Who cares about encryption? Caspar Bowden does, and he thinks everyone else should too. A former investment banker, he has made it his mission to help people protect their electronic privacy. He stresses he is not a campaigner, yet as director of the Foundation for Information Policy Research (FIPR) in London he has united civil rights activists, business people and the Internet community on this issue. He claims Britain鈥檚 new Regulation of Investigatory Powers (RIP) Act treats computer users like criminals. Is he being paranoid? Duncan Graham-Rowe finds out what鈥檚 bugging him.
Why should we worry about making our computers secure?
Most households will soon have an 鈥渁lways-on鈥 Internet connection instead of a modem, and then you鈥檒l be able to get to any computer from any computer. There鈥檒l be very serious security problems because none of the computers that we have today can really be called secure. Your documents could be ransacked or passwords stolen without you ever knowing.
Advertisement
Your front door will always be open鈥
Yes. Someone did a very interesting experiment recently in which they fixed up two machines with permanent connections to the Net and left them alone. They wanted to see how long it would take before hackers found those computers, worked out that they were vulnerable and broke into them. For both the Microsoft Windows and the LINUX machine it took just a few days.
So cryptography is the solution?
Cryptography is the bricks and mortar of cyberspace. It is the only tool that we have to demarcate public space from private space.
But surely my Internet browsers already have encryption built into them?
The bizarre truth is that until last year, reliable cryptography was not built into any mass-market software. There was a deliberately weakened version which was easy to break. It used short encryption keys, typically only 40 bits (that鈥檚 a million million combinations), which even a desktop computer could break in a matter of hours.
Why didn鈥檛 software manufacturers use something better?
They weren鈥檛 allowed to. Government policy discouraged-and US export controls prohibited-anyone using anything stronger. The basic tool that guarantees privacy on the Internet is 鈥減ublic key鈥 cryptography, which was invented about three decades ago but was only available for mainstream software in Britain from last year.
Can you explain public key cryptography?
It works like this. Every person has a pair of keys: a public key and a private key. They are mathematically related, but they are sufficiently long that breaking the code would take millions of years on the fastest computers. The public key can be published widely, say in an online directory together with someone鈥檚 e-mail address. The private key is kept secret by the owner. Now if Alice wants to send a secret message to Bob, she encrypts it using Bob鈥檚 public key. Bob can then read the message by decrypting it with his private key. The important thing is that the public key will not decrypt, it will only encrypt. The fundamentally counter-intuitive idea is that material that has been encrypted by the sender can only be decrypted by the recipient.
Why is it so important to the protection of people鈥檚 privacy?
If public key encryption didn鈥檛 exist, there would have to be a centralised key-distribution service to provide shared keys for private and commercial communications. In such a system, the government could easily arrange for the police to have copies of any keys it needed.
The British government claimed criminals could shield themselves from surveillance using public key encryption, so it introduced the RIP Act. What鈥檚 wrong with it?
Under the RIP Act, any public authority can demand your decryption key-and you鈥檙e legally obliged to give it up-if the authority can convince a judge that it needs your key to carry out its statutory duty. You don鈥檛 have to be suspected of any crime. Most people have this idea that the authorities cannot get your key unless you are some sort of serious criminal. But that is not what the law says. So you may have the situation of a wholly innocent person being asked by the authorities to give up their key, which of course would expose all their communications.
Surely you鈥檙e being paranoid if you think the police are interested in anyone other than hardened criminals?
At the moment, I agree. The authorities are only interested in hardened criminals and I think, by and large, that鈥檚 what they spend their time on. What should concern people is the enormous breadth of the legislation that鈥檚 been passed. When you hear Home Office officials or the police trying to pooh-pooh the fuss over the RIP Act, they claim that they haven鈥檛 got the time or the resources to use these powers in an invasive or draconian way. In other words, they admit they have the powers, it鈥檚 just that they haven鈥檛 got the resources to use them yet.
You were strongly against the original RIP Act on human rights grounds. What was the problem?
The basic issue is this: is it reasonable to put somebody in jail merely for failing to prove that they have forgotten something? People lose keys, passwords and PIN numbers all the time. The RIP Act said they would be presumed to be lying, unless somehow they could prove they weren鈥檛. The government finally conceded this point in the House of Lords, so now the prosecution must prove someone is lying. But that is impossible, unless you can catch someone red-handed typing in their password. And if the police could get that password, say by video surveillance, then they should be able to prosecute the serious offence that the person was suspected of in the first place. That is why we have always argued that although the power to demand a key seems superficially reasonable, in fact it would be useless.
But even with that amendment, you still think there are problems with the Act?
The powers that are left still provide for massive trawling of communications inside the UK in a way that is totally unprecedented, even in wartime. How confident are we that in the next 50 or 100 years, as a result of economic upheaval or social unrest, we won鈥檛 have a government of an extreme political character which might be tempted to use the powers of the RIP Act to their full extent?
The government justified the RIP Act by saying it needed powers to chase paedophiles. Was it trying to scare people?
The government used almost every ogre, from paedophiles to drug traffickers and terrorists. An enormous amount of effort went into upholding government policy at a rhetorical level while very little apparent attention was given to the substance of the criticism.
But paedophiles do use the Internet to exchange pictures. Isn鈥檛 it laudable to want to stop that?
Absolutely, but we don鈥檛 think the new powers will help prove that paedophiles are in possession of child pornography. By definition, when material is encrypted you don鈥檛 know what it is. There is simply no evidence for a court to reach a just verdict.
So what do you suggest should be done about this sort of crime?
Bafflingly, the government did not legislate powers that might circumvent criminal use of encryption, such as warrants to bug computers. The strongest encryption is useless once the key is obtained. This can be done by hacking, or modifying the software or hardware. But the use of such methods would need the closest supervision and oversight, and technical skills and resources that the police currently lack.
How did you come to be involved in all this?
Well, my history is eclectic. I was writing computer games for most of the 1980s. I went into the City in 1989 and worked for an investment bank, then ended up as a research director for an options trading company where I was using mathematical models to predict volatility. Somewhere along the line it sunk in that this amounted to forecasting randomness and was therefore rather silly.
And then?
The explosive growth of the Internet convinced me that it would be the most interesting place to be working. So I sort of dusted down my techie skills and became an Internet consultant, and also started to learn cryptography, which had been a long-standing interest of mine.
Why did you feel so strongly about it?
In Britain at that time there wasn鈥檛 a think tank that was technically well grounded in Internet policy. The publications that were coming out of the major think tanks had very little credibility in the Internet community because they tended to skirt around some of the more difficult issues. So Ross Anderson and I founded FIPR in 1998 as a non-profit think tank for Internet policy. We pick issues where there is some kernel of extreme complexity that is creating misunderstanding.
You have attracted support from all sides of the debate, except perhaps the government. Unusual for a campaigner鈥
Well, we鈥檙e not campaigners, we鈥檙e a think tank and we work on a range of issues. But the RIP Act was one of the most complex bills ever-technically and legally-and we were the only people to dissect every paragraph and raise awareness of the implications. But I think it is remarkable to have an issue where civil liberties interests are shoulder-to-shoulder with business. We have the support of service providers, software manufacturers and the whole Internet community. That doesn鈥檛 happen very often and it鈥檚 proved to be a fairly irresistible combination. We are trying to secure a broader base of funding from business, but it鈥檚 a very tough pitch because we have to go to companies and say: 鈥淲e鈥檙e not here to represent your interests as a trade association and we don鈥檛 take cases to the European Court of Human Rights like other campaign groups such as Liberty. We鈥檙e here just to provide very strong analysis of information policy and of the Internet in particular, and we are very good at communicating that to policy makers.鈥 That is a job that needs doing, because public understanding and media understanding of these issues is at such a poor level.
Your mission is to make the public understand encryption. But do they have to understand it to use it?
Put it this way: if they don鈥檛 understand it, then they will be exposing themselves to a number of risks of attack. But the real point is that cryptography is about much more than encryption. It鈥檚 also the basis for technologies that will protect human rights in cyberspace. Rights such as freedom of expression, freedom of association, privacy and anonymous political participation are often in conflict. Informed democratic debate on these matters requires a thorough analysis of the technology.