As we have come to terms with recent tragic events in the UK understandably there is great anxiety and a lot of questions about the causes of such terrible loss of life. It has again highlighted the debate around regulating the internet giants like Google, Facebook, Twitter and Amazon. These channels have given criminals and terrorists the opportunity to broadcast their message, so politicians in the UK responded in the first instance by suggesting the technology industry should play their part in addressing this huge challenge. However, the Queens Speech, the list of laws that the government hopes to get approved by Parliament over the coming year, leaves me confused.
Listening to the earlier comments from policy makers the rhetoric suggested the new Government would push the technology industry for tougher legislation that might not have proper checks and balances in place. These concerns were heightened reading Matt Burgess report claiming the Government wanted to push through demands for tech companies to provide access to user information by breaking end-to-end encryption as needed.
The Home Secretarys comments, especially in relation to encryption compounded that concern, so it was very pleasing to see positive signals from the European Union on the individuals right to privacy. The European Parliaments Committee on Civil Liberties, Justice and Home Affairs underlined its support for the principle of confidentiality.
However, a week really is a long-time in politics, especially when it comes to digital and technology legislation.
The Queens Speech has highlighted a commitment to make the UK the safest place online and added new right to be forgotten laws, as well as a determination to comply with the European Unions GDPR legislation. The speech also included a pledge to review counter terrorism strategy. This might suggest the Government is revising its view on cybersecurity, placing the individuals right to privacy above national security issues. Unfortunately the vagueness of the Queens address leaves far too much room for interpretation. The talk of a Digital Charter is good if its goal is to protect the privacy of consumers, but how will that be weighed up against national security needs?
From the perspective of MaidSafe we applaud attempts to protect user privacy. However, there is no clarity on the question of encryption, particularly giving intelligence services exceptional access in the name of national security. The Investigatory Powers Bill still stands and there appears to have been no mention of the unassumingly named Investigatory Powers (Technical Capability) Regulations, which will require service and application providers to give access to information. While this remains unaddressed we have one simple question for the authorities: what if the technology has been designed so that it cannot reveal user information?
As most people who follow the story of MaidSafe know the start point for the SAFE Network was creating a better internet one where users were in control of their data and privacy was paramount. That is why it has been designed with encryption at its core and why users are the only ones, who control access to their data. However, to ensure MaidSafe cannot compromise a users identity and data MaidSafe has no way to break the encryption. The user is the only one with the keys and we have no master key that can override the system. Bottom line we cannot put a backdoor into our network, because we have no way of identifying users once they are set up.
If you listen to the arguments from politicians the potential threat outweighs the right to privacy and freedom of speech. We believe that rushing legislation through is the wrong approach. This should be a time for cool reflection and a recognition that it is a complex problem, which cannot be solved by pressurising technology companies to create backdoors to their products. Even if you do not accept the fundamental right of individuals to privacy and freedom of speech there is a simple practical point – weakening encryption will make itwell insecure. A vast array of organisations use encryption today for everything from banking to processing legal documents, tax accounts and protecting email. Creating mechanisms for the security services to access information means there is a weak point which hackers can exploit too. If you dont believe they will then you have clearly erased Wannacry from your memory. The excellent article by Andy Greenberg in Wired on the extent of the hacking in the Ukraine shows how devastating cyberattacks already are without giving the hackers a short cut and this weeks episode has only served as a stark reminder.
The more difficult moral debate we are fully aware of is that we are building a network, which could be used for both good or bad purposes. It is our view that users should be given the right to make this choice for themselves. If they control their data and who they share it with, they control whether or not an individual can broadcast information to them. Security services may also say the SAFE Network will make it harder for them to do their jobs, but there is little or no evidence that mass surveillance and breaking encryption will mean it is easier to catch criminals. Indeed while the bad guys appear to take an innovative approach to new technologies it often seems as though the authorities wish to take a step backwards.
Compromising security and allowing sweeping powers more often than not leads to abuses of such authority. We have seen this time and again. We would argue there is evidence the police and security services are more successful with targeted surveillance and building partnerships with communities. John Thornhill at the Financial Times recently reminded me of a report I had seen before, originally published in 2015. MITs Computer Science and Artificial Intelligence Laboratory (CSAIL) produced a damning criticism of backdoor access to encryption the title of the report underlining the crudeness of such an approach: Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications. While it sounds obvious there is absolutely no point in locking the door and allowing the bad guy to find the keys. It makes for good drama in Hollywood, but it in real life it has serious consequences.
The intelligence community terms this breaking of encryption as exceptional access which makes it sound very benign. However, MIT CSAIL was clear about the consequences in its report: In the wake of the growing economic and social cost of the fundamental insecurity of todays Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse forward secrecy design practices that seek to minimise the impact on user privacy when systems are breached.
If you are not convinced on moral grounds there is also a simple technical reason why giving control back to users works. If an individual controls his or her identity that person is anonymous, but also potentially traceable. As John Thornhill rightly points out using encryption also authenticates the user and in environments such as the blockchain it should not be forgotten that once an individual, including a hacker, adds something to the blockchain it is recorded for posterity. Suggesting that encryption is an enabler for the bad guys shows a lack of understanding of next generation technologies, because unlike previous analogies of good guys versus bad guys technologies in the current landscape are more complex.
At its heart this debate needs a reset, because it feels like cybersecurity strategy is still in the 2000s when Web 2.0 came along. The technology is cleverer now, but so too are the users and the technology is reflecting what users want. They want privacy, but equally they do not want to propagate terrorism or hatred. They believe technology exists that balances the absolute right of individuals for privacy and the need for national security.
Sadly we do not live in a perfect world and technology is unfortunately being used by bad actors to do some nefarious things. Certainly, the approach of the big tech companies in response to growing consumer and political concerns has not been as quick and responsive as many would like, but weakening encryption in the name of national security is not the answer. Paul Bernal, in Matt Burgess article, raised the important issue of accountability and oversight. If the Technical Capability Regulations are passed into law there is also an even more fundamental question of right to privacy and right to freedom of speech. This is a time for cool heads. The MIT CSAIL report is good not just in its technical analysis but also as a historical reminder. We have been debating this issue since the 1970s when computers became increasingly mainstream. Today we are seeing rights undermined increasingly around the world and if a country like the UK is seen to promoting more draconian laws it will give more authoritarian states the justification they need to implement similar and worse rules. If we force technology companies to break their encryption we do not just compromise security we compromise fundamental human rights.
Nick Lambert, Chief Operating Officer, MaidSafeImage Credit: Yuri Samoilov / Flickr
Read the original:
We need to protect encryption – ITProPortal
- What Is Encryption? | Surveillance Self-Defense - December 4th, 2017
- Comodo Disk Encryption Download - softpedia.com - December 1st, 2017
- Encryption - Simple English Wikipedia, the free encyclopedia - November 24th, 2017
- BitLocker Drive Encryption Overview - technet.microsoft.com - November 23rd, 2017
- The Encrypting File System - technet.microsoft.com - November 18th, 2017
- FBI cant break the encryption on Texas shooters smartphone - November 13th, 2017
- DOJ: Strong encryption that we dont have access to is ... - November 13th, 2017
- DOJ Fires Up New War With Apple Over Encryption - November 12th, 2017
- Security Awareness - Encryption | Office of Information ... - October 15th, 2017
- Data Encryption and Decryption (Windows) - October 14th, 2017
- Trumps DOJ tries to rebrand weakened encryption as responsible ... - October 11th, 2017
- How to encrypt (almost) anything | PCWorld - September 22nd, 2017
- Private Internet Access | VPN Encryption - September 21st, 2017
- Encryption Substitutes | Privacy | Encryption - September 21st, 2017
- Data Encryption: Hardware & Software Security: Online ... - September 21st, 2017
- How To Enable BitLocker Drive Encryption In Windows 10? - September 21st, 2017
- PGP Encryption Tool - iGolder - September 21st, 2017
- encryption - How to encrypt String in Java - Stack Overflow - September 21st, 2017
- Encryption Software Market, Size, Trends and Forecast 2020 - September 21st, 2017
- Encryption Definition - Tech Terms - September 20th, 2017
- Why You Should Be Encrypting Your Devices and How to Easily Do It - Gizmodo - September 6th, 2017
- Black Hats, White Hats, and Hard Hats The Need for Encryption in Mining and Resources - Australian Mining - September 6th, 2017
- How can enterprises secure encrypted traffic from cloud applications? - TechTarget - September 6th, 2017
- Encryption Explained - Arizona Daily Wildcat - September 6th, 2017
- News in brief: Call to link encryption to ID; Facebook maps everyone ... - Naked Security - September 2nd, 2017
- 'Independent' gov law reviewer wants users preemptively identified before they're 'allowed' to use encryption - The Register - September 2nd, 2017
- High-Dimensional Quantum Encryption Performed in Real-World ... - Futurism - September 2nd, 2017
- It's Time to Replace Your Encryption-Key Spreadsheet - Data Center Knowledge - September 2nd, 2017
- Legislation to limit smartphone encryption 'may be necessary,' deputy AG Rosenstein says - Washington Times - August 31st, 2017
- Cloud Encryption Market by Component, Service Model, Organization Size, Vertical And Region - Global Forecast to ... - Markets Insider - August 31st, 2017
- Cipher Suites: Ciphers, Algorithms and Negotiating Security Settings - Hashed Out by The SSL Store (registration) (blog) - August 31st, 2017
- Encryption in Office 365 - Office 365 - August 29th, 2017
- Need-to-Know Only: Use Encryption to Make Data Meaningless to ... - Security Intelligence (blog) - August 29th, 2017
- Four strategies to prevent data encryption from hijacking your network - Digital News Asia - August 29th, 2017
- Amber Rudd is wrong - real people do want end-to-end encryption - ITProPortal - August 29th, 2017
- Why encryption is for everyone - IFEX - August 29th, 2017
- 4D quantum encryption successful in first real-world test - New Atlas - New Atlas - August 29th, 2017
- For the First Time Ever, Quantum Communication is Demonstrated in Real-World City Conditions - Futurism - August 26th, 2017
- High-Dimensional Quantum Encryption Takes Place in Real-World ... - Photonics.com - August 26th, 2017
- Hedvig Bakes Encryption into Software-Defined Storage Platform - IT Business Edge (blog) - August 26th, 2017
- Hedvig storage upgrade adds flash tier, encryption options - TechTarget - August 26th, 2017
- How to use EFS encryption to encrypt individual files and folders on Windows 10 - Windows Central - August 26th, 2017
- Cloud Encryption Market Worth 2401.9 Million USD by 2022 - Markets Insider - August 23rd, 2017
- To Protect Genetic Privacy, Encrypt Your DNA - WIRED - August 23rd, 2017
- Data Encryption in OneDrive for Business and SharePoint Online - August 21st, 2017
- Researchers use encryption to keep patients' DNA private - Engadget - August 21st, 2017
- Additional proof that Lancaster County Commissioners should reconsider encrypting police transmissions - LancasterOnline - August 21st, 2017
- iPhone Secure Enclave firmware encryption key leaked - TechTarget - August 21st, 2017
- Encryption, speed push the modern mainframe into the future - TechTarget - August 21st, 2017
- Hardware encryption vs software encryption: the simple guide - Kroll Ontrack UK (press release) (blog) - August 21st, 2017
- Encryption Technology Could Protect the Privacy of Your DNA - Gizmodo - August 21st, 2017
- Beginner's guide to Windows 10 encryption - Windows Central - August 18th, 2017
- Encryption key for iPhone 5s Touch ID exposed, opens door to further research - AppleInsider (press release) (blog) - August 18th, 2017
- How security pros look at encryption backdoors - Help Net Security - August 18th, 2017
- The Laws of Mathematics and the Laws of Nations: The Encryption Debate Revisited - Lawfare (blog) - August 18th, 2017
- 72 percent of security pros say encryption backdoors won't stop terrorism - BetaNews - August 18th, 2017
- Ex-MI5 Boss Evans: Don't Undermine Encryption - Infosecurity Magazine - August 14th, 2017
- Despite end to end encryption, apps like WhatsApp, Messenger are still vulnerable to hacking: Study - Firstpost - August 13th, 2017
- What is Encryption? (with pictures) - wiseGEEK - August 12th, 2017
- Ex-MI5 chief warns against crackdown on encrypted messaging ... - The Guardian - August 12th, 2017
- Former UK security service head says weakening encryption would be too dangerous - 9to5Mac - August 12th, 2017
- News in brief: facial recognition planned for Carnival; spy chief backs encryption; ginger emoji planned - Naked Security - August 12th, 2017
- Avoid getting lost in encryption with these easy steps - We Live Security (blog) - August 12th, 2017
- Here's why IBM Z Mainframe Wants to Encrypt the World - Edgy Labs (blog) - August 10th, 2017
- Symantec Announces Plesk Will Integrate Symantec Encryption Everywhere Security Into Its Website Management ... - Business Wire (press release) - August 10th, 2017
- Australia: Shelve Proposed Law to Weaken Encryption - Human Rights Watch (press release) - August 6th, 2017
- IBM India Helps Create Breakthrough Encryption Technology That's Completely Hacker Proof - Indiatimes.com - August 6th, 2017
- Letter to Prime Minister Turnbull re Encryption and Human Rights - Human Rights Watch (press release) - August 5th, 2017
- Zscaler Finds Hackers Using SSL Encryption in Malware to Hide ... - eWeek - August 5th, 2017
- HBO Hack Highlights Importance of Encryption, Data Governance - eSecurity Planet - August 3rd, 2017
- UK flip-flop on encryption doesn't help anyone - CNET - August 3rd, 2017
- UpVote: Turkish regime jails IT trainers in encryption clampdown - Ars Technica UK - August 3rd, 2017
- Telegram messaging app strikes deal with Indonesia on encryption - Digital Trends - August 2nd, 2017
- Encryption is for 'Real People' - Human Rights Watch - August 2nd, 2017
- We don't want to ban encryption, but our inability to see what terrorists are plotting undermines our security - Telegraph.co.uk - August 2nd, 2017
- Real people don't need encryption - Fudzilla - August 2nd, 2017
- Ex-NSA boss questions encrypted message access laws proposed by Malcolm Turnbull - ABC Online - August 2nd, 2017
- Facebook's Sheryl Sandberg: WhatsApp metadata informs governments about terrorist activity in spite of encryption - CNBC - July 31st, 2017
- Commissioners need to rethink encryption - LancasterOnline - July 31st, 2017
- Ex-NSA chief Chris Inglis backs government's encryption push against Apple, Facebook - The Australian Financial Review - July 31st, 2017