Posted by David Harley on July 1, 2015.
I don’t always agree with Bruce Schneier: in fact, some of his observations on malware and the anti-malware industry seem to me to illustrate the truism that being a world-class expert on some aspects of security doesn’t qualify you as an expert on everything. But he’s forgotten more than I’ll ever know about encryption (and, no doubt, lots of other stuff) and I’m more than happy to acknowledge the perspicacity of observations on security and society in general, as I did here: A Front Row Seat in the Security Theatre.
A recent post on Why We Encrypt covers both bases, though it’s not about the technical aspects of encryption but the social impact that he’s talking in this case. There is, of course, a widely-held view that ‘if you’ve nothing to hide, you’ve nothing to worry about.’ But Schneier points out, quite correctly, that it’s not only ‘journalists, human rights defenders, and political activists’ who gain from having their data protected – though that probably doesn’t surprise many readers of this blog – especially in terms of protection from ‘criminals … competitors, neighbors, and family members … malicious attackers, and … from accidents.’
However, if you’re one of Schneier’s regular readers, you won’t be surprised to learn that he’s concerned about bulk surveillance by governments as well as by criminals.
AFTAC (Air Force Technical Applications Center) has the motto (modified slightly and repurposed by the film Battleship) “In God we trust. All others we monitor.” There’s some comfort, perhaps, in knowing that someone is keeping an eye on conformance with nuclear treaties by looking for physical evidence of the use of nuclear weaponry, though some may worry about what use may be made of that intelligence politically and/or militarily. Still, it can at least be argued that the use and misuse of nuclear weaponry is something that should concern us all.
Well, so is crime and terrorism, I suppose. And the ‘more democratic’ states mentioned in the article aren’t proposing 1984-type continuous and countrywide monitoring by telescreen and microphone. But weakening encryption is a very small step away from mass surveillance where law enforcement and security agencies already have or will have powers enabling them to harvest data without compromising protocols requiring them* to do so on a
‘…targeted, case-by-case basis to individuals (i.e., not to a mass of people) and subject to judicial warrant and the protection of due process rights of individuals.’
Any weakening, even in the name of legitimate law enforcement, puts us all at risk. Even though criminals benefit from strong encryption, we’re all much more secure when we all have strong encryption.
If (or when, and where) encryption weakened by order of the state becomes the norm, it’s unlikely that criminals or terrorists will stop benefiting from strong encryption in order to obey the law. A government that isn’t aware of that is more-than-usually incompetent. A government that is aware of that, however, has an uncomfortably broad view of what constitutes criminal and/or terrorist activity, and it’s more than reasonable to question its agenda.
* Human Rights Council Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, David KayeSubmitted in: David Harley |