My letter to Amber Rudd on encryption
Amber Rudd is the UK’s current Home Secretary. I wrote this letter in response to a recent TV interview where she called for the intelligence services to have access to encrypted chat services. The Guardian’s piece on the interview is worth a read.
Dear Amber Rudd:
I am a British citizen living in San Francisco. I recently left a job that I held for 4 years at Apple working as a security engineer here in California. Among the things I worked on were iOS security, iCloud and iMessage, and I am now working on a new product that uses end-to-end encryption. I am therefore keenly aware of the tradeoffs related to encryption and the debate it has spurred. I am writing this letter to share my views and hopefully understand yours better.
I watched your recent TV interview where you said that it is “completely unacceptable” that the government cannot read messages protected by end-to-end encryption. You said that “[security engineers] have families, have children as well” and therefore “they should be on our side”. I can assure you that the professionals who work on these technologies understand that their families and children are better protected by resisting attempts by the state to facilitate intrusions into our private communications.
Encryption helps terrorists, but it also helps ordinary citizens. It protects their freedom and privacy from a growing list of malicious actors, including foreign governments. A free society is one where the citizenry can freely use encryption, and it is the job of the security services to uphold that free society, not undermine it. Dilution of that freedom is therefore counter to the purpose for which these agencies exist in the first place.
You insist that technology companies must find a way to cooperate with the security services and that legislation will follow if that doesn’t happen. Firstly, on your suggestion that we must find a way to cooperate: mathematically speaking, there is no way for technology companies to comply without escrowing users’ encryption keys or other sensitive material to some trusted authority. The problem with this approach is that no central authority can be trusted to hold decryption keys for the world’s private messages because the nature of technology in 2017 is that anyone can be hacked. We’ve seen this phenomenon play out in the recent US elections and in countless other successful attacks around the world in recent months, and all signs suggest that computer security is becoming a bigger problem as each day goes by. As I’m sure you’re aware, our own security services execute incredibly complex attacks against difficult-to-reach targets with increasing regularity. Do you think their ability to do so is unique? Do you understand that if many users’ decryption keys are held or can otherwise be derived by some central authority, that authority becomes an immensely valuable target that someone, perhaps a foreign government, will hack? A great number of respected academics and industry veterans have presented these objections on numerous occasions. Can you explain why you have chosen to disregard that advice?
On your suggestion that legislation will resolve this issue: it won’t. You cannot legislate technology companies into inventing a solution that is mathematically impossible. You will also find them unwilling to invent a solution that achieves your goals in a manner that compromises their customers; you’ll note that Google pulled out of China for a period of time in response to that country’s draconian technology policy. The UK is a relatively small market and technology companies won’t hesitate to pull their products rather than accept unworkable compromises in their encryption protocols. If you let that happen on your watch, you’re going to have to explain to an entire generation of young voters why they can’t use apps that are available in free countries, and they’re not going to like your answer.
Your rationale for crippling encryption is ostensibly to save lives that might be otherwise lost to terrorism, but that argument is flawed in two key ways. Firstly, 14 lives have been lost to terrorism in the UK over the last decade. More people die to bee stings. I don’t wish to downplay the grave seriousness of terrorism, but is it your position that it’s acceptable to fatally undermine the security of tens of millions in exchange for an unquantifiable chance to save so few lives? If so, what other rights do you think are worth trading away for little relative benefit? If your answer is that terrorism makes people unusually afraid, ask yourself: why is that? Is it that the British people are naturally more afraid of terrorism than of other grisly deaths, or have they been coached to fear it beyond any rational degree?
Secondly, and perhaps more fundamentally, eliminating encryption is simply not possible because of the nature of the internet. The cat is out of the bag. International authorities can’t even shut down The Pirate Bay; people will always have access to strong encryption and no law can change that. Do you expect to be able to remove all encryption products from the internet in perpetuity? If so, how? If not, how do you justify crippling the UK’s competitiveness in this area?
If the intelligence services are directing you to hold these views, I strongly encourage you to look past the surface and consider that their ulterior motive is to collect all signals at any cost. As far as they’re concerned, that is an effective way to detect criminals, and they’re not wrong about that. But it is also incredibly dangerous for society. That’s why we desperately need politicians to weigh all the facts and apply critical thinking when presented with a challenge that is unique to our era. The world has moved on from the days of tapping phones and steaming open envelopes. Encryption that is unbreakable at scale is here to stay, and you need to instruct your intelligence services to apply their best minds to solve this new and daunting problem by developing appropriate technical capabilities on their own, not by conspiring with technology companies to intentionally weaken internet infrastructure.