In software development, we often get asked to do things we don’t understand the reason for. This is especially true when the thing we get asked to do appears to be technical in nature, but is a bad technical decision.
Good software engineers don’t just complain and implement what appears to be a bad idea though, they probe to discover the depths behind the request: what has motivated our users or stakeholders to ask us to do that thing? This kind of empathy goes a long way, and the “Five Why’s” technique is very common.
As an industry, we’re getting a new requirement from Amber Rudd: she wants us to give Her Majesty’s Government (and its allies) the ability to intercept encrypted communication that takes place on messenger apps.
There have been many attacks on this principle, and a loud voice calling for a refusal to implement this requirement, but there’s also been a lot of flawed arguments and justification for this too. Let’s give Ms Rudd the benefit of the doubt for a moment and treat her like any other stakeholder coming to us with what we perceive as a bad requirement.
First of all, let’s pick through the language she’s using. She wants to intercept communication. As engineers, we see communication as machine-to-machine, sometimes with users on the machines at each end, sometimes just code. The way Amber Rudd has spoken, she clearly sees communication from a layperson’s perspective, which is two people talking to each other, perhaps aided by machines. The tweets that show a TLS certificate on Amber Rudd’s own website might get a decent amount of retweets, but don’t actually help the real argument here. She’s not talking about banning TLS, so this line of argument isn’t going to alter her thinking in any way.
(Let’s have an aside about “cyber”. As a shortened form of “cybersecurity”, It’s here to stay. It’s a word that’s been adopted and has use by non-techies, but that’s good! They do care about this stuff, just maybe not necessarily using our terminology.)
She even talks about end-to-end encryption in a different way to us. In her definition, end-to-end means the concept of a third party being able to see it, rather than a technical implementation detail. Although we may consider TLS with perfect forward secrecy to be end-to-end, when this is deployed, one of those ends is often a server owned by a company who will comply with legal requests to disclose their end of the communication, giving the third party access. In her most recent speech, Amber Rudd actually tries to use our definition of it in this way, and gets lambasted for it.
What does Ms Rudd really want? She wants the security services to have the same power they’ve always had: to be able to intercept communications when backed by a lawful warrant. We might perceive her request as taking something away from us, and putting it back in the bottle, but from her point of view, the tech industry have already done that to her and those she represents.
Now, there are many good arguments as to why end-to-end encryption for messaging tools is a good thing. Even when we might be okay with the concept of a wiretap, our value judgements place privacy above the risk of government abuse. And the slippery slope argument to indiscriminate mass collection is a real one.
In Ms Rudd’s world, telecom providers are trusted (and this is often enforced with law: the only people able to listen in to your phone conversations are the intended recipient and the government with a warrant). In the Internet world, Facebook & Google haven’t been able to earn that level of trust.
But, let’s not deliberately misrepresent Amber Rudd’s argument, or fall back to ad hominem arguments (btw Aral, she didn’t confuse hashing with hashtags, instead she instead made the point that criminals hide in plain sight by using tools like Twitter with hashtags and obfuscated messages to communicate…).
Let’s recognise that Amber Rudd’s values are different to ours, and if we want to influence her policy decisions then we should focus on what she’s actually saying, not just the shallow words she uses, and make well-reasoned arguments that come from that. Let’s focus on that, not just echo chamber anger, and with focussed activism, make a difference.