Dear Theresa May,
I am writing in response to the recent calls from the Prime Minister and yourself regarding increasing the powers of the police and security services.
I can understand the aim of these calls, and indeed at face value stating that you are determined that “there should be no safe spaces for terrorists to communicate” sounds like a laudable goal. The problem however is that the only way to achieve the goal would also end up seriously undermining the security and privacy of everyday citizens, and have a significant impact on Britain’s ability to trade both internally and internationally. This is I believe the point that my MP, Julian Huppert, was trying to get across to you on Wednesday.
To explain this, let us assume that at some stage in the future laws are passed banning any form of encryption that cannot be decrypted by the police or security services (with appropriate authorisation as you have said), and consider what the implications would be on both terrorists and ordinary everyday citizens.
Firstly let’s look at the terrorists – we assume they have no problem with breaking the law, and so continue to use the now banned forms of encryption, thus there is no impact on them. One counter argument here would be that they could be identified and arrested simply for breaking this law, however due to simple techniques called steganography it is very easy to transmit messages that are not in any way identifiable as messages, thus you cannot detect the law is being broken.
If we look at the everyday citizens however, the impact is much greater. Today any website that has a URL that begins https:// rather than simply http:// (this includes any site which takes credit card payments, online banking sites, popular sites such as Facebook, ‘official’ sites such as GOV.UK, and even sites like the Conservative party website) is using encryption, which the security services cannot in general decrypt (as far as is publically known anyway). Encryption on most of these sites is used to protect sensitive data from criminals who could otherwise intercept it, and indeed for card payments it is a requirement that such data is encrypted in the Payment Card Industry Data Security Standards (PCI:DSS).
If we were to ban encryption altogether, then we would find no companies able to take credit card payments online, and online banking would cease to be available (as without encryption this sort of data is too vulnerable) – I cannot imagine the impact this would have on the economy. Additionally, we would find criminals have significantly more opportunities to perform identity theft and the like.
Clearly banning all encryption is not a practical option – perhaps we could allow encryption, but in a form the security services can readily break – while this sounds sensible, unfortunately due to the computing power available today if it is made readily breakable by the security services it is almost certainly readily breakable by criminals as well, so this is not a feasible option either.
The third option is key escrow, where all keys used for encryption have to be handed over to a government body. We already have a form of this today, in that current law requires handing over a key with a suitable warrant, however there is currently no requirement that keys should remain available in the future (indeed most secure sites use a technique called perfect forward secrecy which ensures even with the ‘long term’ key, you cannot decrypt a past communication).
While this third option sounds good in theory, there are a number of practical issues, the first and foremost being that since the terrorists will not care about breaking the law, they will simply refuse to hand over their keys, thus defeating the point of the change. Some other consequences here are:
- It is likely that a PCI:DSS auditor would not deem handing over keys used to encrypt credit card data, even to a government body, as secure, and thus we still would be unable to use credit cards online, with the consequent effects on the economy
- Should a criminal manage to break into the key store and access all the keys that were held in it, everybody would be in serious danger of financial / identity theft as suddenly all previous encryption is rendered useless, i.e. we are back to the no encryption scenario. Because of the volume of data available, this key store would be a very attractive target for criminals, thus this scenario is not as unlikely as it sounds.
Finally here, I would like to take a step back from the technology aspect – there is an encryption technique which (if carried out correctly) can be proved to have perfect secrecy, and it does not require any technology other than a pen and paper, and perhaps a pair of dice for generating random numbers. The technique is simple enough to be carried out by a child, and has been known about since 1882 – it is called a One Time Pad. For an example of how simple it is to do, I refer you to a video produced by Adrian Kennard, which is available at https://www.youtube.com/watch?v=3G8dPAdmyss