David Cameron’s proposed ban on strong encryption is being met with disbelief on the tech side. This Business Insider interview is a pretty good overview:
BUSINESS INSIDER: What was your immediate reaction to Cameron’s proposals?
Bruce Schneier: My immediate reaction was disbelief, followed by confusion and despair. When I first read about Cameron’s remarks, I was convinced he had no idea what he was really proposing. The idea is so preposterous that it was hard to imagine it being seriously suggested.
BI: Is there really no way to keep users’ data secure while providing backdoors to law enforcement?
BS: Yes, there really is no way.
Think of it like this. Technically, there is no such thing as a “backdoor to law enforcement.” Backdoor access is a technical requirement, and limiting access to law enforcement is a policy requirement. As an engineer, I cannot design a system that works differently in the presence of a particular badge or a signed piece of paper. I have two options. I can design a secure system that has no backdoor access, meaning neither criminals nor foreign intelligence agencies nor domestic police can get at the data. Or I can design a system that has backdoor access, meaning they all can. Once I have designed this less-secure system with backdoor access, I have to install some sort of policy overlay to try to ensure that only the police can get at the backdoor and only when they are authorized. I can design and build procedures and other measures intended to prevent those bad guys from getting access, but anyone who has followed all of the high-profile hacking over the past few years knows how futile that would be.