Hi, um, hello, US tech giants. Mind, um, mind adding backdoors to that crypto? – UK govt
Call Me Dave wants to know what's in your calls
Analysis The UK government is apparently going to ask Apple, Google, and other American tech giants to give it the skeleton keys to their encryption systems.
Based on our experience here in the US, the response is going to be a firm: "Fsck off."
On Monday, the Daily Telegraph (a reliable friend of the ruling Conservative government) published comments from a conveniently well-placed source stating that companies doing business in the UK must allow Blighty's intelligence to crack the encryption in their software and hardware.
In other words, the encryption used to protect people's messages and calls from eavesdroppers must be weakened to the point where it can be decrypted on demand. The UK government isn't happy that chatter can be protected end to end – meaning that only the people communicating can read each other's messages, not the software maker, not the network provider, and not the authorities.
Eight AM, day one, week one, the British government wants to be able to decipher any communications it can lay its hands on – it always has done.
The requirement for knackered encryption will appear in the forthcoming Investigatory Powers Bill, we're told.
According to the Torygraph, on Wednesday the government will publish proposed legislation that will outlaw technology that can encrypt conversations between two individuals so strongly that the authorities cannot decrypt the chatter without the individuals' help.
Politicians are trying to justify this with the usual invocation of the four horsemen of the infopocalyse – terrorists, drug dealers, pedophiles, and organized crime. This needs to be done to keep Brits safe, so the narrative goes.
We've been here before, many times
This isn't the first time governments have tried this sort of move, and it won't be the last. FBI boss James Comey tried calling it "front-door access" to make it seem more cheery and palatable. The fear, he said, was that private conversations could lead to public crimes.
While a wonderful soundbite from Comey, it's just not mathematically possible to provide a truly secure encryption system that can be enabled and disabled by a secret Feds-only switch. The switch will be there for anyone to flip.
Speak to the best crypto developers (and we have) and you get the same story. You can't introduce a backdoor into encryption without someone, anyone in theory, exploiting it.
Foreign governments, organized crime, or anyone else who fancies having a free run at the encrypted secrets of a populace, will find a way to slip in.
By fighting criminals, our rulers are making us less secure to criminals.
Politicians will tell you that such special police-only backdoors must be possible, if only the technology geeks were properly motivated. Any half-decent mathematician responds by pointing out that mathematics – the purest of sciences – do not work like that.
In the past few weeks the US government has come to terms with this. The Feds are still making noises about requiring skeleton decryption keys, but the White House has decided to kick the issue into the long grass and wait for the next administration to deal with it. President Obama, nearing the end of his final term, has given up pushing for a law demanding breakable encryption.
Shades of empire
It seems that decision was not enough of a hint for America's former masters. Instead David Cameron's government has decided to go it alone and use the, er, massive influence of the Commonwealth of Nations to force the technology industry to bend to its will.
The response from Silicon Valley is going to be: "No. Please stop talking about this. Don't make it look as though we hand over people's private conversations at the drop of a hat."
If the US government can't force the big technology firms to play ball, then the UK government has no chance. The British Establishment can sound off all it likes about the need for encryption backdoors, but the days of the empire are over. The Prime Minister is going to have to accept the fact that he's a small porker in a very big swine market.
But wait, there's more
It's interesting to see Number 10 getting its knickers in a twist over end-to-end encryption of communications – interesting in that one must wonder if Cameron's advisors are aware of the actual state of end-to-end encryption provided by Apple, Google, Microsoft etc.
According to the EFF, Google Hangouts does not provide any end-to-end crypto at all, thus it can be wiretapped by investigators. The same goes for Microsoft Skype and Yahoo! Messenger.
Only out of the big tech companies are Facebook-owned WhatsApp and Apple's communications – Messages and Facetime – end-to-end encrypted. However, WhatsApp is closed source, so there's no easy way to verify its security, and there's a flaw in Apple's otherwise perfect design: Apple controls the key exchange between the two people talking to each other.
The iGiant insists it cannot read your messages and decrypt your calls. However, an FBI agent who manages – by court order or some other means – to get her key switched for your contact's key will be able to successfully snoop on your communications. The technical capability is there no matter how much Apple tells you it cherishes your privacy.
This law, if passed and obeyed by tech companies, will stop dead any mass rollout of end-to-end cryptography. And if tech companies choose to ignore the rules, not all of their systems are fully secure anyway.
Your remaining solution, privacy-conscious readers, is to trust the likes of WhatsApp and Silent Circle, or pick software from Open Whisper Systems. These truly end-to-end encrypted systems will be the real target of this legislation. ®
Sponsored: Becoming a Pragmatic Security Leader