Government restrictions on encryption

Previous section: Quantum encryption

In 2015, the British Prime Minister David Cameron expressed his disquiet over messages between internet users being encrypted in such a way that their content could no longer be read by security services. He pledged to ban online messaging applications like WhatsApp unless they stopped offering customers such secrecy. “In our country, do we want to allow a means of communication between people, which even in extremis, with a signed warrant from the home secretary personally, that we cannot read?”, he pleaded. In February 2016, a similar argument flared up in the United States between the FBI and Apple. The wish to deny terrorists a safe way of talking to one other is understandable. On the other hand, encryption is not technology restricted to large internet firms, but mathematics. Trying to outlaw encryption is a bit like trying to outlaw multiplication or division.

Banning effective encryption from mass-produced items like smartphones and the standard software applications that run on them would obviously raise the bar for criminals wanting to use it. However, anyone with the right knowledge who can program a computer can use well-known encryption mechanisms to encode messages in such a way that an eavesdropper cannot read them. Terrorists would soon be using the black-market products that would inevitably follow hard on the heels of any legislation enacted to ban encryption. Meanwhile the general public, left without a secure way of exchanging information, would become easy prey to internet criminality.

However, the British Prime Minister is far from alone. Numerous governments have placed legal restrictions on the use of encryption in an attempt to prevent individuals from communicating beyond the reach of law-enforcement agencies. Perhaps the most memorable constraints apply in North Korea. When asked, the government refused to divulge exactly what restrictions applied to the use of encryption in their country. Presumably they tell you if you live there, otherwise complying must be kind of difficult.

Still other countries restrict the export of encryption products, which is again hard to marry up with the fact that the mathematical operations the encryption constitutes are published and openly accessible from anywhere in the world. Until the late 1990s, the United States of America regarded software products that made use of effective methods of encryption as weapons. They were subject to similar controls as military design documents.

Cybertwists book cover
Publication of Cybertwists is planned for early 2018.

Legislation restricting the use of encryption typically focusses on the creation, distribution and use of software capable of performing it. Laws forbidding the transmission of encrypted messages are essentially unenforceable unless they prohibit nonsense at the same time, because there is no way of distinguishing information encrypted using a block-based method from a random string of 1s and 0s. This mathematical fact obviously does nothing to guarantee that somebody who sends such a message will not receive unwelcome attention from the authorities, especially under a repressive regime.

Even in jurisdictions where encryption is generally permitted, there are usually special provisions where there is circumstantial evidence that a string of bits makes up an encrypted message that was sent in the context of a crime. The police can typically obtain a warrant requiring the key that protects such a message to be surrendered. The effectiveness of such provisions, however, is weakened by the existence of deniable encryption methods. These allow two or more messages to be encoded using different keys and the results to be merged into a single encrypted message. The central and mathematically very complex property of such methods is that even if somebody has observed one original message being successfully decrypted from an encrypted message using one key, she has no way of knowing whether the encrypted message is hiding any further original messages and, if so, how many.

Tweet about government restrictions on encryption

Next section: Steganography and the Al Qaeda porn video