Don’t tell me it’s safe!

Guest post by Oliver Florence (final year undergraduate student)

David Cameron has said that a change to legislation concerning encryption is required.

They would like a means of accessing the content of any communication between citizens of the UK. Cameron’s view is that unless they’re able to have a method of encryption with a ‘back door’ that gives them access, his government will make it illegal for civilians to use encryption.

Prior to the digital age, law enforcement agencies were able to have a look through your post or listen in to your telephone calls as a means of keeping you safe. While they do still do this, Cameron has said there is currently no way of accessing the content of encrypted digital information.

The argument presented is that there are situations in which law enforcement ‘need’ access to the communications or data held on an individual’s phone, and are now unable to get that access as a result of modern encryption. Adding to this problem is that an increasing amount of mobile handsets are being sold with data encrypted enabled as a standard feature

Cameron is proposing a Government backdoor into encrypted communication, which is not an unfamiliar concept, both the director of the FBI and President Obama have made mention of this type of encryption. It’s important to be clear here, referring to any proposed backdoor inclusive encryption method as secure is misleading and dangerous.

Understanding encryption in terms of its function is simple; it’s either secure, and no one other than the intended recipient can decrypt and read it, or it’s not. The problem that arises when you start leaving backdoors in encryption is that someone will find and exploit them.

If citizens of the UK are told they must use a new standard of encryption that has a backdoor, but is safe, the majority of users may continue as though they are still safe, which simply will not be true. Whether the problem is a lack of understanding on the part of our representatives, or a purposeful distribution of misinformation is unclear. In either case though, the resulting landscape would leave residents of the UK far more vulnerable to cybercrime.

This change will of course be presented to the public in some complementary ‘anti-terror’ wrapping paper to make it more palatable.

The threat of outlawing encryption is an absurd proposal and a scare tactic. The UK has an ecommerce industry that had a turnover of 44 billion in 2014. Without a safe form of encryption consumer confidence in the industry would erode and have profound effects on the economy. Also any transaction carried out using https (your bank, amazon, any login information) would no longer be encrypted as securely. It is clear that the threat of removing encryption is in no way viable and its suggestion is a way of whipping up election attention.

I am not suggesting that there isn’t discussion to be had around how agencies can effectively retain their ability to police in the digital world. Banning or breaking encryption is not how this will be achieved though, and having this back and forth is detracting from real progression in the discussion.

This is a guest post by Oliver Florence, final year undergraduate student in Computer Science. Oliver’s research project was “Cyber security current affairs”, relating technical knowledge in cyber security to current affairs and producing stories for a wider audience on that basis.