David Cameron: Empower U.K. Spies to Read All Communications
Britain's conservative leader is proposing counterterrorism measures that are dangerous and unworkable.
British Prime Minister David Cameron reacted to last week's terrorist attack in Paris by participating in a march declaring solidarity with freedom of expression. Then he went home and attacked freedom of expression with a promise: If his party, the Conservatives, win an upcoming election, they'll pass legislation that would empower security services to read anything sent over the Internet.
"If I am prime minister I will make sure that it is a comprehensive piece of legislation that does not allow terrorists safe space to communicate with each other," he said. “That is the key principle: Do we allow terrorists safer spaces for them to talk to each other. ... Are we going to allow a means of communications which it simply isn’t possible to read? My answer to that question is: ‘No we must not.’"
He favors a Britain where everything that anyone communicates can be spied upon if authorities determine that certain conditions are met. In short order, this would enable security services to spy on all innocent communications even as terrorists and non-criminals begin to communicate in code or through still-dark channels. And that is just the beginning of the problems with this privacy-killing proposal.
Cory Doctorow has a thorough rundown in BoingBoing:
What David Cameron thinks he's saying is, "We will command all the software creators we can reach to introduce back-doors into their tools for us." There are enormous problems with this: There's no back door that only lets good guys go through it. If your Whatsapp or Google Hangouts has a deliberately introduced flaw in it, then foreign spies, criminals, crooked police (like those who fed sensitive information to the tabloids who were implicated in the hacking scandal—and like the high-level police who secretly worked for organised crime for years), and criminals will eventually discover this vulnerability. They—and not just the security services -- will be able to use it to intercept all of our communications. That includes things like the pictures of your kids in your bath that you send to your parents to the trade secrets you send to your co-workers. But this is just for starters. He doesn't understand technology very well, so he doesn't actually know what he's asking for.
For David Cameron's proposal to work, he will need to stop Britons from installing software that comes from software creators who are out of his jurisdiction. The very best in secure communications are already free/open source projects, maintained by thousands of independent programmers around the world. They are widely available, and thanks to things like cryptographic signing, it is possible to download these packages from any server in the world (not just big ones like Github) and verify, with a very high degree of confidence, that the software you've downloaded hasn't been tampered with.
There's much more to the piece. "If any commodity PC or jailbroken phone can run any of the world's most popular communications applications, then 'bad guys' will just use them," it concludes. "Jailbreaking an OS isn't hard. Downloading an app isn't hard. Stopping people from running code they want to run is hard, and what's more, it puts the whole nation–individuals and industry–in terrible jeopardy."
And if Britain improbably succeeded in creating a society where its security services could read anything communicated online, if its citizens bore all the costs in the forms of decreased privacy, inferior technology, and vulnerability to abuses, would the country then be safe from terrorist attacks like the one in Paris? Of course not. Guy Fawkes and his co-conspirators didn't need the Internet to nearly succeed in blowing up parliament (nor were they stopped by signals intelligence). Terrorists will always find methods of communication that are relatively hard to intercept, whether communicating in code online or sending documents via bike messenger or notes via pigeon or through unwitting children.
There is, if all else fails, meeting face-to-face to plan a future murder.
One wonders where David Cameron's logic stops. Will every house without a listening device that can be switched on with a judge's order be maligned as a "safe space" for terrorists to talk? If they then walk out into the countryside to talk in private, will British security hide microphones in bushes and trees? There is no way to preemptively identify all terrorists. And so the only way to deny a freedom to terrorists is to deny it to everyone. Beware the pol who pledges that he'll deny terrorists any safe space to talk privately. If he succeeds, we'll all be denied that.