Even before the recent attacks, Theresa May has been keen to “regulate cyberspace”. One of the ways in which she wants to do this is by ensuring that there is a backdoor in any internet security system. Just to give an idea of scope, every site you visit, every service you register for, mailing list you sign up to is encrypted to prevent hackers, thieves of various stripes, and other malicious agents from accessing your computer. Through May’s back door, government security agents would be able to get into any system to investigate what information is being exchanged. Your search history is already logged with your service provider as of the Snoopers Charter from November 2016, available to the police.
Aside from sounding like an Orwellian nightmare, let’s just think this through for a second. If there is an inbuilt way for the government to access your various accounts and look at what information you are sharing, it means that there is one point of failure for malicious agents to exploit, which they know is there and eventually – inevitably – will find ways to break into.
If only for this reason (and there are all sorts of others, like that pesky free speech and privacy stuff), I’m convinced of three things.
- We shouldn’t.
- We probably can’t in any meaningful way.
- It would probably make things worse.
Here is an excellent blog post by Cory Doctorow about why it’s not feasible. In summary, he’s saying that the sort of implementation necessary to make it work is impossible given the scale of the task, and that a reduced version is basically not even worth doing because it would leave plenty of other ways for perpetrators to act. More ambitious means of restricting might involve something like the systems that China uses, by controlling what operating systems can run on your computer, which have built-in ways of restricting what you can access via the internet. This would be extremely intensive (and expensive) to set up and it would be impossible to let you run any operating system that allows you to install programs freely (i.e. any system that currently isn’t on a hand-held device – goodbye Windows, Mac OSX, and Linux).
If this all seems a little divorced from the future of careers, we need only remember that the internet is inextricably embedded into the way we live, communicate, and work.
We submit personal information all the time on the web, including payment information, names, addresses, telephone numbers – effectively all someone would need to steal your identity. Let’s say you are a young entrepreneur and you set up your internet business with an option to pay through Paypal, or you set up your own payment system. A back door would not only mean that there is a potential vulnerability for a malicious agent to exploit, but (and here’s the big problem) also every person who has access to the backdoor has to be trustworthy. (And there’s not much hope of that; we’ve already seen examples of abuses of the Investigatory Powers Act to use surveillance to catch perpetrators of minor infractions.) We have no way of knowing who those people are, how many have access, or how they have been selected. We also have no way of knowing how people are deemed to be a risk.
Aside from the ethical and safety issues associated with these courses of actions, the main problem is that this won’t do what Theresa May wants it to. If the internet torrenting site Piratebay has taught us anything, it’s that trying to stop anyone from doing anything on the internet is more or less impossible without fully embracing totalitarianism.
There are already plenty of ways in which the internet is not free; our data is constantly for sale. It would be better if we didn’t sell it wholesale down the tube.