David Cameron’s position and plans for regulating encryption are misguided and betray a fundamentally computer illiterate approach. He is ignorant of the history of computing and encryption, and his plans will damage Britain.

The Background and Facts

David Cameron, like all politicians, knows next to nothing about computers and software. In his busy world, computers are the tools of secretaries and assistants, and not something he has a particular interest in.

Men in the Security Services on the other hand do understand computers, and are asking for software to be crippled so that no communication can be transmitted in private. They know the complete history of encryption, and how previous attempts to have it outlawed or weakened have failed. They are highjacking the mass hysteria over terrorism to make a fresh attempt to take encryption away from the public.

The Electronic Communications Act 2000 in the UK was an early attempt to make it illegal to sell a software product that did not have a back door for government access. It was defeated and removed from the statutes.

In the USA, several attempts have been made to mandate government access to all private communications; some via new hardware devices like the Clipper Chip, and others through setting legal precedent. They also tried to chill the release of encryption tools by the three year harassment of Phillip Zimmerman, the author of “Pretty Good Privacy”, the tool that Edward Snowden has admitted that the NSA and GCHQ cannot break.

Even today, any encryption system with key lengths longer than 64bits must be approved by the US Department of Commerce’s Bureau of Industry and Security before may be exported. This is patently absurd, since key lengths of 4095bits are available to everyone globally without restriction, and all SSL is 128bits by default at a minimum world-wide.

The Current Situation

Today, Apple and Google with their iOS and Android operating systems have rolled out full device encryption so that no one can read the contents of a user’s phone. This was done in direct response to the NSA’s mass intrusioninto the communications and devices of millions of innocent people.

Now David Cameron, under pressure from men who are exploiting his computer illiteracy, are trying once again to revive their decades old attempts to cripple the public’s access to encryption and privacy. They failed in the late 1990s and they will fail again, because the iPhone saturated, “selfie” taking world is a very different place today.

Everyone uses encryption, whether they know it or not, on a daily basis. All ecommerce depends on it. If David Cameron makes it law that all encryption must have a back door, then criminals will have default access to all websites that sell anything, together with easy access to the personal information of billions of net users on all devices. His demands are unworkable and ineffective because different jurisdictions will not follow him, and any software developer in the world can use both the old and new absolutely reliable tools to have secure chat and email and file storage, or simply move their services to a free jurisdiction, avoiding the anti-tech British laws.

Cameron can demand that encryption has back doors in Britain, but he cannot demand that Americans or anyone else follow him. This would mean that only British web sites and services are vulnerable; the entire British internet would be globally recognized as unsafe for ecommerce. It would be a disaster for the tech sector of the UK that the government is so keen to promote.

Mixed Messages

The messages coming out of the government are not coherent, and its clear that David Cameron is nothing more than the unhappy messenger. On the one hand, his ministers want “Silicon Roundabout” to be the centre of the tech explosion in Europe, but on the other hand, they are being told to cripple the key tool used in making that ecommerce work. Clearly, this is the sound of two voices at odds with each other.

Silicon Roundabout in North London. The centre of the UK’s “Tech City”.

And its not only ecommerce that is threatened by the UK’s anti progress stance. There is a vast movement online to put all internet services no matter what they are behind HTTPS by default. Mandating that the government has backdoor access to every website accessed from Britain is literally impossible. It means fundamentally re-engineering the entire web, and no one is going to agree to this. If you access an American email service from the UK, like Gmail, the SSL will not be back doored, and the communications will be private. In the reverse direction, they will not be private. This means that no company will host their email services in the UK, and the money, brains and tech will flow outwards, away from the UK. The “Tech Drain”.

Now that the world depends on encryption for the movement of all of the money in circulation globally, it is not possible to weaken the tools that protect the movement of that money without destroying commerce itself.You cannot weaken the tools that protect everyone without giving blanket access to criminals. David Cameron has been badly briefed, and he will be forced to back down, or give up any hope of Britain becoming a centre for global tech.

The Flawed Rationale

The public pretext for this new push to break global ecommerce is the recent spate of anomalous killings by “Jihadists”. Criminal events, no matter how horrifying, are always outliers and statistical anomalies. The vast majority of the world’s people never encounter this category of event, and their safety must always come first; that means strong encryption by default.

Politicians are very accustomed to making tradeoffs. In this case, we are trading off the absolute fact of trillions of dollars and billions of people who use ecommerce being kept safe against the remote possibility of detecting andperhaps preventing extremely rare crimes against a vanishingly small number of people, the number of which when combined globally is lower than the number of people who die from mundane causes.

And when we talk about protecting people, we do not only mean protecting their money. Every aspect of your life is shielded by encryption, including all the private matters that you send or receive through your internet connected devices. Encryption keeps your private information away from everyone but the intended recipients. The government is only one hostile adversary out of many trying to gain access to your communications, money, medical records and location.

Encryption is democratic; it keeps everyone safe equally.

The True Reality

The age of the Security Services being able to read everyone’s communications at will is essentially over. This was inevitable from the moment that PGP and SSL were developed and released. The net benefit to society is the emergence of ecommerce and the massive reduction in online crime as the bad guys are permanently locked out.

If David Cameron’s advisers were serious about reducing terrorism, they would advise a different foreign policy, which is the root cause of the terrorist problems facing Britain.

For example, Libya, had it been left untouched, would have prevented the immigration crisis facing the EU. The consequences of bad policy are the root cause of Britain’s problems, not encryption, and breaking encryption for everyone will not solve them. In fact, it will cause a cascade of knock on effects and another class of unintended consequences that will effectively end Britain’s place as a centre of tech for the foreseeable future.

David Cameron must push back hard against the voices that are using fallacious arguments to get new damaging laws passed. If he does not, Britain faces a collapse of its tech sector, as building products that are safe for consumers will be impossible in the UK. The world has changed; not even the Communist Chinese are suggesting that global standard encryption tools be back doored, and they are using all the same software that is used in the west to protect their websites and communications.

We should not have to go through this process again and again every time there is a media frenzy over a killing spree. Someone in Cameron’s government must be hired for the sole purpose of bring sanity to their pronouncements on everything related to software. Perhaps its time for a return of the “MinTech” cabinet position, which should be held by a member of industry elected by the software industry, and not a layman. This should be done before another suicidal piece of legislation is enacted, that at the very least, will waste everyone’s time defending their business models against it, and at worse, trigger a “Tech Exodus”.