The latest debate that followed David Cameron’s proposal to ban encrypted personal communications in the UK has raised several very important issues.
The proposal would include a ban on messaging services like WhatsApp, iMessage or Snapchat in the UK. Technically this is possible to do, however such a ban on using all encrypted communication channels is not easy to enforce.
And I doubt that it will actually bring significantly more security to offline UK.
The mandate of the security services and law enforcement agencies is to keep the general public safe from criminals, terrorists and all sort of other threats. It seems that the security services want to be able to access our communications in order to be able to stop and prevent illegal activities and, ultimately, better protect people.
Encryption is vital for cybersecurity; it’s used first and foremost to keep communications safe from hackers and cybercriminals.
Do we need to give up the protection of our our data and online communications in order to improve real-world security? I seriously doubt we should.
I think that, if implemented, a ban on the use of encryption in online communication will not tangibly increase offline security. But it will definitely damage the state of cybersecurity and ultimately expose ordinary users as well as businesses to all sorts of cyberattacks, hacks and espionage.
Governments have made attempts to compromise cybersecurity to gain intelligence. For example, we have already seen government-grade malware, such as Flame, exploiting legitimate software, such as Microsoft Update, among other things.
I don’t know the value of the intelligence they obtained during this operation, but the existence of such malware did not contribute positively to global cybersecurity.
I think the real problem here is that global leaders and security services apparently see a contradiction between security and cybersecurity; while the latter should in fact be an integral and valuable part of the former.