British Prime Minister David Cameron has announced that, should the Conservatives win the general election in May, they will ban forms of communications which can’t be accessed by law enforcement if they have a warrant. It appears that messaging apps which use encryption will be banned in the UK.
There are a number of reasons why this idea is a flawed knee-jerk reaction to the tragedies which happened in Paris. Here, F-Secure looks into them…
Il n’est pas Charlie
Each terror attack and paedophile ring which is busted gives the Government an opportunity to introduce laws which curtail the British people’s freedom and privacy. This is not the sentiment which has been shared across the world in the past two weeks, as people stood together against the massacre at Charlie Hebdo’s offices in Paris. Without civil liberties, Charlie Hebdo would not be allowed to exist.
Self-censorship would ensue
Knowing that your communications could be read by the Government would lead to self-censorship, possibly unconsciously. This could gravely affect activist groups and NGOs whose purpose it is to hold the Government to account.
The Universal Declaration of Human Rights
Article 12 states: No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
If that wasn’t enough, mass surveillance also contravenes Article 8 (the right to respect for private and family life) and Article 10 (the right to freedom of expression) of the European Convention on Human Rights. The European Court of Human Rights has repeatedly stated that surveillance, if conducted without adequate judicial oversight and with no effective safeguards against abuse, will never be compatible with the European Convention.
Ultimately, international law does not support Cameron’s intentions.
Who will regulate open source encryption services?
It is one thing to demand a large company, such as Facebook, abides by the law, but who will they approach for open source standards which have no single owner, such as OpenPGP? How do you regulate peer-to-peer communications app such as FireChat?
What about mesh networks?
This technology has not been widely adopted yet, but it has been available for some time and is bound to gain users if Cameron’s plans go ahead. Already used in Barcelona, Greece and Baghdad, mesh networks wirelessly connect computers and mobile devices to each other without the need for a service provider (such as an ISP). With this direct form of communication, there is no one to serve a warrant to.
It can’t be monitored
It is still unclear how Cameron expects to implement a ban. How will he stop people downloading software from outside Britain? Will resources (which could be spent on, say, targeted surveillance of people on the Government’s watch lists) then be spent on policing innocent people using encrypted communications?
The British economy would suffer
Start-ups wanting or needing to use end-to-end encryption are likely to avoid Britain as a base, taking their taxes and jobs with them.
The Government would suffer
The Government uses encryption for communications too. Will it be one rule for them and a different one for businesses and the public?
It would wipe Britain off the technology map
Take any number of services which could be affected by this law – WhatsApp and iMessage probably being the most widely used. These are not British companies bound by British laws. As such, are they likely to re-write their privacy source code or will they simply pull out of the market?
When a new technology is launched, Britain is usually one of the test-beds before global roll-outs. Making Britain unviable for such programmes would see it fall behind its western competitors, bringing all the economic woes attached to it. So much for Cameron’s ‘Digital Britain’.
It puts Britain in bad company
Cameron is not the first to try this. He would be following Russia, Syria and Iran. All of whom have struggled to implement it.
A warrant from the Home Secretary won’t help with end-to-end encryption
It appears that Cameron is unaware that, with end-to-end encryption, the users hold the encryption keys, not the service provider. Turning up at, for example, the WhatsApp offices with a warrant for access to a specific user’s communications would be pointless. WhatsApp don’t hold the encryption keys, so wouldn’t be able to provide the unencrypted data.
Did Cameron really mean what he said?
The Prime Minister is not a technology expert, neither is his speech writer. Did this cause confusion? It is possible that Cameron’s intent is to make anonymity-enabling encryption abnormal, so that those using it are suspicious? It gives the authorities a tip on who to be watching. If we all use encrypted communications, they don’t have this advantage, so they would prefer it remained in fringe technology.
Will it even happen?
The plan has been called everything from ‘crazy’ to ‘cloud cuckoo land’ by security experts who understand the complexity of what Cameron intends. There is every chance that a ban on encrypted communications will not happen. However, the Government has shown its intentions.
Not content with the mass surveillance being conducted by GCHQ (with no judicial oversight), they have also introduced the Regulation of Investigatory Powers Act (RIPA) and the Communications Data Bill.
The message is clear, the British Government wants to unilaterally invade the British people’s privacy. Britain as a surveillance state is becoming a reality.
F-Secure invites our fellows to share their expertise and insights. For more posts by Fennel, click…
April 18, 2018