Read

User menu

Search form

What David Cameron Just Proposed Would Endanger Every Briton and Destroy the IT Industry

What David Cameron Just Proposed Would Endanger Every Briton and Destroy the IT Industry
Fri, 1/16/2015 - by Cory Doctorow
This article originally appeared on BoingBoing

What David Cameron thinks he's saying is, "We will command all the software creators we can reach to introduce back-doors into their tools for us." There are enormous problems with this: there's no back door that only lets good guys go through it.

If your Whatsapp or Google Hangouts has a deliberately introduced flaw in it, then foreign spies, criminals, crooked police (like those who fed sensitive information to the tabloids who were implicated in the hacking scandal, and like the high-level police who secretly worked for organized crime for years) and criminals will eventually discover this vulnerability. They – and not just the security services – will be able to use it to intercept all of our communications. That includes things like the pictures of your kids in your bath that you send to your parents to the trade secrets you send to your co-workers.

But this is just for starters. David Cameron doesn't understand technology very well, so he doesn't actually know what he's asking for.

For David Cameron's proposal to work, he will need to stop Britons from installing software that comes from software creators who are out of his jurisdiction. The very best in secure communications are already free/open source projects, maintained by thousands of independent programmers around the world. They are widely available, and thanks to things like cryptographic signing, it is possible to download these packages from any server in the world (not just big ones like Github) and verify, with a very high degree of confidence, that the software you've downloaded hasn't been tampered with.

Cameron is not alone here. The regime he proposes is already in place in countries like Syria, Russia, and Iran (for the record, none of these countries have had much luck with it). There are two means by which authoritarian governments have attempted to restrict the use of secure technology: by network filtering and by technology mandates.

David Cameron has already shown that he believes he can order the nation's ISPs to block access to certain websites (again, for the record, this hasn't worked very well). The next step is to order Chinese-style filtering using deep packet inspection, to try and distinguish traffic and block forbidden programs. This is a formidable technical challenge. Intrinsic to core Internet protocols like IPv4/6, TCP and UDP is the potential to "tunnel" one protocol inside another. This makes the project of figuring out whether a given packet is on the white-list or the black-list transcendentally hard, especially if you want to minimise the number of "good" sessions you accidentally blackhole.

More ambitious is a mandate over which code operating systems in the U.K. are allowed to execute. This is very hard indeed. We do have, in Apple's Ios platform and various games consoles, a regime where a single company uses countermeasures to ensure that only software it has blessed can run on the devices it sells to us. These companies could, indeed, be compelled (by an act of Parliament) to block secure software. Even there, you'd have to contend with the fact that other EU states and countries like the USA are unlikely to follow suit, and that means that anyone who bought her Iphone in Paris or New York could come to the U.K. with all their secure software intact and send messages "we cannot read."

But there is the problem of more open platforms, like GNU/Linux variants, BSD and other unixes, Mac OS X, and all the non-mobile versions of Windows. All of these operating systems are already designed to allow users to execute any code they want to run. The commercial operators – Apple and Microsoft – might conceivably be compelled by Parliament to change their operating systems to block secure software in the future, but that doesn't do anything to stop people from using all the PCs now in existence to run code that the PM wants to ban.

More difficult is the world of free/open operating systems like GNU/Linux and BSD. These operating systems are the gold standard for servers, and widely used on desktop computers (especially by the engineers and administrators who run the nation's IT). There is no legal or technical mechanism by which code that is designed to be modified by its users can co-exist with a rule that says that code must treat its users as adversaries and seek to prevent them from running prohibited code.

This, then, is what David Cameron is proposing:

  • All Britons' communications must be easy for criminals, voyeurs and foreign spies to intercept

  • Any firms within reach of the U.K. government must be banned from producing secure software

  • All major code repositories, such as Github and Sourceforge, must be blocked

  • Search engines must not answer queries about web-pages that carry secure software

  • Virtually all academic security work in the U.K. must cease -- security research must only take place in proprietary research environments where there is no onus to publish one's findings, such as industry R&D and the security services

  • All packets in and out of the country, and within the country, must be subject to Chinese-style deep-packet inspection and any packets that appear to originate from secure software must be dropped

  • Existing walled gardens (like Ios and games consoles) must be ordered to ban their users from installing secure software

  • Anyone visiting the country from abroad must have their smartphones held at the border until they leave

  • Proprietary operating system vendors (Microsoft and Apple) must be ordered to redesign their operating systems as walled gardens that only allow users to run software from an app store, which will not sell or give secure software to Britons

  • Free/open source operating systems -- that power the energy, banking, ecommerce, and infrastructure sectors -- must be banned outright

David Cameron will say that he doesn't want to do any of this. He'll say that he can implement weaker versions of it -- say, only blocking some "notorious" sites that carry secure software. But anything less than the program above will have no material effect on the ability of criminals to carry on perfectly secret conversations that "we cannot read". If any commodity PC or jailbroken phone can run any of the world's most popular communications applications, then "bad guys" will just use them. Jailbreaking an OS isn't hard. Downloading an app isn't hard. Stopping people from running code they want to run is -- and what's more, it puts the whole nation – individuals and industry – in terrible jeopardy.

Originally published by BoingBoing

3 WAYS TO SHOW YOUR SUPPORT

ONE-TIME DONATION

Just use the simple form below to make a single direct donation.

DONATE NOW

MONTHLY DONATION

Be a sustaining sponsor. Give a reacurring monthly donation at any level.

GET SOME MERCH!

Now you can wear your support too! From T-Shirts to tote bags.

SHOP TODAY

Sign Up

Article Tabs

The recent decisions by two of the most influential national newspapers of record to not publish their endorsements of Vice President Kamala Harris says a lot about how seriously they take Trump’s threats to democracy and his promises of vengeance against his enemies.

On the eve of the historic November vote, it seems important to ask: What's wrong with men, how did we get here, and can we change this?

As Trump’s campaign grows increasingly bizarre, his team appears to be more tightly controlling his movements and carefully scripting his public appearances to minimize the negative impact his erratic behavior may have on undecided voters in swing states.

Throughout history, fascist governments have had a similar reliance on the use of lies as a weapon to take and retain power.

Former President Donald Trump is now openly fantasizing about deputizing death squads against Americans.

The recent decisions by two of the most influential national newspapers of record to not publish their endorsements of Vice President Kamala Harris says a lot about how seriously they take Trump’s threats to democracy and his promises of vengeance against his enemies.

On the eve of the historic November vote, it seems important to ask: What's wrong with men, how did we get here, and can we change this?

As Trump’s campaign grows increasingly bizarre, his team appears to be more tightly controlling his movements and carefully scripting his public appearances to minimize the negative impact his erratic behavior may have on undecided voters in swing states.

Throughout history, fascist governments have had a similar reliance on the use of lies as a weapon to take and retain power.

Former President Donald Trump is now openly fantasizing about deputizing death squads against Americans.

The DC political press have eschewed calling balls and strikes in favor of putting their finger on the scale for former President Donald Trump and the Republican Party.

Posted 2 months 3 hours ago

Former President Donald Trump is growing increasingly deranged, yet the media is asleep at the wheel.

Posted 1 month 2 weeks ago

On the eve of the historic November vote, it seems important to ask: What's wrong with men, how did we get here, and can we change this?

Posted 5 days 2 hours ago

Former President Donald Trump is now openly fantasizing about deputizing death squads against Americans.

Posted 3 weeks 1 day ago

The 2024 Republican ticket’s incitement of violence against Haitian migrants in Springfield, Ohio, is revealing in more ways than one.

Posted 1 month 6 days ago

Right wing organizations, tech bros, alt finance and big oil are all helping to promote a surge in far right politics that are destabilizing the global order, and could end democracies on both sides of the Atlantic.

Throughout history, fascist governments have had a similar reliance on the use of lies as a weapon to take and retain power.

Former President Donald Trump is now openly fantasizing about deputizing death squads against Americans.