What David Cameron just proposed would endanger every Briton and destroy the IT industry
David Cameron says there should be no "means of communication" which "we cannot read" -- and no doubt many in his party will agree with him, politically. But if they understood the technology, they would be shocked to their boots.
What David Cameron thinks he's saying is, "We will command all the software creators we can reach to introduce back-doors into their tools for us." There are enormous problems with this: there's no back door that only lets good guys go through it. If your Whatsapp or Google Hangouts has a deliberately introduced flaw in it, then foreign spies, criminals, crooked police (like those who fed sensitive information to the tabloids who were implicated in the hacking scandal -- and like the high-level police who secretly worked for organised crime for years), and criminals will eventually discover this vulnerability. They -- and not just the security services -- will be able to use it to intercept all of our communications. That includes things like the pictures of your kids in your bath that you send to your parents to the trade secrets you send to your co-workers.
But this is just for starters. David Cameron doesn't understand technology very well, so he doesn't actually know what he's asking for.
For David Cameron's proposal to work, he will need to stop Britons from installing software that comes from software creators who are out of his jurisdiction. The very best in secure communications are already free/open source projects, maintained by thousands of independent programmers around the world. They are widely available, and thanks to things like cryptographic signing, it is possible to download these packages from any server in the world (not just big ones like Github) and verify, with a very high degree of confidence, that the software you've downloaded hasn't been tampered with.
Cameron is not alone here. The regime he proposes is already in place in countries like Syria, Russia, and Iran (for the record, none of these countries have had much luck with it). There are two means by which authoritarian governments have attempted to restrict the use of secure technology: by network filtering and by technology mandates.
David Cameron has already shown that he believes he can order the nation's ISPs to block access to certain websites (again, for the record, this hasn't worked very well). The next step is to order Chinese-style filtering using deep packet inspection, to try and distinguish traffic and block forbidden programs. This is a formidable technical challenge. Intrinsic to core Internet protocols like IPv4/6, TCP and UDP is the potential to "tunnel" one protocol inside another. This makes the project of figuring out whether a given packet is on the white-list or the black-list transcendentally hard, especially if you want to minimise the number of "good" sessions you accidentally blackhole.
More ambitious is a mandate over which code operating systems in the UK are allowed to execute. This is very hard indeed. We do have, in Apple's Ios platform and various games consoles, a regime where a single company uses countermeasures to ensure that only software it has blessed can run on the devices it sells to us. These companies could, indeed, be compelled (by an act of Parliament) to block secure software. Even there, you'd have to contend with the fact that other EU states and countries like the USA are unlikely to follow suit, and that means that anyone who bought her Iphone in Paris or New York could come to the UK with all their secure software intact and send messages "we cannot read."
But there is the problem of more open platforms, like GNU/Linux variants, BSD and other unixes, Mac OS X, and all the non-mobile versions of Windows. All of these operating systems are already designed to allow users to execute any code they want to run. The commercial operators -- Apple and Microsoft -- might conceivably be compelled by Parliament to change their operating systems to block secure software in the future, but that doesn't do anything to stop people from using all the PCs now in existence to run code that the PM wants to ban.
More difficult is the world of free/open operating systems like GNU/Linux and BSD. These operating systems are the gold standard for servers, and widely used on desktop computers (especially by the engineers and administrators who run the nation's IT). There is no legal or technical mechanism by which code that is designed to be modified by its users can co-exist with a rule that says that code must treat its users as adversaries and seek to prevent them from running prohibited code.
This, then, is what David Cameron is proposing:
* All Britons' communications must be easy for criminals, voyeurs and foreign spies to intercept
* Any firms within reach of the UK government must be banned from producing secure software
* All major code repositories, such as Github and Sourceforge, must be blocked
* Search engines must not answer queries about web-pages that carry secure software
* Virtually all academic security work in the UK must cease -- security research must only take place in proprietary research environments where there is no onus to publish one's findings, such as industry R&D and the security services
* All packets in and out of the country, and within the country, must be subject to Chinese-style deep-packet inspection and any packets that appear to originate from secure software must be dropped
* Existing walled gardens (like Ios and games consoles) must be ordered to ban their users from installing secure software
* Anyone visiting the country from abroad must have their smartphones held at the border until they leave
* Proprietary operating system vendors (Microsoft and Apple) must be ordered to redesign their operating systems as walled gardens that only allow users to run software from an app store, which will not sell or give secure software to Britons
* Free/open source operating systems -- that power the energy, banking, ecommerce, and infrastructure sectors -- must be banned outright
David Cameron will say that he doesn't want to do any of this. He'll say that he can implement weaker versions of it -- say, only blocking some "notorious" sites that carry secure software. But anything less than the programme above will have no material effect on the ability of criminals to carry on perfectly secret conversations that "we cannot read". If any commodity PC or jailbroken phone can run any of the world's most popular communications applications, then "bad guys" will just use them. Jailbreaking an OS isn't hard. Downloading an app isn't hard. Stopping people from running code they want to run is -- and what's more, it puts the whole nation -- individuals and industry -- in terrible jeopardy.
(Image: Facepalm, Brandon Grasley, CC-BY)
The smash hit Chinese government propaganda app Xuexi Qiangguo, which translates to ‘Study to make China strong’, was developed by the technology firm Alibaba, reports Reuters today.
The Boston Globe: ” After teasing it for months, President Trump is officially declaring the US-Mexico border a ‘‘national emergency,’’ which will allow him to circumvent Congress’s constitutional powers to control spending and divert federal funds toward his much ballyhooed border wall.” Congressman Ted Lieu: Why didn't @realDonaldTrump declare a national emergency 35 days ago, […]
“They can’t hug [their own siblings] goodbye. If they do, they’re told they will be written up and it could affect their immigration case.”
Just a reminder: Print isn’t dead. And now that printers are becoming as portable as cell phones, it might be around for quite some time. Enter the MEMOBIRD Mobile Thermal Printer, a mini-printer that is versatile, portable – and most importantly, never needs a refill on ink or toner. Measuring just a few inches around, […]
What do Facebook, Twitter, YouTube and Google all have in common? Somewhere in their framework, they all use MySQL, that most versatile (and free!) of database management systems. And they’re not alone. If your company or the one you’d like to work for wrangles data (and who doesn’t?), they’re going to need someone with a […]
There’s a reason you’re hearing about the gig economy in every other business story these days. More than ever, people are finding income from more than one source. And if you find the right one, a side hustle can do more than just pad your pockets – it can allow you to finally get paid […]