Cameron’s call for banning encryption undermines our rights, security
In the wake of tragic attacks in France, politicians from across the world are calling for dramatically expanded surveillance powers, to spy on our phonecalls, ban encrypted communications such as WhatsApp and iMessage, and store details about our international travels for years on end.
If it feels like you've heard this story before, it's because you have. With each violent attempt by extremists to terrorise society, our political leaders dust off old, failed proposals such as the UK Government's "Snooper's Charter" or an expanded version of the passenger name records (PNR) profiling database hoping that nobody will notice the cynical opportunism. Government officials, elected or otherwise, rally in the name of freedom and human rights claiming that the terrorists will never win and hate us for our freedoms, and then moments later, almost in the same breath, attempt to curtail our rights they boldly proclaim in public as unassailable.
If we are truly to celebrate, promote, and defend the right to freedom of expression, then we must just as resolutely celebrate, promote, and defend other rights that enable expression, namely the right to privacy.
It is not merely disappointing that officials seem to be talking out of both sides of their mouths. It is terrifying that this is how democratic leaders behave; that they can partake in photo ops while working behind closed doors to restrict our rights; that they can see tragic acts of violence as political openings to pass previously defeated proposals; and that they can repeatedly refuse to confirm or deny the existence of surveillance programs that everyone knows exists, a slap in the face of the public's right to participate in a democracy and engage in a very necessary debate about powers of the State.
Now UK Prime Minister David Cameron is promising that, if re-elected in 2015, he will introduce powers to allow for intelligence agencies to 'break into' encrypted communications, or worse, ban the use of such technologies altogether. While the attacks in Paris present an opportune moment for Cameron, the UK Government in fact has been encountering public and parliamentary resistance to introducing this kind of policy for years. After being unsuccessful on repeated tries since the mid 2000s, it has now resorted to using emergency as a motivation.
First, Parliament over the summer rammed through 'emergency' surveillance legislation, the Data Retention and Investigatory Powers Act. The 'emergency' at the time was that the judiciary had ruled that the power was incompatible with rights, so Parliament was compelled to pass a new law, still incompatible with rights, over a four day period.
Then the UK Intelligence agency finally came out of the shadows when GCHQ's new boss Robert Hannigan wrote in an op-ed that the internet “command-and-control networks of choice for terrorists and criminals”, and attempted to shame technology companies into "cooperating" more with security service. And it seems that every time Theresa May, the Home Secretary, gives a public speech she can't help but mention how the already enormous spying powers afforded to intelligence agencies are simply not enough.
Amazingly no one is holding these leaders to account for these so-called emergencies. There is no suggestion that the Charlie Hebdo shootings and related acts of violence could have been prevented with greater online or offline surveillance and tracking. On the contrary, initial indications reveal - much as retrospective analyses of the terrorist attack in Woolwich and attempted attack on Christmas 2009 showed - that the Paris attacks did not arise from the lack of capabilities on the part of the intelligence services, since those involved were known, profiled, and on watch lists.
But instead of trying to address problems with the existing expansive surveillance powers, governments merely see these crises and fearful times as an opportunity to simply to ask for more. Short of creating a society in which thoughts themselves are monitored and controlled by the State, no amount of surveillance powers endowed upon our governments can ensure that all acts of acts of fanaticism and violence can be predicted and prevented.
Since the first Snowden revelations, industry has done more to address widespread government spying than our actual governments. Many tech startups have made privacy a selling point for their product. Apple and Google have turned on encryption by default in their mobile devices, WhatsApp introduced end to end encryption, and internet service and communications providers have pushed back in court.
Usually when there is such an industry trend, it is because it makes sense for the bottom line. What do the moves by companies tell us then? Users want more privacy, not less.
Mass and intrusive government spying is not only a direct threat to our rights, but to the business model of many technology companies. We need to be able to trust that the services we use everyday will protect our privacy and our information. David Cameron joined in yesterday by seeking to restrict the very security in our products that keep us safe. Through relentless attacks and direct attempts to undermine the security of products, governments are making it nearly impossible to securely use the internet. Vulnerabilities in the products we use, whether they are required to exist by governments or not reported when found, hurt every single one of us. It makes our emails easier to hack in to, our online shopping more exposed for criminals, our medical records accessible, and our banking less secure.
The outrageous suggestion that communications must not be encrypted, or that intelligence agencies have to have a key to a backdoor to access anytime, is the equivalent of outlawing locks on doors for every single house so that Government can access it at anytime, just in case. We all know that it wouldn't just be the police or security services who may want to walk in at anytime, but criminals and malicious actors as well. Proposals such as these make us, and by extension our lives and families, less secure, not more.
Resistance is futile
Proposals to outlaw encrypted communications not only threaten the very rights they're said to be designed to protect, but begin from a fundamentally flawed premise - that such measures are even possible. As Cory Doctorow points out, eradicating encrypted spaces and technologies on the internet is simply not within Britain's capabilities. The UK can simply not command foreign manufacturers and providers of services such as WhatsApp to modify their services to accommodate the desires of British spies. Correction - they can attempt to do so, much like the governments of Russia, Iran and Syria, but such companies would be under no lawful obligation to comply with such absurd and dangerous demands.
If the UK plans to ban encryption altogether, they will not only be banning social media sites and communication tools, but the legions of online services and functions that rely on encryption - from online banking to hotel bookings. In the words of James Ball, "there is no such thing as “good guy encryption” and “bad guy encryption”. The same encryption that protects you and me protects companies, protects governments, and protects terrorists."
Short of any proposal introduced, we will have to rely on the rhetoric of our leaders and attempt to decipher their messages to see the specifics of any expansion of surveillance powers. However, if the past few days are any indication, the conversation lacks the necessary nuance to properly address the attacks in France while protecting the freedoms that our society and leaders claim to uphold. The next few months are going to be crucial.
We must remember: these tragic events happened while security agencies, in Europe and the US, already employ enormous and expansive surveillance powers. So instead of calling for new powers, which smack of government over-reach, policymakers and security agencies should be undertaking a calm, measured review of the lawfulness and effectiveness of existing government powers. We mustn't let these proper legal and democratic processes be derailed by a terrorist atrocity and vetoed by the blind ambition of politicians who do not understand what they are saying, or doing.
Since industry is now under criticism, and politicians are threatening to gut their security, we need industry to push back. They have the political muscle to demand better protections in law. They should not shrink to the threats by officials and build more security into their products. They also need to consider how exploiting their users’ data is not a sustainable business model in an era where governments and others are ruthless in gaining access to those troves of data.
What this boils down to is trust. And Government saying "Trust us" is not enough. It must be cultivated and built up. We must trust that our governments will not only protect national security but also individual security. We must trust that officials will engage openly with the public and hear their voices. We must trust that when we use a service online that our data is secure and our communications private. In the aftermath of last week, trust is something we could all use some more of.