BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific Arabic Spanish Russian Chinese Welsh

 You are in: UK Politics
Front Page 
UK Politics 
Talking Point 
In Depth 

Commonwealth Games 2002

BBC Sport

BBC Weather

Monday, 1 October, 2001, 07:27 GMT 08:27 UK
Net surveillance 'fatally flawed'
UK Foreign Secretary Jack Straw says campaigners against stronger internet surveillance laws have hurt the anti-terror fight.

He suggested that with stronger powers, the security services might have detected some of the 11 suicide hijackers who are now known to have passed through the UK on their way to the US.

But Caspar Bowden of the Foundation for Information Policy Research argues that the main methods suggested for dealing with criminal use of internet encryption are fatally flawed:

Following the terrible events of 11 September, Jack Straw has described opponents of the internet surveillance legislation he enacted last year as "na´ve".

Both government and broadcasters have framed the debate as a platitudinous "balance" between civil liberties and public safety.

The main thrust of criticism against the RIP Act is that it is completely ineffective

But this was always a false dichotomy - the main thrust of criticism against the RIP Act is that it is completely ineffective.

Four methods have been suggested for dealing with criminal use of encryption. Three are fatally flawed, but more importantly, they try to solve the wrong problem.

  • The 'back-door'

    All encryption would be prohibited except an officially sanctioned version which contains a secret weakness allowing all traffic to be broken.

    Flaw: If the secret of the backdoor is ever leaked, the security of the entire communications infrastructure would be blown wide open and could not be repaired or quickly replaced.

  • 'Key escrow'

    Everybody using encryption must deposit a copy of their key in a huge database. Any particular message could thus be unscrambled, under warrant.

    Flaw : An encrypted message is like a letter in an impregnable envelope, which can itself be enclosed in another envelope.

    Without opening the outer envelope, it is impossible to know whether a particular message has already been encrypted with an undeclared key.

    Moreover, the vast majority of computer scientists believe that a global integrated system to escrow billions of keys is operationally infeasible.

  • Power to demand decryption

    The RIP Act gives powers to demand decryption of any message or data, whether or not a person is suspected of any crime.

    Flaw: If you are falsely accused and have forgotten your password, you could be jailed for two years without a shred of evidence, unless the judge believes you.

    An encrypted message is totally opaque - nothing can be inferred about the contents which would help a court rationally separate the innocent from the guilty.

    And a terrorist is obviously not going to surrender a key to evidence which would lead to conviction on a much more serious charge.

  • Attack the end-points

    If the device either sending or receiving the message is accessible, then it can be bugged in hardware software, or possibly hacked remotely.

    Intelligence agencies and the military are unlikely to trust the police with these black arts, which will need unprecedentedly stringent supervision, since their use would corrupt the legal validity of any chain of evidence.

    Computer scientists and security specialists understand the seriousness of what is at stake, and have wrestled with these dilemmas for a decade with no breakthrough. The logic for rejecting the first three options is unshaken. The fourth may often be impractical.

    If you want to stop terrorist cells communicating via the internet, dismantle it

    None of these options can prevent hiding of information or steganography.

    Spies and terrorists have long used tradecraft such as chalk marks on a park bench, or everyday language with a veiled meaning.

    In cyberspace, these equate to an innocent phrase in a chat-room, or weaving the bits comprising a message into a sound or picture file so it cannot be detected.

    Without knowing who and what to look for, it is impossible to screen for every variation.

    Those who want a nostalgic return to the era of phone-tapping are either na´ve or impervious to reason.

    The only way to stop terrorist cells communicating via the internet is to disinvent it. Encryption is irrelevant.

  • Key stories


    War view



    See also:

    28 Sep 01 | UK Politics
    Net freedom fears 'hurt terror fight'
    02 Sep 99 | Americas
    Internet encryption divides America
    21 Sep 01 | Sci/Tech
    Tackling terror with technology
    28 Sep 01 | Sci/Tech
    Hackers 'branded as terrorists'
    27 Sep 01 | UK
    UK's surveillance dilemma
    18 Apr 01 | Sci/Tech
    Cybercops arrest online liberty
    Internet links:

    The BBC is not responsible for the content of external internet sites

    Links to more UK Politics stories are at the foot of the page.

    E-mail this story to a friend

    Links to more UK Politics stories