I hope the British remember how to use telnet because pretty soon SSH is going to be illegal there.
— InfoSec Taylor Swift (@SwiftOnSecurity) January 13, 2015
BRIEF EXPLANATION: I am COO of a London-based startup, Eris Industries, that specialises in distributed computing. Hence, cryptography is involved. If the UK bans proper E2E encryption we are going to pack our bags for more liberal climes such as Germany, the U.S., the People’s Republic of China, Zimbabwe, or Iraq.
EDIT/UPDATE (14 JAN 2015): Victory… maybe. I think the government needs a little time to get its story straight and learn how the internet – and cryptography – works. Here’s a good place to start. In the meantime, I have a new line for first dates: “the government wants to ban what I do for a living because it’s too… dangerous.” I owe you one, Mr. Cameron, I really do, because otherwise it’s all about math.
EDIT/UPDATE (15 JAN 2015): Sanity prevails. For now.
1) How dare you, Mr. Cameron
It is regrettable that David Cameron and the Conservatives have chosen to use the horrific attacks against Charlie Hebdo to advance a profoundly illiberal and politically expedient surveillance agenda which failed utterly to attract popular support the last time it was presented to the British public.
Although Eris Industries is a private company (headquartered in London), it bears noting that we weren’t always one – indeed, it started out as a bunch of hobbyists (being Casey, Tyler and myself) doing crypto in our free time, not just because we loved it, but also because we took a hard look at the way the world worked, and identified certain very significant problems.
Chief among them is that, as our private lives move increasingly online, they also move increasingly beyond our control… and into the control of large corporates and direct government oversight, to a degree unprecedented in modern history.
People deserve better than this.
In the Eris White Paper, we set out the principles which guide our software design, which is meant to address aforementioned problem (among others) more comprehensively than existing solutions. We (Casey, Tyler and I) wrote:
At Project Douglas (note: what we called ourselves then), it is our belief that the proliferation of DAOs (note: ‘Distributed Autonomous Organisations’, basically self-operating cryptographic databases) in user-friendly applications has the potential to allow the public to claim back control over their data and over their privacy on the internet. Current free-to-use internet services, from search to e-mail to social networking, are dependent on advertising revenue to fund their operations. As a result, companies offering these services must – to paraphrase Satoshi Nakamoto – ‘hassle their users for considerably more information than they would otherwise need.’
This necessity has skewed the internet toward a more centralized infrastructure and usability system than it was intended. Where Bitcoin was designed to solve this problem in relation to point-of-sale and banking transactions, Project Douglas is working on solving this issue for internet-based communications, social networking and community governance — bearing in mind that for free internet services such as e-mail, social networking, search and “open data,” intrusion into users’ private lives and the accumulation and centralisation of vast quantities of personal information in centralised silos is not some minor and ancillary nuisance — this is a design imperative for everything that Project Douglas is engaged in.
As such, Eris is not another web service; Eris is significantly different because it has been designed and implemented specifically to not use servers.
…We do not, therefore, think it unreasonable to expect that (Crypto) “2.0” platforms… have the potential to thrive in a similar fashion (to Bitcoin), allowing the creation of free-of-charge services which incentivise privacy through their very design.
2) Cryptography already makes people’s lives better, Mr. Cameron
None of these benefits can be realised without secure cryptography, including end-to-end encryption. David Cameron has said this measure is designed to ‘modernise’ the law. He fails to understand the full extent of how out of date the law is.
The only way you can shut down cryptographic distributed networks today is to either:
(a) arrest the vast majority of (or in the case of a blockchain database, all) persons running a node and ensure that every single data store containing a copy of that application database is destroyed; or
(b) shut down the Internet.
As for banning end-to-end encryption, which we plan to incorporate into our platform, this is quite plainly insane. That genie is out of the bottle, and banning it will do nothing to prevent the technology from falling into the wrong hands. Any encryption technology worth a damn is open-source, and therefore freely available to all. It is used everywhere. What a ban will accomplish is the mass criminalisation of entirely reasonable measures taken by ordinary people to protect what semblance of private lives they have left, and secure their personal information, in an increasingly data-driven world.
I can only suggest to the government that they learn how the Internet works before they begin to regulate it.
3) Think bigger, Mr. Cameron
There are other consequences, too, which the Conservatives would do well to keep in mind. Such legislation would likely prevent cryptography’s use in myriad industrial applications, including financial services, which need reliable, open-source cryptography desperately if they are to stay competitive in a digital age. Even governments could use industrial cryptography (and they should) to render their operations more efficient: distributed applications as we’ve known them to date, such as Bitcoin, run themselves without human oversight, and are highly fault-tolerant – they can be nearly impossible to destroy. But such considerations are insignificant compared to the civil liberties implications of enacting the legislation the Prime Minister proposes.
The Snoopers’ Charter was a dog when it was originally proposed and it is even more of a dog today. It will do nothing to stop open-source cryptography from proliferating. If in the coming elections the Conservatives are returned to power with this particular policy in their manifesto, I have spoken with my colleagues and we agree that we will promptly move Eris Industries to Germany or the United States, where we will continue to build useful, open source, and free of charge developer tools to enable a more secure, more efficient, and freer world.
The technology that will bring about the peer-to-peer paradigm in all manner of applications is coming, Mr. Cameron. Curtailing free association and private expression in the manner you propose is a battle any government is certain to lose.
Do the right thing and reverse course.
POSTSCRIPT: Anything you can say, InfoSec Taylor Swift can say better.
Hello to my British followers. Enjoy HTTPS while your government still lets you use it lol
— InfoSec Taylor Swift (@SwiftOnSecurity) January 13, 2015