Thursday, 22 January 2015

David Cameron’s absurd anti-privacy, anti-freedom, anti-software and unworkable proposal

David Cameron recently announced that there must be "no means of communication" which "we" (the government and security forces) "cannot read."  This is as absurd as it is terrifying.  I wrote to my MP about it and I urge all UK residents to do the same.  If you don’t know how to contact your MP, this is how to find out: http://www.parliament.uk/mps-lords-and-offices/mps/

 

Here’s the letter I wrote:

Mr Wilson,

David Cameron recently announced that there must be "no means of communication" which "we" (the government and security forces) "cannot read."

While I share his outrage at terrorist attacks and other crime, there are serious moral, technical, practical, economic and political problems with Mr Cameron's proposal. Any serious attempt to achieve that vision would be unworkable, any non-serious attempt would be extremely easy to circumvent, and any attempt at all would have serious implications for the privacy and freedom of UK citizens.

I suspect that Mr Cameron's intent is to force software creators, presumably through legislation, to introduce a 'back door' into any software it writes that uses encrypted communications. Effectively, the security forces would possess a key that could unlock any of these communications and see what's inside.

The problems with this are enormous. First, there is no such thing as a back door that will only let good guys in. A back door is a deliberately introduced flaw in an encryption scheme and sooner or later the bad guys will discover the vulnerability and they too will have access to all our communications. This means criminals, terrorists, foreign spies etc. but also domestic law enforcement officers who will abuse their powers for any number of reasons (jealous ones snooping on their spouses, corrupt ones spying on business communication for profit or blackmail, seriously corrupt ones engaging in organised crime or orchestrating cover-ups). We know from recent experience that such abuse of power is not uncommon even here in the UK.

There is also concern that once powers of snooping are granted, their expansion is inevitable. Successes and failures alike will be used to justify the granting of more powers, in this case more and more legal reasons to access private and business communication. There is no guarantee that we'll even be aware of the extent of these powers of access.

These scenarios should terrify us all, even those of us who feel we have nothing to hide.

But aside from these moral objections, any technical solution is unworkable for a variety of reasons. It would require that the makers of Operating Systems (most prominently, Apple, Microsoft and Google) rebuild their products from the ground up so that only government-sanctioned software can be run on them. Otherwise, those Operating Systems could run code that uses unbroken encryption. Even if Mr Cameron manages to force - through an act of parliament - those companies to capitulate, the problem would not be solved. It's easy to jailbreak smartphones so they can run unsanctioned software. It's easier still to buy one from abroad which doesn't have the restrictions Mr Cameron's demands will require. Desktops, laptops and tablets could easily circumvent this action too. For instance, computers using old versions of Operating Systems without the restrictions would not be affected. Better still, computers running open source Operating Systems would be specifically designed to use encryption technology without a back door. Existing distributions of Linux already do this out of the box and shutting down or compromising the main Linux distributors will have no effect at all. The Linux source code is out in the wild and there are any number of people capable of turning it into a working - and secure - operating system. There are vast communities of volunteers dedicated to keeping Linux safe, secure and available to everyone in the world, free of charge.

But the problem goes further even than that. The government would have to control all software developed in the UK and prevent software developed outside its jurisdiction from entering the UK. This is impossible. The security forces would have to implement a Firewall such as those deployed (very ineffectively) in places like China, Syria and Russia. We know that these can be defeated with a little technical knowledge and we know that they block things they ought not to. There are countless reports of school students being unable to access information needed for their studies and - even worse - oppressed, abused and otherwise desperate people unable to access information that would aid them.

Such a firewall would have to be very sophisticated indeed. Communication protocols can be hidden inside other communications protocols and these are very difficult to detect. The security community could make spotting illegally encrypted traffic virtually impossible.

But even if all these practically impossible feats were pulled off, the government would also have to prevent people entering or leaving the country with phones, laptops, tablets or storage devices of any kind.

David Cameron's proposal would make all our communications unsafe, because deliberately introduced flaws in encryption would not remain hidden for long. It would make us all vulnerable to as yet unforeseen changes in government policy by this or successive governments on how our private data may be accessed. It would require the tyrannical control by the government of the software industry and of what data crosses our shores either via the Internet or in carry-on luggage. And it would spell the death of the software industry.

Anything less would be entirely ineffective, but the required solution would be impossible in technical, practical, economic and political terms. It would also be a vastly disproportionate countermeasure to the types and levels of threat we face.

I believe that attempts to implement Mr Cameron's proposal will be both disastrous and ineffective on many levels. I urge you to question and fight the proposals in favour of laws which can be shown to directly, proportionately and with all possible transparency counter the threats our nation faces.

A good resource for some of these issues (and an organisation I am not affiliated with) is the Electronic Frontier Foundation, which you can find at https://www.eff.org/

Regards,

No comments:

Post a Comment