You can do encryption backdoors

8th December 2018

In 2015 the British Prime Minister proposed to outlaw any encryption that the government can't decrypt. Though I didn't write anything about it at the time I think it's actually a really interesting discussion point.

A lot of people were saying that you can't backdoor encryption such that it's only readable by the government, but not criminals. This is wholly incorrect. Technology exists for encrypting a message such that it's readable by multiple specific recipients i.e. the person you're messaging and the government. For example you can do it with the freely available and well-regarded GPG software.

The thing is, the only way to really enforce it would be to mandate people to use specially approved tools to do the encryption. A tamper-proof software or hardware processor which programs outsource encryption tasks to. This way the user could still have freedom to update and change most of the software on their device, with just the encryption tools being regulated.

But I do I really want to advocate the government providing us approved softwares with which to encrypt our stuff?

I guess the real question is this:

Does the government need to be able to read our communications to investigate crimes?

Really it depends if they're trying to find evidence for action, or intention. Here I discuss the best way the government might monitor physical action, online action, and intention to take action.

Monitoring physical action

The government doesn't need to read people's communications to detect physical action, that's done by things the government already has like CCTV and cell-phone location tracking. I don't have any strong opinions about this type of monitoring, except that this data must be handled with the greatest care and respect.

Monitoring online action

For the government to be able to track naughty actions on the internet they'd need people's actions to be identifiable. This does not require them to be able to read our communications. Rather it requires a way for them to reliably identify us i.e. take away our ability to be anonymous online.

They don't really have anything like that. IP addresses are not reliable identifiers as it's easy to use a VPN, WiFi hot-spot or mobile network to get a disposable IP. And most web-services do not prevent you making an account with fake info.

But it would be possible to do something. I'll outline a general idea.

We could have a kind of web-wide single-sign-on (SSO), where we cannot use web-services unless we're logged into it a central, government regulated authority. It's perfectly possible for people's identities to be anonymised so the web-service owner doesn't get to see your real identity unless they've got government approval to see that data (they're a bank or something) or there's already evidence of a crime.

So for example imagine someone's spreading hate-speech with an anonymous account on social media. Or creating hundreds of fake reviews for an item they're selling on an online marketplace. The web-service owner has the persons SSO ID so they can provide evidence to the government who can then connect that SSO ID to a persons full identity on-demand.

This way we'd still have privacy and anonymity under normal circumstances but our full identity could be unveiled if a crime were committed.

Think of how we need a number-plate on our vehicle to use public roads. It would be like a digital number-plate.

You could choose not to wear your digital number-plate if you wanted, but then a web-service could choose to refuse to let you use it at all.

Of course a lot of tasks that used to be done on wesites are now done on phone apps so it would need to hook into those aswell.

Monitoring intention to take action

To monitor intention, the government indeed needs to be able to read our communications. This is the only real use-case for which banning non-backdoored encryption is necessary.

An example when this might be useful would be that the government could use a program to scan everyone's messages for anything that might indicate they are planning terrorism or something.

Contrary to what the sensationalist media will tell you, terrorism is extremely rare here in the UK and really not the most important problem in our country. But that aside I would argue that real, competent terrorists can easily avoid this surveillance by either not communicating using technology or just illegally using non-backdoored encryption.

Understand that there are ways to hide encrypted messages so they look like an ordinary file such as a JPEG or a PDF. So there's no reliable way the government can actually stop people using non-backdoored encryption.

So really you'd have a situation where millions of innocent people are being spied on and the real bad-guys can easily communicate in secret if they wish to.

The costs of this are:

  1. unnecessary surveillance of innocent people which can cause risks that the data will be misused
  2. a significant proportion of the public find it upsetting to be "spied on"
  3. law-enforcement resources required in forcing people to use the backdoored encryption
  4. resources required to process the huge amount of data

And meanwhile the terrorists can plan their evil acts by a face-to-face chat in an alleyway, avoiding all the surveillance!

Conclusion

Conclusively I think that banning encryption the government can't backdoor has limited usefulness and significant disadvantages, and I am against it.

However developing improved ways to identify people online might be useful in order to prevent anonymous online crime. However I don't propose technical details on how this might be done or practical details on how this might be executed. Nor do I make any assertions about how the public might react to such a scheme. Nor am I even convinced it's a good idea.