Business Technology

Tuesday 19 November 2019

Encryption ban is daft and would hurt Irish companies

British Prime Minister David Cameron has proposed ban
British Prime Minister David Cameron has proposed ban
Adrian Weckler

Adrian Weckler

Does your company do business with British firms? Do you use encryption as a standard security technique for the transfer of sensitive files and communications?

The British Prime Minister wants you to stop. David Cameron says encryption is now the friend of the terrorist and the enemy of freedom.

"Are we going to allow a means of communications which it simply isn't possible to read? No we must not," he said after attending a Paris commemoration for the Charlie Hebdo attack victims.

"Do we allow terrorists safer spaces for them to talk to each other? I say no we don't and we should legislate accordingly. The attacks in Paris demonstrated the scale of the threat that we face and the need to have robust powers through our intelligence and security agencies in order to keep our people safe."

Mr Cameron's remarks have been widely interpreted as a declaration of war on encryption. But a ban on total encryption means a lot more than denying terrorists a chat room. Encryption is now a basic standard for security: we are all told to use it, both in business and in our personal lives. Indeed, not using encryption can invalidate business insurance or get you sued.

So a politician's promise to ban it seems a little weird. That the UK is Ireland's single biggest trading partner is unfortunate: it means that Irish companies could not have an expectation of totally secure business operations with UK counterparts. It also means that UK subsidiaries operating in Ireland, including banks and retailers, could be fundamentally unsafe to do business with.

Mr Cameron's pledge has further ramifications beyond business communications. It is being widely interpreted as a bid to ban the use of apps such as Snapchat and Whatsapp in the UK, which use encryption by default. To put that into perspective, Whatsapp is the most used text messaging app in the world, with more messages sent per day than the entire global SMS count.

The encryption ban would mean that Apple's iMessage would fall foul of the rules, as it is encrypted by default. (For its part, Apple has ruled out decryption or backdoors into iMessage. Apple, ceo Tim Cook said last year, has "never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.")

The more it's looked at, the odder it seems. "If you spend any time thinking about it, you know that it's crazy," said Graham Cluley, one of Europe's foremost IT security experts. "Cameron is living in cloud cuckoo land. Firstly, how would apps be outlawed? What's to stop any Tom, Dick or Harry downloading an app without a government backdoor from a website hosted overseas to run on his PC? What's to stop a terrorist or paedophile downloading the source code of a secure messaging app, and compiling it on their computer?

"Criminals would stay well clear and use alternative systems that guaranteed they didn't have the police and GCHQ breathing down their necks."

Mr Cluley is also scathing about the idea of a mandatory backdoor.

"If a messaging service has a backdoor, what's to stop enemies of the UK also exploiting it?" he said. "Whenever you put a backdoor in a system, there's a danger that the wrong people will walk through it.

"If you make encryption weak and crackable, or incorporate a method by which supposedly secure messages can be accessed, that makes it weaker for everybody, even the security services. It also means it becomes an attractive target for online criminals, fraudsters and foreign intelligence agencies too."

Mr Cluley is not the only one who thinks that the British prime minister's proposals are off the mark.

"I think it is a cheap bit of politicking," said Conor Flynn, founder of IT security firm Isas. "This would drive the malicious users to underground systems they cannot manage anyway. An international treaty on the management of encryption and protection of privacy is needed. Clear goals, guidelines and controls must be in place. These things work in the most part for other types of criminal activity."

Is there anything that can be said in favour of Mr Cameron's proposals? Well, to be fair, he is not alone. I can think of a great many people in Irish life - from government figures and civil authorities through to senior media figures - who would broadly agree with the thrust of what the prime minister is suggesting. And not just in this instance, either: previous kites that Mr Cameron has flown, particularly regarding mandatory internet filters restricting adult content for home broadband connections, have been embraced by plenty of people who see the proposals as 'sensible balancing' measures.

For this mindset, it is about protecting our children from internet evil and our citizens from terrorists.

But there is more than a touch of irony to Mr Cameron's current tilt. Doesn't he know that his own GCHQ intelligence agency has just about everything snooped on already? Or has the UK (and European) public's general acceptance of that agency's snooping activities now emboldened him to push the issue further, into the open embracing of government oversight of all communications?

Indo Business

Also in Business