A highly respected cryptographer and security expert is warning that David Cameron’s proposed ban on strong encryption threatens to “destroy the internet.”
Last week, the British Prime Minister told Parliament that he wants to “ensure that terrorists do not have a safe space in which to communicate.”
Strong encryption refers to the act of scrambling data in such a way that it cannot be understood by anyone without the correct key or password — even law enforcement with a warrant, or the software manufacturer itself. It’s used in some of the most popular tech products in the world, including the iPhone, WhatsApp messenger, and Facebook.
But amid heightened terror fears, Cameron says “we must look at all the new media being produced and ensure that, in every case, we are able, in extremis and on the signature of a warrant, to get to the bottom of what is going on.”
The Prime Minister first indicated that he would try and clamp down on secure communications that could not be decrypted by law enforcement even with a warrant back in January, in the aftermath of the Charlie Hebdo shootings in Paris. His comments sparked an immediate flurry of condemnation from privacy and security activists, but his recent statements show he’s not backing down.
Schneier is a widely respected cryptography and security expert and fellow at the Berkman Centre for Internet and Society at Harvard Law School, serves on the board of digital liberties pressure group the Electronic Frontier Foundation, and writes frequently on encryption and security. He didn’t hold back.
What was your immediate reaction to Cameron’s proposals?
Bruce Schneier: My immediate reaction was disbelief, followed by confusion and despair. When I first read about Cameron’s remarks, I was convinced he had no idea what he was really proposing. The idea is so preposterous that it was hard to imagine it being seriously suggested. But while Cameron might not understand what he’s saying, surely he has advisers that do. Maybe he didn’t listen to them. Maybe they aren’t capable of telling him that what he’s saying doesn’t make sense. I don’t understand UK politics sufficiently well to know what was going on in the background. I don’t know anything about Cameron’s tech background. But the only possibly explanation is that he didn’t realize the full extent of what he was saying.
Then I wondered why he would even wish for such a thing? Does he realize that this is the sort of thing that only authoritarian governments do? Again, my knowledge of the UK is limited, but I assume they are a free country that champions liberty.
Do you think they are even possible?
BS: Of course not. No one does. Sure, he can keep law-abiding non-technical people from using strong encryption. He can ensure that UK businesses are vulnerable to attack. But he cannot hope to prevent bad actors from using encryption to hide themselves from the police.
It’s simply not possible to ban strong encryption within a country and software that uses strong encryption from crossing its borders. It’s simply not possible to prevent people from installing the software they want on the computing devices they own. Countries like Iran, Syria, Pakistan, Russia, Kazakhstan, and Belarus have tried it and failed. China has tried before and is trying again. I wonder if Cameron is aware of the kind of company he is associating himself with.
Let’s say the UK government was determined to try and implement an encryption ban — how would it go about trying to do this?
BS: It gets draconian pretty fast. UK citizens would be banned from using secure software, and UK companies be banned from producing secure software. The government would have to enforce Internet censorship: people couldn’t download secure software, search engines couldn’t answer queries about secure software, and every packet would be inspected to ensure it isn’t being encrypted with secure systems. Closed computing systems like iPhone would ban their users from installing secure software, and open computing systems like Microsoft Windows would be redesigned to prohibit users from installing secure software. Free software would be banned. Anyone entering the UK with a phone or computer would have them conform to UK standards, and border control would seize any devices that fail to do so. UK researchers would be prohibited from researching secure systems.
Pretty horrible and totally infeasible. And even if Cameron turned the UK into the police state required to even attempt this sort of thing, he still wouldn’t get what he claims he wants. That’s the worst of it: it wouldn’t work, and trying would destroy the Internet.
What sort of effect would this have on the UK economy and businesses?
BS: My guess is that it would be a disaster. When the US tried to ban strong cryptography in the 1990s, hundreds of foreign companies sprang up to fill the gap in what the market demanded. And that was before so much of our day-to-day lives relied on the Internet. Today, security is vitally important in everything we do online, and this law would put UK businesses and citizens under an enormous disadvantage. UK citizens would be screwed, of course, and most wouldn’t be able to do anything about it. But foreign customers would avoid UK products if possible, and foreign users would avoid entrusting their data and communications to UK systems.
This isn’t entirely speculative. Already security companies are moving out of the UK to avoid draconian surveillance laws, and more are talking about it. (Yahoo is the big company that comes to mind.) Cameron’s proposal would only make things worse.
Are American and other foreign businesses likely to comply with such a ban, if it were enforced?
BS: If the UK government starts throwing people who violate the ban in jail, businesses will either 1) comply, or 2) put themselves in a position where the UK government cannot throw their people in jail. I expect some of each would occur. Certainly many companies would pull out of the UK market rather than compromise the security of their global customers and users.
Is there really no way to keep users’ data secure while providing backdoors to law enforcement?
BS: Yes, there really is no way.
Think of it like this. Technically, there is no such thing as a “backdoor to law enforcement.” Backdoor access is a technical requirement, and limiting access to law enforcement is a policy requirement. As an engineer, I cannot design a system that works differently in the presence of a particular badge or a signed piece of paper. I have two options. I can design a secure system that has no backdoor access, meaning neither criminals nor foreign intelligence agencies nor domestic police can get at the data. Or I can design a system that has backdoor access, meaning they all can. Once I have designed this less-secure system with backdoor access, I have to install some sort of policy overlay to try to ensure that only the police can get at the backdoor and only when they are authorized. I can design and build procedures and other measures intended to prevent those bad guys from getting access, but anyone who has followed all of the high-profile hacking over the past few years knows how futile that would be.
There is an important principle here: we have one world and one Internet. Protecting communications means protecting them from everybody. Making communications vulnerable to one group means making them vulnerable to all. There just isn’t any way around that.
Won’t the proliferation of encryption help terrorists?
BS: No. It’s the exact opposite: encryption is one of the things that protects us from terrorists, criminals, foreign intelligence, and every other threat on the Internet, and against our data and communications. Encryption protects our trade secrets, our financial transactions, our medical records, and our conversations. In a world where cyberattacks are becoming more common and more catastrophic, encryption is one of our most important defenses.
In 2010, the US Deputy Secretary of Defense William Lynn wrote: “Although the threat to intellectual property is less dramatic than the threat to critical national infrastructure, it may be the most significant cyberthreat that the United States will face over the long term.” Encryption protects against intellectual property theft, and it also protects critical national infrastructure.
ISIS might use encryption, but that’s okay.
What you’re asking is much more narrow: won’t terrorists be able to use encryption to protect their secrets? Of course they will. Like so many other aspects of our society, the benefits of encryption are general and can be enjoyed by both the good guys and the bad guys. Automobiles benefit both long-distance travelers and bank robbers. Telephones benefit both distant relatives and kidnappers. Late-night all-you-can-eat buffets benefit both hungry students and terrorists plotting their next moves.
This is simply reality. And there are two reasons it’s okay. One, good people far outnumber bad people in society, so we manage to thrive nonetheless. And two, the bad guys trip themselves up in so many other ways that allowing them access to automobiles, telephones, late-night restaurants, and encryption isn’t enough to make them successful.
Most of the time we recognize that harming the overwhelming number of honest people in society to try to harm the few bad people is a dumb trade-off. Consider an analogy: Cameron is unlikely to demand that cars redesign their engines so as to limit their speeds to 60 kph so bank robbers can’t get away so fast. But he doesn’t understand the comparable trade-offs in his proposed legislation.
Are there any less obvious ways in which encryption helps people on a day-to-day basis?
BS: Encryption secures everything we do on the Internet. It secures our commerce. It secures our communications. It secures our critical infrastructure. It secures our persons from criminal attack, and it secures our countries from nation-state attack. In many countries, it helps journalists, dissidents, and human rights workers stay alive. In a world of pretty bad computer security, it is the one thing that works well.
What encryption products would you recommend our readers to protect their communications online?
BS: I am a fan of Off-the-Record for encrypting IM conversations on your computer, and Signal for encrypting both text and voice conversations on your smart phone. The encryption built in to the iPhone for both iMessage and FaceTime is also very good.
I strongly recommend turning disk encryption on wherever you can: on your computer, on your smart phone, everywhere. When you browse the Internet, use TLS on the web whenever you can. Download the plug-in HTTPS Everywhere. GPG is the best e-mail encryption program, but my advice is to stick to text and voice.