My first attempts at podcasts for this site, produced sometime ago on YouTube, were two videos about the Crypto Wars. This is the story about the attempts to control the use of strong encryption in the late 1990s, and then again in more recent years. From about 2014 to 2018. This includes things like the Investigatory Powers Act in the UK, and other similar laws elsewhere. The two podcasts are linked below.
Please accept YouTube cookies to play this video. By accepting you will be accessing content from YouTube, a service provided by an external third party.
The video below is a recording of Teresa May answering questions on the draft Investigatory Powers Bill. some interesting highlights (or low lights) for me where the following:
She essentially didn’t answer the question on why it is unhelpful to compare the retention of web history with that of an itemised phone bill. The two things are not the same. An itemised phone bill doesn’t record a version of the conversation that took place. Now, although I believe that the retention is not include the exact pages visited, it does include the IP address of the website. So even though that is not exact pages visited, it does give some idea of the content that might have been viewed as they could go and retrospectively visit the site. Importantly, this doesn’t include whether the site has changed in the meantime. Also it is not clear to me whether the IP address and the site are recorded. Obviously this is important as you can host a large number of websites on a single server… In short this comparison is supposed to be there for clarification, it doesn’t clarify anything.
Some of the wording seems to be vague to say the least. This is of some concern as it could allow for a degree of ‘mission creep’. Where the legislation is used for things that it was not really intended for. We have already seen the government use terrorism laws for strange things, the most obvious of which was them being used to freeze Icelandic bank accounts during the financial crash.
No sunset clause. So the bill will not time out on its own, and realistically unless the attitude of a future government is very difference from today. We might well be stuck with it forever.
I will also point out that there seems to be some scope for the weakening of encryption in the bill. We haven’t seen this since the May 2000 Electronic Communications Act, in which the Home Office left in a vestigial power to create a registration regime for encryption services. Basically the capacity to weaken/back door encryption. This did have a sunset clause which expired.
I wrote a piece for The Conversation, “It’s time to shine a light on the unseen algorithms that power ‘Big Brother’”. I try to make the point that we as citizens know very little about the algorithms that power the security services (not to mention all sorts of other things too). Which is troubling as there is a great potential for them to discriminate, or plane get things wrong. This is both potentially damaging to us, but it also makes them less useful. I also draw a comparison between these analytical algorithms and cryptographic algorithms, which are often deliberately opened up to ensure there strength. Analytical algorithms that have the power to refuse someone entry to a country, or potentially assist with putting someone behind bars, should also be open.