Monday, 27 March 2017

Wait, a politician was WRONG?

Surely not.  But Amber Rudd has a history of being wrong both on and off the internet and she's in no mood to break that streak.  Of wrongness.  I need to get better at metaphors.

Anyway, the UK Home Secretary, Amber Rudd, says that the ability of people to use encrypted communications is "unacceptable" because terrorism.

Let's not focus on the fact that the recent Westminster Terrorist was acting alone or that law enforcement intercepting his WhatAapp messages presumably wouldn't have prevented him from killing and injuring people. Instead, let's focus on the fact that he - and millions of other people - used a messaging service that happens to use encryption.  Plainly it is encryption that's at fault here, not bad people doing awful things.

Rudd either doesn't understand or pretends not to understand that tapping someone's phone is not at all the same as intercepting their encrypted messages.
"It used to be that people would steam-open envelopes or just listen in on phones when they wanted to find out what people were doing, legally, through warrantry," she said.
And that's fine.  Surveillance is sometimes necessary and by definition invades the privacy of the person being surveilled. Traditional surveillance such as this results in collateral damage, too, which is regrettable: innocent people who happen to call a terrorist are targets for further investigation, for example. But even I agree that some degree of surveillance is needed for general safety. People need to be followed. Rooms need to be bugged. Phones need to be tapped.  Knock yourself out.

What Rudd either doesn't know or pretends not to know is that tapping someone's phone, bugging their rooms or following them about are fundamentally different to intercepting their encrypted
messages.

Here's why: tapping a suspect's phone doesn't automatically tap everyone else's phone.  Decrypting a suspect's messages pretty much does.

There's no way to provide a back door to encrypted messages that only law enforcement can use.  Criminals will almost immediately gain access to any such back door through either hacking or good old-fashioned extortion or bribery. If there are back doors, criminals will have the keys within a few hours at most.

But that's not even the greatest threat.  Missions will creep.  Introduce cryptographic back doors and governments will very soon be decrypting people's messages to assist in enforcing parking fines.  That's a small step from the mass use of communication data to mine for suspects.  We don't need to rely on literature to tell us how bad an idea that is, real-world examples abound. To pick one of the (relatively) less horrifying examples, the United States of the late 40s to mid 50s suffered from almost literal witch hunts targeting people deemed disloyal or subversive.  Needless to say, the definitions of those charges changed on the basis of convenience.  All it took for the government to take action against someone they didn't like was a noisy accusation from a member of the public that they were a communist.  The only possible aim of mass surveillance is to associate people with labels based on arbitrary criteria. History - in this case and many others - tells us why this is a bad idea.  Data mining can cheerfully construct any label about any person. It's a means of constructing evidence for an already decided conclusion.  We only have to look in detail at, say,  the arrest and conviction rates of white and black people across the US to understand that this is a really terrible idea.

Surveillance is OK as a general concept but already widely abused.  Mass surveillance is never OK.  It's about fitting people to crimes rather than crimes to people.  It's about removing freedom in the name of freedom.

Make no mistake: Amber Rudd's call for law enforcement agencies to have access to encrypted communications is a significant step toward mass surveillance.  Remember also that surveillance infrastructure and culture is not something you can easily take back.  The opposition party tutting at laws that increase surveillance will certainly use and expand them once they are in power.

The good news is that governments can't prevent people from encrypting things.  The bad news is that they can criminalise people who do.

Fortunately, we're getting better at hiding the fact that we're using encryption... Suddenly all those years of wearing a tinfoil hat are looking pretty fucking well-spent.

No comments:

Post a Comment