Last week, the UK minister for Internet Safety and Security Baroness Joanna Shields was speaking at a conference in London. She was asked about the potential impact on the fintech sector of mandating backdoors in encryption and she said, in reference to what Cameron said, "That quote was misinterpreted."
Everyone has assumed that when Cameron says that he wants to "ensure that terrorists do not have a safe space in which to communicate", that means that he wants to mandate encryption backdoors.
I think that assumption is incorrect. The guys at Number 10 are well aware that (a) they can't ban math, and (b) the UK tech sector would suffer if they legislated to mandate backdoors in all encryption.
I suspect that what Cameron actual means is that he wants to put in place a legal mechanism to authorise GCHQ (presumably by issuing a warrant) to hack into suspect's laptop or smartphone in order to gain access to the content of whatever messages or communications they may be exchanging with any co-conspirators.
The public statements are very much designed to make people think that they are going to ban encryption. When the media outlets all interpreted it that way there were no government ministers rushing out to correct the misinterpretation, as they normally would after the PM 'accidentally' announced he wanted to destroy a multi billion pound industry.
So even if they aren't actually going to do it, they clearly want people (voters) to think that they are. That's grossly irresponsible in two ways. Firstly the massive risk to UK tech/financial investment. Secondly it creates an expectation among the public and commitariat that encryption bans are feasible and desirable.
The home office has a history of creating wildly impossible expectations among the more reactionary sections of the public, which then results in a huge mess when reality gets in the way. For example talking up deporting 'undesirable' people, and then wasting huge amounts of time and money fighting the courts when they actually try to deport somebody to a country where they would be tried on the basis of evidence gained under torture.
> So even if they aren't actually going to do it, they clearly want people (voters) to think that they are.
This is a good point. They are probably testing the ground. Regardless of what is practically possible, it is very important for Cameron to find out how far he can go in this direction with the public supporting him, or without the public caring (most importantly, before his party risks losing votes). Then he will know his political limitations, not just the technical or economical ones that his advisors know already.
There's actually a law against people who speak out against 'British values' - presumably not those from the Magna Carta, which May et al is very much against.
> I suspect that what Cameron actual means is that he wants to put in place a legal mechanism to authorise GCHQ (presumably by issuing a warrant) to hack into suspect's laptop or smartphone in order to gain access to the content of whatever messages or communications they may be exchanging with any co-conspirators.
Under RIPA if you can prove that you no longer posses the decryption key, you don't have to go to jail. That's not as easy as it sounds, since being a possession of the key "previously" makes the law assumes you still posses the key, but at least you have a chance...
That's a step up from the French key disclosure law, where you go to jail regardless (no backups? your HSM is dead? tough...)
While I hope that's the case, Number 10 must also be aware that the language they're using does make it sound like thei plan is to restrict the availability/legality of ciphers.
Cameron was originally quoted as saying:
> The question is are we going to allow a means of communications which it simply isn’t possible to read. My answer to that question is: no, we must not
That's a very specific quote that says they want to target the communication itself. Not the machines it's on or the wires it passes through, the 1s and 0s as they go over the wire.
They're either using language to make it sound much more military than it is, in which case they should stop, or they're testing the waters and reigning back when they see the reaction from the tech industry.
I don't like either, and I'd much prefer they asked "What can we do" rather than make their own assertions.
Everyone has assumed that when Cameron says that he wants to "ensure that terrorists do not have a safe space in which to communicate", that means that he wants to mandate encryption backdoors.
I think that assumption is incorrect. The guys at Number 10 are well aware that (a) they can't ban math, and (b) the UK tech sector would suffer if they legislated to mandate backdoors in all encryption.
I suspect that what Cameron actual means is that he wants to put in place a legal mechanism to authorise GCHQ (presumably by issuing a warrant) to hack into suspect's laptop or smartphone in order to gain access to the content of whatever messages or communications they may be exchanging with any co-conspirators.