UK PM wants to ban unbreakable encryption! OK but only if ...

Banning encryption is a really bad idea but if there was enough trust in and accountability of the government maybe it would work ...

“Are we going to allow a means of communications which it simply isn’t possible to read? My answer to that question is: ‘No, we must not.’ ” -  British Prime Minister David Cameron, January 12, 2015, pompously pointing out what the problem isn’t.

In the wake of the appalling murders of 12 staff members of the French satirical magazine “Charlie Hebdow” comes, of course, the shrill cries of career politicians such as Cameron that SOMETHING MUST BE DONE.

Of course, it’s easy of politicians to point at online services, whether encrypted or not, as if they were the only way the bad guys communicate even when that’s patently not the case. The bad guys also use cellphones, postal services, and automobiles yet it’s always the online services that are singled out and their owners threatened almost as if they were in cahoots with the terrorists. Why? Because it’s easy to point the finger at technology because most people have a very poor understanding of it and on the part of the pols it looks like decisive thinking.

Now, while it’s theoretically feasible for these online services to meet the surveillance demands of various governments, in practice the technologies aren’t really there yet and the human processes that are needed to drive them aren’t, as the Snowden leaks have shown, that good (when NSA agents can spy on their spouses and wind up tracking their own cellphones you know the system is anything but reliable or well-designed). In such an environment the probability of abuse and mistakes is 100%. 

Presumably for anyone to use encryption in Cameron's world would require escrowing decryption keys so the government could examine any and all communications as they pleased. But what would be the consequences to the government if keys should be exposed or stolen? Would they take real responsibility? Would the government officials be prosecuted? Will governments indemnify their citizens against government abuse and mistakes? Of course not.

But the real risk will come not from government incompetence but how much more control such a move would allow in determining future online restrictions. Imagine what could happen in the future … you’ll need to escrow your SSH keys with the authorities before logging into your server and, eventually, to use the Internet you’ll need a license. You’ll only be allowed to access approved services. Online privacy in any form would not exist. And after that, in due course, privacy in any form would become history (some might argue this has already happened).

Call me alarmist if you will but pressuring online service providers to play their game and making useful and necessary activities illegal would be a "thin end of the wedge" deal.

If Western governments want that kind of control over their citizens then it has to be symmetrical which would mean that all government activities other than those that could be proved to be truly in the national interest (for example, how to make nuclear bombs) should become, in turn, completely transparent. That means every government committee meeting, every government memo, every government phone call, every donation to any politician, every political deal, all of it … completely and immediately transparent with severe consequences for any kind of evasion or failure to do so. No more backroom deals, no more horse trading, no more obfuscation. And along with that all surveillance by a government would  have to be justified and authorized and documented. 

So, Mr. Cameron, are you and your government willing to be that transparent?


Copyright © 2015 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022