Tell the UK Government: No Backdoors in Crypto

The UK government seems to be pressing ahead with its idiotic plans to backdoor crypto. There is a (secret) consultation on the subject that closes tomorrow - write to investigatorypowers@homeoffice.gsi.gov.uk.  Here's what I've just sent:

I am writing in connection with UK government proposals to force tech companies and Internet providers to create government backdoors to encrypted communications.

Speaking as a journalist who has been writing about every aspect of computer technology for 35 years, and about the Internet for 20 years (https://en.wikipedia.org/wiki/Glyn_Moody), I cannot emphasise too strongly that this would be a very unwise and dangerous move.

There is no such thing as a safe backdoor that is only available to the authorities.  If a weakness is created in a program or service, it can be found be third parties.  That is hard, but not impossible, especially for well-funded state actors.

Even more likely is that details of backdoors will be leaked.  The recent experience of the WannaCry ransomware attack, which is based on an NSA exploit that was leaked earlier, show how devastating this kind of subversion can be.

There is another powerful reason not to force companies operating in the UK to weaken their security.  First, US companies may simply water down protections for UK users, while protecting those in the rest of the world.  Obviously that would leave UK users particularly vulnerable to attack, and make them prime targets.

Secondly, if British companies are forced to provide backdoors in their products, then no government or company elsewhere in the world will use UK software, since there will always be a risk that it contains intentional security flaws.  This is the surest way to sabotage the UK software industry, and to ensure that computer startups are located anywhere but in the UK.

As well as being harmful, moves to weaken the security of encrypted products are also unnecessary.  As recent events have confirmed, terrorists rarely use encryption, and when they do, they make mistakes that allow the security services to access communications.  Indeed, there are many ways to obtain access and information even when encryption is used, as a recent paper explained (https://www.schneier.com/blog/archives/2017/03/new_paper_on_en.html).

To summarise, the many and mighty harms caused by weakening encryption vastly outweigh any illusory benefits.  The UK government would be ill-advised to take this route.

The Copyright Industry's So-Called "Value Gap" Is Actually an Innovation Gap

The is a crucial year for the Internet in Europe, because 2017 will see key decisions made about the shape of copyright law in the EU. That matters, because copyright is in many ways the antithesis of the Net, based as it is on enforcing a monopoly on digital content, whereas the Net derives its power from sharing as widely as possible. The stronger copyright becomes, the more the Internet is constrained and thus impoverished.

There are three key areas in the proposed revision to the EU's Copyright Directive where the Internet and its users are under threat from attempts to strengthen copyright. First, there is the panorama exception, which allows people to take pictures in the street without needing to worry about whether buildings or public objects are subject to copyright. Despite this being little more than common sense – imagine having to check the legal status of everything in view before taking a photo – copyright maximalists are fighting to stop a panorama exception being added to EU law.

The second point of contention concerns the link tax, also known as the snippets or Google tax. The last of these explains the motivation: publishers want Google to pay for linking to their articles using snippets of text. Despite the obvious folly of charging for the ability to send traffic to your site, the copyright world's sense of entitlement is such that two countries have already introduced a link tax, with uniformly disastrous results.

When Spain brought in a law that required search engines to pay publishers for the use of snippets, Google decided to close down its Google News service in the country, which led to online publishers losing 10% to 15% of their traffic.

Similarly, in Germany, which also introduced a link tax, publishers ending up giving Google a free licence to their material, so great was the law's negative impact on their business when Google stopped linking to their publications.

The snippet tax is so manifestly stupid that it is unlikely to appear in the final version of the revised Copyright Directive. But the third area of concern stands a much better chance because of the clever way that the publishing world is dressing it up as being about a so-called "value gap." It's a very vague concept – see this new video that explores what it is - but it boils down to publishers being resentful because digital newcomers came up with innovative business models based around legal access to online music, and they didn't.

An interesting speech on the topic by the International Federation of the Phonographic Industry's CEO in 2016 laments the fact that the "value" of the global music industry has recently declined 36% over 15 years. That's not really surprising: during this period the recording industry did everything in its power to throttle or stall new ways of providing access to music on the Internet.

What the so-called "value gap" is really about here is the long-standing innovation gap among recording companies, and their refusal to adapt to a changing world. Imagine if they had embraced the P2P music sharing service Napster in 2000 instead of suing it into the ground. Imagine if they had set up sharing and streaming servers themselves a decade and a half ago; imagine how much money they would have made from subscriptions and advertising, and how much their value would have grown, not fallen.

If this evident innovation gap only harmed the copyright companies themselves, it would not be a problem, so much as just deserts. But they are now lobbying to get the laws around the world changed in important ways purely in order to prop up their old business models in an attempt to compensate for this failure to embrace the Internet. In the EU, they are using the fallacious "value gap" concept to call for mandatory upload filters for all major sharing sites – effectively large-scale surveillance and censorship.

Given that one of the most important consequences of the Copyright Directive could be the curtailing of basic human rights in the EU, it is disappointing that a seminar run by the Alliance of Liberals and Democrats for Europe (ALDE) group in the European Parliament – supposedly made up of liberals in favour of such democratic freedoms – skews the debate so completely in favour of the copyright industry. Judging by the programme, there is not a single representative of the public speaking at the event – which is pointedly entitled "Copyright reform: Sharing of the value in the digital environment" - pretty much guaranteeing a biased and unhelpful discussion.

That failure by ALDE even to acknowledge that EU citizens have anything useful to contribute, or any right to speak here, does not bode well for the ultimate outcome of the Copyright Directive negotiations later this year. ALDE needs to start caring about and listening to the millions of citizens who voted for its MEPs. At the moment it seems to have uncritically swallowed the backward-looking copyright industry's framing of the problem as a non-existent "value gap", when the deeper problem is its continuing innovation gap. As a result, this year could see key aspects of the Internet's operation, to say nothing of privacy and freedom of speech, gravely damaged because of yet another expansion of copyright's reach and power.