George Osborne’s announced a doubling of the UK’s cyber security budget to £1.9 billion by 2020, in a speech at Government Communications Headquarters (GCHQ). This come hot on the heels of David Cameron’s pledge of an extra £2 billion to recruit 2,000 more spies and increase funding for the SAS and special forces, in the wake of the Paris attacks. This total estimated £4 billion increase in surveillance is the same amount as that being cut from tax credits.
These speedy pronouncements show the UK government’s eagerness to quickly capitalise on the panic caused by the recent atrocities to bolster their spying capabilities and preparation for war.
In his speech Osborne commends having reached agreements with more than half of the Whitehall departments, including the Department for Energy and Climate Change and the Department for Work and Pensions, to cut their spending by an average of 24%.
In contrast, the chancellor pledged to double the investment in cyber security, bringing the government’s total cyber spending to more than £3.2 billion. How this can be justified in a country that is cutting crucial benefits, axing subsidies for green energy and has a health service under financial stress is baffling.
These increases in security funding, though, are being ushered in to combat terrorism – and as we know, when that word is mentioned, generally anything goes.
In the wake of the Paris attacks, communities are rightly anxious. Having perspective – in the face of such horror – on the appropriate response to terrorism is difficult, and this is surely what Cameron and Osborne are depending on.
In his speech, the chancellor applauds the work of GCHQ thus far, but warns:
At the heart of cyber security is a painful asymmetry between attack and defence. It is easier and cheaper to attack a network than it is to defend it. And the truth is that this asymmetry is growing.
Because of these dangers, the UK will establish a new cyber security centre, increase capabilities of the National Cyber Crime Unit and bring in greater defences for government systems and public services “to protect the country from hostile attack,” according to Osborne.
Sound good? Certainly. However, these new measures appear to be in complete opposition to a capacity the government has recently requested through the Investigatory Powers Bill. In a section of the Bill called “Maintenance of technical capability” the home secretary wants the power to oblige telecommunications companies to facilitate “the removal of electronic protection applied … to any communications or data.”
As we discussed at The Canary, that basically means companies designing weak encryption, or allowing a back door into computer programs, which is what makes us vulnerable to cyber attacks.
So, although Osborne recognises the UK’s responsibility “to protect its citizens and companies from crime,” insisting that companies provide access for security services in this way does not fulfil this duty. That is why companies have clearly voiced their concerns about the proposal. It’s also why Edward Snowden tweeted this:
Consensus according to every credible cryptographer and computer scientist, "Not safely:" https://t.co/kwhawRdIL1 https://t.co/OozKHf4fji
— Edward Snowden (@Snowden) November 4, 2015
Why the UK government would want to implement two seemingly contradictory ideas is odd, although it’s likely about selectivity. Who will benefit from the increased cyber security apparatus? Will it solely be public bodies, or will it be extended to private individuals? If the Home Office computers are impenetrable, will ours be too?
These are the questions that need to be asked of the chancellor, but with the public still reeling from the shock of Paris, they probably wont be. And I imagine that’s just the way the UK government wants it.
