Home Secretary Amber Rudd is reported today to be in favour of giving intelligence services access to encrypted communications so there will be “no place for terrorists to hide”. This proposal demonstrates deep ignorance both about how modern encryption algorithms work and about how best to respond to terrorism. One would expect an MP to be better informed. That, at least, is the charitable interpretation of Ms Rudd’s comments. The uncharitable interpretation is rather dark and sinister.
Modern encryption: the cat is already out of the bag
Since Rivest, Shamir and Adleman first published their public key encryption algorithm in 1978, we have had access to encryption techniques which are mathematically proven to be impossible to break with current knowledge and technology and (it is strongly believed) even future knowledge and technology will not be able to break them (unless we crack quantum computing). Anyone with degree-level maths can implement these algorithms.
So, the cat is out of the bag. Pandora’s box is open and cannot be shut again. There is no way, now, of unknowing how to encrypt communications in this way.
Of course, it might be argued that the government should persuade1And, let’s face it, governments can be very persuasive! providers like WhatsApp not to use such secure algorithms. Then, at least, it becomes harder for terrorists to exploit modern cryptographic techniques.
Even this, though, is infeasible. Our best encryption algorithms have already been implemented in the OpenSSL project, which is an Open Source project that is available to anyone to use. Building a back door into OpenSSL would be impossible – the source code is already out there. It can be freely downloaded, inspected for vulnerabilities and deployed by anyone with a bit of software knowledge. Even if a back door were now added, any decent programmer could remove it and republish the software.
So forget putting a back door into WhatsApp. If you did, sooner or later, someone else will produce a similar product that doesn’t have crippled encryption. To do what Ms Rudd proposes is to engage in an endless and very expensive game of whack-a-mole.
You cannot undo this. These facts are widely known. Even if Ms Rudd is not an expert in this area, she ought to have advisers who could tell her that her idea is a non-starter.
The problem is far smaller than reported
Having said that, one wonders why Ms Rudd is even making these demands. As I argue here, terrorism is really not a serious or credible threat to society as a whole. The only power terrorism has over society as a whole is over the minds of the people. The best response to terrorism, beyond some reasonable basic precautions, is to calm fears and to ignore it. To keep calm and carry on, as exemplified by this rather delightful mock tube notice board.
Any decent leader would know this, too. It is astounding that we never hear this message from politicians. Can it really be true that they are all so ignorant?
Or is something more sinister going on? It is interesting to note that the almost-universal response to terrorism by MPs is to introduce legislation that gives more power to the state and decreases civil liberties. A cynical observer might even suggest that terrorism is a rather convenient foil for the politician who wants to increase their own power. And even a not-so-cynical observer might find it difficult, in the face of the evidence, to refute this suggestion.
The much bigger danger is oppressive state regimes
This brings me to my last point. If there truly is a society-wide threat to safety and freedom, that threat comes from oppressive political regimes, not from terrorists. As this review of the incidence of global terrorism observes, “Terrorism only killed 13,000 in 2010, a relatively low number when compared with other types of violent death, namely armed conflict and interpersonal violence” (italics mine). The number presented for armed conflict (in 2008) was 63,910. (Note the 13,000 almost all died in the Middle East. This is not where Ms Rudd is seeking to reduce terrorism. Most years, the number killed by terrorism in the UK can be counted on the fingers of zero hands.)
Taking a different perspective on this, think of 911, which killed 2,996 people. The resulting Gulf War 2 killed hundreds of thousands, of which the vast majority were Iraqis. And that’s a war started by the supposed “goodies”. The “baddies”, states where the number of the “disappeared” will never be known, are even worse. And it is in these deeply oppressive regimes, particularly, that modern cryptography is a lifeline.
To be able to make a WhatsApp call that the state cannot intercept is desperately important where human rights are abused. The Tor web browser, likewise, allows oppressed people to subvert state censorship and gives them a voice.
Ms Rudd’s proposal would hamper, drain and expose those fighting oppressive regimes as they continually have to seek new ways of communicating secretly every time their existing tools become compromised.
This, surely, is not what Ms Rudd intends? Is it?
[ + ]
|1.||↑||And, let’s face it, governments can be very persuasive!|