Startup Manifesto: Protect encryption from politicised attacks

Policy 21: Protect encryption from politicised attacks

In collaboration with The Coalition for a Digital Economy (Coadec), we have produced a manifesto to make Britain the best place in the world to start and grow a business. It features 21 policies across three key policy areas: access to talent, access to investment, and regulation. We’re sharing the policies on our blog. To read the full manifesto, click here.

As every technologist knows, policymakers have a tendency to judge the web by the worst abuses of it, and try to legislate it accordingly. That’s certainly the case with encryption, which is routinely singled out as the cause of everything from child abuse to terrorism. In recent months, DNS over HTTPS encryption has come in for particular criticism by MPs who believe that it will undermine the CSE filters provided by the Internet Watch Foundation. This has led to some of them setting up a zero-sum argument: the UK can have child protection or data protection, but not both. In light of the blanket surveillance of everyday internet use called for in the Online Harms framework as well as the Age Appropriate Design Code, that zero-sum argument could become a very dangerous one.

We want policymakers to look at the wider picture with cooler heads. DNS over HTTPS encryption fills in the gaps which leave all web users at risk. It adds a layer of encryption to one of the last remaining fundamental technologies of the web, strengthens protections for users at risk of government censorship, and can help provide user anonymity for vulnerable people who need to stay safe online. It also makes the web a safer place to do business. Despite all that, the UK government is the only government seeking to reverse this technical direction of travel on ideological grounds, risking a British internet which works to its own set of technical standards.

DNS over HTTPS is not a risk to children or the CSE monitoring frameworks which protect them. The solution to those issues lies elsewhere. Encryption must remain end-to-end, and encrypted DNS technologies should not be the subject of legal blocks or filters.

It's also critical that policymakers don't insist that platforms and providers provide "backdoors" for law enforcement to bypass encryption. A backdoor to one phone is a backdoor to all.