Amber Rudd’s position and newly published plans for regulating encryption are misguided and betray a fundamentally computer illiterate approach. She is ignorant of the history of computing and encryption, and her plans will damage Britain.
The Background and Facts
Amber Rudd, like all politicians, knows next to nothing about computers and software. In her busy world, computers are the tools of secretaries and assistants, and not something she has a particular interest in.
Professionals in the Security Services on the other hand do understand computers, and are asking for software to be crippled so that no communication can be transmitted in private. They know the complete history of encryption, and how previous attempts to have it outlawed or weakened have failed. They are highjacking the mass hysteria over terrorism to make a fresh attempt to take encryption away from the public.
The Electronic Communications Act 2000 in the UK was an early attempt to make it illegal to sell a software product that did not have a back door for government access. It was defeated and removed from the statutes.
In the USA, several attempts have been made to mandate government access to all private communications; some via new hardware devices like the Clipper Chip, and others through setting legal precedent. They also tried to chill the release of encryption tools by the three year harassment of Phillip Zimmerman, the author of “Pretty Good Privacy”, the tool that Edward Snowden has admitted that the NSA and GCHQ cannot break.
Even today, any encryption system with key lengths longer than 64bits must be approved by the US Department of Commerce’s Bureau of Industry and Security before they can be exported. This is patently absurd, since key lengths of 4095bits are available to everyone globally without restriction, and all SSL is 128bits by default at a minimum world-wide.
The Current Situation
Today, Apple and Google with their iOS and Android operating systems have rolled out full device encryption so that no one can read the contents of a user’s phone. This was done in direct response to the NSA’s mass intrusion into the communications and devices of millions of innocent people.
Now Amber Rudd, under pressure from surveillance professionals who are exploiting her computer illiteracy, are trying once again to revive their decades old attempts to cripple the public’s access to encryption and privacy. They failed in the late 1990s and they will fail again, because the iPhone saturated, “selfie” taking WhatsApp world is a very different place today.
Everyone uses encryption, whether they know it or not, on a daily basis. All ecommerce depends on it. If the UK Parliament makes it law that all encryption must have a back door, then criminals will have default access to all websites that sell anything, together with easy access to the personal information of billions of net users on all devices. Her demands are unworkable and ineffective because different jurisdictions will not follow her, and any software developer in the world can use both the old and new absolutely reliable tools to have secure chat and email and file storage, or simply move their services to a free jurisdiction, avoiding the anti-tech British laws.
Furthermore, it is now demonstrated that if exploits to break into people’s phones are developed, they absolutely will escape control of the State and be used by bad actors on a global scale. We now know that this has actually happened in real life, thanks to Wikileaks. Asking WhatsApp and apple to build back doors into their apps is a recipe for disaster globally at worst, and it means Britain being cut off from WhatsApp and other apps at best.
Rudd can demand that encryption has back doors in Britain, but she cannot demand that Americans or anyone else follow her. This would mean that only British web sites and services are vulnerable; the entire British internet would be globally recognized as an unsafe zone for e-commerce. It would be a disaster for the tech sector of the UK that the government is so keen to promote.
The messages coming out of the government are not coherent, and its clear that Amber Rudd is nothing more than the unhappy messenger. On the one hand, her government wants “Silicon Roundabout” to be the centre of the tech explosion in Europe, but on the other hand, they are being told to cripple the key tool used in making that tech work. Clearly, this is the sound of two voices at odds with each other.
And its not only ecommerce that is threatened by the UK’s anti progress stance. There is a vast movement online to put all internet services no matter what they are behind HTTPS by default. Mandating that the government has backdoor access to every website accessed from Britain is literally impossible. It means fundamentally re-engineering the entire web, and no one is going to agree to this. If you access an American email service from the UK, like Gmail, the SSL will not be back doored, and the communications will be private. In the reverse direction, they will not be private. This means that no company will host their email services in the UK, and the money, brains and tech will flow outwards, away from the UK. This will be called “The Tech Drain”.
Now that the world depends on encryption for the movement of all of the money in circulation globally, it is not possible to weaken the tools that protect the movement of that money without destroying commerce itself. You cannot weaken the tools that protect everyone without giving blanket access to criminals. Amber Rudd has been badly briefed, and she will be forced to back down, or give up any hope of Britain becoming a centre for global tech.
The Flawed Rationale
The public pretext for this new push to break global ecommerce is the recent spate of anomalous killings by “Jihadists”. Criminal events, especially the more horrifying ones, are always outliers and statistical anomalies. The vast majority of the world’s people never encounter this category of event, andtheir safety must always come first; that means strong encryption by default.
Politicians are very accustomed to making tradeoffs. In this case, we are trading off the absolute fact of trillions of dollars and billions of people who use ecommerce being kept safe against the remote possibility of detecting and perhaps preventing extremely rare crimes against a vanishingly small number of people, the number of which when combined globally is lower than the number of people who die from mundane causes.
And when we talk about protecting people, we do not only mean protecting their money. Every aspect of your life is shielded by encryption, including all the private matters that you send or receive through your internet connected devices. Encryption keeps your private information away from everyone but the intended recipients. The government is only one hostile adversary out of many trying to gain access to your communications, money, medical records and location.
Encryption is democratic; it keeps everyone safe equally.
The True Reality
The age of the Security Services being able to read everyone’s communications at will is essentially over. The coming of this day was inevitable from the moment that PGP and SSL were developed and released. The net benefit to society is the emergence of global ecommerce and the massive reduction in online crime as the bad guys are permanently locked out.
If Amber Rudd’s advisers were serious about reducing terrorism, they would advise a different foreign policy, which is the root cause of the terrorist problems facing Britain.
For example, Libya, had it been left untouched, would have prevented the immigration crisis facing the EU. The consequences of bad policy are the root cause of Britain’s problems, not encryption, and breaking encryption for everyone will not solve them. In fact, it will cause a cascade of knock on effects and another class of unintended consequences that will effectively end Britain’s place as a centre of tech for the foreseeable future.
Amber Rudd must push back hard against the voices that are using fallacious arguments to get new damaging laws passed. If she does not, Britain faces a collapse of its tech sector, as building products that are safe for consumers will be impossible in the UK. The world has changed; not even the Communist Chinese are suggesting that global standard encryption tools be back doored, and they are using all the same software that is used in the west to protect their websites and communications.
We should not have to go through this process again and again every time there is a media frenzy over a killing spree. Someone in May’s government must be hired for the sole purpose of bring sanity to their pronouncements on everything related to software. Perhaps its time for a return of the “MinTech” cabinet position, which should be held by a member of industry elected by the software industry, and not a layman. This should be done before another suicidal piece of legislation is enacted, that at the very least, will waste everyone’s time defending their business models against it, and at worse, trigger a “Tech Exodus”.
Bacon Cheese Burger, fries and a shake.↴