Don't let politicians use the excuse of murderous assholes to scapegoat the internet

Theresa May launches her latest attack on end-to-end encryption.

Don't let politicians use the excuse of murderous assholes to scapegoat the internet

As we're all aware, a number of people - including children - have been murdered by a bunch of complete arseholes in London and Manchester.

The most recent attack occurred in London on Saturday night, and with a General Election just days away it was inevitable that some politicians would steer the horrific events in an attempt to win some votes or damage the reputation of their rivals.

We even saw the US President try to bring the UK's tough gun laws into the argument (although clearly the killers would have been able to murder many more people if they had been equipped with machine guns rather than knives and a white van).

The Conservative party, which is the bookies' favourites to win the election and return Theresa May as Prime Minister, have taken the opportunity to beat a familiar drum: it's the internet's fault.

According to a speech given by Theresa May this weekend, "enough is enough":

"We cannot allow this ideology the safe space it needs to breed. Yet that is precisely what the internet, and the big companies that provide internet-based services provide."

"We need to work with allied democratic governments to reach international agreements that regulate cyberspace to prevent the spread of extremist and terrorism planning. And we need to do everything we can at home to reduce the risks of extremism online."

Notice there is no call for the banning of knives or white vans.

Home Secretary Amber Rudd has predictably chimed in, echoing her leaders' position, telling the media this weekend that internet companies need to work with the authorities to "limit the amount of end-to-end encryption that otherwise terrorists can use."

Good luck with legislating the internet, or preventing people from using end-to-end encryption for their online communications. Let me know when you've managed that one.

And what is meant by "the amount of end-to-end encryption"? Surely something is either end-to-end encrypted or it's not?

Even if the UK government was able to force tech giants to weaken the security of their products by incorporating backdoors into their communication services, what does that actually achieve?

Anyone who cares about their online security and privacy would simply use other services to communicate that haven't given in to the UK government's demands.

How is the UK going to block Britons from downloading end-to-end messaging software from websites beyond the UK's control? How will it prevent Brits from compiling free open source apps if they care about their privacy?

And that's before you raise the spectre that any weakness in end-to-end encryption opens opportunities for organised criminals and state-sponsored hackers to exploit the same backdoor to spy and to steal.

Some British political parties are portraying the internet and encryption as convenient bogey men, blaming them for acts of terrorism rather than asking more difficult questions about whether the country has made mistakes in foreign policy, made too many cut-backs in policing, or been too willing to turn a blind eye to the activities of other countries in the hope of doing business.

Encryption isn't a bad thing. As I've described before, encryption is a good thing, and we shouldn't be looking for ways to weaken or outlaw it. If anything, we should be encouraging its wider use.

Anyone who tells you different is either ignorant of how end-to-end encryption (and presumably any modern technology) works, or is simply engaged in political grandstanding in a last-minute attempt to appeal to non-technical voters.

Stop press! Woah! A UK politician has actually said something sensible about internet surveillance. Shame that his party is unlikely to win on Thursday.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

22 Responses

  1. drsolly

    June 5, 2017 at 3:54 pm #

    Someone on my blog put it nicely.

    A) Something must be done.
    B) Putting a backdoor into encryption is something.
    C) Therefore, it must be done.

    • Mark Jacobs in reply to drsolly.

      June 6, 2017 at 11:56 am #

      A) Something must be done.
      B) Arming all known terrorists, funding them and training them is something.
      C) Therefore, it must be done.

  2. Chris Pugson

    June 5, 2017 at 4:30 pm #

    Traffic analysis of the Internet would surely yield incredibly useful data without need to decrypt. Gordon Welchman made much use of traffic analysis at Bletchley Park. Traffic analysis was valuable in its own right but especially vital when the decryption data for German communications were temporarily unavailable.

    Someone please say that Internet traffic analysis is already being done on the same lines as 70+ years ago at Bletchley Park but nowadays employing vast modern IT resources. I would be astonished if it is not but I have never heard or read that that is the case.

  3. Roger Leyland

    June 5, 2017 at 11:41 pm #

    Good article. This says it clearly for me:

    http://telegra.ph/Dont-Shoot-the-Messenger

    The politicians just don't understand (or worse)

  4. Mike NI

    June 6, 2017 at 11:10 am #

    I respect this blog but please stick to cyber security and do not claim to have any knowledge of gun control until you know what you are talking about.

    Saying things such as "although clearly the killers would have been able to murder many more people if they had been equipped with machine guns rather than knives and a white van" is ignorant, completely incorrect, and just continues the illusion that we do not need to protect ourselves. We DO need to be able to protect ourselves. It is in our constitution unlike having access to the Internet.

    They will take everything from us if we let them. Stop supporting them when you are talking against them at the same time. Thanks

    • Graham Cluley in reply to Mike NI.

      June 6, 2017 at 11:46 am #

      Mike, you've got your view about gun control and I've got mine. I've had my little rant and you've had your opportunity to respond. :)

      We can agree to differ in an amicable way I'm sure, and I hope it doesn't ruin your enjoyment of my computer security content.

      BTW, can you send me a link to the constitution as I'd like to read it.

      • Steven Richardson in reply to Graham Cluley.

        June 7, 2017 at 12:17 am #

        Very good article Graham, but like Mike I do have to take exception to the gun reference. I do know about the English view of an armed citizenry. What Mike is referring to is the 2nd amendment to our constitution as follows from Wikipedia.

        The Second Amendment (Amendment II) to the United States Constitution protects the right of the people to keep and bear arms and was adopted on December 15, 1791, as part of the first ten amendments contained in the Bill of Rights. The Supreme Court of the United States has ruled that the right belongs to individuals, while also ruling that the right is not unlimited and does not prohibit all regulation of either firearms or similar devices. State and local governments are limited to the same extent as the federal government from infringing this right per the incorporation of the Bill of Rights.
        The Second Amendment was based partially on the right to keep and bear arms in English common law and was influenced by the English Bill of Rights of 1689. Sir William Blackstone described this right as an auxiliary right, supporting the natural rights of self-defense, resistance to oppression, and the civic duty to act in concert in defense of the state.
        In United States v. Cruikshank (1876), the Supreme Court of the United States ruled that, "The right to bear arms is not granted by the Constitution; neither is it in any manner dependent upon that instrument for its existence" and limited the scope of the Second Amendment's protections to the federal government. In United States v. Miller (1939), the Supreme Court ruled that the Second Amendment did not protect weapon types not having a "reasonable relationship to the preservation or efficiency of a well regulated militia."
        In the twenty-first century, the amendment has been subjected to renewed academic inquiry and judicial interest. In District of Columbia v. Heller (2008), the Supreme Court handed down a landmark decision that held the amendment protects an individual right to possess and carry firearms. In McDonald v. Chicago (2010), the Court clarified its earlier decisions that limited the amendment's impact to a restriction on the federal government, expressly holding that the Due Process Clause of the Fourteenth Amendment incorporates the Second Amendment against state and local governments. In Caetano v. Massachusetts (2016), the Supreme Court reiterated its earlier rulings that "the Second Amendment extends, prima facie, to all instruments that constitute bearable arms, even those that were not in existence at the time of the founding" and that its protection is not limited to "only those weapons useful in warfare".
        Basically, if that had happened in say Houston, more than likely there would have been an armed citizen amongst the crowd that would have limited the amount of carnage by taking out the terrorists before the police even arrived.
        Just for the record, not everyone carries a gun in America, but those of us that do are vetted by the FBI, State, and local police and have been trained. Criminals by definition will always be able to get the arms they want despite any laws.
        Now let us agree to disagree and continue on with your great content.
        Cheers

  5. Erich Honecker

    June 6, 2017 at 11:17 am #

    While doing some computer related work, I was streaming the PM's press statement and it immediately struck me: "she's actually asking for a crackdown on liberties!".

    Well said, Graham!

    Tim Farron put it exactly the right way: “The alternative is a government that monitors and controls the internet in the way that China or North Korea does. If we turn the internet into a tool for censorship and surveillance, the terrorists will have won. We won’t make ourselves safer by making ourselves less free.”

    Theresa May shouldn't be wishing for a system the Stasi could have only dreamed of. We would be giving up our way of life, period.

  6. Simon

    June 6, 2017 at 11:25 am #

    I enjoy your blog but please don't try to get involved in British politics or try to influence people away from voting for the Tories. There is much more at stake right now and whilst encryption is very important to me (I work in cyber ops), other issues such as Brexit are extremely important and other parties are simply not capable of taking on that task. We know the parties are using this to push their unwanted policies but we're left with little real choice. We've all got difficult decisions to make right now and could do without outside influence please.

    • Graham Cluley in reply to Simon.

      June 6, 2017 at 11:43 am #

      I'm not telling people which way to vote.

      But I will tell folks when I believe politicians of any side are talking nonsense about computer security and privacy. I've done it about American politicians, and I don't see why I shouldn't do the same with British politicians.

      I know it upsets some people, and I'm sorry about that.

      • drsolly in reply to Graham Cluley.

        June 6, 2017 at 5:10 pm #

        You shouldn't be sorry about upsetting some people. Because whatever you say, or fail to say, you will upset some people.

      • Steven Richardson in reply to Graham Cluley.

        June 7, 2017 at 12:40 am #

        Graham, I think the time for Political Correctness is passed. Please continue on.

  7. Michael Ponzani

    June 6, 2017 at 1:33 pm #

    I don't believe in gun control, though I'll admit unrestricted ownership of guns is self limiting due to the costs of the more exotic weapons. If most people had guns many of these terrorist attacks could have been prevented or nipped in the bud. Terrorists never seem to attack police firing ranges or military bases engaged in live firing exercises.

    • drsolly in reply to Michael Ponzani.

      June 6, 2017 at 5:12 pm #

      Universal gun ownership hasn't yet stopped the daily mass-shoootings in the USA.

      Perhaps you need even more guns.

      • Steven Richardson in reply to drsolly.

        June 7, 2017 at 12:25 am #

        If you will notice, most of the attacks in the US have taken place in "gun free" zones and places where we as legal carriers cannot go, schools, etc. And please be aware that thankfully we do not have "daily" mass shootings.

        • drsolly in reply to Steven Richardson.

          June 7, 2017 at 8:15 pm #

          You're right! Children in schools should be issued with firearms as they enter the school, and part of the curriculum should be "How to identify and kill the bad guys."

    • Arnold Schmidt in reply to Michael Ponzani.

      June 6, 2017 at 7:22 pm #

      The problem with more people carrying weapons is twofold: first, how do you tell the good guys from the bad guys; second, where do you draw the line- no weapon larger than a machine gun, or maybe a bazooka are allowed? Once you open the door to unrestricted carrying of weapons, you will eventually have to deal with more violent, unprovoked incidents, causing more injury and death, not fewer ones.

      • Steven Richardson in reply to Arnold Schmidt.

        June 7, 2017 at 12:36 am #

        The bad guy is the one waving his weapon around and screaming "give me your money" and the good guy is the one taking him out. As to your second statement, there are laws restricting automatic weapons, explosives, RPG's, etc., but a criminal by definition does not follow the law.
        Many of our anti-gun people have used the same argument and have been proved very wrong by crime statistics dropping in states that are favorable to gun owners.
        The common criminal is going to use a weapon easily available and will not/cannot get it through legal means, ie. stolen.

  8. drsolly

    June 6, 2017 at 5:12 pm #

    Your headline is wrong. They aren't assholes, they are arseholes.

    • Steven Richardson in reply to drsolly.

      June 7, 2017 at 12:38 am #

      I can think of many more references for these type of people, but the one I most prefer is DEAD.

  9. Kwaz

    June 6, 2017 at 6:24 pm #

    Backwards.

    Don't use the internet as the excuse for the behaviors of hair triggered murderous azzholes. If you claim reading something off a computer screen triggers murder then they were long ago radicalized.

  10. Jim

    June 9, 2017 at 1:15 pm #

    I would have thought the monitoring of the internet by security would be a better solution, rather then warning terrorists in advance that their communications are going to be monitored.

    Correct me if I'm wrong but Britain had bombings from IRA and their wasn't much internet then.

Leave a Reply