 

The reason for Ofcom’s new investigation is to find out whether telecoms providers are complying with rules designed to ensure that people can contact the emergency services at all times. Ofcom is particularly interested in whether VoIP providers are, in fact, offering battery back-ups and whether they are identifying vulnerable customers who need more help. The regulator said that it had decided to launch the new investigation based on the results of consumer research and writing to regulated providers on an informal basis.

First Stage 

Ofcom says that in this first stage of its compliance monitoring programme, it will be gathering information from a range of alternative network providers and VoIP providers to understand what they are doing to ensure that they comply with their obligations. Ofcom says that it will also be engaging with industry to ensure that providers understand their obligations and how they apply to businesses providing Fibre to the Premises services.

What Does This Mean For Your Business? 

For all its benefits to businesses, VoIP needs a power supply to stay online and, as Ofcom has long emphasised with principles and guidelines, users should be able to at least be able to contact the emergency services when needed using VoIP. This is something that was highlighted by VoIP’s failure to provide emergency access for some customers during February’s storms. It is now a particularly pressing concern, given that the big switchover to digital was due to be completed by the end of 2025 (currently paused), climate change is causing more disruptive severe weather events, and Ofcom’s research has indicated that some providers may not be complying fully with the rules. Providers are now likely to be feeling under pressure which hopefully may galvanize those who may have been lagging to take the matter and their operator’s responsibilities more seriously, and to ensure compliance. There are times when businesses and home users need to contact the emergency services, so the investigation and pressure from Ofcom are in the interest of everyone.

News

Sustainability-In-Tech : All iPhones To Be Powered By Renewable Energy By 2030 Says Apple

Apple’s Vice President of the environment, Lisa Jackson, has announced that all iPhones will be powered by renewable energy by 2030.

Acquiring Renewable Energy From Wind Farm 

The announcement was made in Australia while celebrating the company’s 40th anniversary there. It is understood that, in line with this announcement, Apple will be acquiring renewable energy from a new Australian wind farm in Queensland, which could supply 80,000 homes with electricity.

Lisa Jackson said of this latest green target, “At Apple, we recognise the urgent need to address the climate crisis, and we’re accelerating our global work to ensure our products have a net-zero climate footprint across their entire lifecycle.” 

Entire Business Carbon Neutral By 2030 

The hope is that in addition to already achieving carbon neutrality two years ago for its corporate activities e.g., Retail Stores, Offices, and Travel, Apple now plans to make its entire business, including supply chain and customer products carbon neutral by 2030. This means that  iPads, Macs, and iPhones will need to run entirely on renewable energy by that date.

How? 

The reason why Apple can say this when you’re plugging your iPhone charger or Mac into your normal electric socket at home as usual is because it has it has examined usage patterns across its 1.8 billion devices and knows that this accounts for 22 per cent of the company’s overall carbon footprint. Therefore, if Apple can offset that percentage with renewable energy from projects like the massive Australian windfarm, it will be able to say that it has reached carbon neutral status for its users’ devices and is powering all iPhones with renewable energy.

Global Facilities Powered By Clean Energy Since 2018 

Apple has long been committed to reducing its carbon footprint. For example, as far back as April 2018, Apple announced that, as part of its commitment to combat climate change and create a healthier environment, its global facilities were powered with 100 percent clean energy. At the time, this included its retail stores, offices, data centres and co-located facilities in 43 countries, including the UK.

What Does This Mean For Your Organisation? 

Apple is one of the many big tech companies engaged in looking seriously at reducing the carbon footprint of their entire chain and making sure that this is widely communicated to customers. Critics could point to how most of an iPhone’s lifetime carbon emissions are made in the production phase and to news stories such as a lawsuit against a recycler that appeared to have instead diverted old phones to China (in 2020). Also, the company’s drive to sell new devices inevitably has green consequences and, as organisations like Greenpeace have said, offsetting projects don’t deliver what’s actually needed which is “a reduction in the carbon emissions entering the atmosphere.” That said Apple has been focusing for many years on how it can become a much greener company. It is which is good news for all users of their products and for wider society that a massive global business is setting itself some quite challenging environmental targets.

News

Security Stop-Press : New Trend : Multiple Ransomware Gangs Attacking Victims In Short Space Of Time

A security company task force Sophos X-Ops has reported to Black Hat USA 2022 in Las Vegas that ransomware gangs are competing for resources, leading to a trend of victims being attacked by multiple gangs over a short space of time. It even suggested that collaboration between ransomware gangs is possible. The advice to businesses is to patch early and often, monitor cyber security news and respond to alerts, practice segmentation and zero trust and used layered protection, use strong passwords and MFA, and take inventories of all assets and accounts.

News

Tech Tip – How To Backup Your WhatsApp Conversations

With so many of us using WhatsApp for important business matters, it makes sense to backup chats either on Google Drive or iCloud Drive. Here’s how:

To make a Google Drive backup:

– Open WhatsApp and Tap More options (the three dots).

– Select Settings > Chats > Chat backup > Back up to Google Drive.

– Select a backup frequency other than ‘Never.’

– Select the Google account you’d like to back up your chat history to.

– Tap ‘Back up over’ to choose the network you want to use for backups.

– To turn on end-to-end encryption for your Google Drive backup select > Settings > Chats > Chat backup > End-to-end encrypted backup.

– Tap ‘TURN ON’ and create a password or use a 64-digit encryption key instead.

– Tap ‘Create ‘to create your end-to-end encrypted backup.

To make an iCloud Drive backup:

– Make sure you’re signed in with the Apple ID and iCloud Drive is turned on.

– For a manual back up. Go to WhatsApp Settings > Chats > Chat Backup > Back Up Now.

– For an automatic backup, you can enable automatic, scheduled backups by tapping ‘Auto Backup’ and choosing your backup frequency.

News

Tech News : 60% Of Us Will Have Digital Wallets By 2026

While some people are busy asking whether we’re seeing the death of cryptocurrencies, a new report says 60 percent of us will be using digital wallets by 2026.

Digital Wallet Usage Driven By ‘Superapps’ 

A Juniper Research study says that the presence of ‘superapps’ will drive digital wallet use in developing countries that are currently considered cash heavy. Juniper describes superapps as “multipurpose apps able to integrate digital payments alongside other services, including wealth management and eCommerce.” Examples could be WeChat and AliPay (China). WeChat, for example, started as a messaging app, then widened its services to add gaming, shopping, and payments. WhatsApp looks likely to follow a similar road.

Digital Wallet Providers 

Examples of some of the leading digital wallet providers are PayPal, Alipay, WeChat Pay, Apple Pay and Google Pay.

Strong Growth 

The Juniper report says that the total number of digital wallet users will exceed 5.2 billion globally in 2026, up from 3.4 billion in 2022. If the prediction is correct, this will represent strong growth of over 53 percent.

Rapid Growth For Asia Pacific Region 

Juniper’s report also says that the Philippines, Thailand, and Vietnam are primed for rapid growth over the next four years due to the rising access to online and mobile commerce services driving an increase of digital wallets, notably through superapps. The report estimates that the adoption of digital wallets will near 75 percent of the population in each of these countries by 2026!

QR Code Payments  

QR code payments are predicted by Juniper’s report to be the most popular digital wallet transaction type in 2026; reaching 380 billion transactions globally, and accounting for over 40 percent of all transactions by volume.

However, the report recommends that QR code payment vendors need to innovate to remain competitive entering new geographic markets by integrating loyalty features and personalised marketing capabilities. These could incentivise merchant acceptance, which could be critical to driving adoption of digital wallets.

What Does This Mean For Your Business? 

The pandemic gave a huge boost to digital payment technologies and using QR codes for in-store payment in Asia helped to kick-start the growth of digital wallets, whose users have realised how convenient they are. The Juniper report shows how the growth and popularity of superapps is also a huge driver in the growth of digital wallets, but another important factor in their growth is the fact that they are needed for many different types of digital payment systems, e.g. cryptocurrencies and central bank digital currencies (CBDC). As we move further into an open banking era, this is also facilitating the growth of digital wallets. For many people and businesses in the UK however, using digital wallets is a new and an unknown territory, the trust in which may have been hampered by their association with the apparently volatile world of cryptocurrencies. Some regions of the world, e.g. the Asia Pacific region, are probably more ready for widescale digital wallet adoption in the near future and at the moment for many UK businesses, how much things cost (i.e. rapidly rising prices) are more of an immediate concern than new payment systems.

News

Featured Article : Pros and Cons of Weakening Encryption

With the Online Safety Bill threatening to undermine end-to-end encryption, we look at the strengths and weaknesses of this security trade-off.

Encryption 

Encryption comes from the science of cryptography. In today’s digital world, encryption refers to using electronic devices to generate unique encryption algorithms which essentially scramble messages and data, making them unintelligible to anyone who tries to intercept them, whilst also providing an effective way to lock electronic devices. Encryption can be used for most things which have an internet connection, such as messaging apps, personal banking apps, websites, online payment methods, files and more.

Two Main Types 

There are two main encryption methods, symmetric and asymmetric, both of which are made up of encryption algorithms and use prime numbers. It is worth noting that there are many other encryption algorithms and methods including RSA, Triple DES, Blowfish, Twofish, and AES.

Symmetric encryption uses the same (identical) key for encrypting and decrypting data. With symmetric encryption, two or more parties have access to the same key. This means that although it is still secure, anyone who knows how to put the code in place can also reverse engineer it.

Asymmetric encryption uses a pair of keys, one for encrypting the data and the other for decrypting it. For the first key (used to encrypt data), ‘public key’ cryptography uses an algorithm to generate very complex keys, which is why asymmetric encryption is considered to be more secure than symmetric encryption – the process can’t be run backwards. With asymmetric encryption, the public key is shared with the servers to enable the message to be sent, however the private key, owned by the possessor of the public key, is kept secret. The message can only be decrypted by a person with the private key that matches the public one. Different public-key systems can use different algorithms.

The ‘key’ refers to a random but unique string of bits that are generated by an algorithm to scramble and unscramble data. The longer the key, the harder it is to break the encryption code.

Over The Internet – HTTPS 

Public key encryption is widely used and is useful for establishing secure communications over the Internet, e.g. for TLS/SSL, which enables HTTPS. For example, A website’s SSL/TLS certificate is shared publicly and contains the public key, but the private key is on the originating server, i.e. it is “owned” by the website.

End-To-End Encryption 

Some of the main criticism around the Online Safety Bill’s requirement that platform operators, such as WhatsApp, will have a “duty of care” to “moderate illegal and harmful content on their platforms” is that this will require weakening encryption, i.e. essentially not having end-to-end encryption, thereby creating a major security (and privacy) risk for users.

End-to-end encryption, which is an example of asymmetric encryption (i.e. more secure than symmetric), is used to encode and scramble information so only the sender and receiver can see it, thereby making it highly secure. WhatsApp uses end-to-end encryption and although the messages go through a server, none of those messages can be read by anyone other than the sender and receiver. Allowing content (i.e. messages) to be ‘moderated’ would, therefore, mean that there would need to be a way in, e.g. a ‘back door’, or some other means to view messages between the sender and receiver.

Why Weaken Encryption? 

The arguments for weakening encryption (e.g. end-to-end encryption), usually come from governments saying that they need to monitor content for criminal activity and dangerous behaviour; e.g. terrorism, child sexual abuse and grooming, hate speech, criminal gang communications, and more. This could be considered a reason to support the idea of weakening encryption. Examples include:

– When it was revealed that the first London Bridge terror attackers used WhatsApp in 2017 to plan the attack and to communicate, there were calls from the government (Amber Rudd) for ‘back-doors’ to be built-in to WhatsApp and other end-to-end encrypted communications tools to allow government monitoring.

– In June 2021, Police secretly distributed phones with a supposed encrypted app called ANOM installed. The app, however, allowed police to monitor communications about crime including drugs, weapons, money laundering and murder. It led to the arrest of 800 people in a global sting operation.

– In July 2022, Home Secretary, Priti Patel, said “Things like end-to-end encryption significantly reduce the ability for platforms to detect child sexual abuse”. 

The Arguments For Not Weakening Encryption 

The arguments for not weakening encryption include:

– Consumer protection, e.g. banks protecting financial information and stopping it being accessed or misused when UK citizens bank or make purchases online.

– Many businesses use end-to-end encrypted apps such as WhatsApp and other encrypted communications and VPNs. Encryption, therefore, protects sensitive company data, data privacy, and can reduce cybercrime risks.

– Providing reliable and safe communications in war situations, e.g. secure communication channels in Ukraine allowing broadcasted appeals to the world and recruiting support. Also, encryption has helped Ukrainians to combat disinformation, organise relief efforts, and protect evacuees. The first thing many Russian soldiers are reported to be doing when capturing people is to look at their phones to study their communications and track down associates. This is a good argument for encryption and features like disappearing messages sent via WhatsApp.

– Protection for journalists who need to keep information channels open despite government censorship.

– Protection for activists (human rights) and commentators in oppressive and dangerous regimes.

What Is Being Proposed? 

The Online Safety Bill requires tech companies to be able to moderate their platforms or face fines. The government says, with the Bill, the “onus is on tech companies to develop or source technology to mitigate the risks, regardless of their design choices. If they fail to do so, Ofcom will be able to impose fines of up to £18 million or 10% of the company’s global annual turnover – depending on which is higher.” 

However, although the UK government says it “wholeheartedly supports the responsible use of encryption technologies” and that it does “not want to censor anyone or restrict free speech,” it is less clear how the government intends to replace protections such as end-to-end encryption with a robust but weaker alternative. For example, the government says “We, and other child safety and tech experts, believe that it is possible to implement end-to-end encryption in a way that preserves users’ right to privacy, while ensuring children remain safe online” and that “tech companies, working in partnership with governments, child protection organisations and law enforcement” appears to be the big idea. The responsibility, backed up with the threat of fines, to come up with a way to enable weakened encryption that is still somehow effective, is being placed on the shoulders of the tech companies who, according to Priti Patel, “now need to stand up and use their resources and engineering expertise” to create a solution.

What Does This Mean For Your Business? 

Everyone recognises the need to find ways to stop cybercrime, child exploitation and sexual abuse, and other organised crime that could hide behind encryption to avoid detection. However, encryption also protects the interests and assets of those involved in legal and legitimate activities from criminals and, as Ukraine illustrates, can protect citizens, and provide vital communications in dire situations such as war. Encryption also plays an important role in protecting the sharing of significant news and information, freedom of speech and human rights where there are oppressive regimes. Some would say that the idea of weakening encryption and/or making back doors into apps and allowing monitoring defeats the object of encryption and creates not just a way to stop criminals, but also a way for criminals to get in and steal data. Tech businesses have faced calls from governments to be allowed access before but this time, in the UK, they not only face fines and legislation, but also appear to be under pressure to come up with solutions that could create their own risks. It remains to be seen how the Bill progresses and what the effects of weakened encryption in the UK could be both on those here and in other countries.