banning cryptography didn't stop the bad guys (i.e., us) when they had cod, it’s not going to stop them now they have chips
Given British Prime Minister Theresa May’s remarks about the “internet giants” allowing safe harbour for terrorists and the British Home Secretary Amber Rudd’s remarks about needing the ability to access terrorist communications, there is a debate raging between technologists who understand encryption and politicians who don’t. So I thought I’d try to help both of them to communicate more effectively by updating something I wrote back in 2008 to explain the issue.
I used the “Cod Wars” between Britain and Iceland as a backdrop. It is diverting to remember those Cod Wars and the key contribution of the Icelandic people to the story of cryptography. I was reminded of that story when I read a splendid book by Mark Kurlansky called “Cod: Biography of the fish that changed the world“. Within its pages it a lovely story of the neverending struggle between security and new technology.
The Anglo-Danish Convention of 1901 gave the British permission to fish up to three miles from the coast of Iceland, a state of affairs that the volcanic colony was most unhappy about. By the late 1920s, the Icelandic Coast Guard had started to arrest British (and German) trawlers found within what it saw as its territorial waters. However, the British trawlers got smart and got harder to catch because from 1928, they were equipped with radio and started passing coded messages between themselves to alert each other when Coast Guard vessels were in and out of harbour. “Grandmother is well” meant that the Coast Guard were in port, for example.
In an early example of governments attempting to legislate new communications technology, the plucky Icelanders made it illegal send coded wireless messages. This had no impact whatsoever, of course: British seafood companies simply devised new code systems for the trawlers to use. Think about it: how on Earth would an Icelandic wireless operator know whether “Tottenham Hotspur are the pride of North London” was a coded message or gibberish?
Then came World War II. Iceland got independence from Denmark in 1944, by which time the British trawlers had been requisitioned for the war effort, so Iceland found itself with the only fishing fleet in Northern Europe and Britain’s “sole” supplier (tee hee).
Things were quiet for a while, until the First Cod War in 1958 when the might of the Royal Navy was deployed against the Icelanders. Then, in 1972, the Second Cod War started. Iceland extended its territorial waters to 50 miles and the British once again sent the fleet. But in the intervening period, the Icelanders had developed and deployed a secret weapon (literally: it was a closely-guarded secret until first use). The Icelandic Navy could never outgun the British Navy (and in any case didn’t want to actually shoot at us) so they assembled a fiendish alternative: a net cutter. When they found a British trawler, they would sail behind dragging a net cutter and the trawler’s net (worth a lot of money) would head for Davy Jones locker while the fish made for the underwater hills.
(Things did turn nasty — with ships getting rammed and live shells being fired, the Icelandic government refused to allow injured British seamen treatment — until eventually NATO made Britain back down.)
The moral of the story is that, as they used to say over at the EFF, when cryptography is outlawed, only outlaws use cryptography. The Icelandic ships couldn’t use coded wireless transmissions, but the bad guys (in this instance, us) ignored the law and were able to operate successfully beyond it. What defeated us was intelligence and economics, not the ban on coded wireless transmissions.
Making our messages open to access by the government, however well-meaning the protagonists, makes our messages open to terrorists as well. When the secret key code or backdoor code or whatever is eventally leaked on the Internet then we’re all screwed. It’s a difficult issue, I’ll admit, but on balance it’s better that the terrorists can’t read police e-mails even if that mean the police can’t read the terrorists e-mails. Of course, if I start sending a lot of WhatsApp messages to a cave in the Bora Bora mountains, then I would have thought that that might engender additional scrutiny from the security services whether they can read the messages or not.
Comments
Post a Comment