Did David Cameron Just Say He Wants To Undermine All Encryption In The UK?
from the not-thinking-it-through dept
The question is are we going to allow a means of communications which it simply isn’t possible to read. My answer to that question is: no, we must not.Leaving aside the fact that Cameron seems to be saying that he wishes to make privacy impossible and/or illegal in the UK, one key question here is: how does he intend to do this? Neither the UK government nor the Conservative party offered any clarification about this election "promise," which has inevitably led to speculation. For example, The Independent newspaper wrote as follows:
David Cameron could block WhatsApp and Snapchat if he wins the next election, as part of his plans for new surveillance powers announced in the wake of the shootings in Paris.None of those programs was mentioned by Cameron in his speech. But many other news outlets have taken that speculation and reported it as if it were certain; others have interpreted his comments to mean that Cameron aims to ban or perhaps backdoor all strong encryption. It's quite possible that Cameron and his advisers have not thought this through, and simply assume there must be some clever way to give access to the content of encrypted services without undermining them. But as Techdirt has emphasized before, there is no "golden key" that can be used by just the authorities and no one else.
The Prime Minister said today that he would stop the use of methods of communication that cannot be read by the security services even if they have a warrant. But that could include popular chat and social apps that encrypt their data, such as WhatsApp.
Apple's iMessage and FaceTime also encrypt their data, and could fall under the ban along with other encrypted chat apps like Telegram.
UK services and users can be forced by the Regulation of Investigatory Powers Act (RIPA) to hand over whatever encryption keys they have. Most of the main online services come from US-based companies; some may choose to comply with UK warrants, but others probably won't. And then there is the extremely important class of open source encryption programs -- things like GnuPGP, OpenVPN and Tor: these don't always have companies that can be threatened with legal consequences. So what would Cameron do about those? Make their use illegal for all UK citizens? Even the increasingly-common HTTPS for general web servers is problematic: if they are located outside the UK, there is no way to force them to hand over their keys. So will Cameron forbid people from visiting millions of websites, just in case they allow some form of communication that can't be monitored?
Clearly, trying to implement this scheme will cause huge damage to the British public and to UK businesses, who will be more vulnerable to online attacks. It will also harm the UK economy, since startups with digital products or services will find users in other countries unwilling to use products that have been forced to insert backdoors for the UK intelligence services. And it will further harm the UK's already battered reputation as a civilized country, since Cameron's call to abolish all online privacy goes beyond even the worst oppressive regime (China must be delighted by his speech.)
However, there is a small consolation to be drawn from this extraordinarily stupid and dangerous call by Cameron. The fact that something so controversial is being proposed at all confirms one of the most important points made by Snowden: encryption works.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+