Pages

10 February 2015

An open letter to the British Prime Minister: 20th-century solutions won’t help 21st-century surveillance

6 February 2015

Dear Prime Minister Cameron,

You recently proposed that all internet apps – and their users' communications – be compelled to make themselves accessible to state authorities. I want to explain why this is a very bad idea even though it might seem like a no-brainer.

You said:

“I have a very simple principle which will be the heart of the new legislation that will be necessary. In our country, do we want to allow a means of communication between people which even in extremis, with a signed warrant from the home secretary personally, that we cannot read? Up until now, governments have said: ‘No, we must not’. That is why in extremis it has been possible to read someone’s letter, to listen to someone’s telephone, to mobile communications. … But the question is: are we going to allow a means of communications which it simply isn’t possible to read. My answer to that question is: ‘No we must not’."

President Obama appears to agree with you.
Acknowledging the problem

Heads of government bear the burden of keeping their citizens safe. That’s a crushing responsibility. Police solve violent crimes – and intelligence agencies predict and avert them – in significant part by intercepting the conversations of people conspiring to get away with them.

For at least fifty years democracies have kept eavesdropping within bounds by requiring a warrant or some other form of meaningful review before doing it. As telephone companies upgraded to digital (but still not internet-based) networks in the 1990s, governments around the world began to require that the new networks still allow for authorities to listen in to calls.

The rationale was simple and generally uncontroversial: as long as the government respected the rule of law, its demands for information shouldn’t be trumped by new technological facts on the ground.

Why, then, you reasonably ask, should that long-established balance between security and privacy be disturbed simply because the internet has replaced telephony?

The answer, it turns out, is that baking government access into all internet apps will, in fact, not extend the long-established balance between security and privacy to all mediums of communication. It will upend it.
Why the internet is different

First, the landscape of internet communications services is profoundly different from telephony, where lawful intercept’s habits were honed.

Traditional telephone systems were run by a single large company or by governments themselves. They overwhelmingly served the single purpose of letting people talk to each other at a distance and the experience of using a phone in 1990 was little different from that of using one in 1950.

Supporting lawful eavesdropping was done with no impact on telephony’s basic model – and often governments would pay to offset any costs incurred in keeping phone lines open to tapping.

The internet evolved in a wildly different way. It supports applications written by anyone, and a new application can become popular in a heartbeat. Some people write and share apps for fun rather than money.

To restrict how one might build an internet application that enables person-to-person communication – i.e. nearly all of the hundreds of thousands of apps out there – would require software developers to hire compliance attorneys or risk breaking the law.

In the worst-case scenario, software development would be relegated to a handful of incumbents ready to do the kind of partnerships with governments that sophisticated phone companies do. Facebook, Google and Microsoft could cope (if unhappily), but software authors and service providers the next tier down would be hugely disadvantaged.

In the best-case scenario, to give government broad access, app authors across the spectrum would face having to orchestrate a complex scheme of scrambling or encrypting to all but restricted parties and the government. They would likely give up on encryption entirely, which would be a nightmare for the public’s – and therefore national – security as it would expose communications to anyone ready to hack.

Lawful telephone eavesdropping wouldn’t have come about if that meant it would be easy for others – even at a distance – to also listen in on a conversation.
Users now have choice

Second, regulating apps so comprehensively is either self-defeatingly leaky or unacceptably intrusive. Unlike telephony, internet users who don’t like the way an app works can choose to use another.

As a practical matter, WhatsApp, owned by Facebook, could – under your legislation – successfully be required to change the way it encrypts users’ communications. Since Facebook can’t readily gainsay what a major government wants and since Facebook has “boots on the ground” in London, it can be easily tracked down and it has to comply with government demands.

So, you may be looking at large companies like Facebook and thinking that regulation will be easy, without considering the millions of other sources of code produced by fiercely independent and often anonymous developers who are based in the UK.

Despite WhatsApp’s US$19 billion price tag, its basic functionality could be reproduced in a weekend by two caffeine-fueled university sophomores. The speed with which the public could migrate to a new coder’s NextApp would up the stakes for the massive enforcement you’d have to conduct for your proposed requirement have any impact.

Indeed, you’d have to constrain the application ecosystem itself by further requiring that new code be vetted before it can be installed on people’s platforms.

That would accelerate a profound and undesirable flip from software that flows freely except in the most unusual of circumstances to software that can only move once it meets government standards. PCs would have to become like iPhones, running only what their originators – Microsoft and Apple – permit.

Seriously, this isn’t just about telling British Telecom to go ahead and tweak its software. Rather, it would position a handful of companies as gatekeepers to the vast and colorful universe of code that flows from millions of sources. And these gatekeepers would turn out to be the very companies whose market dominance has so deeply troubled European authorities.
Empowering the lawless

A here’s the third problem: a requirement to make encryption breakable by the prevailing legal authority would be a gift to states that do not embrace the rule of law.

Billions of people live in such countries and western technology has represented one of their best shots at the freedom to communicate enshrined as a universal human right. Their governments have had to invest enormous amounts of effort to extract the economic benefits of being connected to the rest of the world while still enforcing censorship and surveillance.

If you succeed in shaping our software so that we can’t keep secrets from authorities bearing valid warrants, you will also make it so that people can’t keep secrets from regimes who don’t bother with warrants.

All of these reasons are grounded in the fundamentals of the way the internet has evolved, not to mention the nearly unthinkable costs of trying to push it to a place where communications could be monitored across all internet applications.

Finally, building systems to secure communications against all but the communicating parties and the government is really, really difficult, and entails its own risk of catastrophic failure, rendering communications worse off than if they hadn’t been encrypted at all.
Reasonable alternatives

I understand the imperative to provide security. I also understand that it makes sense to determine the boundary between state and citizen through democratically enacted, constitutionally sound law rather than the cat-and-mouse behavior between technological hacks and counter hacks. Unfortunately, that is the kind of behavior that this proposal would foster.

In an age where ever more sophisticated encryption becomes available, it can seem that entire sectors of communications that were once regularly monitored are “going dark.” But a simple technological mandate to prevent the use of strong encryption is not, in fact, simple.

The toolkit for law enforcement and intelligence agencies to do their necessary work is deep and growing. The fact that some apps encrypt need not stymie investigations of large-scale terrorism.

Prime Minister Cameron, I do not envy you your job. The only solace is that the choice this proposal represents is, in fact, an easy one: don’t attempt it.

The internet has been a force for modernity and openness – exactly what those who believe in indiscriminate violence despise. Let’s not try to build them a network that they find more agreeable, in the name of the short-term imperative to uncover and prevent their worst.

No comments:

Post a Comment