David Cameron doesn’t like Tor because it facilitates online anonymity, which he really doesn’t like. Tor encrypts your browser traffic and bounces it around a network of volunteer-run relays, preventing anyone watching from analysing that traffic or learning your physical location. Cameron doesn’t like this because he wants the government to be able to spy on everyone in the name of what he likes to call ‘safety’. I’ve yet to understand how making everyone less safe is going to make them safer, but that’s just me.
The BBC reports that ‘parliamentary advisors’ have told him and MPs that banning Tor would be unwise and technically infeasible. They’re right.
The Parliamentary Office of Science and Technology (Post), which issues advice to MPs, said that there was "widespread agreement that banning online anonymity systems altogether is not seen as an acceptable policy option in the UK".
Unwise and infeasible, as they said.
Speaking in January, following attacks by gunmen in Paris and its surrounding areas, David Cameron said there should be no "means of communication" the security services could not read.
He said: "In extremis, it has been possible to read someone's letter, to listen to someone's call to mobile communications.
"The question remains, 'Are we going to allow a means of communications where it simply is not possible to do that?' My answer to that question is, 'No, we must not.'"
And there’s the problem. It’s a political stance rather than a practical one. Security depends to a large degree on understanding risks and deploying and evaluating effective counter-measures to those risks. Cameron alludes to vague, scary-sounding risks which could easily be read to include absolutely any communication at all and to an outright ban on encryption that cannot be broken by the government. There are two major problems with this. First, encryption that can be broken by government will sooner or later be broken by someone else. There’s no such thing as a “golden key” (as Cameron likes to put it) that works only for the good guys and not the baddies. This reduces our safety by laying our communications open to criminals and foreign governments. Second, it is not a measured, effective or proportionate counter-measure to the vague security problem of ‘terror’. We’d be giving up an enormous amount of personal freedom and granting our intelligent agencies great and no doubt extensible powers, which would be very difficult to later retract. So we wouldn’t be safe from our own government, either. Literally nobody believes that once a security agency has access to secret information, it won’t find new ways to use it. Mass surveillance harms everyone and besides: it’s not remotely clear that it would foil more terrorist plots.
The advisors have advised. Let’s see if Cameron is listening.