Demonizing Strong Encryption: Welcome To The Crypto Wars 2.0
from the paedophiles,-murderers-and-terrorists dept
Recently Techdirt wrote about the extraordinary tirade by the new GCHQ boss, Robert Hannigan, which boiled down to: “however much we spy and censor online today, it’s still not enough.” It was so full of wrong-headed and dangerous ideas that it was hard to capture it all in one post. Here’s one thing we didn’t have room for last time:
Isis also differs from its predecessors in the security of its communications. This presents an even greater challenge to agencies such as GCHQ. Terrorists have always found ways of hiding their operations. But today mobile technology and smartphones have increased the options available exponentially. Techniques for encrypting messages or making them anonymous which were once the preserve of the most sophisticated criminals or nation states now come as standard. These are supplemented by freely available programs and apps adding extra layers of security, many of them proudly advertising that they are “Snowden approved”. There is no doubt that young foreign fighters have learnt and benefited from the leaks of the past two years.
Leaving aside the rather pathetic dig at Snowden at the end there, and the unsubstantiated statement that terrorists have benefited from his leaks, the key message here is that strong encryption is now used routinely by the wrong people, and that it presents an “even greater challenge” to the world’s security services. If that lament sounds familiar, it’s because suddenly, over the last few weeks, it has become the persistent refrain of law enforcement agencies in both the US and UK.
First we had the FBI Director James Comey talking about his agency’s fears about things “going dark” because of encryption; then we heard from NYPD Commissioner Bill Bratton about how encryption “does a terrible disservice to the public”; a couple of weeks later, former NSA General Counsel Stewart Baker suggested the reason Blackberry had failed was because it used “too much encryption”.
Now it seems that the baton has been passed to the UK. The day after Hannigan led the way with his piece in the Financial Times, the head of London’s Metropolitan Police added his voice to the chorus of disapproval, as the London Evening Standard reports:
London’s police chief today warns society against letting parts of the internet become a “dark and ungoverned” space populated by paedophiles, murderers and terrorists.
In a call for action, Met Commissioner Sir Bernard Hogan-Howe says encryption on computers and mobile phones is frustrating police investigations, meaning parts of the web are becoming “anarchic places”.
What’s particularly interesting is that as part of his visit to New York to make this speech, Hogan-Howe was also planning to meet all the senior US officials who had just voiced their concerns about encryption in precisely the same terms:
Sir Bernard has spent several days in talks with New York and Washington police chiefs about the threat of terrorism and what he calls “the challenges and opportunities” of technology. Today he was meeting FBI director James Comey.
He was also telling law enforcement experts behind closed doors at the New York police department that the internet is now a safe haven for criminality, adding: “Privacy is important but in my view the security of communications methods and devices is growing beyond what any genuine domestic user could reasonably require.”
It’s hard not to see this as part of a concerted and organized counter-attack against growing calls to rein in US and UK surveillance in the wake of Snowden’s revelations. The common line on both sides of the Atlantic is that encryption has gone too far — that “the security of communications methods and devices is growing beyond what any genuine domestic user could reasonably require”. The clear implication is that only “paedophiles, murderers and terrorists” would want strong crypto, and that for law-abiding citizens with nothing to hide, crypto with backdoors is good enough.
But it isn’t, of course. Law-abiding citizens with nothing to hide have a perfect right to real privacy online, just as they have a right to use doors, walls and curtains to screen off their private lives from the world’s gaze. As Techdirt has noted before, placing backdoors in nominally secure systems simply makes them completely insecure, since there is no way to stop the bad people from using them too. Moreover, weakening crypto would not only make the Internet vastly less secure for billions of users, it would also undermine millions of online businesses and thus the economies with which they are now so deeply intertwined.
We can expect more of these blatant attempts to demonize strong cryptography, and to paint its mere use as a sure sign of terrorism and depravity. But we have been here before. During the 1990s the US government tried to introduce backdoors into secure communications using the Clipper chip. Civil society won those first Crypto Wars; now it needs to gird its loins to fight and win Crypto Wars 2.0.