Chris,

An interesting question, that conflates several different issues. First, is the advice to deter or to prevent? Few crimes can be prevented most can be deterred. We take measures to deter but even the best system will not prevent a determined adversary. At best, we can only make sure they will be caught and punished.

 

Second, is the issue to stop burglars or anyone from gaining access? If you want to stop burglars, the CESG is enough. If you want to stop the state, you may as well seek to reverse the whole idea of the modern state. We cannot compare the security of our data with the security of our personal data and then assume they need to be treated differently.  We are not allowed to protect our person to the point where the state cannot overcome us. We are not allowed thermonuclear warheads and private armies. Therein we are brought to the question of the state’s role and how encryption creates a problem within that relationship. I have written a blog on that topic if you are interested. http://lawrenceserewicz.wordpress.com/2013/09/07/when-the-nsa-cannot-decrypt-the-seeds-of-the-electronic-state-of-nature-are-planted/

 

Would we say our personal security is reduced because some police are armed and the police are more heavily armed? No. The reason why our security is not reduced is that the intent to which they use their weapons is legal and legitimate within the constitutional, legal, framework within the country.  Were the police or army to use their weapons for purposes for which they are not legitimately constituted, they would be in breach of the law and the constitution.  You will recall the police are often investigated for unlawful shootings.  Thus, the system does take measures to address wrongdoing by the police or the government, which shows everyone that the rule of law works.***

 

In the case of the CESG, their role and remit is not to provide more advice than would defeat the government’s ability to do its job.  If you were you to go to the Army and ask for military advice on how to prepare a thermonuclear warhead, they would be alarmed. Unstoppable encryption is no different from having a device that puts you beyond the rule of law. If you wanted to protect your home from the most powerful burglar, in this case an illegitimate state, you would need the equivalent of nuclear weapons and a private army to secure your property.  At that point, they might consider the Jacobs reference.

 

What the GCHQ/NSA furore reveals is a historical process that previously took 500+ years to work out being played out in a couple of years. Encryption is like carrying a firearm. It took about 500 years from the emergence of the modern state to its fullest expression for the state to become the dominant actor. At its birth, the modern state was not stronger than some individuals within its domain. You will recall the need for various royals to be first brought within state’s power and the rule of law to apply to all.  The same is occurring in the electronic realm. The state is working to make sure it is the most powerful actor within the domestic realm.

 

The point is that the government is not in the position, nor would it accept being in the position, where it allowed any one citizen or person to be more powerful than it is within the domestic realm. To put it differently, but directly, even the Queen is subject to the law. **** For the law to rule, we need the state, our agent, to be able to overcome any opponent to that law. If there are people beyond the law, i.e. they are more powerful than the state, and then the state loses its legitimacy.  This is why the state takes on a number of court cases and takes legal action, up to deadly force, should the law be flouted. This is also why they avoid other cases as not being in the public interest, i.e. no meaningful action would result that would be in the public interest, cf. bribery investigations regarding BAE.

 

We all recall the harrowing case of Raoul Moat or Derrick Bird. In both cases, they placed themselves above or beyond the law by their actions. The state had a responsibility to track them down and stop them. The state had to have more power and resources to overcome their resistance to the rule of law.  Were either of these two men to have greater arms or greater manpower, then the security of the state and thus the whole populace would be in danger. Moreover, would we accept as legitimate a police force or a government that said it was not in the public interest to pursue these two men? On a less violent realm, we see the same issue in pursuing tax evasion or serious frauds involving complex equations. In those cases, state has to be able to call on the relevant resources to solve them so that the law is not flouted. Would the public or law enforcement accept a government that said, “This is too complicated, they use really long numbers to defraud you, we cannot figure it out, so they are free to continue.”

 

In the end, we return to the question of legitimacy. In the case of the burglar, they are already identified as illegitimate. When the state acts on a legal warrant or on power granted to it within the constitution or the domestic political system it is acting legitimately.  What puzzles me about the furore is that people are quite happy to live under a government and accept it is legitimate. They accept that it can shape their lives in very intrusive ways. It can decide who they can or cannot marry, who they can or cannot have intimate relationships with, as well as what they can or cannot ingest, or what they can or cannot do in their spare time, and whether they can or cannot they obtain a firearm. Yet, the same government appears to become illegitimate when it acts in a way that would enable it to protect itself and its services.

 

The public are kept safe by the state having the capacity to overcome encryption. The public want to be kept safe and they want to know the rule of law works. Just as the public are kept safe by the fact that the state has more weapons than criminals or a large percentage of the population. (We often seem to forget that the soldiers and police (citizens just like us) carry those weapons and arms. We are protected to the extent they realize they are subject to the same laws they are enforcing. In that sense, they become the first line of defence should the state grow tyrannical. Yet, what remains unclear is why the state becomes illegitimate when it seeks in the electronic realm the same capacity it has in the physical realm? If a person could live beyond the state in the electronic realm, can the state be considered to have done its job?

 

The basic encryption is like a mortice lock for the front door. It will stop the burglar. What people talk about with super advanced encryption is a firearm, they want to stop the state, or so they think but in reality they need to just do enough to stop the advanced hacker, which is what most providers have (for the most part) already. The greater the power of encryption, the more it present a problem for the state and by extension the public.

 

The problem we face is not technological; it is political.  We are not going to remove the modern state and its historical prerogatives by changing technology or improving our encryption. We will only change the modern state and its historical prerogatives if we change the laws or remove the state. Perhaps it is time to review the terrorism legislation that appears to enable this work. Yet, even that will not change or alter the fundamental social contract the state has with a citizen. Then again, it may be time to restructure the modern state. However, I think few will find that an appealing outcome, just to obtain some sort of “digital privacy” given the freedoms or rights they have obtained solely because of the modern state.

 

Best,

 

Lawrence

 

 

***Yes, there are always exceptions to this issue where people think police or criminals appear to have acted above the law and appear to “have gotten away with it”. At any given time, there are many crimes that are not solved, that does not mean the rule of law does not work.

**** People will recall this took several wars, two civil wars, many people being killed to get to this point. The crown did not accept parliament’s supremacy lightly or willingly and the issue *still* remains unresolved cf. royal prerogative, though it has reached a point of healthy compromise.

 

 




Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)