Is banning encryption a crazy plan or an absolute necessity? The reality is much more complicated than that

David Cameron's impossible dream ignores the realities of communication in a hyper connected world.
Written by Steve Ranger, Global News Director

Comments this week by UK prime minister David Cameron have re-ignited the debate about how to weigh individuals' online privacy against the needs of law enforcement to be able to detect and prevent crime.

"In our country, do we want to allow a means of communication between people, which even in extremis, with a signed warrant from the home secretary personally, that we cannot read?" said Cameron in a speech. "Up until now, governments of this country have said no, we must not have such a means of communication."

These comments have been widely interpreted as an attack on encrypted forms of communication and services such as WhatsApp or Snapchat that put messages beyond the reach of police and surveillance agencies.

The government's basic argument is relatively straightforward: no one should have an absolute right to privacy when they are planning a terrible crime. Few would disagree.

However, a move like the one Cameron implies is all but impossible to put into practice - it would presumably require all providers of such communications services to put servers on UK soil or decrypt all traffic so that it was accessible to law enforcement.

Few international companies would be willing to accept such demands; few would be willing to provide a backdoor into their systems for one government in such a way, if only because it could compromise security for all its customers.

And, as with most of these measures, most of the organised and smart criminals Cameron hopes to target will easily find ways around such moves, such as black market services that don't feel obliged to follow any new laws on encryption Cameron may bring in.

Cameron's words have also been taken to mean he hopes to bring in legislation banning encryption more generally. That would be almost entirely unmanageable and would have an even more chilling effect on our use of technology in general, from using credit cards online to corporate email. There are plenty of excellent reasons for using encryption, meaning such a broad ban would be a terrible, terrible idea and also fortunately utterly unworkable (Cory Doctorow has a good summary of why).

Cameron's comments are a dose of early electioneering, and bit of cyber sabre-rattling, but they ignore the nuance and the realities of communications in a connected world.

But, just as it's wrong to get too over-excited about a few lines in a speech, it's also wrong to dismiss them. Cameron has pledged to take action if elected, presumably in the form of a revamped Communications Data Bill which will be needed to replace the emergency Data Retention and Investigatory Powers Act which will expire next year.

Few would disagree that there has to be a trade-off between privacy and security. The question is when, and how. As no intelligence agency or police force can ever have total knowledge, perhaps aspiring to it is the wrong approach. It's entirely possible to argue that GCHQ and other surveillance agencies don't need ever more data, they need ever better intelligence: making the haystack bigger doesn't always make it easier to find the needle.

The fundamental issue is one of trust. The revelations from Edward Snowden have certainly shaken trust in surveillance agencies, and have undoubtedly and inadvertently accelerated the use of encryption by tech companies. Perhaps if the surveillance agencies hadn't embarked on mass surveillance projects in the first place, they wouldn't find it so hard to track criminals now.

The public needs to be convinced that to prevent crime more of their privacy needs to be taken away. And beyond that, the government needs to prove that it can be trusted with access to our communication.

Read more

Editorial standards