Dear Mr Cameron,
What follows, is, what I hope will appear to you as an appeal to reconsider your recent announcement to make surveillance a topic in your campaign for election.
Before I get into this, it's worth noting that I did not, and will not vote for you. But this isn't about where my political views lie. It, I believe is about something far greater. Democracy.
We live in a society where, for the most part, we are able to chose the people that represents us as a country. As a representative of the UK (whether you or I like it or not, you represent me too), your actions reflect on all of us.
The recent attacks in Paris were terrible, lives were lost at the hands of people who make human beings look terrible in general. They represent a very small minority of the world's population, and people in France and around the world demonstrated that those extremists do not represent the best of us, by uniting and mourning the tragedy.
Unlike citizens around the world, politicians such as yourself saw the tragedy as an opportunity to further your own agendas. Make no mistake, I understand what danger may be out there, thinking about it makes me worried that I may happen to be in a location where one of these attacks occur, or worse, that my family may be.
However concerned I may be, it does not warrant undermining the rights of this country's citizens. Secure communication via SSL is in place to protect information that should not be seen my others. For you to suggest that we introduce a way for these communications to be intercepted by security services is just ludicrous. I don't know where you got the idea from, but if it was suggested by an "advisor", I would advise that you fire that fool.
What you're suggesting will compromise the integrity of the web. I don't believe you can even begin to fathom the ramifications of your suggestion. Your peers have suggested that security services will need proper "sign off" before being able to access information. We've seen how that works out practically from the NSA's exploits. It is a bad idea...
Let's try to consider some of the things that will happen, and these are just the obvious ones (think of what those with bad intentions could come up with).
Start by assuming you legislate security services be able to intercept secure communications.
What does this mean in reality? Why does your suggestion threaten the integrity of the internet?
SSL works by using a "handshake" before sending private data. The handshake depends on a "Certificate Authority". The role of this authority is to verify the identity of someone, say google.com. Now, if we have an authority, say GeoTrust, has verified the google.com key and we trust GeoTrust then by implication we also trust google.com.
Now, without having google.com's private keys you cannot decrypt a message encrypted for google.com. This is how banks and all other secure services work, give or take some technicalities. See this page for a more detailed break down.
- The long and short of it is that your legislation can only work if you force organizations to provide their private keys to the security services.
- You force Certificate authorities to illegitimately allow domains owned by the security services to pose as other domains.
- There is the other choice of you outlawing the use of SSL so that no one can encrypt anything...except of course, the security services!
- Finally, you could take the NSA's approach and let the service providers decrypt the messages and pass them on to you.
I hope not even your advisors are stupid enough to think any of these are a way forward.
Options 1 - 3 are a sure way of ensuring that we open ourselves up to even greater threats. Option 4 is a direct violation of this country's citizens' rights... The European Convention on Human Rights, article 8.1 explicitly provides citizens with the right to respect for a private life. There by making option 4 illegal in the EU (is that why you want out?). Since it is claimed that a "wholly satisfactory statutory definition of privacy" cannot be found let's take the common sense approach. If I use a secure messenger to profess my love for someone, common sense dictates that the messages I sent are only for my and her eyes (ignoring her friends she chooses to show it to).
I have the right for that message to remain private between me and the intended party. Your suggestion is in direct contradiction of this. Furthermore, if i choose to use any particular secure messaging service, I also have the right to choose who provides that service. The act of "banning" secure services is not democratic in anyway shape or form and is akin to a dictatorship.
Let's step back for a second and consider what we gain by being able to see people's private communications.
- We are able to monitor the communication of extremists in the UK, security services can then respond and foil any threats to our security.
- ...hmmmn, I can't think of another reason, please enlighten me if I've missed others
Being able to foil threats to our security is a win... Any sensible person should agree with that I think, but what do we lose?
- Well, privacy goes out the window
- Democracy becomes an elected dictatorship. Although it could probably be claimed we didn't have a real democracy until 1928 when women were allowed to vote, we've had some form of democracy since the 1700s, are we going to give that away?
- The laws imposed in the UK would not apply to other countries and they probably won't give us access to their citizen's private communication
- I don't know what the figures are but various news sources keep quoting the number of known extremists in the country to be up to 1000. The UK population is about 64.1 milliion I don't know about you but 1000:64 million ratio doesn't seem like a fair trade, to make sure that hit home that is 1000:~64,100,000
- Once this becomes legal, extremists will find other means of communicating.
- Extremists groups these days seem to operate without leaders right? A small radicalised local group can speak face to face and plot their attacks on targets they deem to be in line with whatever they believe they're fighting for.
What you're doing is fear mongering, on par with the "Daisy" ad.
This kind of fear mongering only leads people to develop fascist and racists views. I am not muslim, I've been brought up a christian, I do not make any claim to know what a muslim person believes in. What I do know is, the way politics continues to isolate this group of people is making our situation worse.
I know people that are muslim who constantly feel in fear, never knowing if some misinformed idiot will target them but also just as concerned as we are that they will become victims in an attack by extremists. To some of them they're trapped between two extremists! You the government that is suppose to protect all its people and the extremists. What's the big idea? The electorate comprised of non-muslims is larger so you do what's necessary appeal to them and secure the most votes?
What you and some other politicians continue to do amounts to gross negligence! We live in what should be a free and democratic society, all of its citizens should feel the same security, protection and support, within reason. The messages you're sending amounts to saying that because certain extremists are muslims therefore most of them must be.
I couldn't find UK numbers but the FBI themselves are clear that between 1980 and 2005 only about 6% of extremists (on US soil) were muslim. While not only for the UK Europol's report says less than 1% of attacks in the EU are committed by muslims.
Be more like this guy.
Mr Cameron, the moment you legalise this, these extremists have won. You are trying to take away our civil liberties. That should not be the prerogative of a democratic government! As far as I can tell you and those supporting this have not thought this through and are using it as a fear factor to drum up the votes and push your own agendas. If people are worried like I am and they are mis-sold a policy which promises to make them safer, they'll vote for you right? As a nation we depend on our elected "leaders" to do what is in our best interest, this is not one of those things.
For those who will claim that it is a solution and that I can't offer a better one. You're right in that I don't have anything better in regards to secure communications, but I can see why this approach is not a good solution. This just doesn't work, remember our example from earlier? The "Certificate authority" that I mentioned. Anyone can become a certificate authority. An extremist group can generate their own keys and decide to sign and trust only keys they know. At that point your interception of communications is pointless and our privacy already tarnished.
You are effectively trampling on our civil liberties at a time when civil liberties is under attack.
This is just not a good idea. If you do it, you're putting the economy at risk as well. Who do you think would shop online if their details weren't secure. The moment you allow back doors you open the risk that corporations and extremists alike will find and exploit those back doors for their own benefit.
If you force ISPs or other intermediaries to provide a way in for you, you immediately make them a bigger target. If the NSA can be hacked do you think our ISPs can withstand concentrated attacks? If they're infiltrated, your backdoor to help keep us safe, then becomes one of the biggest threat to us! There is a continued rise in groups like the "Syrian Electronic Army".
These are groups that governments around the world are fending off, some failing to do so, do you really think making ISPs a bigger target than the government will bode well? I'm not a security expert, but I have a decent idea of how the internet and the web on top of it works and with that knowledge I can assure you this is a mistake. If you go through with it, it may become the thing that defines your career as a politician, and not for the better!