UK Prime Minister David Cameron's response to the hideous Charlie Hebdo shootings has been dramatic to say the least – and has in turn provoked intense reactions from people in the tech industry, the tech community, privacy activists and political commentators. The reactions are varied, but none are positive. For some, Cameron has revealed him to be an ignoramus of monumental proportions. Others see him acting as the consummate politician, playing and spinning for all he's worth. Perhaps he's an instinctive and depressingly predictable authoritarian, or maybe just an overenthusiastic spy.
So which is it? Ignoramus, politician, authoritarian or spy? First question we have to look at what he is actually suggesting, which as with most political statements isn't as simple as it might seem. One part is direct – bringing back the Communications Data Bill (the notorious "snoopers' charter"), which effectively creates a legal justification for mass data gathering and surveillance. This was derailed on its first attempt thanks to a combination of strong campaigning, resistance from Cameron's coalition partners in the Liberal Democrats, and eventually the revelations of Edwards Snowden.
The second aspect is less clear. The Prime Minister appears to have launched an attack on encryption. "Are we going to allow a means of communications which it simply isn't possible to read?" he asked. "My answer to that question is: 'No, we must not'."
This is the part that has caused the most dramatic reaction. James Ball, in the Guardian, called his policy 'draconian, stupid and economically destructive'. Cory Doctorow said '[w]hat David Cameron just proposed would endanger every Briton and destroy the IT industry.' It's hard not to agree with them if Cameron's statement is to be taken on those terms – a great deal of what happens on the internet entirely legally relies heavily on encryption, from the online banking industry to communications systems like WhatsApp and iMessage.
An attack on encryption
Indeed, it's hard to think of any serious part of the IT industry that doesn't use encryption in a significant way – because encryption is critical to security, and security is critical to almost everything. It is needed to protect ordinary people from precisely the kinds of 'bad guys' that Cameron and others are concerned about, which is one of the reasons why the industry trend is very much towards more rather than less encryption. It is why smartphones are moving towards encryption by default – and why Apple made a great play of this fact in the launch of their newest iPhones, making it clear that not even they, Apple, would be able to access the data on people's phones.
Could Cameron really be such an ignoramus that he doesn't understand this, or does he mean something rather different? Do his comments need decoding? Politicians very often do speak in code – and not a code with a simple decryption key. The UK's general election is just a few months away and everything Cameron and other UK politicians say needs to be understood with that in mind. Cameron knows very well that to be seen to be "tough" on terrorism could be a vote winner, and he also knows that differentiating his party from his coalition partners is one of the keys to any possible success.
By calling for strong action on surveillance and encryption he is forcing the hand of the Liberal Democrats – making them come out against his plans (which they did) and in his eyes making them look 'weak' and by contrast making himself look strong. On those terms it doesn't matter one jot whether his plans are technically feasible or would have the slightest chance of success even if they were. What matters is the message – and he also doesn't mind much if a few geeks say he's talking rubbish or a few privacy activists call him an authoritarian.
These plans are possibly never intended to be realised – and people in the IT industry can breathe a sigh of relief and just ignore them, and ignore Cameron. He's not going to destroy the UK IT industry, no matter what Cory Doctorow might suggest. Cameron is not going to confront the US tech giants – a confrontation he would lose, but which might have significant collateral damage in the industry, particularly in the UK.
Having said all that, it is also possible that Cameron does really believe in all of this: he has form. This time last year, in an interview with the Guardian he revealed that his enthusiasm for surveillance comes from a love of television detective dramas. As he said then: "There is hardly a crime drama that is not solved without using the data of a mobile communications device. If we don't modernise the practice and the law over time we will have the communications data to solve these horrible crimes on a shrinking proportion of the total use of the devices."
Regardless of the inappropriateness of designing policy and law based on fiction, it does suggest a certain love for spying and surveillance. But even it Cameron's soundbites might be driven by this kind of thing, his policy advisers must surely know that reality is not like that. Indeed, they must know very well that mass surveillance and a banning or severe restriction on encryption would have very little effect on terrorism – and had nothing whatsoever to do with the shootings in Paris.
Picking the right targets
Even a cursory examination of the facts suggests that the Paris shootings, if anything, damage rather than support the case either for mass surveillance or for an attack on encryption. The Paris shooters were well known to the authorities, and had been for years. They were communicating with each other without encryption, by phone and text message. Mass surveillance would not have identified them – but conventional surveillance, had it been properly resourced or understood, would. Encryption, the dark net, or any of the other places that Cameron or his Home Secretary Theresa May consider 'safe' for terrorists, had absolutely nothing to do with them.
That is the critical point that needs to be made. These calls do not have anything to do with the Paris shootings, but are part of a much bigger picture and a much longer strategy. They're part of a pattern – a continuation of a strategy begun last year, to regain the initiative for those in favour of surveillance. Speeches at the end of last year by the new head of GCHQ saying that "web is a terrorist's command-and-control network of choice" and from the Commissioner of the Metropolitan Police suggesting the net was a safe-haven for paedophiles and terrorists give some clues as to what is going on.
Unlike Cameron, GCHQ and the police do understand the technology – but they also, almost certainly, understand the ineffectiveness of this kind of thing in terms of catching the real terrorists, something known by experts for a long time, as this piece from 2006 makes clear. It is also almost certain that they know – as, in this case, does Cameron – that mass surveillance and a restriction on encryption would be effective in monitoring "ordinary" people. It would work against protestors and dissenters – and they've shown a desire to do this in the past from wanting to shut down Twitter at times of unrest to monitoring social networks in order to "head off" badger cull protests. Getting backdoors to encryption would aid in this kind of thing – it is a key tool for an authoritarian.
So which is Cameron? Ignoramus, politician, authoritarian, or spy? It is hard not to conclude that there is a bit of all four involved – and all four should be worrying to both the IT industry and the people of the UK. Right now, the IT industry in particular is showing positive signs of being on the side of what the populace wants – privacy and security – rather than what governments want for their own, sometimes dubious, often authoritarian reasons. Governments should not be allowed to derail these very welcome developments.
Apologies to Gabriella Coleman for shamelessly borrowing from the title of her excellent book on Anonymous: Hacker, Hoaxer, Whistleblower, Spy.
No comments:
Post a Comment