татко Крокодил

(this is a guest post from Boyan Krosnov, the original is here)

An open letter to Mr. David Cameron,

Sir,

This letter is in reaction to you statement: ” But the question remains: are we going to allow a means of communications which it simply isn’t possible to read. My answer to that question is: ‘No we must not’. “Source: link

Mr. Cameron, firstly this letter has nothing to do with recent events in Paris. It is solely addressing the issue of private communications.

End-to-end computer-assisted encryption with ephemeral keys has existed on this world since at least 1977. Even 130 years ago, in 1885, the one-time pad was already invented. If you don’t understand what these are, then please ask your technical advisers. Essentially, someone with a book (for one-time pad), a pen and a sheet of paper can encrypt and decrypt secret messages from/to a party located on the other end of the world. They can communicate these messages in public using a variety of low tech means. For example, they could post innocent-looking messages in a classifieds section of a newspaper. Anyone, without the necessary procedures and a copy of the pad, would not be able to know the content of their communication, and if the scheme is implemented correctly, would not be able to detect that a conversation is taking place. This is not a new development. Even the modern idea of a Sneakernet has existed at least as long as the Internet has existed.

Short of inventing a time machine, your goal is unachievable. :)

On a more serious note though, what you are promoting in your speech is scary and deeply immoral.

Since end-to-end encryption exists, I know of only three ways you could try to achieve your goal of total on-demand, and probably retro-active snoop-ability of communications. These are ineffective and in some cases even impossible to implement, but anyway here they are:

• Option 1. to have a backdoor in every end-point device manufactured in the UK or brought in through the UK border. This approach does not prevent a sufficiently dedicated person from building a secure end-point from scratch, like with the one-time pad and newspaper approach I mentioned. Backdooring online services is a sub-case of this.
  
  and/or
• Option 2. to introduce a key escrow requirement for all encrypted communication beginning and ending and maybe even crossing the UK, and also detect and block all encrypted communication, not conforming to the key escrow rules. The latter might be impossible to implement, but that’s a whole other matter.
  
  and/or
• Option 3. Ban encrypted communication altogether. Which would tear down the whole of what you call “the digital economy”, and revert the UK back to a technological state resembling the 80s, while the rest of the world moves on.

The reality of the matter is that all three, apart from being totally ineffective in dealing with the threat of isolated terrorist acts, open the door for massive abuse, not just by the government, but also by related and unrelated third parties. Other people have explained this a lot better than I ever could. For example, in Cory Doctorow’s talk here. To quote just one line ” – … but we both understand, that if our government decided that weaponizing water-bourne parasites was more important than addressing them and curing them, then we would need a new government.”

Let me be clear on one point: We don’t trust nation states with our private thoughts and conversations. We need private communications not just for the paranoid, perverts and criminals, but for businesses, law enforcement, journalists and for regular every-day private conversations between friends and family members.

Your scheme would ruin private communication for all of us. The bad guys are already using secure and undetectable communication media.

Privacy is the opposite of total surveillance. You can’t have both. So unfortunately, for the goals you outlined, we need to have a working and secure private communication for everyone in the world to use, regardless of their sex, skin color, sexual orientation, age, religious views (or lack thereof), wealth, social status or intent. Your scheme for a total surveillance state must be stopped.

With good meaning and respect,
Boyan Krosnov
Sofia, 2015-01-13

(c) 2015, Boyan Krosnov, public domain

This entry was posted on Tuesday, January 13th, 2015 at 12:21 and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.