In November 2015, the Investigatory Powers Bill was published, revealing at last the extent to which our goverment thinks it should have access to all the communications we send over the internet.
There will be much talk of how things like WhatsApp and iMessage must allow the government access to messages sent between users, despite the fact that some of these systems have been specifically designed to make such interception virtually impossible.
Will they be banned in the UK (or withdrawn by the companies that provide them)? Or perhaps each time a user of iMessage tries to send a message to someone in the UK, a pop-up could note could remind them that their message may be intercepted as it is not permissible to have privacy in this country.
Even if WhatsApp, Telegram, iMessage, and all the other similar apps are banned, for refusing to open up their databases, it’s not actually going to stop people from communicating. They can write innocent looking messages on postcards, after all.
If I were someone who hated our way of life as much as we’re told people do, perhaps I’d use “western liberalism” against itself and choose not a messaging app that you can be sure the security service are looking at, but something else, like a gay dating web site that allows users to send messages to each other.
Is Ms May going to tell all those sites that they can’t use SSL for their user’s sessions, because she might want to listen in? Is the security imperative so strong that any such site that decides it wants to protect its message database with encryption will be told they can’t, or that they need a special licence?
There are many sites on the internet that allow users to send messages to each other. Almost every forum allows it – and if you’re using phpBB, there’s a modification you can add in about ten minutes that encrypts the private messages sent between users. Will that be illegal now?
You might ask why people should be encrypting messages in their database. A far better question to ask is why shouldn’t they? Look at the massive TalkTalk hack – it’s quite easy to get data from companies that should know better.
Now imagine the potential for blackmail and other chaos if a dating site’s message database, along with information about customers, was stolen by hackers.
These things ought to be encrypted, by any sensible site admin, for the protection of their users. I run a site myself, for members of a section of the gay community, and I want to encrypt our messages for just that reason – but right now I don’t know if I’m going to be breaking the law by doing that.
Our government seems to think protecting people’s privacy like that is beyond the pale. It’s worth banning encryption for such things, because we might find a tiny nugget of information, apparently, or so the logic goes.
You almost certainly won’t, however. I’ve already suggested some of the ways in which people can communicate without using these services. With a bit of technical savvy, in fact, it would take a moderately skilled person less than a day’s work to make their own encrypted messaging system to install on a few Android phones.
All of this is panic, and the fond idea of politicians – that I’ve talked about before – that somehow, technology can solve every problem if it’s used in the right way.
We have, it’s true, had some horrific terrorist attacks in the UK, including the 7/7 bombs.
We also had, across a period of over two decades, a sustained campaign of terrorist violence by the IRA that killed and injured far more people than any Islamic terror cell has managed. And they didn’t have a single iPhone between them.
(Originally published in November 2015, I’ve updated this piece, following reports in August 2016 that Ms May, now the Prime Minister, is still planning to force tech companies to provide backdoors in their security.)
Historically it must also be recognised that governments cannot be trusted with the keys, even if they don’t violate our human rights (or even if they do so ‘legally’) the US has shown us that they can’t keep these back-doors secure. The best and most recent example is the failure of the TSA’s master lock system:
http://www.wired.com/2015/09/lockpickers-3-d-print-tsa-luggage-keys-leaked-photos/
But also DES back in history.
Well in the case of your forum, perhaps there’s scope to wield the “human rights” axe ?
I can well imagine, given some of the things I’ve read, that even now there’s a certain amount of anti-gay feeling amongst some people – and I’m sure the same is true for various other forums. So it’s not unreasonable that many of your members might well feel genuinely in danger if their communications between each other aren’t kept private.
So if the government were to ban you from effectively protecting that information, would that be denying a vulnerable section of society their human rights to freedom of expression, freedom of association, and protection from victimisation ?
Maybe yes, maybe not – until tested in court there’s no certain answer. But, the government (or at least some of the officials and ministers) must by now realise that deliberately putting things in place that are likely to be illegal will sooner or later get them dragged through the courts with all the humiliation that involves – especially if people can then point out that it was obvious and pointed out in advance that the law was itself unlawful.
So perhaps it might be worth exploring that avenue, and if you think it might work, make it known that you (or someone in a similar position) would immediately challenge the lawfulness of the new law.
Of course, we have the recent “poster girls” of Madley Addison and Talk Talk to hold up as examples of why security matters !