Our glorious prime minister, failed TV company marketing director David Cameron, has proposed banning all forms of encryption that can't be broken by the security services. I'm not the only person who thinks this policy is beyond bonkers and well into criminal insanity (even his own deputy prime minister has reservations), but for the record, let me lay out why this is such a bad idea.
0. It is already a criminal offense to refuse to disclose your encryption keys, or to decrypt an encrypted file, on receipt of a lawful order to do so by the police or a court, under powers granted by Part III of the Regulation of Investigatory Powers Act (2000), in force since 2007. (Immediate consequences: paranoid schizophrenic jailed for refusal to decrypt his files. Apparently French anti-terrorism police became suspicious when he ordered a toy rocket motor. Strong encryption is the new tinfoil hat for technically ept paranoids: there's a human rights issue here. But I digress.) The point is, legal powers to essentially compel compliance with Cameron's goal already exist.
1. What Cameron is asking for, however, is a lot more drastic: the outlawing of endpoint-secured communications protocols. In other words, the government must be able to decrypt any encryption session used within the UK. This has drastic consequences which would, in my view, drastically undermine British national security (and cripple our IT industry).
What are these consequences?
2. If the government can decrypt an end-to-end encrypted session, then a third party can in principle use the same mechanism to decrypt it. (The third party could be a rogue government employee, or a crypto hacker.) This is not a hypothetical: it's intrinsic to how cryptography works. It's either secure against all third-party snoopers, or it isn't secure and will be cracked in time inversely proportional to the value of the data conveyed. Also, merely knowing that an encryption protocol has a weakness makes it easier to attack.
3. Let's start with email. Not just your regular email: how about privileged lawyer/client communications? Internal transmission of confidential medical health records within the NHS backbone network? Your accounts, going to and from your accountant?
4. But email is only the tip of the iceberg. How about the encrypted web session you use to check your bank account? Or to pay your income tax? If you're a small business, the VATMOSS system is obviously a target—and a high value one, where an attacker could steal large amounts of money. Mandatory back doors in encryption imply weakening the security around the government's own tax-raising system. (Talk about sawing off the branch you're sitting on.)
Some systems require end-to-end encryption or they are simply too risky to permit. What are they?
5. Let's start with SCADA systems that control blast furnaces, nuclear reactors, water treatment plants, and factories. Then we can add other online systems: the in-cab signalling system used to deliver signals to drivers of trains on railway lines cleared for high-speed running, traffic signal boards on motorways, and in the not too distant future systems used by air traffic control for filing flight plans and transferring security-related passenger information.
We should then add online finance systems, from Paypal to the APACS credit card settlement system, the BACS payment system through which about 80% of the pay cheques in the UK are sent straight to the recipients' bank accounts, to inter-bank settlement and reconciliation, the share dealing system used by the London Stock Exchange, and every supermarket and wholesale warehouse inventory management and stock control/ordering system in the country.
What is the worst case outcome of mandating that the security around all these systems is weakened?
6. How about a group within 8chan deciding, purely for lulz, to scramble all the patient medical records accessible over the NHS Spine? Or that the Russian Mafia, who are already very much into cybercrime, hit the BACS system and use it to siphon off or scramble all payments going into the HMRC Income Tax accounts on January 31st?
Here's the key message that Cameron simply doesn't understand:
7. There is a trade-off between internal security and external security. You can have perfect security against message traffic between external hostiles if you ban encryption ... but by so doing, you destroy your internal security against attack from any direction at all. Or you can have total internal security with end-to-end encryption of all communications, and be pretty much immune to certain classes of hack attack, but lose the ability to listen for terrorist chatter. These two circumstances are opposite ends on a scale. You can adjust the balance between the two, but mandating either end of the scale is idiotic. Our prime minister has mistaken the rotating knob for a push-button with a binary on/off state. Hopefully his advisors will take him aside over the next few days and teach him better, or he'll lose the election this May. Either way, though, this proposal is disastrous and if it happens, well, I'll just have to get used to being a criminal.