Cameron Doesn’t Want to Ban Encryption

Here’s What He Does Want to Ban


A lot of stories have been published in the past few days speculating that David Cameron, Prime Minister of the United Kingdom, wishes to ban all encryption in the country. For example, writing in The Guardian, James Ball speculates that communications with Amazon could be affected:

If instead the prime minister is proposing it is only encrypted messaging that’s banned, the picture becomes hardly any clearer: if my Amazon online shopping session includes an ability to message a seller, is that now banned? Will the government produce a list of people who are allowed to use encryption?

I’ve also seen those on Twitter speculating that Mr. Cameron intends to ban all TLS encryption (or would need to do so to accomplish his goals).

In fairness, we know very little of his specific policy proposals. This is one representative remark that he made:

In extremis, it has been possible to read someone’s letter, to listen to someone’s call, to mobile communications … The question remains: are we going to allow a means of communications where it simply is not possible to do that? My answer to that question is: no, we must not. The first duty of any government is to keep our country and our people safe.

Mr. Cameron clearly wishes to ban apps and devices that allow for “end-to-end” encryption: That where only the sender and recipient have the cryptographic keys necessary to decrypt and read the messages.

Traditionally, most messaging services — SMS, Instant Messaging (IM), and Email — have utilized “client-server” encryption. In this system, your message is encrypted on your device (the “client”) to the provider’s server; that server decrypts the message using its key; and it is then reencrypted to your eventual recipient, who then decrypts it on her device.

Recent events in Paris have shown the power of illustation. Let’s imagine that Alice wishes to send Bob a message over The Internet, using the MessageCo system. Here’s how that message would look, in transit:

Client-Server Encrypted Messaging

As you can see, MessageCo has to read the message. In part, this is driven by system simplicity — there aren’t a lot of encryption keys to manage on devices; it’s the easiest way to implement with off-the-shelf software. In other part, it’s often MessageCo’s business model — by reading messages, they can better target advertisements to their users.

Now, I realize it’s a stretch, but imagine a world where MI5 is routinely vacuuming up large quantities of traffic off the Internet. They suspect Alice and Bob are involved in a nefarious plot, and the government has captured all the messages they’ve sent each other — it’s just that they’re all encrypted, and MI5 doesn’t have the key! Ah, but MessageCo does. Mr. Cameron simply sends some men with guns to their offices, who tell the proprietors that the Child Terrorists are imminently about to detonate Nuclear Pornography over downtown London, and MessageCo will happily and eagerly decrypt all the messages for MI5, probably without even being subpoenaed.

By contrast, with a system that implements end-to-end encryption, only Alice and Bob have the keys. Here’s how that message would look:

End-to-End Encrypted Messaging

In this case, even though MI5 has copies of all the messages, and even though they went through MessageCo’s servers, only Alice and Bob are capable of decrypting the messages. In order to decrypt them, you either need to “brute force” break the encryption — something still believed difficult or impossible even for major world governments — or, you need to retrieve one party’s keys, from their device.

Until recently, almost all services were of the client-server model. Major world governments have been able to read almost anything they want, either with or without cooperations from major service providers, because of the inherently insecure model involving trusting third parties unrelated to the communication with the content of messages. Even for service providers that were reluctant to assist, it’s been clear for some time that governments have been actively attacking and subverting those systems.

What This Isn’t

I’ve seen many privacy activists characterize this as something it isn’t. This is not:

  1. A ban of all Internet encryption. This is only encryption where no third party knows the keys.
  2. A ban of all encrypted messaging. Again, as long as someone in the middle can read the messages, it would be permitted.
  3. A proposal that all encrypted messages must also be encrypted to the government. Though that presumably would be one way of complying, one would expect that most services would comply by moving back to a client-server model.
  4. A generic automatic “back door” that would allow government employees — and presumably anyone else who could access the system — to read whatever they want.

It’s important to understand what this proposal isn’t, because most of the arguments I’ve seen opposing this proposal have been based on one of the previous four false assumptions — and hence engage with straw men in their arguments against this policy. While all of the above proposals have deep, deep technical flaws, this proposed policy would not, in fact, hit most of them. Essentially it would mandate that all systems use something like what Google already does for GMail and GChat. Claiming that there will be guaranteed widespread insecurity by mandating that all services work like…a service that seems to basically work fine for most people simply makes privacy advocates seem unhinged, or disingenuous.

Why Now?

Why is this a problem, now? Messaging services originally began as either end-to-end, or unencrypted. Back in 1996, when I worked at PGP developing some of the first strong consumer-aimed cryptography, our system was inherently end-to-end. In fact, confounding government intrusion was a large part of the point — I remain very proud of the fact that our product has been used for years by opponents of brutal, repressive governments worldwide, specifically because those governments were unable to read the messages. Unfortunately, it’s not a very easy-to-use system, and even most of the crypto-savvy folks I know don’t use it routinely.

Similarly, there have been fairly obscure technologies such as “Off The Record” (OTR), which allowed the technologically savvy to end-to-end encrypt their IMs, but which never took off for mass use.

What’s changed is, now, with the recent revelations of mass-surveillance by Western governments, many providers have become more interested in deploying end-to-end encryption so that their customers can feel secure in their communications. Companies like Glimpse (disclosure: I am on their Advisory Board), and Apple’s iMessage, now allow the technologically unsophisticated to download an app and potentially keep their messages secret even from the world’s foremost spy agencies, without having to understand complicated technologies.

Is This A Good Idea?

In case it’s not obvious from the above, I strongly oppose this policy. I’ve spent my career as a security expert and freedom advocate. I applaud the efforts of companies of late to actually provide a usable, secure solution for everyday users. It’s what we tried to do at PGP, even if the technology wasn’t there yet to make it as easy as we would’ve liked — and it’s a fair point that perhaps we let concerns over more obscure attacks, such as “man in the middle”, prevent us from deploying basically usable crypto for most people.

Here are some of the reasons I oppose this policy, and hope it will not pass in any part of the free world:

  1. While I’m unconcerned about wholesale releases of private communications under these standards, history has shown there will be retail abuses. Government and private employees will use these powers for titillation, to persecute petty enemies, and for personal gain.
  2. Governments will use these powers against other arms of their own government, for political gain. It is worth remembering that the NSA’s spying program seems to have brought down the head of the CIA, General Petraeus. Perhaps this was just an unfortunate side-effect of an overzealous investigation, as the FBI claims; or, perhaps, it was an internal political fight that ended the career of a rising politician. We’ll never know, and it’s a terrible thing that asking that question doesn’t make me seem unhinged.
  3. Governments will use these powers against people they disagree with, or dislike. As with all sweeping security powers, we are sold on the hypothetical of a terrorist with a large bomb who will be thwarted, but once this technology is out and deployed, it will be used against any domestic target that causes discomfort to the powerful. Anonymous leaks of personal information remain a potent weapon against many people.
  4. It will not, in any case, stop terrorists from using secure communications channels. Such channels are available outside of app vendors; they are simply more difficult to use. Your average government official trying to hide an affair from public eyes will probably not bother with them, but I assure you that Al Qaeda and their ilk are both aware of the need for higher security; and willing to take the trouble to use it. That has been well-demonstrated in the field, already.

Finally, and most importantly, governments simply do not have the unlimited right to read their citizens’ communications. Free speech is a fundamental and natural right of all people, and that includes my ability to communicate using whatever security technology is available. There is a lot of speech that the government has absolutely no business intercepting, and a free people should not stand for it. Mr. Cameron claims, “The first duty of any government is to keep our country and our people safe”. I rejoin that the first duty of any civilized government is to keep its people free.