Buried in the new Brexit agreement are references to decades-old internet browsers and out-of-date security protocols, vulnerable to cyber attack.
The ancient computer software were referred to as ‘modern’ services on page 921 of the trade deal, in a section on encryption technology.
Despite being defunct for decades, the text cites ‘modern e-mail software packages including Outlook, Mozilla Mail as well as Netscape Communicator 4.x’
The last major release of Netscape Communicator was in 1997.
It appears that large sections of text from old legislation had been copied and pasted into the new document – with the rushed time for passing the deal leading to incongruencies.
More concerningly, the out-of-date bill also recommends using systems that are vulnerable to cyber-attacks.
One of the eagle-eyed experts who spotted and tweeted out the error was Prof Bill Buchanan, a cryptography expert at Edinburgh Napier University.
He said there was ‘little excuse’ for the outdated references.
‘I believe this looks like a standard copy-and-paste of old standards, and with little understanding of the technical details.
‘The text is full of acronyms, and it perhaps needs more of a lay person’s explanation to define the requirements.’
The bill also recommends using algorithms that are years out of date and open to cyber-attacks, like 1024-bit RSA encryption and the SHA-1 hashing algorithm.
Though SHA-1 and 1024-bit RSA ‘were a good selection a decade or so ago, they are no longer up to modern security standards,’ added Prof Buchanan.
Hacking news site Hackaday speculated that a ‘tired civil servant simply cut-and-pasted from a late-1990s security document’, while others have argued the words were copied from a 2008 EU law which appears to include the same text.
A UK Home Office spokesperson said that the government use ‘the latest technology’ for data sharing and that this data is ‘properly protected and in line with the guidance from the National Cyber Security Centre.’
‘The deal will enable the UK and other EU countries to continue to exchange DNA profiles and fingerprints in line with current practice.
‘This will support law enforcement agencies in both the UK and the EU in their investigations into crime and terrorism and will help to keep the UK safe from security threats.’
Pressed for time, negotiators had until the end of 2020 to pass a bill – and finally agreed on the 1,200-page deal on Christmas Eve.
The 27 EU member states have unanimously approved the deal, while the UK parliament is due to meet on December 30 to approve the deal, ahead of a European Parliament vote on the January 1.