Quite so

Cameron’s legislation has not happened, and there’s a simple reason; encryption is a binary. Either something is encrypted, and thus secure from everyone, or it’s not. As the security expert Bruce Schneier has written: “I can’t build an access technology that only works with proper legal authorisation, or only for people with a particular citizenship or the proper morality. The technology just doesn’t work that way. If a backdoor exists, then anyone can exploit it.”

That’s the crux of the problem. While you can legislate to only give state agencies access to terrorists’ communications, and with proper oversight and authorisation, you cannot actually build encryption that works like that. If you put a backdoor in, it’s there not just for security services to exploit, but for cyber-criminals, oppressive regimes and anyone else.

There is no way around this. Either we can say that end to end encryption is legal or that it is illegal. There is no way to have it being legal but not really encryption…..

22 comments on “Quite so

  1. Is it a job requirement for the Home Secretary to be a fascist little shit, or are they turned into one by the position?

  2. Either we can say that end to end encryption is legal or that it is illegal.

    Yes, but only within a specific jurisdiction.

    It’s not too different to the argument about end to end itself – the internet doesn’t care too much about borders. Products offering encryption / end to end can be based anywhere.

    Hence, even if you wanted to – if you make it illegal, you can’t effectively enforce it. Without shutting down the internet within your jurisdiction.

  3. Matthew L

    1) definitely and then 2) just in case.

    I personally suspect that 2) subtly combines a decent wallop of “shock and awe” with subtle blackmail: “for example, in your case Home Secretary, we clearly have to know x, y, z – hence you can see how it would make us all so much safer to know a, b, c about potential terrorists. It would be catastrophic if “shit” happened and it became clear that we ‘could’ have prevented it”.

    It would be nice to be wrong, but the stats (of the office holders) as you suggest tend to speak for themselves.

    I always wondered if that was why David Davis appeared to engineer a way out whilst he was shadow…

  4. I wonder what Haynes considers the difference between “security services” and “oppressive regimes” to be?

    Personally, I just think they add some mild hallucinogen to the water at Marsham Street. The same creeping statism affects previously perfectly normal civil servants too.

  5. I’d also note that the security services already have “the legal power to break into the encrypted communications of suspected terrorists.”

    What they lack, given competent encryption (often missing) and a decent passphrase protecting the private keys (very often missing), is the technical ability to do it.

  6. They are looking to create a controlled population not fight terrorism.There are a vast number of steps they could take but “snoop” is their default setting..

    The first step against terror being “stop importing the perps and stop enabling/subsidising its instigators already here”.

  7. If this is standard RSA- style PKI, then private keys can be changed as often as you like. This reduces the risk of compromise (others being able to read your encrypted messages) and your only issue is secure key distribution.

    The blackberry option fits with this: make the system secure and either a) give the current key to security services, or b) have an agreement to decrypt specific messages on a court order or similar legal request.

    Anyone got a problem with that?

  8. If they can’t even work out the motives of an Islamist terrorist, what chance have they got of cracking encrypted communications?

  9. The blackberry option fits with this: make the system secure and either a) give the current key to security services, or b) have an agreement to decrypt specific messages on a court order or similar legal request.

    Anyone got a problem with that?

    Yes, I have, because it gives explicit sanction to the security services to snoop on the compliant law abiding citizens and only the most stupid of terrorists would use it.

    Any terrorist with the brains of an ant would use an offshore encrypted service not subject to the constraints of Western governments.

    I’m no hacker, but even I could setup an encrypted message service using a Unix box and a basic Web page in half a day on a foreign hosting service.

    Sure Telegram and WhatsApp may be more common, convenient and popular, but what they do is not special and open source cryptographic tools are downloadable through apt-get and other tools and repositories at the click of a button.

  10. I’m not advocating anything here, but this is just nonsense:

    “encryption is a binary. Either something is encrypted, and thus secure from everyone, or it’s not”

    Encryption can be strong or weak. Strong encryption can be uncrackable even by governments. Weak encryption can be cracked by e.g. anyone who puts in some effort and has some skill and knowledge, but not some random off the street.

    It’s obviously a spectrum.

  11. “b) have an agreement to decrypt specific messages on a court order or similar legal request.
    Anyone got a problem with that?”

    Yes. You need the key that is in the suspect’s device and/or head. This is the equivalent of having the legal powers to serve a warrant to enter somebody’s house, but not having the technology to pick the lock on the door. So their solution is to outlaw locks.

  12. It’s also, apparently, a job requirement for Home Secretaries that they are technologically utterly ignorant, and ignore or can’t understand the advice that’s presumably given to them by people in their teams who do know shit about this stuff.

  13. @dearieme – OTPs are indeed perfectly secure if used correctly (which they’re often not, e.g. same pad used for multiple messages) but the logistics involved in distributing them to everyone with whom you might want to communicate securely is usually the killer. If you mail a set of pads to your buddy, what if the security services intercept the mail and photocopy the pads before forwarding?

  14. Any increase in government power is bad. I don’t care if they can’t intercept terrorist or criminal communications, with our without a warrant.

  15. John G may not be a hacker, but I am not a John G. People like me need a user friendly interface with our encryption devices.

    Is there any way of posting on comment boards without leaving a trace? Maybe accessed through Startpage and using a ‘fake’ email address?

  16. dearieme – “If I wanted to encrypt a message wouldn’t I just use a one-time pad?”

    It is hard to arrange a swap of one-time pads.

    Personally I wonder if there is a market for one-time pads in a modern electronic form. The problem would be to give the other copy to your friend and to keep it secure from someone inspecting your hard drive. It certainly is not as simple and elegant as exchanging keys.

  17. An observation:

    If the Westminster muslim terrorist was a “lone wolf” as Met et al claim, who was he sending a running commentary to on WhatsApp?

    If the Westminster muslim terrorist was a “lone wolf” as Met et al claim, why is it vital to identify who he was sending a running commentary to on WhatsApp?

  18. “It is hard to arrange a swap of one-time pads.”

    Go round to their house with an 8TB hard drive in your pocket. Or you can meet up at the mosque and pass them round…

    “Is there any way of posting on comment boards without leaving a trace?”

    No, not as they’re currently implemented.

    You can make it hard to trace by going through something like Tor, but people with enough resources can still do it. There are some more exotic cryptographic protocols that can do it, but I’m not aware of any being implemented outside of lab concept demonstrations. They have some practical issues, like to make it impossible to determine which of n people sent a message, all n have to participate during the sending of every message.

    But mostly it’s seen as a waste of time because the security services don’t do it by breaking the encryption, they do it by hacking in to your computer by other routes, and then intercepting it before it gets encrypted, or after it gets decrypted. You don’t put the backdoor in the encryption product, you put it in the Windows operating system. It’s more complicated than that, but that’s the basic idea.

Leave a Reply

Name and email are required. Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.