In a presentation today, Prime Minister David Cameron promised a “comprehensive piece of legislation” which will close the “safe spaces” used by suspected terrorists to communicate online with each other.
According to BBC News, Cameron said he would increase the authorities’ power to access both the details of communications and their content. He also said he recognised such powers were “very intrusive” but he believed that they were justified to counter the growing threat to the UK, as long as proper legal safeguards were in place.
In a hat tip to modern communication, Cameron also said that legislation would be needed to allow for “more modern forms of communication” and he would legislate in the “more contentious” area of the content of these online communications.
He said: “I am confident the powers we need, whether it is on communications data or the content of communications, I am very comfortable they are absolutely right for a modern liberal democracy.”
Add to this the report from Independent today, which claims that the PM could block iMessage, WhatsApp and Snapchat as part of his plans for new surveillance powers announced in the wake of the shootings in Paris.
He said that he would stop the use of methods of communication that cannot be read by the security services even if they have a warrant.
He said: “In our country, do we want to allow a means of communication between people which […] we cannot read?”
This is an interesting point which has been addressed by both the Metropolitan Police and the FBI, who have both highlighted the problem of cracking modern encryption.
In the case of the FBI, director James Comey said that he believes “unbreakable encryption of user data has gone too far” and in an interview last September, he acknowledged that whilst personal privacy is important, access to sensitive information may one day be vital to national security.
Comey said: “What concerns me about this is companies marketing something expressly to allow people to place themselves above the law. Google is marketing their Android the same way: Buy our phone and law-enforcement, even with legal process, can never get access to it.”
So the problem is that after the Snowden revelations of 2012, device manufacturer and communication technology providers have sought out ways to offer security “as a service” to users, and as a result the forensic providers cannot access the data.
Apple’s iOS8 is apparently built on an encryption system that is unable to be broken, even if law enforcement agencies request it. So surely those communication methods – BlackBerry BBM, Apple iMessage, the app-based WhatsApp and Snapchat and others see security “as a service” as the security of the user and their data is what is important to them and puts them above their competitors.
I talked to Voltage Security C
TO Terence Spies on this subject. He related a situation in the US where the FBI wanted it mandated that a front door is put into technologies, rather than a back door. “The open research community are learning how to build systems that are secure against these kind of entities and they are starting to react to it, and it is a natural reaction,” he said.
He recalled the NSA’s Clipper Chip, where it would be developed with a front door built into it and it was unanimously rejected; so it was a case of ‘does society want this?’
He said: “The technical guys make the point that we understand how to build systems or are starting to understand that what is resilient in achieving a goal of getting from A to B securely, and with a front door in can we enable that?
“A front door is going to undermine the security of that, as suddenly you are making the security goal more complicated in terms of how to build encryption systems between you and your website and there will be a selective leak on how it is mandated, but that has to be engineered so it will not impact the mainline security of the thing, that is much more complicated.”
Spies claimed that the debate on how strong encryption is will be determined by cryptographers. “It will be a societal debate on what rights do we want these entities to have, as the genie is out of the bottle now, and we understand how to build crypto systems now,” he said.
Of course what will happen is that if current encryption standards are broken, the new and better functionality will be built. Likewise if secure communications functions are proven to be unsafe or breakable, their users will abandon them and move to the next offering that claims to be more secure.
That is probably being built as I type, but as Apple CEO Tim Cook said in his open letter, “security and privacy are fundamental to the design of all our hardware, software, and services”, and it will take a lot to make that change.