Tory anti-crypto policy will end security and privacy
If Britain’s Conservative party wins the general election in May, their plans to outlaw strong cryptography will have disastrous consequences for both the security and privacy of its citizens.
In March, an unexplained glitch caused British internet traffic to be incorrectly routed via Ukraine. Affected users included the Atomic Weapons Establishment and Lockheed Martin.
It could have been an innocent routing error. But if it was triggered intentionally, it’s likely that data from those customers was intercepted by a foreign intelligence agency. Any data not protected by strong encryption would now be in the hands of a foreign power.
But in Britain, the Conservative Party has promised to make this necessary strong encryption illegal.
The danger of weak encryption
A secret US cybersecurity report warned that government and private computers were being left vulnerable to online attacks from Russia, China and criminal gangs because encryption technologies were not being implemented fast enough.
The advice, in a newly uncovered five-year forecast written in 2009, contrasts with the pledge made by David Cameron this week to crack down on encryption use by technology companies.
— James Ball, The Guardian: Secret US cybersecurity report: encryption vital to protect private data, 2015-01-15
British and American intelligence agencies have undermined crypto strength for decades, dating back to World War II when they sold captured German Enigma machines to their allies without revealing that they could decrypt its output.
The goal of these agencies is “Nobody but us”: US and its allies secretly weaken strong crypto systems so that, in theory, they can decrypt messages that nobody else can.
It’s dangerously arrogant. Security researchers frequently discover flaws in secure systems, and it’s ludicrous to assume we’re the only country with codebreakers. State secrets can be stolen or leaked. Computers get faster and cheaper every year. Capabilities that used to be “nobody but us” are now “anybody with $100”.
Banning encryption won’t make us safer
David Cameron will say that he doesn’t want to do any of this. He’ll say that he can implement weaker versions of it – say, only blocking some “notorious” sites that carry secure software. But anything less than the programme above will have no material effect on the ability of criminals to carry on perfectly secret conversations that “we cannot read”. If any commodity PC or jailbroken phone can run any of the world’s most popular communications applications, then “bad guys” will just use them.
— Cory Doctorow, What David Cameron just proposed would endanger every Briton and destroy the IT industry
Not only will a ban on strong encryption endanger the security and privacy of anyone whose data travels through the UK, there’s absolutely no reason to assume it will do anything to stop the bad guys.
Immediately after the Charlie Hebdo bombings in January 2015, David Cameron advertised his plans to outlaw any cryptography the UK can’t crack, supposedly to protect against terrorists.
But the Charlie Hebdo bombers didn’t use encrypted internet messaging - they met in person. Nor did Al Qaeda, who used trusted couriers.
David Cameron exploiting the Charlie Hebdo massacre to promote his political agenda was like watching a man try to sell car insurance at a funeral.
Banning strong crypto won’t stop GCHQ’s targets: terrorists don’t rely on crypto, foreign nations are unaffected by UK law, and criminals will have no trouble downloading this widely available free software.
But it will stop normal citizens from exercising their legal right to communicate in private, a right which the UK has spent the last ten years eroding in secret.
What Britain does with your unencrypted data
Tempora uses intercepts on the fibre-optic cables that make up the backbone of the internet to gain access to large amounts of internet users’ personal data, without any individual suspicion or targeting.
Lawyers for GCHQ said it would be impossible to list the total number of people targeted by Tempora because “this would be an infinite list which we couldn’t manage”.
This is the real reason the UK government is frightened of encryption. If normal people start using it, the government would lose its no-warrant-necessary bulk access to the private communications of its own law-abiding citizens - the only people a UK-wide strong encryption ban would affect.
But by forcing people to use unencrypted or weakened communication systems, the government leaves everyone vulnerable to digital threats.