This article is more than 1 year old
Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors
Broken security? More like broken record
UK Prime Minister Theresa May has reiterated calls for a special magic version of encryption to be developed by technologists so law enforcement can access everyone's communications on demand – and somehow engineer it so that no one else can abuse this backdoor.
Speaking at the World Economic Forum (WEF) in Davos, Switzerland, May today talked extensively about the benefits and dangers of technology (quick version: tech in business: good; tech in society: bad) and returned again to the issue of extremist content swirling around platforms like Facebook, arguing that more rules and laws were needed.
As part of that push, however, May ended up repeating the same message that politicians in both the US and UK have been pushing for over a year: that tech companies have to find a way to flip mathematics itself for the convenience of security services.
"We need cross-industry responses because smaller platforms can quickly become home to criminals and terrorists, " May said, even picking on a minor player in the market – Telegram, an encrypted messaging app. "We have seen that happen with Telegram. And we need to see more co-operation from smaller platforms like this."
She then threatened to use her pulpit to apply social pressure: "No-one wants to be known as 'the terrorists’ platform' or the first choice app for paedophiles."
At the heart of the issue is software using truly end-to-end encryption – where not even the biz that developed the app is able to read messages sent between users. Governments fear that such applications will be used by extremists to plot attacks on Western targets without tipping off the intelligence agencies. Similarly, devices these days use tough filesystem encryption so not even the manufacturer can decrypt the data on demand without the password or passcode.
However, as technologists have consistently pointed out, there is no mathematical way to introduce a backdoor in a system to allow access to one particular group that cannot also be discovered and accessed by a different group. Whatever mechanism the Feds can use, hackers and criminals can potentially eventually use, too.
Just as May reiterated her own calls when she was UK Home Secretary and her current Home Secretary Amber Rudd who has also insisted on government agents being given access to people's private encrypted messages, so the issue has again reared its head on the other side of the Atlantic.
Reminder: Spies, cops don't need to crack WhatsApp. They'll just hack your smartphoneREAD MORE
New FBI director Christopher Wray gave a speech earlier this month in which he outlined his views on encryption. And it was more of the same.
Companies "should be able to design devices that both provide data security and permit lawful access with a court order," he argued. And, reiterating the exact same wording of his predecessor, Wray also swore that he was "not looking for a backdoor."
But when he went on to describe what he did want – "the ability to access the device once we've obtained a warrant from an independent judge" – it was pretty much indistinguishable from a backdoor.
In another go around the roundabout, Wray's comments sparked a letter [PDF] today from Senator Ron Wyden (D-OR) in which the US lawmaker lambasted the g-man for "parroting the same debunked arguments espoused by your predecessors, all of whom ignored the widespread and vocal consensus of cryptographers."
"I would like to learn more about how you arrived at and justify this ill-informed policy proposal," wrote Wyden. "Please provide me with a list of the cryptographers with whom you’ve personally discussed this topic ... and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity."
Don't hold your breath, Ron.
The insistence by political leaders and prosecutors that there is a way to both have a backdoor and not have a backdoor has been put forward so frequently that experts have even come up with a term to summarize it: magical thinking.
Faced with the magical thinking argument, those who want exclusive access to people's communications and documents regardless have come up with their own pat response: passive-aggressive flattery.
It was there in spades in May's speech this week: "These companies have some of the best brains in the world. They must focus their brightest and best on meeting these fundamental social responsibilities."
So what are politicians hoping to achieve by maintaining an impasse: refusing to acknowledge the logical argument against putting a backdoor into encryption while jamming their foot in the door by claiming that the "best brains" can come up with a solution?
In all likelihood, they are waiting on a change in public mood.
The reason that fully encrypted apps exist – and are even made available by huge, consumer-focused companies like Apple and Facebook – is because of public fury over mass surveillance revealed by former NSA techie Edward Snowden back in 2013.
When it became clear that the US and UK governments (among others) were tapping everyone's communications through a "gather it all" philosophy, a huge market opened up for people who want to be able to communicate in private without the sense that the government was keeping an eye on everything they said.
Downloads of privacy protecting apps like Signal and WhatsApp rocketed – even among ordinary folk – giving those developers a far greater profile and allowing them to edge toward the critical tipping point where so many of your friends and family already have the same app that there is little or no barrier to using it as a default.