Theresa May's War on Encryption: What this Means and Why It Won't Work

Theresa May's War on Encryption: What this Means and Why It Won't Work

Recent events have triggered new calls from the Prime Minister to challenge internet usage and introduce some form of regulation.

With terrorist attacks affecting Manchester and London just days apart, security has risen to the top of the political agenda. For the Prime Minister, much focus has been on regulating the internet and condemning major tech companies for not doing more to prevent potential attackers communicating with each other.

Experts from around the world have been quick to criticize Theresa May's approach, saying that this is short-sighted.

May's approach

Speaking after the terrorist attack in London Bridge at the weekend, the Prime Minister said internet companies should do more to make sure "safe spaces" for criminals are removed, referencing the end-to-end encryption used in apps like Whatsapp.

The impact of banning cryptography

Tackling cryptography simply wouldn't work, as it's something that is used by almost every internet user. From online banking to message apps and shopping websites, as well as all government websites, encryption is needed to protect sensitive information.

Cryptography isn't just something you can take out of the internet, not unless you want to significantly change how people all around the world use it. As anyone who knows anything about digital security will tell you, you need sophisticated cryptography to keep your online details private.

May’s ‘back door’ suggestion

If Theresa May was to introduce deliberately compromised cryptography, which has a secret back door for special services to use, then you essentially have no security at all. There are significant concerns about whether encryption can be made secure at all if there is any kind of back door.

It's hard enough to create airtight security systems online, let alone if you are building one with a very deliberate and well-known loophole. You are essentially introducing a flaw in the system and a way in for hackers that want to exploit it.

In the wake of the hacking scandal, where numerous police officers were implicated in helping newspapers acquire private information, there's also questions about whether so much trust should be placed in a single group.

There is no way to create something that only lets those with good intentions through, and criminals will eventually work out a way to infiltrate it anyway.

Marty P Kamden, CMO of virtual private network company NordVPN, told Forbes: "A backdoor gives away a lot of private information about each citizen, and puts big power in the hands of anyone who wants to take advantage of it."

This is only scratching the surface of the potential problems behind the Prime Minister's plan. To do so, would mean stopping everyone from installing software that comes from those outside the UK.

Problems with this theory

The best secure software is already free/open source projects, supported by independent programmers from all over the world and cryptographic signing ensures that there is a high degree of confidence that they haven't been tampered with.

To execute her plan, Theresa May would have to pull off something that no country in the world has managed to do, though the likes of Russia and Iran have definitely tried.

Once you have ordered the ISPs in the UK to block access to certain websites, you'd need to introduce something like China's Great Firewall to identify and block users from reaching programs that are banned.

A key part of internet protocols like IPv4/6, TCP and UDP is the ability to "tunnel" one protocol inside another. This means that determining whether items are in the white-list or the black-list is incredibly difficult.

However, even more ambitious than this is Theresa May's insinuation that she could deliver a mandate over which code operating systems developers in the UK are able to use.

The user impact

Apple and other tech companies have already created devices that only run software that they recommend and she could force them to block secure software with an act from Parliament. Countries outside her jurisdiction, like the US, are unlikely to also introduce this so anyone buying a device from outside the UK would have all the secure software intact.

Then there's the issue of open-source platforms, like Linux, BSD and other unixes, Mac OS X, and all the non-mobile versions of Windows. These systems are all designed to allow users to execute any code they want to run. Linux and other open platforms, which are widely used by IT engineers and administrators, makes it almost impossible to ban secure software.

Apple and Microsoft could be forced to stop security software in the UK but Theresa May would have to remove all the laptops, computers and other devices already in the country that could run a code she wants to ban.

With the imminent General Election, the focus on encryption could just be a scapegoat for the Prime Minister who has been heavily criticized for cuts to police forces in the wake of recent attacks. Her war on encryption would be difficult to enforce and would be challenged at every stage by human rights groups, making it unlikely to come into reality.

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals. To view more IT content, click here.

Insights for Professionals