DAVID CAMERON and Theresa May say they want to ban encrypted messaging services like Snapchat, WhatsApp and Apple iMessage – but how?
The draft Investigatory Powers Bill, aka the Snooper’s Charter, is expected to seek to remove the “safe place” for terrorists to communicate by banning messages protected by strong encryption. Encrypted services – including BlackBerry Messenger, used by Cameron himself (see Eye 1384) – work by encoding the message as it’s sent and decoding it at the other end. Without the correct keys, generated automatically by the system, the message is impossible to decipher.
At first the prime minister seemed to be hoping to ban the use of strong encryption altogether – until it was pointed out that this would, for example, leave online banking customers doing the equivalent of going around shouting out their PINs in public.
Now talk is of a ban on services offering encrypted messaging between individuals. But enforcing a product ban would be tricky, to say the least: these apps are available online and abroad. Preventing online downloads would mean filtering all internet traffic coming into the UK – something even China’s censors haven’t fully managed.
Banning them would also criminalise the millions of foreign visitors who turn up in the UK every year with messaging apps already installed; and while North Korea may be able to get away with confiscating phones at its borders, Dave might have a hard time getting that one through.
So what about compelling the messaging companies to hand over the encryption codes? Alas, the firms don’t have the keys themselves – only the users’ devices do; and many systems create a new key every few minutes anyway, with previous keys impossible to recover.
Secret hole in the security system
The most likely scenario is that the government wants to order the firms to redesign their apps to include a “back door” – a secret hole in the security system that would allow the government to tap into any message. The government – and any competent hacker or foreign spy, that is. This point was recently explained to FBI director James Comey, who has made a similar call for a back door – even though, US government documents show, encryption only foiled two “intercepts” last year.
As security expert Bruce Schneier told a US Senate committee: "What Comey wants is encryption that he can break with a court order. But as a technologist, I can’t design a computer that operates differently when a certain piece of paper is nearby. If I make a system that can be broken, it can be broken by anybody, not just the FBI.”
A ‘safe space’
There would also be the problem of persuading the mostly US-based messaging companies to play along, risking their customers’ security and providing a precedent for any other repressive regime wanting to spy on its citizens. Despite the FBI’s wishes, Barack Obama has said he is committed to strong encryption: so unless you count the likes of Iran, North Korea and China, the UK is likely to be on its own.
If the government were successful and back doors were introduced, what then? Even if terrorists really are using Snapchat now, they are unlikely to subside into silence. ISIS is known for its technical expertise, and there are plenty of top-quality, freely available building blocks online to help it create its own encrypted messaging system. Indeed, the rather less tech-savvy al-Qaeda is known to have knocked one up years ago. So the most likely result is that the UK population would be massively disadvantaged, while terrorists carried on unhindered.
Whatever Cameron does announce will fall short of eliminating a “safe space” and be ineffective at catching terrorists. Every one of his options would at the least put citizens’ online security at serious risk and, at worst, effectively close the UK for business.