Banning encryption on iMessage is daft and dangerous, Dave
Published 12/11/2015 | 02:30
Once again, European governments are becoming obsessed with limiting our digital privacy.
This time, it's the British government. A bill passing through the UK's parliament wants to effectively ban encrypted communications between people, including on services such as iMessage and Whatsapp. The argument is that allowing encrypted communications, with a "backdoor" for governments, helps terrorists and other bad guys.
The move, if successful, aims to force companies like Facebook, Google and Apple to weaken their encryption by giving the British government a 'back door' into communications when they say they need it.
The issue threatens to put a permanent ban on ordinary citizens getting the benefit of secure, 'end to end' encrypted privacy through everyday services. But it does little to effectively stop common encryption communications through Tor and other routes.
It would also affect Irish people significantly: any texts to London or Belfast cousins over iMessage, for example, would be legitimately perusable (via security request) by British authorities.
There has been a heated response to the proposal, both from privacy campaigners, tech companies and the UK media. But does the British government have a wider point about the dangers of encryption to our security?
Although right-thinking people are suspicious of states wanting to dilute encryption for their own purposes, there is probably a wider issue here. As much as we value privacy, governments do have a legitimate interest in protecting people through an ability to intercept activities when called for. This is one reason why most of us accept CCTV cameras on our streets: we accept that giving up some privacy (literally being video'd by police wherever we go) may be a price we have to pay to stay safe.
But the problem in legislating to ban encryption for services such as Whatsapp or iMessage is that the interference in our privacy is disproportionately large to an ability to protect citizens. Simply put, terrorists or dangerous criminals don't need, and are unlikely to rely on, iMessage and Whatsapp for encrypted communications. They already have such conduits available through Tor and PGP. These methods are not difficult (at all) to learn and use. For anyone intent on doing significant harm, it is a trivial consideration.
That being the case, why ban encryption on everyday services for people? Why do it unless you want to reserve additional monitoring powers over people that you're not talking about at present? This is the crux of the current encryption problem and the reason that people should be exercised about it. It's a clear example of overreaching.
In the case of the UK, is overreach extends to the point of absurdity. The government measure seeks not only to cover companies in Britain but companies outside Britain, too. In other words, the British government reckons it can issue arrest warrants for executives of Facebook, Google or Apple (in the US or Ireland) if their encrypted services are available to users in the UK.
How exactly do they propose to that? How will David Cameron inform President Trump or Clinton that they have to hand Mark Zuckerberg or Tim Cook over to the old bill?
Cook has already been out of the gates on it, calling it for the nonsense it is.
"Any backdoor is a backdoor for everyone," he said earlier this week of the UK proposal. "Everybody wants to crack down on terrorists. Everybody wants to be secure. The question is how. Opening a backdoor can have very dire consequences. If you halt or weaken encryption, the people that you hurt are not the folks that want to do bad things. It's the good people. The other people know where to go.
"To protect people who use any products, you have to encrypt. You can just look around and see all the data breaches that are going on. These things are becoming more frequent. They can not only result in privacy breaches but also security issues. We believe very strongly in end to end encryption and no back doors. We don't think people want us to read their messages. We don't feel we have the right to read their emails.
"It's not the case that encryption is a rare thing that only two or three rich companies own and you can regulate them in some way. Encryption is widely available. It may make someone feel good for a moment but it's not really of benefit."
One might argue that Cook and counterparts in Google and Facebook have their own reasons for keeping end-to-end encryption active on their services. They were stung by Edward Snowden's revelations that the US National Security Agency was using their services to spy on our everyday communications. And now they want people to know that they're not going to roll over for state security reasons.
But in this case, they surely have a point. People should be allowed to communicate with each other privately, including away from the glare of government scrutiny.