16 Jan 2015

Is Cameron really planning on ‘banning’ Snapchat?

Let’s be clear about what Prime Minister David Cameron said: he doesn’t want any wrongdoers to be able to communicate in a way that UK intelligence agencies can’t access.
A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in Paris

Read more: A cut-out-and-keep guide to snooping in the digital age

That’s NOT THE SAME as banning any encrypted communications. Here’s why:

Let’s imagine jihadis use Snapchat (a service which allows users to send each other encrypted messages which then “self-destruct” on the recipient’s phone and apparently on Snapchat’s servers too).

If you’re the UK government and you want access to that jihadi’s messages you’ve got three options:

1. Ask Snapchat to keep copies of the messages of a particular user, and allow UK law enforcement access to the unencrypted file

2. Use brute force to unscramble the message as it passes from one jihadi to another via UK internet infrastructure

3. Agree with Snapchat that you’re going to keep a “master key” somewhere that will allow law enforcement to unscramble the messages (but, for example, only after informing Snapchat).

The problem with option 1 is that it relies on Snapchat’s approval, and UK law enforcement don’t like that.

The problem with option 2 is that it’s time consuming and costly.

Option 3 sounds tempting: until you realise that if the UK gets access to the skeleton key, there’ll be a queue of other countries lining up for the same access, including Russia, China, Turkmenistan, Kazakhstan….

So what if Snapchat et al refuse to play ball? Can Cameron “ban Snapchat?” How exactly will David Cameron banish such services from the nation’s phones? Just one of the gaping holes in this unfolding story.

This is as much about UK’s power in the world as anything else. The vast majority of successful tech companies are based in the US. American law enforcement has far less trouble accessing them than UK agencies. So as a result of our lack of tech prowess, British politicians must go cap in hand to the US to ask for access.

 Wargaming bank security

Conducting simulated attacks to test cyber-defences of banks is better than doing nothing, but it’s been tried before; twice, in fact: Operation Waking Shark I and II. The problem with these tests is that you simply cannot replicate the kind of attack banks are going to get hit with from a genuine aggressor.

Not only do the war games not have the timescale required, but they can only deal with known threats; hackers are constantly coming up with new tactics. Added to which, the wargames are run by the banks and they therefore have a vested interest in lowering the bar. As an example, here’s an excerpt from the Waking Shark 2 report:

“Overall the feedback on the exercise was positive with the vast majority of participants finding the exercise to be extremely useful.”

What were the real results? We never found out.

Follow @geoffwhite247 on Twitter

4 reader comments

  1. Matt says:

    I think your assertion ‘That’s NOT THE SAME as banning any encrypted communications’ is incorrect.

    While the government has the options you outlined in the case of snapchat, there are encryption schemes, such as PGP, which do not rely on a third party that the government can force the assistance of.

    Assuming that it is as secure as intended, such an encryption scheme would allow for wrongdoers to ‘communicate in a way that UK intelligence agencies can’t access’.

    Saying that such a means of communication must not be available to wrongdoers DOES seem to imply a ban on that kind of encryption.

  2. isha says:

    he should not do it

  3. Alan says:

    I know that hardcore terrorists lurk behind our local Tesco’s but snapchat and other mainstream apps?

  4. Ben says:

    How do you have confidence in markets, secure banks, and ban encryption at the same time? you can’t!

Comments are closed.