Over the weekend, the Telegraph (which, really, is probably only the second or third worst UK tabloid), published perhaps the dumbest article ever on encryption, written by Clare Foges, who until recently, was a top speech writer for UK Prime Minister David Cameron (something left unmentioned in the article). The title of the article should give you a sense of its ridiculousness: Why is Silicon Valley helping the tech-savvy jihadists?
I imagine her followups will including things like "Why is Detroit helping driving-savvy jihadists?" and "Why are farmers feeding food-savvy jihadists?"
The article is perhaps even dumber than the headline, but let's dig in.
What will it take? 129 dead on American soil? 129 killed in California? What level of atrocity, what location will it take for the Gods of Silicon Valley to wake up to the dangerous game they are playing by plunging their apps and emails ever deeper into encryption, so allowing jihadists to plot behind an impenetrable wall?
"Plunging their apps even deeper into encryption"? I don't even know what that means, but let's flip it around: How many hacked credit cards, medical information and email accounts will it take for the Gods of Silicon Valley to wake up and recognize they need to better protect
user data. Because that's what's actually happening. Encryption is not about "allowing jihadists to plot behind an impenetrable wall" it's about protecting your data
-- even that of Clare Foges -- from malicious attackers who want access to it. Or does Foges and her former boss David Cameron communicate out in the open where any passerby can snoop on their messages?
Does this mean some bad people can use encryption? Yes. But it's not as "impenetrable" as she seems to think (we'll get to her knowledge of technology and encryption in a moment). Even if you're using encryption, there is still plenty of metadata revealed. Furthermore, there have always been ways to communicate in less-than-understandable or less-than-trackable way -- and the terrorist community has used them forever
. They don't need to rely on "Silicon Valley" giants.
But, more to the point, undermining encryption makes everyone
significantly less safe. The whole idea that weakening encryption makes people more safe is profoundly ignorant
. Even more ridiculously, Foges blames Ed Snowden
Why? It goes back to Edward Snowden, the weaselly inadequate whose grasp for posterity has proved a boon for Isil. They should be gratefully chanting his name in Raqqa, for it was Snowden’s revelations about government surveillance methods that triggered this extraordinary race towards deeper encryption.
This, of course, is wrong. Stupidly, ignorantly, wrong. Again, studies have shown that post-Snowden, terrorists didn't change anything
in how they communicate. They were already
using encryption and reports suggest that they'd been using encryption going back more than a decade. Snowden's revelations only pointed out how governments were doing mass surveillance on ordinary citizens
. Everyone -- including various terrorist organizations -- already assumed (correctly) that they were spying on terrorist organizations and sympathizers. So it's not clear what Foges is claiming here, other than that she's pulling a Dana Perino
and shielding her ex-boss from criticism by blaming the whistleblower.
All this is making the job of the security services infinitely harder. FBI Director James Comey calls the challenge “going dark”. Leads are followed until they hit the brick wall of indecipherable data. A few years ago law enforcement agencies could approach Hotmail or Google with a warrant and get vital information to stop horrors unfolding. Now the data they salvage is often gobbledegook – a load of encrypted numbers that are impossible to read. They are trying to save lives but are being frustrated by encrypted technology.
This is also astoundingly ignorant and wrong. To date, the FBI and others have failed to present a single example of where encryption has actually been a problem in deciphering this information. Also, naming Hotmail and Google is wrong as well, as neither Hotmail nor Gmail currently offer end-to-end encryption in a manner that anyone really uses. Google does have a test version available, but the number of people using it is barely notable. So, yes, if law enforcement goes to Google with a valid warrant, it's going to turn over your emails.
This isn’t about privacy, it’s about profit
This may be the most ignorant statement of all. Encryption also means that these same companies cannot scan the contents of your email, for example to place ads against them. In fact, most people have noted that the reason Google hasn't really embraced end-to-end encryption in Gmail is that it would undermine
the business model of that product. But, Foges is on a roll of ignorant bullshit and she can't let little things like facts get in the way.
And, of course she concludes with the usual ridiculousness about how she's just so sure that if they put their minds and money to it, they can figure out how to fix this "problem."
The global tech industry made around $3.7 trillion last year. They employ some of the brightest people on the planet. Apple et al could, if they wanted, employ a fraction of these resources to work out how we can simultaneously keep the good guys’ data secure and keep the bad guys in plain sight. The geniuses of Silicon Valley would be more than a match for the dunderheads in the desert.
Except, overestimating your side and underestimating the enemy seems like a pretty stupid idea -- especially when you're pushing for the impossible. And the idea that you can magically "keep the good guys’ data secure and keep the bad guys in plain sight" is pretty laughable. You don't need to be an expert to recognize the ridiculousness of that statement. Who do you determine are "the good guys" and who are "the bad guys"? Is that something you can code? Because, based on this, I'd argue that Foges is "a bad guy." Is she okay with her information being passed in plain sight? And, of course, the reality is even more ridiculous because, as has been explained in great detail
in the past, encryption where "the good guys" have access is encryption that doesn't work
-- and thus it's encryption that makes us all less safe.
Asking for encryption that only protects "the good guys" is publicly asking for the impossible. It's an astoundingly ignorant question, that anyone with any amount of expertise would tell you is not a good question to ask.
On Twitter, some people have been pushing back on Foges, and her response has been... well, less than inspiring. When people have pointed out that she seems ignorant of the facts, she not only misses the point, but seems proud of her ignorance
It's fairly stunning, but Foges article gets almost everything wrong. It doesn't understand encryption. It doesn't understand what tech companies are doing. It doesn't understand how security works. It's just... wrong. When someone on Twitter confronted her about this, she insisted that she interviewed people who felt that it was possible to create such encryption, but then went silent when lots and lots of tech experts asked her to name a single technology professional who agreed with her.
Similarly, it's somewhat bizarre that the Telegraph doesn't note that Foges spent the past few years as UK Prime Minister David Cameron's chief speech writer, and still lists herself as an advisor to Cameron. Seems like something that should have been disclosed. The newspaper isn't exactly known for its accuracy, but this is an embarrassment for both Foges and the Telegraph.