Internet column 25 March 1999

New Statesman Internet column
Saturday 27 March 1999

NS Internet Column

It is rare to see civil servants take any responsibility for their actions. It would be too much to expect them to get credit for this. So I can’t help feeling twinges of sympathy for Nigel Hickson and David Hendon, two of the civil servants who have been trying to defend the government’s policy on electronic commerce to an audience which is both well-informed and completely unforgiving.

Of course, it’s possible that they are merely the cat’s paws for some vast and unattractive conspiracy — as most of their audience believes — but if that’s the case they have been scratching on granite till they bleed in their efforts to justify the indefensible. And I think it more likely that they are trying to reconcile the interests of conflicting masters, for the government appears to want two things which are quite irreconcilable because their political instinct are pulling in different directions.

Let’s start with a simple political instinct, which seems to provide a sound basis for encryption policy: if the government has a legitimate need to read anything on a computer, or to tap a telephone conversation, and if all the legal hoops have been jumped through, it should be able to do so. The limits to a government’s powers should be set by the courts and parliament, not by a little oligarchy of geeks.

This isn’t a startlingly authoritarian principle, and it seems to have been the first position of almost every Western government when confronted by the spread of strong encryption techniques which make it impossible to read files thus hidden on a computer. Conversely, they make it possible for the IRA, the Mafia, and all sorts of other deeply undesirable people to carry on their business in much greater security. So strong encryption must be restricted to trusted users, like banks; and if private people use it they must provide government access to their keys. This was the policy under the Major government, and it was rapidly adopted by Labour when in power. Reference to Labour’s earlier, more liberal, policy was simply scrubbed from the party web site in one of those Stalinist actions that computers make so easy.

But there are problems with this principle when it is put into practice. The first is that strong encryption is a genie that has come a long way out of the bottle. It is freely available all over the world, so intelligent and resourceful crooks (who are presumably the ones who are most important to catch) already have access to it. Government’s powers in this case have already been drastically limited, whatever the courts or police may wish.

The second is that it conflicts with an equally powerful political instinct: that this should be a prosperous and competitive country, in which people choose to do business. To see this conflict, an analogy is helpful: imagine that strong encryption was a technique to lock up things physically rather than mathematically, so that every house, shop, or business in the country had doors which could not be broken down, or cracked by a locksmith, but could only be opened by their special, unique key. Since many crimes are committed in houses, surely it would make sense to demand that every householder lodge a spare key in the local police.

What ruins that policy is not the question "how many people in this country would trust the police to look after their keys?" because the libertarian vote is obviously not strong enough to matter, but the less obvious question "How many foreign business would like the police to full access to their files?" The answer to this second question seems to be approximately none. That is why the government’s efforts to make Britain a centre for electronic commerce have run smack into its efforts to control the spread of strong encryption.

The liberalising tendencies seem to be winning. So poor Nigel Hickson and David Hendon were facing an audience of about 100 angry geeks in London last week and trying to defend the DTI’s latest paper on the subject. They were assuring the audience that "key escrow" is dead. People will legally be able to use encryption that cannot be cracked without their co-operation (though it should be an offence to withhold this co-operation when it is lawfully demanded). But the subject is incredibly tangled in its technical details, and with only three weeks allowed for consultation all sorts of dirty work is still possible. So let’s remove the temptation for civil servants to equivocate. Go to www.stand.org where you will find a list of MPs to lobby. Adopt some lone and friendless creature there. Educate them. They will have a rare chance to vote for freedom and prosperity. Controlling strong encryption is a vote against both.

This stuff written and copyright Andrew Brown. If the page looks bad, that's my fault, unless you're using Netscape 4.x. Then it's yours. Upgrade, and do yourself a favour.