Comment from Erka Koivunen, security advisor at F-Secure and expert witness to the Joint Committee scrutinising the Investigatory Powers Bill:
“Let us be clear on the British Government’s intentions and the consequences of those actions. ‘Equipment interference’ is hacking. There is a reason there is a very large security industry dedicated to protecting businesses and their digital assets – because hacking damages businesses. Hacked companies are not the security services’ target though – they are a stepping stone to the ultimate target. One imagines that it did little to ease Stellar’s, Gemalto’s or Belgacom’s pain to learn that GCHQ had breached their security in an effort to spy on their customers.
“Politicians are not technology experts, but many understand business. Hacking into a business or its commercial technology means those companies incur direct costs related to disrupted operations, incident response, regulatory fines and loss of business and assets. These costs have been rising since 2012. In 2015, a single security incident at a large organisation resulted in costs between £1.5 million and £3.14 million. Small companies incurred costs between £75,200 to £310,800*. These figures do not include the indirect costs of complying with regulations, nor do they account for the potential lost opportunities caused by eroding trust in the ability of businesses to offer secure digital services to customers.
“No company wants their own government or government of a friendly partner to break into their systems or undermine the security of their services. We would encourage the Government to pause and consider the implications of its intentions before it irreparably damages British businesses."