Why David Cameron’s crusade against encryption could backfire on business
One so-called expert in terrorism and one person who claims to be able to tackle it embarrassed themselves this week. The first was a hapless Fox News commentator, who had convinced himself that Birmingham was an outpost of the Islamic State, sparking hilarity in the Twittersphere. The second was none other than David Cameron, who apparently announced his intention to revive the Snoopers’ Charter and ban encrypted communication. Cue more hilarity, and headlines suggesting that he wanted to block WhatsApp.
Despite being mistaken for Cameron on an almost daily basis, I have no special insight into his thinking. But I strongly suspect he was not really suggesting we all abandon encrypted communication; rather, he wants it to be accessible to the security services.
The security services have said as much. In November last year, Robert Hannigan, new head of GCHQ, declared that certain social networks had become the “command and control networks of choice for terrorists and criminals”, lamenting the fact that encryption techniques that were “once the preserve of the most sophisticated criminals or nation states now come as standard”.
This is the problem. Over time, technology gets better and cheaper, and more people have access to all sorts of gadgets and gizmos. The vast majority of people use the technology to make life more comfortable or convenient, but there are always a few who will misuse it. The test for our politicians is whether they can respond appropriately with laws and regulations which stop the bad stuff from happening, without cancelling out all the benefits or suffocating further innovation.
The increased popularity of drones is a case in point. In France, the authorities have clamped down heavily on them. Try Googling “Nancy vu du ciel” and you’ll find a beautiful YouTube video taken from a drone over the town of Nancy. Its teenage creator ended up being prosecuted for flying a drone without a licence, and over a built-up area without permission. These two laws may be perfectly justifiable, but perhaps they aren’t having a positive impact on drone innovation in France.
So what does this have to do with encryption and terrorism? As more data is transmitted over more networks, it is essential that businesses can innovate and discover new ways to keep that data secure. The more regulation we have imposing obligations on companies to store transmitted data, or make systems accessible on demand, the more cumbersome the development process will become. Instead of security experts having the final say on the effectiveness of a new security tool, it will be down to the lawyers to determine whether it complies with anti-terror laws. Moreover, if back doors are created to allow for government surveillance, these will be obvious vulnerabilities, exploitable by the same bad people these laws are trying to stop.
Much as anti-money laundering rules have caused huge inconvenience for people when opening a bank account or getting legal advice, any laws or regulations around encryption and data preservation are likely to place a huge burden on legitimate technology businesses, which have no reason to be caught up in them. It is this sort of cack handed intervention which could undermine the sterling efforts this government has made with tech companies in the UK, and drive away our best talent to countries which have a better environment for innovation.