Theresa May has said that there must not be a safe place for terrorists to communicate. David Cameron has gone further and said that we cannot allow any means of communications which cannot be read, [telegraph article] and so presumably means that the 64 million of us in the UK that are not in fact terrorists are not allowed to communicate privately either. Sadly Obama has joined in [here].
I was horrified, really, that our servants, the government, are really saying that we cannot talk privately any more. That is just police state gone mad.
I was also horrified at the heckling and stupid answer that Julian Huppert got when he asked Theresa May about this. It shows that the people in government, who run this country, really have no clue what these statements actually mean.
Obviously, the people I deal with immediately think of how stupid this is in light of the technology we use every day. We understand the usage of encryption (keeping secrets) done by computer systems in our daily lives. Each and every one of us use secret communications that the security services cannot see when we access FaceBook, or Google, or even The Conservative Party Website! We are doing exactly what David Cameron has stated, in no uncertain terms, must not be allowed for any of us (not just terrorists) to do. We also know that any attempts to achieve what they are saying, no matter how stupid, would not actually stop criminals and terrorists. It is like passing a law that says "If you are a terrorist, you must send a copy of all your plans and communications to firstname.lastname@example.org". It is stupid. It is us, the ones that are not terrorists, that stand to be impacted by this stupidity. Terrorists won't care.
But I want to try and take technology out of this debate and explain just how stupid this is in terms that anyone can understand. I have made a video [here], and I explain below, a means of communications that anyone (including terrorists) can easily use; a method of communication that cannot be read; something that is absolutely what Theresa May and David Cameron say must not be allowed. I am not being extremest here - every one of you does far more complex stuff every time you visit FaceBook, remember that!
The system is called a one time pad, and it is uncrackable. This may look like child's play, but I can assure you that if the NSA or GCHQ intercepted your communications using this then they could not crack it as long as you have done what I say and made sure the keys are secret and safe. I'd be surprised if this is not millennia old, but the concept was first published in 1882 relating to secure telegraph.
This is not difficult - and it is fun for all the family - why not try it with your kids? If could teach them important tools they may need if this government have their way.
Let's take is step by step...
- Before you start you need keys. In my video I have made each key a separate sheet of paper and printed with blank boxes by each character. In the spirit of SMS I have made the keys 160 characters long. You will need a set of keys for future messages, with each key twice, one kept by the sender and one by the recipient. I made the keys using a computer program, and you could get from a web site [here] but that means the web site operator may have your key, so not safe (unless you are just doing this for a bit of fun). Running the software yourself is better, but you can just use a pair of dice! You do not need a computer. A couple of dice and some squared paper and a pencil, that is all.
- You need to make sure the sender has a set of keys and the recipient has the same set of keys, and that nobody else has seen the keys or has a copy or has access. Each of you should keep them safe, perhaps in an actual safe even. This does mean meeting up face to face at some point, but this can set up secure communications for the future. You may want to agree a way to tell each other that your keys have been accessed, some suitable message like "my keys have been seen by someone else" in a text! NEVER LET ANYONE ELSE SEE THE KEYS!
- When you want to send some critical message, such as the date and time of an attack you are planning (don't attack people, that is not legal), you pick one of the key sheets. You can pick it at random, as it happens, and I'll explain how the recipient knows which you used.
- You write your message over the key letters on the sheet, but start with say 4 spaces. (We didn't do this on the video) Make sure you don't have other paper below as it could leave an impression when you write (a mistake we make on the video)
- For each letter in your message you also have a key letter. Using a simple addition table or wheel you add the two letters together. You look up the message letter on one side, and the key letter on the other, and find where the lines cross to get the output (coded) letter and write that down.
- For this purpose I have created a sheet with an alphabet of 36 characters in total, being A-Z, 1-9 and a space. To avoid misreading multiple spaces we are treating a space as a * in the final message sent, and to avoid confusion as well as making it a nice number to use with two dice, we have made O and 0 the same. A simple addition sheet can be found here. You could make different decisions on the alphabet to use and so on.
- For convenience, in my addition sheet, the space (or *) is added as a zero value, and so does not change the other letter (unlike the video). That means any spaces in your message you just write the key letter down unchanged - this saves time, but it also means your final message starts with 4 key letters as per the sheet. You should also have spaces on the end, so also writing the key letters again, either a random extra number of spaces, or perhaps all the way to the end of the 160 characters every time. This hides the length of your true message.
- You send the code letters to the recipient. This could be by text, but remember, this coded message is not secret - so you could just tweet it, or write it on a post-it note, or graffiti it on the side of a building (don't do that, it is not legal either). As long as the recipient knows where to look for the message that is fine.
- The sender now destroys the sheet, destroying your message and the key. NEVER EVER USE THE SAME KEY SHEET TWICE.
- The recipient can use the first 4 letters to work out which key sheet applies as they were coded as spaces. When making the key sheets you may want to avoid duplicates in the first 4 letters.
- The recipient writes the coded message on the sheet, and then works through the characters. This time, you find the key letter row, and follow it along to the coded letter, then go up/down to the letter at the end of the column and that will be the original message letter. Write that down on the sheet. You will see spaces easily as they have the coded letter the same as the key letter and so the padding spaces at the end are simple to spot and ignore.
- At the end you will see the original message on the sheet. Read it and understand it.
- The the recipient destroys the sheet, destroying the message and the key.
The one time pad does have some issues. The main benefit is the simplicity and total security it offers, but the down sides are that you have to pre-exchange some keys, you have to be sure the keys really are random, and you have to be sure to keep the keys totally safe. If you can do that, then you have a means to safely communicate privately (even if you are not a terrorist).
Now, computers can do a lot more, and have ways to avoid the sharing of keys like this, but authenticity of sender and recipient are always issues in any system. Using computers it is even possible to actually hide the fact that the message is coded in some way, so you are not looking suspicious by sending gibberish texts. However, I hope this shows how simple it is to do what David Cameron and Theresa May actually want to ban, and how pointless any such ban would be. The damaging effects of any sort of measures they take could be massive though, and that is why we have to stop this proposal at the start and make them understand that:-
- we have a right to communicate privately,
- we have the technology (pen and paper) to communicate privately, and
- we will communicate privately (and so might terrorists).