David Cameron has signalled that he intends to ban strong encryption — putting the British government on a collision course with some of the biggest tech companies in the world.
As reported by Politics.co.uk, the British Prime Minister reaffirmed his commitment to tackling strong encryption products in Parliament on Monday in response to a question.
Strong encryption refers to the act of scrambling information in such a way that it cannot be understood by anyone — even law enforcement with a valid warrant, or the software company itself — without the correct key or password.
It’s currently used in some of the most popular tech products in the world, including the iPhone, WhatsApp, and Facebook. But amid heightened terrorism fears, David Cameron is attempting to take action.
Encryption is a contentious issue right now
Over the last year, encryption has become a hot tech policy issue. Following exiled whistleblower Edward Snowden’s revelations about mass surveillance online by the NSA and other spy agencies, tech companies have increasingly moved to incorporate strong encryption into their products to protect consumers’ data. And simultaneously, governments and law enforcement officials have upped their rhetoric, warning that proliferation of the tech could help terrorists and criminals evade capture.
When Apple implemented strong encryption by default in late 2014, for example, a senior US police officer warned that the iPhone would become the “phone of choice for the paedophile” as a result. And European police chief Rob Wainwright said in March 2015 that encryption is now the “biggest problem” in tackling terrorism.
It’s a difficult situation. On the one hand, it’s easy to sympathise with law enforcement, who fear that large amounts of communications data they previously had access to are now “going dark.” But security experts warn that any attempt to weaken encryption or introduce “back doors” for the authorities can have unintended and dangerous consequences. There’s no back door that can only be used by the good guys, they argue, and weakening the tech will put consumers at risk from criminals and hackers.
Cameron already made his thoughts clear
As it currently stands, it’s already illegal for Britons to refuse to surrender their passwords or encryption keys, and you can be jailed for doing so. But if someone’s refusing to talk (or they can’t be found), and police need to gain access to communication data urgently, then this isn’t much help.
In the aftermath of the Charlie Hebdo massacre in Paris earlier this year, Cameron first signalled his intention to take action against strong encryption products. In a speech, he asked whether “we want to allow a means of communication between two people which even
in extemis with a signed warrant from the home secretary personally that we cannot read? … My answer to that question is no, we must not. The first duty of any government is to keep our country and our people safe.”
The inference was clear: If your encryption product cannot be intercepted and decrypted by law enforcement, even with a warrant, we’re coming for you.
These comments immediately sparked a flurry of criticism from privacy and security activists. Jim Killock, executive director of human rights organisation Open Rights Group, said that Cameron’s plans “appear dangerous, ill-thought out and scary.” They make “us all more vulnerable to criminal attack.”
Author and activist Cory Doctorow also wrote a scathing takedown of Cameron’s plans, arguing that if you leave in a vulnerability for law enforcement, it will be abused by “foreign spies, criminals, crooked police.”
And writing for the Guardian, James Ball suggested that a blanket ban on encryption would “spell the end of e-commerce” in the UK since credit card details are generally always sent via secure encrypted connections. “Cameron either knows his anti-terror talk is unworkable and is looking for headlines,” Ball said, “or he hasn’t got a clue.”
An encryption ban is now on the cards
Following the General Election earlier this year, David Cameron laid out his government’s plans for the year in the Queen’s Speech. In it, he included increased spy powers in the form of the Investigatory Powers Bill — but at the time, it wasn’t clear whether this would include a crackdown or outright ban on strong encryption products.
But Politics.co.uk reports that Cameron is now set to attempt to curtail the use of strong encryption in the coming year. The Prime Minister was asked by Conservative MP Henry Bellingham in Parliament on Monday whether “companies such as Google, Facebook and Twitter… understand that their current privacy policies are completely unsustainable?”
Cameron responded (emphasis ours):
Britain is not a state that is trying to search through everybody’s emails and invade their privacy … We just want to ensure that terrorists do not have a safe space in which to communicate. That is the challenge, and it is a challenge that will come in front of the House.
We have always been able, on the authority of the home secretary, to sign a warrant and intercept a phone call, a mobile phone call or other media communications, but the question we must ask ourselves is whether, as technology develops, we are content to leave a safe space — a new means of communication — for terrorists to communicate with each other.
My answer is no, we should not be, which means that we must look at all the new media being produced and ensure that, in every case, we are able, in extremis and on the signature of a warrant, to get to the bottom of what is going on.
Business Insider has reached out to 10 Downing Street for further comment and will update when if it responds.
Encryption is everywhere
There’s a serious problem with these plans, however: Dozens of top tech companies all incorporate strong encryption into their products, and are unlikely to budge on the issue. As already mentioned, Apple now incorporates it by default, and CEO Tim Cook has become a staunch defender of user privacy. In an open letter on Apple’s website, he says the Cupertino company has “never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.”
Wildly popular messaging app WhatsApp also uses encryption. Its founder, Jan Koum, grew up in the Soviet Union, and the legacy of constant state surveillance left a lasting impression upon him. Facebook, which owns WhatsApp, recently introduced support for encryption software PGP — letting users receive emails in an encrypted format and publicise their PGP public key that lets others contact them securely on their profiles.
There are huge technical challenges facing any ban
These companies are highly unlikely to agree to any demand from Cameron’s government to weaken their encryption product, in part because it would create an extremely dangerous precedent. If Apple provides back doors in its software for Britain, then why not China, or Russia, or Saudi Arabia?
Further complicating the matter is that millions of activists, dissidents, journalists and whistleblowers around the world already use strong encryption products (like PGP) to keep their sensitive communications secure. It’s inconceivable that the developers of such tools would agree to Cameron’s plans, as any backdoor would endanger the lives of activists that rely on the service worldwide.
If Cameron tried to block the software in the UK, it would mean that many digital journalists in Britain would be breaking the law by continuing to use it to communicate with sources.
On a purely technical level, it’s difficult to imagine how such a ban could ever be implemented. As Cory Doctorow pointed out earlier this year, the level of internet filtering that would be required to block rogue software from getting in would put Britain on a par with “Syria, Russia, and Iran” — and even then it’s not very effective. The “great firewall of China” was built at enormous expense to the country, but activists are still able to circumvent it.
Incredibly popular coding sites like GitHub might also have to be banned or policed at great expense, lest they’re used to distribute illicit encryption software. Doctorow even suggests that “anyone visiting the country from abroad must have their smartphones held at the border until they leave,” because their devices — with strong encryption enabled by default — would be illegal in Britain.