Catching The Cat

On the subject of encryption that’s getting so much press, one of my friends asked me what the PM was thinking. While we don’t actually call each other up and thus I have no idea what’s she’s thinking at any given moment, I may have an idea of how she’s thinking:

Simply put I suspect it’s a call for options. When you come up against an intractable problem you begin with an impossible answer. It’s an old methodology.  One that most of us were taught in school because we grew up before we could Google for everything. To get people out of their comfort zone you have to push them in unreasonable directions. I expected various technology groups to come up with options but so far all we have is people screaming and making a lot of noise.

One of the best ways to stop insurgents operating in this or any country is to disrupt communications – that’s hard to do because of encryption.

Encryption is the mainstay of much of geopolitics, commerce and humanity from the dawn of the common era. It’s is a boon and a curse. Over the last fifty years we have become extremely dependent on it and its usefulness. However, all these technologies of today were invented in isolation from reality in a past sure of the goodness of all men.

The problem is that those charged with developing these protocols have become used to the constraints of the technology and we need to think beyond them. At one time these technologies were the privilege of the developed world. However as ubiquitous technology opens the doors to more and more people our enemies use these techniques against us. The answer so far from the technology community is “it can’t be done”, where “it” refers to back doors in encryption. That’s not an acceptable answer because it’s not addressing the question.

When the government drafts an outrageous bills it’s looking for constructive responses. It’s asking for more effort from the subject matter experts to evaluate the real objectives.

The very idea of encryption is because we don’t trust anyone. Thus it’s impossible to accept that we should allow those who work against us to use our own technology against us.

While the ultimate decryption key is a sharp knife to a nerve cluster, that kind of behavior applied wholesale leads to a dark and dismal future and isn’t always a viable option. We’re still waiting for our technology experts to come up with an answer but many seem so enamored with their toys they can’t see past them.

Encryption is a tool.

A tool is used to execute an answer to a question.

The question is Security.

Isn’t it?

There’s an interesting blog post by Mythic Beasts on why encryption is vital. They seem to be missing the point. Everyone knows encryption is vital to the continued economic deliverable of the Internet as well as basic technology security.  While this blog post is an obvious political statement, we were rather hoping for options. Turning around and telling the wider society that the cat is out of the bag and that’s just tough is a stupid and arrogant thing to do. We’ve unleashed this double edged sword and we can’t put it back in the sheath but we must have more of an answer if we’re not to look like complete idiots to the rest of society. Like a child that spills their milk but just pouts and won’t clean it up.

When we look for an unreasonable answer this kind of response isn’t wan’t we’re expecting from people who should know better how to handle intractable problems.

So far there’s been little option provided which seems to suggest everyone is happy with the knife and nerves option.

Which is dumb.

So here, in clear and plain terms, is the question:

Given that encryption is easy to acquire and utilize, given our enemies have the access to same technologies as us, what are the options available to our society to ensure we are able to disrupt encrypted command and communication channels our enemies use whilst maintaining our freedoms to use it?

We all know we can’t put the cat back in the bag. I refuse to believe that a trillion dollar discipline such as ours can’t come up with some feasible answers that don’t involve the road to perdition.

If this is too tough a question for us, perhaps we’re not really worth the fuss.


  1. I’m seeing some subtle mental gymnastics in trying to defend the conservative agenda here; The article isn’t outright saying “we must stop encryption”, but instead going the route of “yeah we see that encryption kind of matters, but how about we still think of a way to stop encryption”. This is precisely the type of ignorance manifested by those authoritarian politicians, who refuse to understand that indeed “the cat is out of the bag and you can’t put it back in”. The thing is though, you don’t need to; Issues like terrorism happen in real life, they are practical physical attack, they are rooted in deeper issues of society… some pixels on a screen are not why terrorism exists! Focus on actual solutions to the problem, instead of using the problem as an excuse to find solutions to false problems in different domains and other agendas.


    1. As a society we need to address how we use and regulate technology. Encryption in the right hands leads to eCommerce, freedom of speech, security. In the wrong hands it aids people who want to kill us to do just that. There’s a reason why we introduced driving licences, drink driving legislation, dangerous driving laws. No one sane in the Tory party is trying to ban encryption. We’re trying to start the conversations around how we make people responsible and accountable for their use and abuse of modern technology just like we make people accountable for their use and abuse of motor vehicles. We have to find some principals we can apply and adapt. Encryption is nothing compared to what’s coming and if we’re not ready to integrate that into our society responsibly then we’re all in a lot of trouble. Technology is not society. It is a tool which can be used to the benefit of all. It is a tool which can be used to the detriment of all. Don’t focus on terrorism alone though. It’s one thing. Terrorism has existed as long as one two different people have had differing ideas and one got the upper hand. It’s one facet of a bigger problem of a set of modern tools without any accountability and responsibility. Freedom is not free. It demands responsibility and accountability. Those are the questions we have to ask and try and work through as a society. The technology industry doesn’t not get to make that choice for the rest of society. Encryption can’t be stopped and it shouldn’t be but that doesn’t mean we don’t look at the challenges and apply the learnings goi forwards.


      1. A website on the internet is not a motor vehicle nor an alcoholic drink, as some politicians see to have correlated; Your examples relate to physical items, which can pose clear obvious and immediate dangers… the internet is a medium for sharing information, which people interpret and take actions based on. To classify something spoken on the public internet as a danger, one must imply that people aren’t capable to think for themselves and will be simply brainwashed by a screen, as well as implying that an authority knows what’s best for us to see and to think which is the start of most tyrannical regimes! If someone commits a terrorist attack, it’s not because they were remote-controlled through the internet to do it, but because they have taken this choice… something that is exclusively their decision, and many mediums and factors could have led to.

        The issue isn’t exclusively about terrorism anyway; The concern of online extremism has been mixed with other unrelated matters… including a ridiculous war on porn, somehow revived in the 21th century for reasons beyond my reasonable comprehension. This sort of thing further makes me believe we’re talking about a war on freedom and imposition of personal ideologies, because governments don’t want their citizens to have too much they can enjoy without knowing that Big Brother is there with a mace ready to interfere into every aspect of their life. This kind of tightly controlled world is the type of world I wish to see demolished and never brought up again, precisely as much as I wish to see groups like ISIS defeated and gone forever.


      2. Would you stop missing the point. These things you talk of are simple examples of a wider problem coming around the corner. A war on freedom. Right sure. Because telling someone they have to be responsible or and accountable for their actions is a war on their freedom? Demanding that adults are culpable for their behaviour is an imposition of personal ideologies? Try to see the wider picture of dangerous technologies which are coming around the corner which we have no idea how to regulate. You think guns are dangerous. You wait till people have personal AI. Your point about physical versus technical misses the point. They both deal with the same underlying principals of accountability and responsibility. What is it about holding people responsible and accountable that’s so shocking? We demand it of all adults in all walks of life and it’s time we demanded it of technology.


      3. And you are missing other points; You’re refusing to see the difference between classifying physical items as dangerous, and classifying ideologies and speech as a hazard. Guns are deadly because they launch projectiles, which are guaranteed to cause harm if they hit you… words on a screen however are not bound to have any predetermined effect, they have whatever influence a viewer’s objective mind will give them, and not even the most powerful man in this world can claim they know how the mind of another individual works. This is an extremely dangerous view you are promoting, which is very easy to extend to any group or criteria with damaging effects!

        Make no mistake: I’m well aware that no person in their right mind would promote terrorism or recruit people for such attacks, whereas those who do should at best be placed on a monitoring list immediately. The problem is that the moment you make it illegal to spread such messages, you find yourself in a position where it’s easy to make many other things illegal, until we end up under strict ideological control like China. If you can ban hate speech, why not ban bad words on the internet, then perhaps all video games that contain any violence, then more and more until the whole web is turned into the digital equivalent of a church and completely destroyed! We want to live our lives in peace, and we want our basic freedoms to be left alone… without those freedoms we’ll end up in a world where there isn’t anything left to protect against those terrorists altogether.


      4. There is no difference between the man who uses a car to ram people on the road to the man using a website or an app to coordinate that attack. There is. I fundamental difference between the two the operate on the same principals but manifest themselves differently. The challenges are the same. No we aren’t going to become China and treat our citizens like children. We are going to find ways of holding our citizens responsible and culpable for their words and actions though whether it’s firing a gun, driving at pedestrians, creating ransomware, preaching a message of hate. The idea of this dystopian surveillance society was propagated by Orwellian thought and wiring which has seeped into our culture. It’s possible to have a culture of accountability without stifling freedoms of speech and liberty. We have to find the parameters for that society. We have to find ways of defining speech which invites hatred towards another group from honest disagreement and repartee. The problem is our PC culture which we have to fix and get over. There are ways to disagree with people without urging hatred towards them. There are ways of protecting our cultural identity without demeaning others. There are ways of exposing the hatred of others without sinking to their level. We should find those. But these are exactly the type of conversations we should be having!


      5. I’m on the same page as you as far as how the world should be, just not on how to get there. Also coordinating an attack is a different matter from mere propaganda and instigation, something I should have perhaps made clearer; That implies direct involvement and partaking in a crime, rather than spreading generalized support toward that crime.

        Anyway the problem here goes back to my first comment; There isn’t in fact any technical solution. Except maybe some extreme one that would be so ridiculous, no sane person could even imagine it. I am an average software programmer, so I say this in knowledge of what I’m talking about… unlike people like Theresa May or Amber Rudd who apparently live in a scientific wonderland.

        First of all, encryption is simple mathematics: To restrict it would be the equivalent of restricting a programming language or the use of a word, which is outright silly… you can even do encryption on paper using tables. Banning it would also lead to banks and governments and state institutions getting hacked and spied on continuously, which at this day can cause the collapse of a nation. It would also involve banning or demanding changes from 99% of software in existence today, including the removal of the https:// protocol or outlawing Tor.

        So banning encryption is obviously out of the question, but one might still ponder the idea of backdoors. This comes with another great issue that makes any attempt problematic: There is no such thing as “encryption backdoors only for the good guys”. The moment you have a way to break encryption in a system, it can be used by anyone… from government to a hacker down the block. True, the government might be the only one with explicit knowledge of said backdoor… however it’s only a matter of time until either someone leaks the info or a good hacker discovers it on their own, and exactly a disaster like the WannaCry ransomware or worse will happen again.

        We get to the final major issue, which is that you cannot enforce encryption backdoors everywhere: There have been attempts to do so against social media like Facebook, which might work under the threat of fines and other punishments exclusive to corporations… however anyone can make their own secure chat program and share it internet. If anyone expects free software platforms like Github or Sourceforge as well as casual programmers like me to bow to a programming police, which makes it a crime to publish a paragraph of code and tells us when we’re allowed to use mathematics in a piece of C++ / JavaScript / etc, they must be out of their minds for good. Also if they expect us to remove or rework every single program already in existence (chat clients, web browsers, video games, operating systems, and more), that would literally be like erasing half of the IT sector from existence.

        Hopefully this explains why people like myself are saying it can’t be done, and effort should go toward other means of fixing the problem. There really is no way at this point, without causing a total disaster equivalent to getting rid of all cars in the world, and even then people would find ways around it so this disaster would be for nothing.


Comments are closed.