Winning the debate on encryption — a 101 guide for politicians
Dear Politicians,
With elections coming up and quite a few cringe-worthy comments that have come from many of you and from all sides of the political spectrum, we figured it was time to have a chat about encryption.
First, let’s say what you shouldn’t do:
- call for boycotts of companies because they protect their users’ data even from the companies themselves.
- say something like “we’ll develop a Manhattan-level project on this” (which, as we’ll remind you, ended up with the creation of a weapon that killed hundreds of thousands and fuelled a cold war, and to this day is a source of global instability and insecurity).
- say that there should be nowhere that your government cannot get access to because that means that there will be nowhere that other governments cannot access too.
- ignore that you too need security, as do your taxpayers who fund your jobs.
- ignore that your own governments need to do security better and probably exclude yourselves from access to information.
- ask companies to “hand over the keys” when you are talking about end-to-end encrypted services like WhatsApp, Signal or Telegram (spoiler alert: they don’t have the keys you’re looking for).
- frame encryption as a “central issue in the fight against terrorism” and attempt to initiate a European or worldwide initiative to address it.
- use your country’s root certificate to redirect your citizens to insecure websites.
Information security is an enabler of privacy, and in turn, keeps people safe. Encryption saves lives, in the words of UN High Commissioner for Human Rights Zeid Ra’ad Al Hussein “it is neither fanciful nor an exaggeration to say that, without encryption tools, lives may be endangered. In the worst cases, a Government’s ability to break into its citizens’ phones may lead to the persecution of individuals who are simply exercising their fundamental human rights.” Without information security our devices, our services, and our infrastructure are at risk. Put in words you understand: taxpayers, the economy, government services, utilities and core infrastructure are at risk unless you start changing the way you talk and think and spend money.
Security is hard. Security is hard. Security is hard. It’s worth saying that three times. Please say it a fourth time. Companies get it wrong all the time, even when they are trying to do it well. Doing security well is really hard, particularly when you are trying to keep out unauthorised parties. Doing it in a way that miraculously keeps out unauthorised parties while somehow permitting exceptional access by only your government officials, under a warrant signed by your country’s judges (of course?) is nearly impossible. If you don’t believe us, look at this report written by leading computer scientists and security experts.
Why is this so hard?
First of all, because there is no “key” you can keep in your secret drawer to decrypt communications when you need it. Most encrypted messaging platforms now use protocols that provide “forward secrecy,” which means an exchange of new keys happen for every conversation. Breaking or accessing one key for one conversation does not allow you to access future conversations. So a user doesn’t have just one key; there are a multitude of keys for every interaction (s)he has.
Second, cryptography is essential for safety. Of course it is used to protect confidentiality, but it is used just as much for integrity and authentication — so that the we can be sure of the legitimacy of the person or institution communicating with us and the integrity of the communication itself. You can easily guess who needs this: banks to protect our transactions, businesses to protect against fraud, civil servants working on national security matters, human rights defenders and journalists who need to communicate with their sources… Cryptography is not only for select humans to communicate: it’s also used for machine to machine communications. When you update the software on an app or a device you use, cryptography is what guarantees what you are downloading is definitely an update from the vendor and not a piece of malware. The moment that key is shared with a government agency the whole process is compromised.
Now, let’s say there’s some miraculous and magical trick to circumvent those problems and your government, based on your policy, gets a magic key to access communications when you need it. Here come the real problems. Once your government has it, other governments will want the magic key as well. And who is going to say which government is entitled to this magic key and which one is not?
And why will the users keep on using a platform governments can access? New platforms that refuse to share the keys will emerge all over the place. There is a reason why people from all over the world use apps like WhatsApp or Signal and not some government-approved app. Of course we are nervous about what these companies do with the data — which is why when designed best, these companies themselves are locked out of our precious data with end-to-end encryption.
You and your people should be able to understand that. Because we know you. We have spoken to you. And especially we know how you are when you are out campaigning during an election, even more so when you are in the opposition. We know you use Signal, we know you use WhatsApp, we know you use Telegram because you have told us so. And we know you use those communications because you believe them to be secure. You trust that your own government cannot read your messages and you trust foreign governments cannot either. So when you go about saying terrorists should have no place to hide, remember to tell us where you are planning on hiding when you will need to organise your own electoral campaign. Then tell us where activists in other countries should go to hide when they are running theirs.
And you should know that the public agrees with you and us on this matter. In one survey, two thirds of European voters “agree they should be able to encrypt their messages and calls, so they are only read by the recipient.” This is actually a good thing and you should celebrate that. So please don’t dumb down your statements about encryption — because you make people think they want to be less secure.
If you actually want to fix something and make security better, we have some ideas for you to consider.
At the moment, your government spends a lot of money on destabilising security. You hack companies, infrastructure, and devices. You even demand the creation of data on innocent activities, compel its storage, and demand companies to identify suspicious activities, and these very same companies get hacked. Your government identifies vulnerabilities in the systems we use every day, hoard them, and then they get leaked. If only you thought more about security in a defensive way then your government wouldn’t be such a threat to the stability and safety of the internet.
Let’s also remember your government’s agencies already have access to vast amounts of data. Nearly every interaction we undertake in modern life generates a data trail. You should be spending time ensuring that this data trail is minimised so that people are not at risk of fraud and other forms of criminality. But your government’s officials have been focusing on ensuring you have vast access to this data, because your regulators have failed to prevent companies from creating vast mines of this data for commercial exploitation. So vast data exists, and companies practically anywhere will respond to your kind (and lawful) requests for the data.
So have a think about what you should be doing instead:
- advocate for strong encryption: remember that in the age of the Internet of Things, we will more than ever need a secure internet. If you want your country to lead the way on positive innovations — and not security disasters — this is going to be the side you will need to root for.
- forget about the worn-out security vs privacy dichotomy. Encryption is about security. There doesn’t have to be national security on one side and information security on the other. There are just good and bad security practices, and we all need good security.
- encourage the deployment of defensive security and privacy by design within your government, by companies and individuals. All your taxpayers deserve privacy and good security.
- don’t be a threat to safety. Don’t give bad ideas to other governments who will use these powers for ever more nefarious purposes.
Information security is hard. Doing it well is in everybody’s interests. If done right, it will make our societies, economies, infrastructure safer. It can protect privacy. It may enhance autonomy. Be on this side of the debate. We need you. The future needs you.