News you may have missed: why voting encryption-unfriendlies back in really isn’t a great idea

Last week, I wrote an article (in German) on David Cameron’s plans to ban certain encrypted communication tools. His suggestion came in the wake of the attacks on the French satirical magazine Charlie Hebdo. I called Cameron’s move political opportunism of the lowest sort. Opportunism that instrumentalises the attacks for cheap political gain to put back on the agenda laws that have previously been discussed and dismissed, like the Snoopers’ Charter.

 

In through the back door: Blair, Carlile, King, West

This week in the UK – had you noticed? – four peers (one of whom – Lord King – seems to have little idea what modern communications actually look like) went even further when they tried to sneakily re-introduce the Snoopers’ Charter (aka, the Communications Data Bill, which was thrown out in 2012 for infringing civil liberties “disproportionately”, while also being deemed too intrusive and too costly) into a new counter terrorism bill, leaving almost “no time for the other lords and the rest of us to engage in serious analysis” of the amendment in question. As David Meyer writes:

This is shocking behavior… it is genuinely surprising to see not only repeated attempts to avoid proper legislative scrutiny, but an attempt that ignores almost every objection made the last time.

Naughty. It seems that if our peers and MPs can’t implement their preferred legislation via the agreed democratic routes, they’re are prepared to do it thought the back door (you could argue that there is nothing very democratic about the House of Lords anyway but that’s a discussion for another day).

Speaking of back doors: in Germany, interior minister Thomas de Maizière recently echoed David Cameron’s call for weaker encryption, saying that it should be possible for law enforcement agencies to decrypt communications. Sascha Lobo, in German weekly Der Spiegel, draws attention to the fact that exactly 153 days before demanding weaker encryption, de Maizière had called for the opposite. As politicians do.

So now the Securocrats argue (with renewed vigour) that encryption is a problem because it allows THE TERRORIST (PANIC! IN SHOUTY CAPITALS!) to communicate in secret and thus makes it more difficult for law enforcement to prevent attacks like the one in Paris. That argument keeps being regurgitated ad nauseam. Haters gonna hate. Mass data retention on the other hand – or, in fact, building back doors into encrypted systems for law enforcement to exploit – is considered invaluable for STOPPING THE TERRORISTS!

Well. Wrong (and it doesn’t become more right, the more often you repeat it either).

Mass data retention and mass surveillance have failed on multiple occasions to prevent terrorist attacks. Mass data retention is used in France, yet it didn’t stop the Charlie Hebdo attack. For other examples of when mass surveillance didn’t help take Mumbai 2008 or Boston 2012. What is more, Cameron, de Maizière and their fellow encryption-dissers are very wrong (or being very dishonest) when they laud encryption back doors as some sort of anti-terrorism panacea. Making encrypted systems vulnerable to exploitation by the security services makes these systems vulnerable to everyone, not just law enforcement. And besides, the idea that government agencies could be allowed by law to circumvent encruption should be worrying enough in and of itself – I have argued on multiple occasions, as have others, that we should not trust governments never to exploit that kind of power. Strong policies and rigorous oversight are needed to keep people safe from government overreach. Recent revelations that the British GCHQ has been capturing the emails of journalists – or that MPs tried to sneak in the Snoopers’ Charter without the electorate noticing – are further proof that we shouldn’t simply take at face value what we are being told by people trying to capitalise on our worries. That is especially important in the run-up to the general election in the UK. As the Electronic Frontier Foundation points out,

now is the time to challenge politicians to oppose mass surveillance, support privacy by supporting encryption, and rein back the intelligence services.

Well, some of the people who make laws in the UK seem to think we shouldn’t get a say.

 

Crypto Wars 2.0

Governments have never exactly been fans of encryption. Back in the 90s, encryption was under attack from governments as well. People call this the Crypto Wars. Back then, laws that would have weakened encryption were thrown out. Perhaps this was because, pre-9/11, the world was a less panicky place. Surely it must be panic, as it certainly isn’t rationality that makes politicians keen to launch Crypto Wars 2.0. There is no sound or sensible basis for the demand made by people like Cameron and de Maizière that encryption be weakened.

This is true even if the civil liberties argument that everyone has a right to privacy and secure communication doesn’t convince you.

You may argue, like Max Hastings has done in the Daily Mail, that to be safe from THE TERRORISTS you would happily let the spooks “access the phone calls, bank accounts, emails of you, me or any other law-abiding citizen.”

You may think that if you have nothing to hide, then you have nothing to fear.

You may agree that perhaps we need to give up some of our civil liberties to keep ourselves and the ones we love safe – and sod all the others. Every man for himself, you may think, as long as me and my own are safe, I don’t care that we become less free or that some minority to which I don’t belong or a society in a distant future which I won’t live to see are less free and less safe because of it. If that makes me and my own safe, then so be it. We’re fighting a global WAR ON TERROR after all.

Especially if you agree with the latter (i.e. the “as long as I am safe, sod the others” take on things), I am sorry to tell you, you probably lack imagination, a sense of responsibility, and basic empathy. It shouldn’t be that difficult to imagine why weakening encryption and implementing mass surveillance is a bad thing because there is always the possibility that people become subject to persecution based on some arbitrary characteristic that another group of people dislikes or fears (it’s not like we haven’t seen it before – no imagination required, just a bit of historical knowledge). You may feel that this is unlikely to happen to you in which case, congratulations, you have been properly and thoroughly assimilated and anesthetised by the dominant culture.

If you believe any of the former (i.e. that you have nothing to hide and hence nothing to fear), you might still want to think again. Especially when it comes to weakening encryption to make it easier for law enforcement to catch THE TERRORISTS! Because that idea betrays either complete ignorance about how encryption works or frightening dishonesty on the part of the people who advocate it. Neither of which – ignorance and dishonesty – are things we should be looking for in our leaders.

Yet,

[r]ight now, some British MPs are walking into a highly competitive election supporting policies about surveillance and the destruction of encryption that they have not personally considered, and may lack public support.

Germany had a general election last year and as far as online security is concerned, voters may come to regret their choices of voting a government back in that has so far been reluctant to support a real investigation into NSA spying and whose ministers are now chiming in with Securocrats elsewhere in the world that surveillance powers need to be extended and that weakening encryption is a good idea.

 

Physical damage to critical infrastructure: imagine hospitals

I have said this before but let me say it again; encryption keeps all of us safe. Not just from the prying eyes of mass-data-retaining government agencies which you may think you have nothing to hide and nothing to fear from but also from – wait for it – that’s right, TERRORISTS and other cyber criminals.

I can prove it too. Because, you see, there was a piece of news over Christmas that – amidst all the shouting over the Sony hack – went virtually unnoticed and which, now that the discussion of intrusive surveillance laws is back on the agenda (at a convenient time in the run up to the UK election, no less), continues to be disregarded.

This is the news that “A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever”. As Wired reported:

hackers… struck an unnamed steel mill in Germany. They did so by manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in “massive”—though unspecified—damage.

So why, you may ask, does an unnamed steel mill somewhere in Germany matter? Well, it may not matter to you. But the interesting fact isn’t so much what was attacked or where, but that a cyberattack resulted in physical damage. It is an example of what cyber-criminality can do in the offline world.

Add to that a vital piece of information from the Wired article, namely that

[i]ndustrial control systems have been found to be rife with vulnerabilities, though they manage critical systems in the electric grid, in water treatment plants and chemical facilities and even in hospitals

and it will become clear to you that

[a] destructive attack on systems like these could cause even more harm than at a steel plant.

All of a sudden, this shouldn’t seem so obscure or far away anymore. Think hospitals. Critical infrastructure that each and every one of us innocent civilians rely on, right? Well, cyber criminals could attack systems that manage the electrical grid in a hospital. You or I or someone we love could be in that hospital on a life support machine. Not that I wish that on anyone but just for the sake of the argument – imagine the power being cut completely.

That is the kind of scenario that encryption keeps us safe from. Even a “2009 document from the US National Intelligence Council… called encryption the “best defence” for computer users”, as the Guardian reported at the start of the year. That is any computer user. Not just THE TERRORISTS or you and I who have nothing to hide and thus nothing to fear. Building backdoors into encryption for the security services to exploit makes encrypted systems vulnerable to exploitation by the very people who could and would cause us harm:

If there are backdoors… or if weak encryption is used, then you are only opening up opportunities for hackers to break in and steal information too,

independent computer security expert Graham Cluley said in response to David Cameron’s call for weaker encryption. That should be something we might want to consider next time someone evokes THE TERRORISTS or THE WAR ON TERROR to try and justify putting backdoors into secure systems, or to advocate their Crypto War 2.0.

Let us be clear: encryption isn’t just important. It is essential and

[h]aving the power to undermine encryption will have consequences for everyone’s personal security.

Therefore, strong encryption concerns every single one of us because it protects every single one of us in many fundamental ways. To claim anything else and to call for encryption to be weakened is “insane”, disingenuous or just plain daft. Or perhaps a combination of the three.

If you vote in the UK, take that into consideration. Now is the time to challenge such claims and to make sure that politicians don’t sneak laws past us that make all of us less safe.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s