Andrew Bower works in the ‘Silicon Fen’, graduated in Computer Science from Cambridge University and has served as an Conservative Association officer.
This week the Prime Minister introduced a policy of banning strong encryption in the UK in order to deny terrorists ‘safe spaces’ in which to operate. Sounds robust, doesn’t it? In practice such a policy is impossible to implement and so would never yield any security benefit. It would, however, leave all of us vulnerable to trivial cyber-attacks and David Cameron’s vision of a Digital Britain in tatters.
Encryption is ubiquitous in our everyday devices and the commercial services that enable them. I lost count just trying to number the ways it has been used simply in the process of me writing and submitting this article. Encryption is not just for the bad guys. The online world makes our assets and identity vulnerable. Encryption as part of a well-designed security model is essential to enabling and giving confidence to banking transactions and commerce today. By mobilising against encryption the government is contradicting the advice of its Information Commissioner on data protection for organisations and its own advice to the general public about being safe online.
The latest evolution of the zombie snoopers’ charter policy reaches new heights of technical absurdity. Previously the main objections to the Communications Data Bill were based around civil liberties alongside a heavy cost to Internet Service Providers who would need to change their business model to become arms of the state, with only relatively limited technical concerns. But the technical implications of the encryption ban are so wide-reaching the policy would be a joke in the technical community if it weren’t a serious proposal by a party of government.
While the headline implications – banning popular applications like WhatsApp – sound difficult enough to bring about, the reality just gets worse. The well-known services for secure communication are just the tip of the iceberg. If they are taken out there are thousands of equivalent products ready to use. And if those are taken out the algorithms still exist and can be re-implemented by programmers all over the world. Even if extreme measures are taken to prevent secure traffic by policing all Internet traffic, encrypted information can still be transported stealthily, disguised as unencrypted information. Tying down computers and mobile devices is equally difficult – even a 15-year old mobile phone or an 80s personal computer has the ability to run the technology. The Prime Minister’s proposal is tantamount to playing King Canute. (There is a great article here that explains simply why the mission is impossible.)
The UK is an advanced player in the global technology marketplace but half-baked plans like this, even if not followed through, pose a great risk to our reputation as a safe place to do business at all and in particular to develop advanced technologies, for which security and encryption are increasingly core considerations. Technology businesses are already considering their options if this becomes law.
The risk to banking and commerce is the angle that Cambridge’s Liberal Democrat MP Julian Huppert chose to take up with the Home Secretary on Wednesday but, disappointingly, she failed to address the question and repeated the same patronising clichés that the government gives to every challenge on this subject. Plainly the Home Secretary and Prime Minister understand nothing about the technology on which they seek to legislate – they ought to be worried about that and to seek better advice. They might want to look as if they are ‘doing something’ but knee-jerk reactions like this are not the way to show leadership. Meanwhile, the other MPs jeering at Huppert would do well to listen and learn rather than draw attention to their own ignorance.
Anecdotal evidence from Cambridge suggests that policies like this (and ID cards before it at the 2005 General Election) are a big turn off to the more well-informed supporters of our party, particularly those with a technical background. If we really must have such authoritarian policies they at least need to be defensible in the face of technical realities.
This proposal is totally unworkable and cannot survive serious scrutiny. It will inevitably have to be dropped, so it would be better to drop it now and limit the damage to the reputation of our country and our party.