EncryptionIf you seek to “switch off” encryption, you may as well switch off the whole Internet
Prime Minister David Cameron has stated that the U.K. government will look at “switching off” some forms of encryption in order to make society safer from terror attacks. This might make a grand statement but it is impossible to implement and extremely technologically naïve. Encryption is a core part of the Internet; its use is increasing every day — Google’s services, including search and e-mail, use encrypted streams, as do Facebook and Twitter and many other widely used sites. Encryption makes it almost impossible for eavesdroppers to read the contents of the traffic. It is the foundation upon which all e-commerce is based. The technical case for switching off encryption is thus simply a non-starter. In fact we are moving in the opposite direction, replacing the old, open Internet with one that incorporates security by design. If you wish to switch off encryption, it will unpick the stitching that holds the Internet together.
Prime Minister David Cameron has stated that the U.K. government will look at “switching off” some forms of encryption in order to make society safer from terror attacks. This might make a grand statement but it is impossible to implement and extremely technologically naïve.
Encryption is a core part of the Internet; its use is increasing every day — Google’s services, including search and e-mail, use encrypted streams, as do Facebook and Twitter and many other widely used sites. Encryption makes it almost impossible for eavesdroppers to read the contents of the traffic. It is the foundation upon which all e-commerce is based.
It’s just impossible to ban. There is no way to define a law which constrains the use of encryption. Would it be only when used in certain applications (such as email), or by disallowing certain methods (such as the encryption program PGP)? Would using a Caesar code, a cipher nearly 2,000 years old, be illegal?
Such a move would make the United Kingdom — or any country that followed suit — unsafe in which to do business. Free countries wouldn’t consider switching off encryption due to the insecurity it introduces for both consumers and businesses.
Much online content accessed in the United Kingdom is actually stored and processed outside the country. Someone who suspects that they may be monitored can set up a secure connection to a remote site in the cloud — Amazon’s for example — and store and process information there. How would this fall under any new law?
And where would the ban end? Would it include character encoding, such as the Base-64 encoding that allows for e-mail attachments, or the encoding that provides non-Roman character sets for other languages? Encryption is also the basis for cryptographic signing, a digital signature used by all manner of organizations to verify that digital content — software, audio-visual media, financial products — is what it claims to be. It is the basis of trust on the internet.
We have a right to some privacy. Few people would not object to their letters being examined or their phones being tapped — and the rights enjoyed in the days of traditional communications should be no different when applied to their modern digital equivalents.