Dear Government of the United Kingdom
I write to you today regarding the content of “The Investigatory Powers (Technical Capability) Regulations 2017”, the recently leaked document detailing certain requirements regarding the removal of “electronic protections” by telecommunications providers on behalf of the government (a copy of which I viewed at the following link: https://regmedia.co.uk/2017/05/04/technical-notices-draft-ipa.pdf). Moreover, I write concerning not the further degradation of the last shreds of our privacy as British citizens, but why the notion that end-to-end encryption (by which I mean a mathematical obfuscation process in which only the intended recipient may view the contents of a message) must have deliberate compromises in the form of “back-doors” is both impossible, dangerous, and foolish in equal measure.
Let me begin with a simple metaphor. Imagine I protect my house with a door made from a material that can withstand the impact of any earthly force. This door cannot be damaged or destroyed by anything known. It can be unlocked, but only by pressing a sequence of buttons on a keypad; a sequence long enough that, while it may be entered relatively quickly if you have it written down, a million people working for a million years are unlikely to ever guess what it is. Everyone sees my door, and they agree that it would be safer for everyone if all doors were like mine. Banks love my door: the only time they would ever have to worry about having anything stolen is if someone leaves it open. No-one can ever break in. Even better — the door is incredibly easy to manufacture with nothing more than a few hours research in a library or on the internet.
Now, the government in this metaphor doesn’t like the door, because some bad people use their door to hide their bad deeds. (More people still oppose the government and what it stands for, but let’s pretend that’s not relevant.)
The metaphorical government has tried, but even with its biggest hammer, it simply isn’t possible to break these doors down. So, instead, they enact a law requiring that every single door, both existing and future, have an extra keyhole that unlocks the door even without the code. “But it’s okay”, the government says, “because only we will have the key”. But, unfortunately for us all, criminals are an enterprising bunch. Within a few days, someone has noticed the keyhole and made a mould, and now they have their own key. (Or, more likely, the key was simply left on a train by a government official.) The crim copies this key many times and shares it amongst all his criminal friends. They can now open any door in the country. Banks, shops, houses; they all use the same doors and so all fall victim.
Worse still, because of how easy the door is to build, the criminals can flout the law and make their own doors with no secret keyhole! Now we have the worst of both worlds: individual law-abiding citizens and businesses have no safety or privacy, while the baddies continue to enjoy their impenetrable doors.
It sounds overwrought, but this is most certainly what would happen under any attempt to enforce this law. End-to-end encryption is the unbreakable door that anyone can build. It is based on mathematical principles that are not difficult to understand or implement; principles that no amount of legislation in the world can change. Undermining that puts everyone at risk.
But wait, there’s more! Encryption is not just used to communicate in private. The entire concept of identity verification online is based on those very same principles!
Next time you buy something from the internet, take note of the little padlock in the address bar. That padlock means you’re using a HTTPS secure connection. You don’t need to know what that means, but understand this: firstly, your communication is entirely private to only you and the site you’re connected to. You’re sharing your password and card details — you wouldn’t want anyone in the middle being able to listen in to that.
Secondly, that security is enabled by the presence of an SSL certificate. Suppose you run a website. When you ask a trusted authority to verify your identity as the owner, they provide you with a tiny little certificate file. The downside is that you can’t frame it. The upside is that if you place that file on your website, you are proving to all your visitors that you are who you claim to be.
Now, you almost certainly aren’t asking, what’s stopping someone from forging a certificate, pretending it’s from the trusted authority? Well, it’s cryptographically signed by its issuer, using the exact same principles used to encrypt communications! The same mathematical properties that enable us to communicate privately also enable us to prove identity and authenticity.
So, this introduces the second catastophe a back-door would bring: under the right circumstances, the bad guys could pretend their website is Amazon, or your bank, or GOV.UK, and steal your passwords and card details. You would have absolutely no way of knowing that the site you’re on is not the real one, because the entire chain of trust would be deliberately compromised.
That in mind, there are approximately three ways this legislation could be implemented:
Approach 1: The government demands encrypted content be decrypted with no changes being made to the underlying algorithms.
Outcome: This is, for all intents and purposes, mathematically impossible. The encryption cannot be broken by any known method. Futhermore, many encryption methods use Diffie-Hellman key exchange, in which the secure key is established between two parties without the carrying service having any knowledge of that key. Because of this, even legally coercing communications companies to hand over users’ encryption keys would be fruitless, as many simply do not possess them.
Approach 2: All true end-to-end encryption is banned within the United Kingdom, with forced provisions for decryption on behalf of the government.
Outcome: The mandated back-door is quickly exploited. If you think this is unlikely, remember two things — Russia and China are countries that exist; and the US and Israel infected Iranian computers that were physically disconnected from the internet. The foundations of security and identity verification on the internet quickly crumble for British companies and citizens. The financial sector lies smouldering in the corner. Criminals implement their own end-to-end encryption setup (which, as I mentioned above, is trivially easy with a couple of hours of research) and remain totally unaffected by the new regulations.
Approach 3: End-to-end encryption is permitted for certain parties, like banks, but banned for everyone else.
Outcome: See above — criminals implement their own systems with ease while the average law-abiding person continues to have their privacy undermined by a government that clearly does not understand what they are doing.
There really isn’t much more I can say on this topic. I hope my silly metaphor has helped convey the basic premise of cryptography, and shed some light on why this is an unworkable idea.
I’m aware that the government is not composed of computer experts, nor should it be expected to be. But it must have even a basic understanding of what it is proposing before introducing sweeping and overreaching laws.
Anything less makes us all look like fools.