Blessed are the cryptographers, labelling them criminal enablers is just foolish • The Register

Blessed are the cryptographers, labelling them criminal enablers is just foolish • The Register

05/12/2021


Column Nearly a decade ago I decided to try my hand as a cryptographer. It went about as well as you might expect. I’d gotten the crazy idea to write a tool that would encrypt Twitter’s direct messages – sent in the clear – so that your private communications would truly be private, visible to no one, including Twitter.

Writing the code turned out to be surprising easy; as I wrote it all in Python, I had libraries to handle the Twitter integration, and the cryptography. I read up a bit on the theory, put the pieces together, and with a bit of debugging “CrypTweet” was up and running.

Next step: sharing my brand-new code with the world, spruiking it as the privacy solution every Twitterer needed.

Big mistake. My claims attracted the attention of exactly those folks who make their careers poking holes in the false promises of digital security: cryptographers. They assessed my work, found it wanting, and presented a detailed list of all the things I’d done wrong, plus the associated exploits that meant my claims of privacy were hard to sustain.

CrypTweet quickly and quietly died – and I’d learned my lesson: never idly play with weapons.

Although I felt resentful at the time, I’ve grown increasingly appreciative of that uninvited and unwelcome intervention. What if someone had used my software, thinking it gave them the assurance of privacy, only to learn – to their peril – that my understanding fell short of providing any security?

I’d learned my lesson: never idly play with weapons.

Cryptography belongs to the serious end of maths, a science upon which lives depend. You get it wrong, and people die.

Privacy creates agency. When you can communicate privately, your potential actions grow. Someone who cannot communicate privately cannot reach out for the assistance of others. Left to their own devices, they will be easy pickings for the predations of enemies. If you want to disempower someone, make it impossible for them to maintain any privacy.

This brings us to a recent brainwave from the Australian Criminal Intelligence Commission (ACIC). In a recent report to the Parliamentary Joint Committee on Intelligence and Security, it asserted that encrypted messaging services – like Telegram, WhatsApp, and Signal – are used ‘almost exclusively’ for illegal activity, an assertion that would merit an eyebrow raise from many of my friends and business colleagues who use both Signal and WhatsApp as their preferred messaging apps.

The ACIC went on to state, “These platforms are used almost exclusively by SOC [serious and organised crime] groups and are developed specifically to obscure the identities of the involved criminal entities and enable avoidance of detection by law enforcement… They enable the user to communicate within closed networks to facilitate highly sophisticated criminal activity.”

Where to begin with this? Perhaps we could start with former Australian Prime Minister Malcolm Turnbull, who famously used and broadly recommended the Wickr secure messaging app while he was in office. Obviously he was up to no good.

And the countless reporters who use Signal to ensure their private conversations about their investigations stay private? That’s definitely a bit suss. And what about those … political activists? Using these tools … to … get active? We can’t have that.

ACIC makes arguments we’ve heard before – about trafficking of children for sexual exploitation, money laundering and the like – worthy examples and undoubtedly secure messaging tools have sometimes furthered these and other illegal activities. Yet authorities have been able to disrupt these criminal activities, even without ‘wiretap’ access into any secure messaging apps, precisely because criminal activities leave traces for investigators within the real world.

It has never been easy to find a balance between the needs of the public to be safe and the needs of a private individual to preserve their own privacy. But today, in a world where surveillance capitalism has made each of us ever-more-precisely identifiable and trackable, the need for privacy also provides a necessary penumbra of invisibility, the sort of invisibility a woman needs when she’s reaching out to a friend so she can flee her abusive partner. Or the connection to peers a gay teenager needs when they’re feeling very alone and threatened. Or a whistle-blower, gathering their courage to go public.

Privacy isn’t just important: it’s fundamental. Without privacy, we cannot be truly ourselves. All of the fearmongering of all of the policing agencies in the world won’t change that basic truth. ®

You May Also Like…

0 Comments