Encryption is furiously dull but please give this ten minutes.
Since I started writing this, both Charlie Stross and Cory Doctorow have written excellent but fairly in-depth articles. For the sake of covering the important parts, I’ll try to keep this high-level.
The government can read what you do on Facebook and read your email. They can get a rough idea what you do online and can almost certainly trigger alerts if you search for the wrong thing. It’s generally accepted that for the UK and US, this is now an automated and warrantless process.
But which terrorists are using Facebook Events and Twitter to schedule attacks? The Charlie Hebdo attack has jolted numerous obnoxious politicians into realising that this PRISM-style access isn’t enough to detect and track terrorism. Terrorists can use unmonitored or endpoint-encrypted services to stop GCHQ et al from spying on them.
Our Prime Minister, Dave WebCameron has the answer, ban it all.
If I am prime minister, I will make sure we do not allow terrorists safe space to communicate with each other. BBC News
Are we going to allow a means of communications which it simply isn’t possible to read? My answer to that question is: ‘No, we must not.’ New York Times
On the surface, these might be sentiments you agree with, but once you sit down and work out what it would mean to implement this, things look a little murkier… We could ban every service GCHQ can’t tap into, but even if you can’t use Whatsapp, the technology it uses is widespread and easy to reimplement in another app. Ban that too? Okay what if we just ban the evil technology that GCHQ can’t crack and only allow weak encryption they can meddle with?
The first point I’d like to make is that terrorists are renowned for breaking the law. Why don’t we just ban terrorism? It’ll be as effective. Terrorists will keep using the strongest encryption they can. And they can do that offline if needs be. As Stross points out, you will already go to jail if you refuse to decrypt something if ordered to by a court.
What about the rest of us? Well in order to comply with Dave’s wishes, all our applications, all our services would have to switch to a weak encryption cypher. What’s wrong with weak crypto? It breaks… And not just for governments. Hobbyists and criminals would have a field day with a known-weak system.
But what are criminals going to decrypt? Well, it’s not just government or ISPs who can intercept your data… Criminals, terrorists and even teenagers could all probably intercept your connections. That’s why strong encryption is so important. If they can intercept weakly encrypted data, they can probably decrypt it.
And the UK software industry would be toast. Who the hell’s going to buy software from a company legally-bound to rig their software up with duff encryption? How will open source even work if large parts of it are illegal here? Are we going to ban Github like India did?
It needs restating: Banning or breaking encryption only harms the law-abiding citizens.
What happens when that doesn’t work?
Don’t think for a second it’ll stop with encryption.
Other people have talking about authoritarian-style “firewalls” that block many sites but I think we’re going toward something much worse than anything we’ve seen suggested so far, a network-level Internet whitelist. I’m talking about completely prescriptive networking, a list of sites and networks your computer is allowed to talk to.
I’m being serious; this isn’t just technically possible, it’s probably easier than a blacklist. Government would be able to control what we read and where we talked. Peer-to-peer arrangements would be licensed (and otherwise blocked at network level). It would cut the UK off from most of the internet and leave what remained within the purview of GCHQ. If what they say is what they really want, this is the way they’ll eventually do it.
It’d also be a wet-dream-come-true for media companies. Goodbye piracy.
It might sound fairly win-win until you consider that the Home Secretary (or whoever) had complete control. Don’t like a political news story? It’s gone. Don’t want Scotland to be able to see London events? Blocked. You’ll never know about it because nobody will ever be able to report about it. It would make the blacklists of China and Russia look like toys.
I’m not sure what’s worse… That it’s possible or that we’re so close to it already…
But no, it still won’t stop terrorism.
We all need to do something.
If we let our politicians continue panicking, discussing technology they don’t understand to prevent people whose beliefs they cannot comprehend from performing actions they won’t prevent, we’re going to end up with more shitty laws that harm us more than terrorists.
The insidiousness of radicalisation and insular propaganda is truly something that needs to be fought but we don’t accomplish that by repeatedly breaking the Internet. Unless that is you want to control what people think.
While we still have free choice, make sure your MP (who is probably up for re-election in a few months) and MEPs all know that online security and freedom is important to you. Write To Them makes this whole process furiously simple. Put in your postcode and spend another five minutes making sure your views count.
If you’ve got any questions about this, leave a comment and I’ll try my best to get you an answer.
Lead photo by George Rex.
About Oli: I’m a Django and Python programmer, occasional designer, Ubuntu member, Ask Ubuntu moderator and technical blogger. I occasionally like to rant about subjects I should probably learn more about but I usually mean well.