Charlie Harvey

Cameron’s turd in the encryption punchbowl

In a week when it was revealed that GCHQ was illegally spying on Amnesty International, British Prime Minister David Cameron has added yet another turd to the increasingly shitty punchbowl of his vision of the future internet by proposing a ban on effective encryption.
GCHQ punchbowl, used without permission.

Last time Cameron said something equally misguided about encryption, I posted a brief blog explaining why breaking encryption to stop terror is a monumentally shit idea. Plenty of other commentors were outraged by his nonsense. But that wasn’t enough to discourage him.

Instead he is on a mission to ensure that terrorists do not have a safe space in which to communicate. We can rest assured that Britain is not a state that is trying to search through everybody’s emails and invade their privacy. I mean we can just disregard the fact that Britain does almost exactly that, right?

His latest comments along with similar bullshit emanating from FBI head-honcho James Comey have prompted some of the world’s finest cryptographers to write a report on such plans. Entitled Keys under doormats: Mandating insecurity by requiring government access to all data and communications, it patiently explains just how wrong-headed, unworkable and dangerous Cameron’s plan is; how breaking encryption makes us all less safe and how disallowing anonymous speech puts the lives of minorities in repressive regimes at risk.

Unlike certain Prime Ministers I could mention, these folks know what the fuck they are talking about

Unlike certain Prime Ministers I could mention, these folks know what the fuck they are talking about. They also took part in the original crypto wars when, among other victories, they helped destroy President Clinton’s embarrassingly ill-conceived Clipper Chip plan — the Clipper Chip was a sort of mandatory FBI informant that was to be placed in all computerized devices. The researchers speculate that this may be the beginning of crypto wars 2.0.

A lot of what I will now say is expressed more eloquently, though at more length and with less swearing in the paper. You should read it.

What is Cameron proposing anyway?

Nobody really knows, maybe he does but he sure isn’t acting that way.

Best guess? He wants to force Twitter and Facebook to betray their users on demand at the behest of the UK authorities. Why the UK are so special and why North Korea (or Israel, or your favourite human rights abusing state) won’t demand the same powers is as yet unclear.

How might it work? Hint: It won’t

If he is seriously proposing that companies be required to give the state access to encrypted data, then there will need to be some sort of key escrow system. That means that either the company, or the state, or some trusted third party will need to hold a master key.

The thing with master keys is that if you lose one, you’re (I believe that I am using the correct cryptographic term here) fucked.

One malicious … government employee would have the power to share all the private data of all the people

One malicious or just mischeivous government employee would have the power to share all the private data of all the people who had private data on the internet (or at least the balkanized UK part of it).

If hackers got the key, then they could read everything. From kinky tory sex gossip, or expense claims to corrupt business deals or sketchy dealings with your Swiss trading arm. Everything. The possibilities for blackmail alone don’t bear thinking about.

The paper puts it brilliantly and succinctly:

This is a trade-off space in which law enforcement cannot be guaranteed access without creating serious risk that criminal intruders will gain the same access.

Not to mention that there are 200 or so countries in the world besides the UK. They would all want a key too. Some of those states disagree with the UK (hard as that is to believe). Presumably programmers and device makers will now have to put keys of all those states into their iThings too. What is clear is that devices and services will become broken data urinals, pissing private information over the shoes of any nearby state. Whether those same devices and serives will act well as, say, phones or social networking sites is less clear.

But wait, that’s not all …

Mandating broken encryption will clearly have little impact on criminals. They will just buy from countries that do not require encryption to be broken. Same with terrrorists or paedophiles or whoever this plan is supposed to target.

The main places where such a scheme will have an effect will be in making the internet less secure globally, killing the nascent UK tech industry (apart from maybe creating a cottage industry in broken encryption that nobody except deluded authoritarians wants), discouraging research into online security or cryptography and crippling internet commerce between the UK and other countries.

Stewart Lee once said of voting UKIP as a protest it’s like shitting in your hotel bed as a protest against bad service and then realizing that you’ve now got to sleep in a shitted bed. Words equally applicable here (the shitted bed being an internet without effective privacy).

What is really going on here? Some badly informed speculation.

Whoever put the prime minister up to this should get a complete bollocking

I think that security researcher Ross Anderson is being too charitable when he says whoever put the prime minister up to this should get a complete bollocking. The proposals are wrong in principle and unworkable in practice.

My best guess (and it is based on a sum total of bugger all evidence) is that Cameron is proposing something ludicrous just for leverage.

By suggesting that his position is so extreme and unworkable, he creates a negotiating position such that, when people react with revulsion and disbelief, he can quickly propose something less draconian (though still Stasiesque) as a ‘compromise’. Any proposal, however problematic, will seem reasonable in comparison to this absurd balderdash.

Either that or he is an authoritarian meglomaniac with a poor grasp on technology and a delusional fantasy that he is some sort of latter-day King Canute, holding back maths entirely by the power of his supercilious Eton twattery and an unswerving belief in his own superiority over any wrongheaded muggle who has the temerity to disagree with him.

I can’t be sure as yet. Time, as they say, will tell.

Update 2015-07-21: 2 typos corrected, thanks to dhcmrlchtdj in the comments


Comments

  • Be respectful. You may want to read the comment guidelines before posting.
  • You can use Markdown syntax to format your comments. You can only use level 5 and 6 headings.
  • You can add class="your language" to code blocks to help highlight.js highlight them correctly.

Privacy note: This form will forward your IP address, user agent and referrer to the Akismet, StopForumSpam and Botscout spam filtering services. I don’t log these details. Those services will. I do log everything you type into the form. Full privacy statement.