A British security expert says his government’s policy on encouraging software companies to work with it to find “technical workarounds” to get at encrypted messages of criminal and terrorists is no threat to ordinary users.
“We’re not looking for a solution that gives us universal access, that allows us to see the content of every message of every user all of the time,” Aled Lloyd Owen, encryption and interception lead at the U.K.’s office of security and counter-terrorism, told a panel at the RightsCon conference in Toronto on Wednesday.
“What we’re looking for is lawful, targeted, exceptional access.”
In some unspecified way the government would be able to open encrypted messages, he said, but only with the approval of the Secretary of State and an independent judicial official – what he called a “double lock” system.
But panelist and U.S. encryption expert Bruce Schneier was unimpressed with the scheme.
“In 1993 I entered this debate and explained why that’s impossible. And here it’s 2018 and it seems nothing has changed.”
Coincidentally, the debate came at the same time the University of Toronto’s Citizen Lab co-authored a report for Canadians on the issue. And last month tech leader Ray Ozzie released his own suggested solution.
The debate comes at a time when security experts are patiently waiting for Ottawa to release its updated national cyber security strategy, which may deal with Canadian police complaints that encrypted messages used by terrorists and criminals threatens their investigations.
The fight over whether governments can or should force companies to install so-called backdoors or something similar in systems and software so law enforcement and intelligence agencies can get at scrambled messages has been raging since the 9/11 attacks in New York almost 20 years ago.
A discussion paper released by the government last fall to help public debate on the new cyber security strategy mentioned police concerns. However, it isn’t known whether Ottawa will take a step towards the British solution, or tougher ones proposed from time to time by American members of Congress.
The issue is touchy. Critics like Schneier say any weakening of an encryption system, such as installing a backdoor or a so-called workaround, also means opens a door for the bad guys to exploit. No backdoor can be sealed so well that only police can use it.
Lloyd Owen insisted his government wants a “workaround,” not a backdoor.
On the other hand, panelist Mahsa Allmardani of the human rights group Article 19 said it pains her to hear national security organizations justify asking for backdoors because of terrorism. That’s the same argument Iran says it uses to forbid its citizens from using encryption.
“The real issue,” said Lloyd Owen, is getting lawful access to encrypted messages for national security and criminal investigations. The U.K. encourages the use of strong encryption for the digital economy and so people can protect their communications. “However, encryption can be abused by serious criminals and terrorists.”
There were three terrorist incidents in Britain last year, and in all three the perpetrators used encrypted messages, he pointed out.
The three also drove cars, used telephones and probably ate in restaurants, retorted Schneier. But government doesn’t want to control these and other things “because that would harm the good guys.”
“We can take our common infrastructure [the Internet] and degrade it.” Lloyd Owen says the government doesn’t want unfettered to all communications, Schneier said, “but wants unfettered vulnerabilities that will allow targeted access to all of us who you pick. Doing that makes us all less secure.”
Western governments should be trusted with this solution, Lloyd Owen said, because they are democracies with checks and balances.
…also its used by serious criminals…..” if we can’t access content the content of these messages through traditional means then we are in a difficult position in pursuing justice”..its an international problem, in G20.. “what we’re looking for is not unfettered access. We’re not looking for a solution that gives us universal access, that allows us to see the content of every message of every user all of the time. What we’re looking for is lawful, targeted, exceptional access,” with warrants issued by the Secretary of State and an independent judicial commissioner. These warrants would have a “double lock” .specific targeting…so we would have “a very robust safeguard in place” … we don’t want to undermine encryption systems of lawful users but “we seek to work constructively with tech co’s to understand their design choices” in software to identify “technical workarounds”… but not undermine security and privacy of legitimate users…. want “to work together with industry and civil society to ensure we all fulfill our mutual obligations to keep our society safe and deliver justice where necessary, and to also ensure encrypted services remain strong and security for the majority of lawful users.”
But panelist Cindi Cohen, executive director of the Electronic Frontier Foundation, said her biggest worry is that the U.K. approach leaves much of the control in the hands of private companies who build products. When a “workaround” is available, how will these companies resist pressure from autocratic regimes, she asked
Trust is demanded is societies, Schneier added. If public trust in secure communications starts to erode societies may crumble, he suggested.