10 Jul 2015

Top Computer Security Expert Warns – David Cameron’s Plan to Ban Encryption Would “Destroy the Internet”

BUSINESS INSIDER: What was your immediate reaction to Cameron’s proposals?
Bruce Schneier: My immediate reaction was disbelief, followed by confusion and despair. When I first read about Cameron’s remarks, I was convinced he had no idea what he was really proposing. The idea is so preposterous that it was hard to imagine it being seriously suggested. But while Cameron might not understand what he’s saying, surely he has advisers that do. Maybe he didn’t listen to them. Maybe they aren’t capable of telling him that what he’s saying doesn’t make sense. I don’t understand UK politics sufficiently well to know what was going on in the background. I don’t know anything about Cameron’s tech background. But the only possibly explanation is that he didn’t realize the full extent of what he was saying.
Then I wondered why he would even wish for such a thing? Does he realize that this is the sort of thing that only authoritarian governments do? Again, my knowledge of the UK is limited, but I assume they are a free country that champions liberty.
– From the Business Insider article: David Cameron’s Proposed Encryption Ban Would ‘Destroy the Internet’
By Michael Krieger: I’ve discussed UK Prime Minister David Cameron’s idiotic, futile and extremely dangerous scheme to ban encryption previously here at Liberty Blitzkrieg. Most recently, in the post, Britain’s “War on Terror” Insanity Continues – David Cameron Declares War on Encryption, in which I explained how Cameron immediately seized upon the terrorist attacks in France to propose more fascist nonsense:


When it comes to the “war on terror,” the United Kingdom embraces a unique form of paranoia and hatred for civil liberties that leaves pretty much all other Western nations in the dust. Although it isn’t the country in which I reside, the extraordinarily close diplomatic ties between the U.S. and the UK results in my paying particular attention to what transpires over in Albion.
Unsurprisingly, the recent attacks Charlie Hebdo attacks across the English Channel were more than sufficient to get UK Prime Minister David Cameron hot and bothered enough to immediately call for more power for the government, and less civil liberties for the citizenry. In his latest twisted authoritarian fantasy, Mr. Cameron has decided to declare war on encryption. In other words, a war on private communications between citizens.

In the aftermath of such a push (which U.S. FBI chief James Comey is fully behind), pretty much every computer security expert and technologist has come out and blasted the stupidity of the concept. Bruce Schneier takes the criticism one step further by proclaiming that Cameron’s plan would “destroy the internet.”
Here are some excerpts from an excellent interview by Business Insider:
A highly respected cryptographer and security expert is warning that David Cameron’s proposed ban on strong encryption threatens to “destroy the internet.”
Last week, the British Prime Minister told Parliament that he wants to “ensure that terrorists do not have a safe space in which to communicate.”
Strong encryption refers to the act of scrambling data in such a way that it cannot be understood by anyone without the correct key or password — even law enforcement with a warrant, or the software manufacturer itself. It’s used in some of the most popular tech products in the world, including the iPhone, WhatsApp messenger, and Facebook.
BUSINESS INSIDER: What was your immediate reaction to Cameron’s proposals?
Bruce Schneier: My immediate reaction was disbelief, followed by confusion and despair. When I first read about Cameron’s remarks, I was convinced he had no idea what he was really proposing. The idea is so preposterous that it was hard to imagine it being seriously suggested. But while Cameron might not understand what he’s saying, surely he has advisers that do. Maybe he didn’t listen to them. Maybe they aren’t capable of telling him that what he’s saying doesn’t make sense. I don’t understand UK politics sufficiently well to know what was going on in the background. I don’t know anything about Cameron’s tech background. But the only possibly explanation is that he didn’t realise the full extent of what he was saying.
Then I wondered why he would even wish for such a thing? Does he realize that this is the sort of thing that only authoritarian governments do? Again, my knowledge of the UK is limited, but I assume they are a free country that champions liberty.
Wrong assumption.

BI: Do you think they are even possible?
BS: Of course not. No one does. Sure, he can keep law-abiding non-technical people from using strong encryption. He can ensure that UK businesses are vulnerable to attack. But he cannot hope to prevent bad actors from using encryption to hide themselves from the police.
This is the key. What kind of fool actually thinks violent, criminal organizations will care about what David Cameron says is law? This sort of thing will only harm average, decent people by destroying what computer security we have today.
It’s simply not possible to ban strong encryption within a country and software that uses strong encryption from crossing its borders. It’s simply not possible to prevent people from installing the software they want on the computing devices they own. Countries like Iran, Syria, Pakistan, Russia, Kazakhstan, and Belarus have tried it and failed. China has tried before and is trying again. I wonder if Cameron is aware of the kind of company he is associating himself with.
BI: Let’s say the UK government was determined to try and implement an encryption ban — how would it go about trying to do this?
BS: It gets draconian pretty fast. UK citizens would be banned from using secure software, and UK companies be banned from producing secure software. The government would have to enforce Internet censorship: people couldn’t download secure software, search engines couldn’t answer queries about secure software, and every packet would be inspected to ensure it isn’t being encrypted with secure systems. Closed computing systems like iPhone would ban their users from installing secure software, and open computing systems like Microsoft Windows would be redesigned to prohibit users from installing secure software. Free software would be banned. Anyone entering the UK with a phone or computer would have them conform to UK standards, and border control would seize any devices that fail to do so. UK researchers would be prohibited from researching secure systems.
Pretty horrible and totally infeasible. And even if Cameron turned the UK into the police state required to even attempt this sort of thing, he still wouldn’t get what he claims he wants. That’s the worst of it: it wouldn’t work, and trying would destroy the Internet.
BI: Is there really no way to keep users’ data secure while providing backdoors to law enforcement?
BS: Yes, there really is no way.
There is an important principle here: we have one world and one Internet. Protecting communications means protecting them from everybody. Making communications vulnerable to one group means making them vulnerable to all. There just isn’t any way around that.
BI: Won’t the proliferation of encryption help terrorists?
BS: No. It’s the exact opposite: encryption is one of the things that protects us from terrorists, criminals, foreign intelligence, and every other threat on the Internet, and against our data and communications. Encryption protects our trade secrets, our financial transactions, our medical records, and our conversations. In a world where cyberattacks are becoming more common and more catastrophic, encryption is one of our most important defenses.
BI: What encryption products would you recommend our readers to protect their communications online?
BS: I am a fan of Off-the-Record for encrypting IM conversations on your computer, and Signalfor encrypting both text and voice conversations on your smart phone. The encryption built in to the iPhone for both iMessage and FaceTime is also very good.
I strongly recommend turning disk encryption on wherever you can: on your computer, on your smart phone, everywhere. When you browse the Internet, use TLS on the web whenever you can. Download the plug-in HTTPS EverywhereGPG is the best email encryption program, but my advice is to stick to text and voice.
All of this has to make you wonder if Cameron’s intent is to destroy the internet. It also makes you wonder what the heck the British citizenry was thinking when they resoundingly reelected this epic and very dangerous clown.

In Liberty,
Michael Krieger


Source

No comments:

Post a Comment