Tuesday 13 January 2015

Using an attack on freedom to attack freedom

Following the violent attack against the staff at the Charlie Hebdo offices in Paris, we've now got David Cameron calling for more powers to snoop on people.  Here's a transcript of his speech:
In our country, do we want to allow a means of communication between people that even in extremis, with a signed warrant from the home secretary personally, that we cannot read? Up until now, governments have said no, we must not.
That is why, in extremis, it has been possible to read someone’s letter, to listen to someone’s call, to mobile communications … We have a better process for safeguarding this very intrusive power than probably any other country i can think of.
But the question is are we going to allow a means of communications which it simply isn’t possible to read. My answer to that question is: no, we must not. The first duty of any government is to keep our country safe. The attacks in Paris demonstrated the scale of the threat that we face and the need to have robust powers through our intelligence and security agencies in order to keep our people safe.
The powers that I believe we need, whether on communications data, or on the content of communications, I feel very comfortable these are absolutely right for a modern, liberal democracy.

Analysis

I want to analyse what he's getting at, so I'll take the above transcript a bit at a time:
Do we want to allow a means of communication between people ... that we cannot read?
Cameron is quite specific here - do we want to allow a means of communication, not "do we want to find ways to spy on communication". It seems to me that this directly implies not allowing means of communication between people that the security services can't read - i.e. banning such mechanisms.
Up until now, governments have said no, we must not. That is why ... it has been possible to read someone’s letter, to listen to someone’s call, to mobile communications
I think it can be argued that previous governments haven't said "no, we must not" at all.  There's an important distinction between the examples he cites and the "means of communication" that he is proposing outlawing:
  • A letter is sent in the clear (that is: unencrypted), and is handled by a third party (the post office).  If the security services want to read it, they can present a warrant to the post office to intercept it and simply open the letter and read it.
  • A land-line telephone call is similar - it is sent in the clear and handled by the telephone company.  If the security services want to listen to it, again they can get the telephone company to intercept it for them.
  • Mobile calls are slightly different - the call is encrypted as it is sent over the air.  But importantly, the telephone company decrypts it and, like a land-line call, they handle it in the clear and it can be intercepted in just the same way.
The distinction I'm getting at is that all of these means of communication are already readable, the government has just legislated access rights to the communications that are being handled by third parties.  You can send encrypted data through the post and the government won't be able to read it - no previous governments have ever legislated to stop this.
But the question is are we going to allow a means of communications which it simply isn’t possible to read. My answer to that question is: no, we must not.
He's not really added any new information here, he's just reinforcing the point that he wants to ban all means of communication that can't be spied on.
The attacks in Paris demonstrated the scale of the threat that we face and the need to have robust powers through our intelligence and security agencies in order to keep our people safe.
The attacks in Paris do indeed demonstrate the scale of the threat that we face - as horrible as the attacks were, the scale of the threat boils down to "pretty insignificant".  Lets compare it to a few other random statistics from the UK in 2012:
  • 552 people were murdered
  • 5,981 people aged 15 or over committed suicide
  • 1,496 people died from drug misuse
And these are just a few fully preventable examples... we can also have a brief look at casualties that could certainly be reduced but aren't totally preventable: 1,754 people died from traffic accidents and a whopping 64,164 from heart disease.

In the same year, it seems there were no terrorism related deaths in the UK.  In fact, in the past 5 years there have only been 2 people killed in the UK through terrorism.

Secondly, the Paris attacks are a pretty bad excuse to extend surveillance powers - all of the attackers were already known to the security services, they just didn't have the resources to keep tabs on all suspects all of the time.  Additional surveillance powers wouldn't help here - more resources would.  But then, given the above figures, how about we instead spend some of those resources on road safety, cardiovascular treatment, drug education, mental health treatment, general police work and the hundreds of thousands of other things that are a more significant threat than terrorism?

The people at Charlie Hebdo were attacked because they were exercising their right to freedom, and here we have the British Prime Minister using them as justification for removing our freedoms.

Solutions?

So given that David Cameron wants to outlaw any communications that the government can't read, he's got a few options.  Its important to realise that encryption is used by pretty much everyone in their day-to-day lives, and most of it is actually pretty strong and not something the government can routinely break.

1. Just outlaw encryption

Lets say Cameron outlaws encrypted communications entirely.  So we can no longer do any online financial transactions - no online shopping, no online banking - doing these without using encryption would leave everyone way too vulnerable to criminals.

There are a lot of technologies, such as Chip & Pin, Oyster cards, etc. that also require encryption, but maybe he would make exceptions for that kind of stuff?

I wouldn't get much work done either - a big chunk of my work involves administering servers all over the UK from the comfort of my office.  But that involves me using encrypted connections to those servers - using unencrypted connections would leave the servers very vulnerable to being taken over by criminals.  So most of my time would be spent driving all over the country to do administration tasks that would usually just take me 5 minutes to do from my desk.  I don't really want to think of the pollution implications of this amount of driving either.

Of course, using most foreign online services wouldn't be possible since many of them require encryption and the operators wouldn't be subject to UK law requiring them to implement an encryption-free version (with all the horrible security nightmares that would entail).

So anyway, we'll assume all the law abiding citizens are not using encryption at all.  I'm sure the terrorists who think that it's ok to commit mass murder are going to comply with that law and avoid encryption too so that the authorities can spy on them.  Or maybe not...

A great idea though - maybe the authorities can spot the terrorists by seeing who is using encryption!  Well no, as it turns out, they can't - by using a combination of steganography and an old encryption method called a one time pad, anyone could send encrypted communications that are mathematically provable to be undetectable... so bang goes that theory.

In a world where encryption is outlawed, only outlaws will have encryption.

2. Outlaw strong encryption

We could have legislation that allows encryption, but only encryption that is weak enough for the security services to break.  This has most of the same problems as outlawing encryption entirely - you can be sure that if the security services can crack it, so can the criminals, and once again the outlaws themselves can continue to use strong crypto since they don't care about the law.

3. Key escrow

Probably the best option is key escrow - this is where you can continue to use encryption as normal, but everyone is legally required to hand their encryption keys over to the government.

If the keys ended up being leaked out to third parties then everyone would be screwed, of course.  It would take a massive rewrite of pretty much every piece of software that employs encryption, which seems quite unfeasible.

And again, since the terrorists don't care about the law, there's no reason why they would comply with it and hand over their keys; and as previously mentioned, there would be no way to detect that this is happening.

Summary

So there we go, Cameron has said what he wants to do, but it seems that it is all pretty much unfeasible.  Which I guess is a relief, but I suspect that this won't prevent them passing ill-conceived legislation that erodes civil liberties whilst providing no additional security.

Corollary: this is what you get when you have politicians legislating about technologies they don't understand.

No comments:

Post a Comment