The European Convention on Human Rights protects the right to respect for private life, the home and correspondence. This includes protecting the privacy of messages, phone calls, and emails.
But UK and EU governments are trying to break that right in various ways.
So some thoughts.
- Encrypted communication is a thing, it exists, it cannot be banned, it is just maths. I have done a nice video on how to make an uncrackable entirely manual encryption (one time pad) here.
- Criminals can use encryption. My video is an extreme example, but in practice the tools to do this electronically in many effective ways exist and can be used by criminals, and MPs.
- There are even ways to use encryption in a way that is mathematically impossible to prove you are doing - steganography - where there is no way to tell your encrypted messages apart from random noise in say an image or video.
What this means is that even slightly savvy criminals are safe. The tools all exist and are easy to use. The only issue is if non criminals like you and me can expect that right to privacy.
The Investigatory Powers Act (on which I commented, and was a witness at parliament) did, and does, try to crack encryption as a legal process, maybe, the wording is not ideal. Apple's news on this is one of the key examples. Not the first and not the last, and not something that actually tackles criminals using encryption, it will just make normal people way less safe. Remember criminals can use encryption!
One of the challenges for most normal people is how to use encryption. Most people do not care, or know, why they should even. But there are many ways. The old school ways are using PGP email, which is complex but that is no longer the case. There are many apps and ways to communicate securely, and the obvious ones are things like iMessage (for now). Apple designed it to be secure. But also WhatsApp and Signal.
The problem is that any organisation operating any messaging system that is secure is subject to secret orders from governments to impose back doors.
There are even calls for scanning content for illegal material, which only works if a service has access to the content. This has so many problems, apart from breaking basic human rights. And, I remind you that the "bad people" with "illegal content" can always encrypt what they do anyway, and even secretly if they want to. They actually have an incentive to take the extra steps that normal innocent people do not. The only problem is removing privacy for normal people.
So now to come to the main point of this blog...
Delta Chat
This is an app that works with email, it connects to your provider's email server (not all providers work, but many do, using IMAP and SMTP), and allows a more traditional style messaging app that makes encrypted communications simple.
It is clever, well done.
What is extra clever is this is just an email client. It is not a service that is subject to either Investigatory Power Act or Online Safety Act. Indeed, the latter explicitly excludes email, a term OFCOM consider everyone understands (really!).
But it makes secure encrypted chat a thing anyone can do, easily, in a way that legally there is very little that can get in the way.
So worth considering.
Muddled?
I have been advised this is all a little muddled, and I agree.
- IPA issues with Apple in the middle of OSA coming in to force
- OSA not applying to email, but OSA is not directly an encryption thing, probably.
- EU trying to do content scanning which means service providers having access to content.
