The Uk is about to Become a Technological Wasteland

I was writing a piece on internet security, with a focus on personal security, ways you can protect yourself online, but this is a little more relevant so I’m going to shelve that for a few more days.

David Cameron, Prime Minister of the United Kingdom is promoting a thing called the Draft Communications Data Bill (nicknamed the Snoopers’ Charter), a piece of legislation that has many worrying effects the most worrying of which, is essentially banning Encryption in the Uk.
I’m happy to admit I am quite willing to loudly shout out about how various stupid ideas have regressed the Uk to the kind of dystopic country we only really see in fiction, but in this instance it isn’t just about civil liberties.
Sure, I love the freedom of Encryption, knowing my data is secure when sending or receiving gives you a little satisfaction that unless you’re looking over my shoulder it is harder for you to know what I am sending online.
I’m not however, breaking any laws.

The Government want to change this.
They don’t want to make me a criminal however, well that’s not their logic, what they’re claiming is that with modern technology it is getting harder for government agencies to inspect the messages of criminals and terrorists.
And though this is somewhat true, the solution is not the Snoopers Charter.

You see, part of the charter mandates that any service that currently runs encryption must include back door access for the Government to view all data.
We are continually told that this is all in an effort to keep us safe, to stop the big bad terrorist from plotting to kill our friends and family.
But here is the thing you should know first and foremost, Encryption keeps you safe.
If we include any kind of back door into an encrypted system we create a weakness that can be exploited and do you know who wants to exploit your weaknesses?
That’s right, the terrorists, and you’re essentially giving them the tools right here.

Lets imagine for one moment that you, like many of us in the digital age enjoy online banking, when you connect to your online bank you do so through a secure, encrypted channel.
The government want a weakness in that security.

Lets imagine again, that you work for a government contractor, designing the new security alarms for a government office, being a modern workplace you have to remote-access occasionally, which you can do through a secure and encrypted channel.
The government want a weakness in that security.

One last time, you’re a company who deals with medication, big business and very closely guarded, you have an office in the Uk that needs to communicate to a lab anywhere in the world, you would be using a secure and encrypted channel.
The government want a weakness in that security.

The outcomes of these scenario leave you with an empty bank account, an unsecure office and a multinational closing their Uk based offices because they’re no longer certain of security.
Those throwing their support for this proposal on social media are using the emotional defense about families being attacked, but in the end the most important thing in police work is actual investigations, this doesn’t make it easier for a policeman to look at you and know you’re a terrorist, they need to be suspicious in the first place before they even begin looking at you.

Next we have to think of how this would actually work, lets take a look at a messenger service, Whatsapp.
Whatsapp uses a form of encryption and is a service available globally, if the Uk demand a back door be built into the app then it creates a weakness that affects every user of that global service.
Do you think Whatsapp will want to make the rest of the world less secure to placate the Uk? Or perhaps they’ll find it easier to just restrict service.

But the ultimate problem here is that the government think that this will make a blind bit of difference, if ChatV1.0 is encrypted and ChatV1.1 has a backdoor, then terrorists will just refuse to update, or they’ll use one of the hundreds of other programs out there, which the government won’t be able to dictate a weakness into.
This is an ineffectual piece of legislature, it does the exact opposite of its intended purpose (ie: making us more secure) and is not enforceable on a global level.

But lets put this in a simple, but wholly inaccurate metaphor.
It’s like you’ve got a door to your house, right? That door keeps you safe and secure, everyone has a door and it keeps them safe and secure too, right?
The terrorists and criminals also have doors, which keeps them safe and secure too, cause that’s how this works.
The government have decided that in order to get the terrorists (a miniscule percentage of people) they need to add a master lock to every door that can also open it with their one key.
That’s fine, right? I mean we don’t mind if criminals and terrorists get caught, right??
Except now a criminal only has to make a copy of that key, pick a single style of lock, in order to get access to every house but not only that, the government also had the best lockpick (decryption) kit out there to start with, so they could already access the a decent chunk of the secure information if they so wished it and had probable cause.
It is perceived safety and nothing more.

Of course the actual situation is more complicated, with every make of door being a different governmental key, but it really comes down to this.
If you want to keep your communication secure, it has to be secure from everyone and that means no back door for the government.

I hate to be the guy screaming that the sky is falling (who am I kidding, it is fun) but if the government want access to every secure communication, that means no company will have secure information and even if they can’t be hacked by a criminal they’ll have no secrets from the government.
I can just see every huge multinationals, who have billions tied up in their secrets, deciding this is just losing too much freedom to the government.
Which of course will destroy the main growing industries in the Uk.

I honestly had to wonder, when I first heard about this, if it were an idea that was being suggested by terrorist sympathisers in order to give them greater access to our infrastructure.

tl;dr – Security isn’t secure.

If you want less opinion, more information, go here.

[amazon template=iframe image&asin=0199695598]

Silent

I am Silent, part time programmer and full time narcissist, gamer, geek and man on a mission.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: