The new age of prohibition

Haven’t you seen it too? Every time some bad guy uses some tool or other the politicians want to ban it? And it sounds good too, doesn’t it? The bad guys used (insert what you like) so we banned it.

Well, in theory it is good, provided that the bad guys are law abiding, and by nature, criminals are not – that’s why they are criminals in the first place, isn’t it?

And some things you can’t make a law against, for obvious reasons. You can’t ban fertilizer because someone figured out how to make a bomb of it, we do need our produce after all. Neither can you ban cars because someone found out how to stuff it full of explosives and blow up something.

So sure, there are exceptions. And those are obvious to anyone. However, when we move into cyber country with all those pesky TLA’s and FLA’s we use (three letter acronyms and four letter acronyms) people and politicians lose track of what they want to forbid, and what the consequences are.

Take encryption as an example. There are encryption standards that hasn’t been cracked yet (although some claim that the NSA have, but we don’t listen to urban histories now, do we?) and they are widely used.

And why are they used? Of course – to protect the security and integrity of companies and private citizens that handle sensitive data. Law enforcement, health, government, banks and industry are only some who protect themselves this way.

Now, some of these bad guys seems to have been using WhatsApp for their communication needs, and since WhatsApp use end to end encryption and is very popular, David Cameron wants to ban it. And not only WhatsApp, but every encrypted communication service. This includes iMessage, Telegram, Skype and many others. That will show them, right? With no encryption the bad guys will know that we can spy on them, right? Oh, that is so good – isn’t it?

Well, no – it isn’t good at all. Apple clearly states that they will not change iMessage to be unencrypted, Skype and Skype for business (Lync) won’t be changed, and the good guys will be deprived of some amazing communication tools. The list is long as most companies now incorporate encryption into their service. And they do it to protect the good guys of course. If those are banned in one country and legal in all others, then it would affect commerce, growth of companies and the industry.

And you know what? I’m sick and tired of people who say ‘I have nothing to hide, let them see what I do as much as they like’. And why? Because they see it from one side only. Trusting that it is only the ‘good guys’ that can look into unencrypted communications. Guess what? If it’s unencrypted, then those with malicious intent can look into it just as easily.

Here in Norway, we just had a cyber threat assessment released by the government, and the prime source of worry was espionage from Russia, targeted at government, industry and private citizens. We are quite naïve when it comes to our own importance, the worth of the information on our devices and don’t realize how gathering information from different sources may provide people spying on you with important information once the pieces are puzzled together.

And finally, how hard is it to set up an encrypted messaging service? The simple answer is not hard at all. You will find complete code for such services for free on GitHub and other places, and trying to ban encrypted communication will just drive the bad guys into the darker corners of the Internet, and it would not be possible to stop them. The moment you target one IP-address another one pops up, and it will be a losing fight from the start.

So let us encourage to use more encryption, more security, and make it as hard as humanly possible for people with malicious intents to spy on us. We can counter much more espionage and harm to our people and industries this way. The bad guys will use encryption anyhow, so why make it easier for them?