Digital sucks – because too many politicians don’t understand it.
By Adam Tinworth
08/06/2017 | It's election day in the United Kingdom today. I've done my democratic duty - as have many of my online industries peers. Why? Well, one of the issues vexing many people in digital is the attitude of the incumbent right-wing Conservatives to the internet, and , in particular, the existence of secure end-to-end encryption. The Prime Minister has used last weekend's attack at London Bridge as a springboard to reintroduce the idea of getting government access to encrypted conversations:
"We cannot allow this ideology the safe space it needs to breed," May said. "Yet that is precisely what the internet and the big companies that provide internet-based services provide."
"We need to work with allied democratic governments to reach international agreements that regulate cyberspace to prevent the spread of extremist and terrorism planning," she continued.
However, regulating the internet is one thing. But it's very different from breaking encryption. Germany too has been taking a close look at the responsibility the digital platforms are taking for their role in political events. As tech journalist Charles Arthur notes in The Guardian:
Germany is seeking a law which brings in hefty fines for being too slow to remove hate speech. But that isn’t the same as preventing it, or stopping planning.
There's no safe way of breaking crypto
Remember, encrypted or secure social media tools were vital in the Arab Spring protests and revolutions a few years back. May's proposals would close down these tools as ways of organising against oppressive regimes. Arthur again:
The problem is this: things can be done, but they open a Pandora’s box. The British government could insist that the identities of people who search for certain terror-related words on Google or YouTube or Facebook be handed over. But then what’s to stop the Turkish government, or embassy, demanding the same about Kurdish people searching on “dangerous” topics? The home secretary, Amber Rudd, could insist that WhatsApp hand over the names and details of every communicant with a phone number. But then what happens in Iran or Saudi Arabia? What’s the calculus of our freedom against others’?
Former NEXT speaker Cory Doctorow has some… direct things to say about Therese May's proposals…
It’s impossible to overstate how bonkers the idea of sabotaging cryptography is to people who understand information security. If you want to secure your sensitive data either at rest – on your hard drive, in the cloud, on that phone you left on the train last week and never saw again – or on the wire, when you’re sending it to your doctor or your bank or to your work colleagues, you have to use good cryptography. Use deliberately compromised cryptography, that has a back door that only the “good guys” are supposed to have the keys to, and you have effectively no security. You might as well skywrite it as encrypt it with pre-broken, sabotaged encryption.
And, as he argues, any backdoor through encryption she forces open via legislation can be exploited by others:
What Theresa May thinks she's saying is, "We will command all the software creators we can reach to introduce back-doors into their tools for us." There are enormous problems with this: there's no back door that only lets good guys go through it. If your Whatsapp or Google Hangouts has a deliberately introduced flaw in it, then foreign spies, criminals, crooked police (like those who fed sensitive information to the tabloids who were implicated in the hacking scandal -- and like the high-level police who secretly worked for organised crime for years), and criminals will eventually discover this vulnerability. They -- and not just the security services -- will be able to use it to intercept all of our communications. That includes things like the pictures of your kids in your bath that you send to your parents to the trade secrets you send to your co-workers.
The net result may be many online platforms being forced to withdraw from the UK, if they can't operate there without these dangerous backdoors. And I thought leaving Europe was worrisome enough, but leaving much of the internet…
So, let's be clear - digital sucks. But one of the reasons digital sucks is that we're all too often governed by people who don't yet truly understand digital.
And that's a problem.