Il n’est pas Charlie

“We stand squarely for free speech and democracy”, said David Cameron last Wednesday at Prime Minister’s Questions, not more than an hour after the attacks on the French magazine Charlie Hebdo. This is a rather strange proposition for the leader of a party who proposed to reinstate the ban on “extremists” from appearing on television and have been trying for the past few years to reintroduce the “snooper’s charter”. Indeed, the Tories have gone rather native in the Home Office, in contrast to five years ago when we were all criticising Labour for restricting our civil liberties.

Several hours later, the House of Commons then debated a somewhat–but not sufficiently–diluted Counter Terrorism and Security Bill, in which Tory and Labour frontbenchers alike praised the bill for being an important tool in the fight against paedophiles and terrorists: the two words that friends of this blog have previously highlighted as resulting in universally awful legislation.

After this brief sojourn into hypocrisy, Cameron took a flight to Paris where he stood side-by-side with the world’s autocrats and despots in the name of free speech. Whilst there, he lent his name to an agreement for more surveillance powers. One would think that Charb and his seven colleagues would not want that in their name. But Cameron went one step further, and proposed the worst idea to regulate a specialist field since Labour tried to ban coffee eighteen months ago: a ban on encryption.

Of course, Cameron didn’t say it out loud, but when he said that he wanted to ban forms of communication that GCHQ couldn’t read, there cannot be any doubt. And there cannot be any doubt that it is a completely foolish and unworkable idea, for one simple reason: the entire digital industry depends on it. Banning encryption wouldn’t save us from terrorism; it would open us up entirely.

There are some people who are claiming that Cameron only wants the decryption keys (known as “key escrow”), but it’s not as if that’s better either. For one, key escrow would almost completely make any personal encryption system, such as PGP, unworkable. And more importantly, one more person with a decryption key is one more link in the chain that can be broken. The weakest link in any encryption method worth using is the human element; that’s why scammers don’t try to hack into your bank account, but try to trick you into give them access.

Cameron’s encryption ban would cripple the financial system, for example. Northern Rock would be a relative drop in the ocean compared to these plans. Trust in the banks to ensure certain details are secure and untampered–either financial details in transit between institutions or personal details between a customer and their bank–would evaporate. And it’s not just banks that depend on high-grade encryption. The military does–and is often the biggest contributor to encryption technology. As do the intelligence services. And academia. The list goes on.

Software providers, likewise, depend on encryption. It’s how you know that security updates offered by Apple or Microsoft are genuine. But a British internet would be completely insecure. The secure internet and technologies such as HTTPS depends on strong unbreakable encryption. Hence why certificates that can be possibly compromised, such as those in force when Heartbleed was found, or SSL3 certificates since POODLE was found, are either revoked, not accepted, or both. The same happens to cryptographically weak algorithms. And in a few years, certificates that don’t offer forward secrecy–which prevents the compromise of past encrypted communications–may also start to be rejected.

This sort of security is important and is treated as such. And if you don’t believe me, why don’t you ask the Conservatives?

Tory SSL encryption
The website conservatives.com, showing the “do as I say, not as I do” Tory attitude to privacy.

 

The Conservatives are the only party to use any SSL certificate on their entire website; other parties use SSL only for their signup pages. Incidentally, the Tories are the only party that don’t use “.org[.uk]”, instead preferring “.com” (although Plaid Cymru have registered plaid.cymru), which one may like make wry observations about. An Extended Validation certificate also costs between $100–$400 minimum, which begs the question: why are the Tories spending money on tools like this? Are they terrorists or something?

Further SSL adoption – such as this website, in fact – shows an increase in security consciousness, especially since the Snowden revelations. We know that governments try, and succeed, in pulling off man-in-the-middle attacks. Turkey has blocked sites at the DNS level… and then blocked alternative open DNS providers. France has issued fake SSL certificates. Even in the UK, our ISPs redirect access to torrenting websites to a 451 error page. Yes, there are often legal reasons for doing so, but it’s a slippery slope that we keep falling down. Fifteen years ago, we were promised that Cleanfeed would only be used in cases of child abuse. Now, it’s used for torrent sites too. If the Tories get a majority, one could imagine sites like PinkNews being behind the block.

Developers are in open revolt over the Snowden leaks. Almost certainly in response to the leaks, Apple and Google both started to increase the security on their mobile platforms. Full-disk encryption is now a default on Apple devices. For the most part, consumers fully accept the small overhead in more effective encryption, especially with news of hacking attempts such as those against iCloud and Jennifer Lawrence. These sort of moves aren’t popular with law enforcement and governments–indeed, one Chicago police official called the iPhone “the phone of choice for the paedophile” over iOS’s encryption suites.

A ban on encryption would mean that nearly every computer, laptop, and phone would disappear off the shelves overnight as a result, mostly out of necessity. Windows could possibly survive, and maybe OS X at a push–if Microsoft and Apple had the appetite to reverse course on encryption for the sake of a little island–but Linux would be almost certainly banned. As would the Xbox and PlayStation, Nintendo’s Wii U and 3DS, and even your iPods and your CD players. The consumer revolt alone would be incredibly nasty. Free speech and privacy aren’t issues that the average voter isn’t interested in. But the idea that “Cameron wants to ban the computer” is.

The free speech angle is more important than the average person thinks. Freedom of speech, freedom of association, the right to privacy: these are some of the most fundamental rights of civil society. Twelve people died in Paris one week ago in its name, and it’s frankly sickening that securocrats around the world are trying to paint this as protecting the next Charlie Hebdo. Because it won’t. Their tune so often changes when Private Eye publishes whistleblowers.

In a better world, people like Edward Snowden and Chelsea Manning would be lauded as public heroes for uncovering the abuses of our governments. Sadly, they’re not. Chelsea is being medically tortured by the United States. Snowden is living in exile in Russia. And the securocrats like Theresa May, autocrats like Vladimir Putin, warmongers like Benjamin Netanyahu, and narcissists like Julian Assange are using our modern day heroes and our precious values in their sordid power games.

And the worst part is, the government doesn’t even need these powers. Like what happened in Boston, like what happened in London, even like what happened in New York, we didn’t even need to use all the powers that we’ve signed away to know of these threats. Were Charlie Hebdo tactless and possibly hurtful in publishing the Mohammad cartoons? Yes. Should they have been banned by the government doing so? No. Would they deserve a consumer boycott? Maybe. Did they deserve to die? No.

And more importantly, does the attack on the Charlie Hebdo offices warrant further surveillance powers? Certainly not. The security services are seeing nails everywhere and begging for hammers. We mustn’t give them the tools they need to break society into a million pieces, as Tory snooping charters and Labour key disclosure laws alike are chomping at the bit for. Surveillance should be proportionate and targeted. The powers we’ve signed away in the past and are at danger of doing so again, are neither.

Security consciousness starts at home. Start securing your websites, your communications, your devices. Sign your emails. Encrypt your hard drives. And tell your friends to do so too. Send a message to the politicians that our privacy must be respected, and that we don’t need to fear anything to hide. We can’t all be masters of information security, but we can at least make these snooping powers unworkable. As Margaret Mead most famously said, never doubt that a small group of thoughtful committed citizens can change the world; indeed, it’s the only thing that ever has.

I suggest, for further reading, blog posts by Charlie Stross and Cory Doctorow. There are other posts that have come up in the past 36 hours regarding this awful policy, but those are the two I would most heartedly recommend. They’re nearly always right on these issues, after all.

Je suis Charlie. Je suis Ahmed. Je suis Palestinien. Je suis Edward Snowden. Je suis Chelsea Manning. Mais Cameron et May ne sont pas Charlie; ils sont dangereux.

Votez pour votre droit de parler. Voter pour liberté.

Leave a Reply