Sunday, 28 May 2017

No way for terrorists to safely communicate!

[This blog also on YouTube - I wonder which people prefer]

Once again we hear the call for there to be no safe place or safe way for terrorists to communicate.

I will try and explain the problems with this sort of comment as simply as I can, and without any sort of technical waffle.

Which are the terrorists?

If you are saying that only terrorists are not allowed a way to communicate safely, but that us normal non terrorists are allowed to communicate safely, you have to be able to tell them apart somehow.

How would you do this? And when you have identified those terrorists how do you make sure that they are not going to communicate like non terrorists. Do you given them some notice that they are now summarily deemed to be terrorists and denied access to all secure communication? How would it work? Would access to secure communications have a licence, and you can revoke it for anyone that is a suspect? Such a process to revoke a licence could not have proper due process to prove a crime, else, having proved a crime you simply lock them up and deny communication that way. You'd have to have a way to revoke peoples secure communications licence on mere suspicion without any due process or proof of a crime. A nice society in which to live?

And how would you tell they are terrorists before they do anything bad? Is it by what they communicate? Well, if they are using the safe communication systems reserved for non terrorists then you do not know what they are communicating, do you?

Basically, the only way the phrase makes sense is if it is "No way for people to safely communicate".

That seems a bit more extreme, but please, if that is what you mean, as a politician, please say it. Say that you do not want any way for PEOPLE to communicate safely, because you know full well that there is no legislative or technical way to only apply your restrictions to terrorists.

Of course, it could be that only approved people will be able to communicate safely. The elite who have passed positive vetting. Only they will be allowed access to secure communications. Only they will be able to use a credit card on an on-line shop. If that is what politicians are wanting - say so.

Who can see the communications?

The issue with safe or unsafe communication is if you are communicating safely, there is no way for someone else to see the communication, just the intended party or parties.

So, if we are saying that there is no safe communication, we mean that someone else can see the communications, but who?

The answer, of course, is "good people". By which I am sure a politician will say is people who have suitable legal authority with necessary warrants and accountability, and so on. But at the end of the day it is "good people" rather than "bad people".

Even ignoring some of the technical issues, you have the issue of who is "good" and who is "bad"? If a UK newspaper editor sends a WhatsApp message to a journalist in Korea, it is OK for the Korean government to monitor that too I assume, as well as the UK government? Maybe it is... Who is "good" and who is "bad" depends on your viewpoint.

But sadly there are more "bad people" out there - and we have seen, over and over again, that any sort of "back door" to allow monitoring communication can, and will, be exploited by others. Hackers, criminals, people working in the intermediate companies that have been bribed. Lots of people.

This is partly why safe communication is expected for accessing a bank or a merchant where you want to use a bank card, even if that merchant is not in the UK and you are using a form of "end to end encryption" from your computer to theirs.

Will criminals obey these laws?

This is another issue with all such laws. People (even criminals) can encrypt messages themselves. It can be done using pen and paper and done in a way that nobody, not GCHQ or NSA, can decode. How do you outlaw that? There is also a way to hide the encrypted communications in other messages in a way you cannot tell if it is there - so banning all encryption would not actually stop someone sending coding or encrypted messages, simple as that.

So, whilst such moves would stop all of the normal, non terrorist, people using safe communications, there is no reason to think it will stop terrorists using safe communications which they can make themselves (whether using computers or, as I say, just pen and paper).

Stephen Fry calls it technophobic-canutisim!


4 comments:

  1. TL;DR: Much prefer the text blog post.

    I'm finding that too much of the world's news content is going photo and video. I take in information better as text, I can read it at my own rate, or skim it or just read a conclusion and decide which other bits of an artical are actually interesting to me.
    Video comes at it's own rate, is either too fast or too slow. Unlike a lecturer, it can-not react to its audiance. It is hard to skip back and refer to a prior section for reference.

    Video may be a much higher bandwidth interface to a human, but it is constrained to a tiny window of the interface bandwidth, and I do not believe that the information density is generlly any higher for most purposes (exceptions exist, describing the motion of a delta printer is much easyer with a video).

    They say a picture paints a thousand words, how big is that picture on disk? How big is a thousand words in plain, uncompressed text on disk?

    How big is the youtube video of this blog-post? Does it contain any other relevent information that is not in the text version due to not being possible to convey in text alone?

    Sometimes video is great, when there is something to see or be shown, but only if it can't be effectively shown by text and images, and only text and images if it can't be shown by text alone.

    Sorry for the rant, other-peoples prefered information intake mechanism will differ (big problem with schools there forcing people to all try and learn the same way - but that is a different rant).

    Richer input mechanisms are a tool. A very pretty and shiny tool, that can oftern be used to do all sorts of communication and education tasks, but that should not stop the process of choosing the right tool for the job.

    cli or gui - it depends...
    hammer or screwdriver - it depends...
    walk or drive - it depends...
    text, audio or video - it depends...
    methods of ranting... don't use mine, I jast lack tooks to put arguments together better!

    Thank-you for your time.

    ReplyDelete
  2. /pedant mode on....

    There's no such thing as PV Adrian & hasn't been for over 20 years. Its called "Developed Vetting" now and is actually a bit more thorough than the old PV. More online checks (and probably shitloads more data stored now) means it also doesn't take the 5-10 weeks the old system took.

    /pedant mode off...

    ReplyDelete
  3. The text is much better: I agree with Edward Hull. Video runs at it's own pace: for anything technical (especially something that contains steps, or is aimed at an audience of differing experience/ability) it will bore the experienced peoplein places, and rush the unexperienced at others. Text (maybe with screenshots/diagrams) is easy to re-read short sections of.

    Great article, by the way. You should link to your demo of encryption with paper and pen.

    ReplyDelete
    Replies
    1. I am thinking of re-doing that demo to make it simpler and clearer...

      Delete