Archive for the ‘Privacy & Surveillance’ Category
The Telegraph today published a piece titled “Why is Silicon Valley helping the tech-savvy jihadists?“, which essentially suggests that, in war on terror, “the enemy is being aided by Western tech companies” who, in the pursuit of profit, “have calculated that they build user numbers by inflaming fears of violations of privacy and offering more secrecy than anyone else.”
It’s an inflammatory piece, penned by Clare Foges, a former special advisor at 10 Downing Street, and speechwriter to David Cameron during the Coalition government. Unfortunately, while she can clearly string a sentence together better than most of us, she clearly lacks any knowledge or understanding of cryptography. She appears to be under the impression that, if tech companies simply put their minds to it, they could come up with a solution that would protect the “good guys'” communications while simultaneously permitting the intelligence services to snoop on the “bad guys”.
The global tech industry made around $3.7 trillion last year. They employ some of the brightest people on the planet. Apple et al could, if they wanted, employ a fraction of these resources to work out how we can simultaneously keep the good guys’ data secure and keep the bad guys in plain sight.
Unfortunately, encryption doesn’t work like that. Clare even quotes Apple CEO Tim Cook’s explanation that “If you put a key under the mat for the cops, a burglar can find it, too.” but she clearly believes that, with her degrees in English and Poetry, she knows better than the CEO of the largest and most successful technology company in the world, not to mention the world’s top cryptographers, computer scientists and security specialists.
Clare is, of course, entitled to her opinion, however misinformed it may be, but it’s worth exploring how she formed that opinion. Her tenure at Downing Street included the abortive attempt to introduce the Draft Communications Data Bill (aka the Snoopers’ Charter) and she presumably helped draft speeches given by David Cameron in support of powers such as those now proposed as part of the Investigatory Powers Bill. It’s not unreasonable to assume that she was exposed to the policy-making process that produced those bills.
Good policy results from debate informed by facts and evidence, but Clare’s misconceptions about cryptography and tech firms’ motivations raise the question of whether the policy-making process which informed her opinion and produced the Investigatory Power Bill, was properly informed.
No doubt the government sought advice and guidance from GCHQ, which employs some of the UK’s top cryptography and security talent. However, they’re hardly impartial in this particular debate. Their job is to snoop, not to champion privacy. If the government is prepared to make their jobs easier, they’re hardly going to object. It’s difficult to imagine that an expert from GCHQ would make much of an effort to highlight the downsides of mandating that tech companies be required to insert backdoors at the government’s behest.
But I’d like to think that the policy-making process would ensure the presence of someone who would do so, who would provide the counter-argument, present the competing hypotheses, act as the Devil’s Advocate.
The question is, who fulfilled that role? Did anyone? Or was the Investigatory Powers Bill the result of policy-making in an echo chamber?
I fear the latter. The Investigatory Powers Bill represents bad policy, built on misconceptions like Clare’s assumption that solving the “key under the mat” problem is simply a matter of putting one’s mind to it. Any advantage it will give the intelligence and security services pales into insignificance compared to the damage it will do, both to our right to privacy, and the UK economy, which could be impacted to the tune of billions of pounds if, as seems likely, cyber security companies avoid setting up shop in the UK for fear of being forced to backdoor their own products.
The government shouldn’t just take the Investigatory Powers Bill back to the drawing board. It should also review the policy-making process that produced it.