Skip to main content

In the wake of the horrific Paris attacks, British Prime Minister David Cameron, left, and U.S. President Barack Obama met in Washington last week to discuss digital security and surveillance.

STEPHEN CROWLEY/NYT

When British Prime Minister David Cameron publicly called on the world's biggest technology firms to assist law enforcement agencies in breaking digital encryption, he became the latest politician to assert that it is possible to balance Internet security and surveillance.

Whether that balance actually exists, however, is the subject of intense debate.

Prime Minister Cameron travelled to Washington late last week to meet with U.S. President Barack Obama. One of the major topics of conversation between the two leaders is digital security – a group of 12 U.K.-based cybersecurity firms is also travelling with the Prime Minister.

Story continues below advertisement

"The U.K. is already leading the way in cybersecurity and this government is committed to ensuring it continues to be a leader in this multibillion dollar industry," the Prime Minister said in a statement on the eve of his U.S. trip.

But what was originally planned as a discussion about British plans to strengthen digital security has suddenly become, in many security experts' view, a discussion about doing the exact opposite. In the immediate aftermath of the Paris shootings – one of the worst acts of terrorism in postwar French history – Mr. Cameron has publicly called for technology companies to co-operate with efforts to allow British law enforcement agencies to crack encryption, the fundamental building block of digital privacy.

"It's really odd in one breath to talk about improving cybersecurity and then in another breath call on companies to weaken security by weakening encryption," said Christopher Soghoian, principal technologist with the American Civil Liberties Union.

"There is no way to design the system to keep the Chinese and North Koreans out but let the North Americans and British in."

Encryption is, at its most basic level, a means of keeping information secret using very large numbers. Just as a 15-digit PIN is harder to guess than a four-digit PIN, high-grade encryption algorithms that manipulate larger numbers are usually harder to break. As such, all things being equal, encryption is not only a fairly effective means of keeping data private, its effectiveness can also be mathematically measured.

But ever since the Edward Snowden leaks revealed widespread claims of authorized and unauthorized government surveillance of many of the world's most popular digital services and social networks, the technology giants responsible for those services have taken great pains to improve their encryption standards.

(The motivation for doing so is, primarily, financial – companies such as Google, Microsoft and Apple stand to lose billions if enterprise customers such as banks and other large corporations no longer trust their systems to keep sensitive information private.)

Story continues below advertisement

In recent years, some tech companies have gone as far as creating encryption schemes the companies themselves cannot override – meaning that, if law enforcement agents come looking for information such as the content of user messages, it is technically impossible for the company to provide it.

It is precisely those measures that Mr. Cameron appears to have in his sights. Although the Prime Minster has not released technical details of his proposal, security experts say there are generally two ways to make it easier for law enforcement officials to nab encrypted data – either force companies to maintain a "vault" of passwords that can be accessed when needed, or deliberately build flaws into the encryption algorithms, which can be exploited later. In both cases, however, the proposed solution would create new points of weakness that can be exploited not only by intelligence agencies, but anybody else.

"You can see that neither of those is appealing," said David Skillicorn, a professor at the Queen's University School of Computing.

Mr. Cameron also faces an uphill jurisdictional climb – most of the companies that would need to agree with his proposals are not headquartered in Britain.

"And if it only focuses on data stored in the U.K. … then you'll start to see some companies move offshore," said Prof. Skillicorn. "There's a misconception politicians have that borders mean something in cyberspace."

However some industry experts say that, regardless of how difficult the issues of digital privacy and surveillance are, politicians increasingly have little choice but to face them head-on.

Story continues below advertisement

"In the case of [David] Cameron, I think he said some things that are very important – he proposed comprehensive legislation, and I think that's what the government's job is," said Roger Billings, CEO of GoldKey Corporation, which designs high-grade security and encryption solutions primarily for government, military and large corporate clients.

"In today's world, if we did not have encryption for things like online purchases, they would soon come to an end. But maybe that's not as important … if we're all killed by terrorists. Trying to balance that is not only very difficult, it is something that changes from day to day."

Report an error Editorial code of conduct
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • All comments will be reviewed by one or more moderators before being posted to the site. This should only take a few moments.
  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed. Commenters who repeatedly violate community guidelines may be suspended, causing them to temporarily lose their ability to engage with comments.

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.
Cannabis pro newsletter