Cameron doesn't do cryptography

Wednesday 12 August 2015

Former UK Prime Minister Tony Blair famously ‘didn’t do God’. Current PM David Cameron, it seems, doesn’t do cryptography.

The UK isn’t the first government to come up with nonsensical statements and laws around cryptography - one of the foundations of cryptocurrency, as well as banking security, secure communication including WhatsApp and Skype, e-commerce… Only recently, for example, Australia passed a law that could make teaching cryptography illegal

But Cameron’s sheer woolliness about cryptography betrays the state of confusion that surrounds this technology, as well as its application.

Read also: Aus lightens up on bitcoin. Kind of.

Double Facepalm

Yep, these guys are running the country.

The debate is important to bitcoin and crypto for a number of reasons. Firstly and most obviously, cryptocurrency relies on secure cryptography. Without it, everything would unravel. If the cryptography that underpins bitcoin was cracked, it would become worthless overnight. Much as, in fact, the banking industry would encounter some serious problems under the same circumstances.

There’s also the ideological milieu from which crypto grew - one in which privacy is understood as a right and in which unnecessary government intervention of any kind is viewed as dangerous at best. A lot of the people working on core protocols are doing so out of a belief that they will make the world a better place.

There’s also a risk that a technology becomes tainted by association. Cryptocurrency protocols enable secure decentralised and anonymous messaging and wealth transfer. Terrorists use secure decentralised and anonymous messaging and wealth transfer. Therefore…

You get the picture.

So what does Cameron want? In his own words, ‘In our country, do we want to allow a means of communication between people which even in extremis, with a signed warrant from the Home Secretary personally, that we cannot read?’

It’s a question to which many bitcoiners - and plenty of other people - would answer ‘yes’ to without missing a beat. Not, of course, because they endorse terrorism but because that privacy to communicate and transact is held as a right, not a privilege, and once you start to erode it you are heading down a very dangerous path. So would some large companies like Apple and Microsoft - because end-to-end encryption is built into apps like iMessage and Skype.

The government grasps that our way of life would grind to a halt without cryptography, and released this statement upon further request:

‘We recognise the importance of encryption: it keeps people’s personal data and intellectual property secure and ensures safe online commerce. But clearly as technology evolves at an ever increasing rate, it is only right that we make sure we keep up to keep our citizens safe. There shouldn’t be a guaranteed safe space for terrorists, criminals and paedophiles to operate beyond the reach of law. The Government is clear we need to find a way to work with industry as technology develops to ensure that, with clear oversight and a robust legal framework, the police and intelligence agencies can access the content of communications of terrorists and criminals in order to resolve police investigations and prevent criminal acts.’

This is, simply, nonsensical. The only way to achieve this would be to build back doors into encryption protocols so that the intelligence services could access those communications (something they are not above doing, on past record). Doing so would likely instantly and fatally compromise any service that used the backdoored protocol, since it would only be a matter time before the exploit was uncovered by other parties. The price of strong cryptography is that you enable people to communicate securely, because that is the purpose of strong cryptography. There is no way to have your cake and eat it.

Fortunately, open source cryptography protocols are readily available, and they’re far less likely to have been compromised in advance. Moreover, decentralised software like bitcoin is impossible to shut down, since it has no single point of failure to attack. Basically, what Cameron is proposing is impossible to implement in practice.

Which might be a relief to the crypto world, but none of this gives reason for confidence that the powers that be know what they’re doing when it comes to understanding and regulating this stuff.

comments powered by Disqus