UK crypto firm relocates over 'Snooper's Charter' fears

Industrial cryptography company Eris Industries has become the second UK firm to relocate over fears of the surveillance imposed by the incoming Draft Data Communications Bill, otherwise known as the 'Snooper's Charter'.

UK crypto firm relocates over 'Snooper's Charter' fears
UK crypto firm relocates over 'Snooper's Charter' fears

The company, which builds Blockchain infrastructure, promised back in January to move out of the country should the Draft Data Communications Bill come to law, and now looks set to make good on that promise. The surveillance law is expected to force internet service providers (ISPs) into holding huge amounts of data on customers, and sharing this - if requested - by government and intelligence agencies.

“Eris Industries' position is that this proposed bill would impinge vital and legitimate business interests of our company. As such we will be relocating staff out of the United Kingdom until further clarity on the provisions of the bill is achieved,” said the company's COO Preston Byrne in a blog post written over the weekend.

“We would encourage anyone else who opposes this bill to join us in committing to leave the UK if it is passed into law or, at the very least, to sign this petition being organised by the Open Rights Group.”

The incoming legislation is reportedly due to include a mandatory requirement to include encryption backdoors accessed by Mi5 and other agencies and Byrne went onto say that the legislation would “prevent our technology's use in myriad industrial applications, including financial services, which need reliable, open-source cryptography desperately if they are to stay competitive in a digital age.”

The surveillance powers the government is asking parliament to pass are completely unnecessary and, more often than not, are justified by statistics which have little basis in fact and which the government appears to draw from thin air.”

“If there were any indication that the terrorists in the Charlie Hebdo attacks in Paris, which precipitated the government's first attempt to introduce this bill this year, or indeed those in 9/11, had used encryption to carry out their attacks, which they did not, maybe we would agree with the government's proposals. The fact is, however, that cryptography overwhelmingly protects legal businesses and ordinary people, not criminals and terrorists, from harm. Strong cryptography should therefore remain entirely free and legal.”

Eris Industries is, with immediate effect, moving its corporate headquarters to New York “where open-source cryptography is firmly established as protected speech pursuant to the First Amendment to the Constitution of the United States.” The firm may yet reincorporate in the States.

Amar Singh, an independent CISO and founder of the Give01Day initiative, told SCMagazineUK.com that while the move wasn't surprising, the company's decision to relocate to the US – another Five Eyes' country – was.

“For him to say they're going to the US – it completely surprises me, and it makes me think this is a marketing exercise. At least the UK has it in law; the US has been completely blasé about [backdoors] and is doing it anyway.

And he warned of the potential of a cottage industry in encryption: “I think there's a worry of seeing unscrupulous companies take advantage of the less informed, with proprietary encryption that might also be backdoored. The question is, how secure are they?”

On the Draft Communications Data Bill, Singh said that trust remains an issue, and said there's no proof backdoors will prevent terrorist action.

 “The view that it's going to stop terrorism – what if they're using their own stuff?,” he asked, citing home-grown encryption.

Steve Lord, organiser of the 44CON conference and director at penetration testing consultancy Mandalorian, reckons companies could be shocked be the law's speedy adoption.

“The real problems will start when retailers and the financial sector wake up one morning to find that this awkward failed abortion of a bill has actually been put into practice. Every online retailer will have to leave the UK in order to comply with payment card industry security requirements. Banks will have to leave the City of London in order to comply with international privacy requirements, and to assure their customers that transactions are safe. The IT industry will be irrevocably decimated by this bill and will no doubt lead to an exodus of IT literate people, fleeing to the free world.”

He warned: “Banning secure cryptography will be as effective as banning file sharing and movie downloads. At best it will criminalise large portions of the population who just want to be able to share holiday photos or do their shopping online. At worst it will destroy a massive section of our economy and literally send us into the dark ages. After all, even our national grid relies on secure cryptography.

“If we're lucky, the last people to turn out the lights on Britain's digital economy will still remember how to use them.”

Late last month, social media start-up Ind.ie vowed to leave the UK over surveillance fears. This news comes also just a week after PGP (Pretty Good Privacy) creator Phil Zimmermann said that he would move his privacy start-up, Silent Circle, from the US to Switzerland over surveillance fears.