G20 calls for 'lawful and non-arbitrary access to available information' to fight terror

Or in other words, access to encrypted messages

Comment The meeting of G20 leaders decided to do something about the internet.

The final G20 Leaders' Statement on Countering Terrorism included the following plan:

We will work with the private sector, in particular communication service providers and administrators of relevant applications, to fight exploitation of the internet and social media for terrorist purposes such as propaganda, funding and planning of terrorist acts, inciting terrorism, radicalizing and recruiting to commit acts of terrorism, while fully respecting human rights ...

In line with the expectations of our peoples we also encourage collaboration with industry to provide lawful and non-arbitrary access to available information where access is necessary for the protection of national security against terrorist threats. We affirm that the rule of law applies online as well as it does offline.

Australian prime minister Malcolm Turnbull lauded the G20's agreement “to work with industry in the pursuit of public safety and together fight terrorists and organised criminals”.

And once again, the central contradiction of Turnbull's – and the rest of the G20 leaders' – position is on show. They want the industry – in particular social media and messaging platforms – to read messages sent using services that punters sign up for because they use encryption to assure privacy.

Turnbull's speech singled out Whatsapp, Telegram and Signal, asking why they should “be able to establish end-to-end encryption in such a way that nobody, not the owners and not the courts, has the ability to find out what is being communicated”?

Reg comment

Turnbull and the G20's “not a backdoor” was refined, however: what the government wants this week is backdoors created and managed by messaging platforms.

“The G20 communique is not talking about giving governments a backdoor to access messaging” (emphasis added). “Rather it is saying to Silicon Valley and its emulators – the ball is in your court. You have created messaging applications which are encrypted end to end, they are being used by terrorists and criminals to hide their murderous plans.

“You must ensure that these dark places can be illuminated by the law so that the freedoms you hold dear will not be stripped away by criminals your technologies have made undetectable.”

For all that both the communique and Turnbull's speech talked about “collaboration” with industry, there's no mechanism for such collaboration or explanation of what Google, Facebook and Twitter are already attempting – to identify terrorist recruitment and hate speech, and delete those posts quickly.

As far as encryption goes, it's hard to see the platforms cutting their own throats by inserting backdoors in their products.

WhatsApp, Signal and Telegram in no way invented modern asymmetric key encryption. They create implementations based on principles made public by Diffie and Hellman in the 1970s.

And, as is tedious (but necessary) to repeat, if necessary, anybody “skilled in the art” can produce an end-to-end implementation that exchanges public keys while hiding private keys, can create a ciphertext that's hard to crack without the private key, and can publish their software.

Picking just one crypto implementation as an example, it's also tedious-but-necessary to reiterate that any way to pry open SSL/TLS would trash Internet commerce, regardless of who holds the secret.

Even taking the China option and wielding a ban-hammer on the applications themselves is bootless, unless governments adopt The Middle Kingdom's authoritarian approach to enforcement. ®


Biting the hand that feeds IT © 1998–2017