U.K. Official Wants You to Stop Sneering at Her for Trying to Destroy Your Privacy
Amber Rudd admits that she doesn't understand encryption while insisting on the need to undermine it.
I'll have to give U.K. Home Secretary Amber Rudd points for bluntly, openly making it clear that the battle between government officials and tech companies over data encryption and privacy is happening because people like her neither understand nor care about the implications of their demands.
Rudd, Prime Minister Theresa May, and leaders in other countries have been fighting to force (or just convince) social media platforms, app makers, and other tech companies to make it easier for officials to access private conversations on demand. The aim, they say, is to fight crime and terrorism.
At the same time, these companies have been strengthening their encryption in order to protect people from having their private data compromised. Tough-to-break encryption protects people from identity theft and fraud, and we've seen what happens when companies have poor data protection systems.
But while everybody is shaking their heads at the terrible data-keeping revelations coming out about Equifax (the latest: Equifax stored consumer data in a non-encrypted format, so hackers who breached their systems were easily able to read the information), Rudd pretty much doesn't care. At an event this week, Rudd said she doesn't understand how encryption works but knows that it can keep the government from accessing data it wants, so Something Must Be Done.
[Rudd] insisted she does not want "back doors" installed in encryption codes, something the industry has warned will weaken security for all users, nor did she want to ban encryption, just to allow easier access by police and the security services.
Asked by an audience member if she understood how end-to-end encryption actually worked, she said: "It's so easy to be patronised in this business. We will do our best to understand it.
"We will take advice from other people but I do feel that there is a sea of criticism for any of us who try and legislate in new areas, who will automatically be sneered at and laughed at for not getting it right."
She added: "I don't need to understand how encryption works to understand how it's helping—end-to-end encryption—the criminals.
"I will engage with the security services to find the best way to combat that."
Rudd was subsequently "sneered at" yet again for not grasping the obvious: Allowing easier access by police and security services into encrypted data inherently involves creating "back doors."
It's particularly telling that Rudd wants to make this a debate about how she's being mocked even as she yet again fails to show any actual concern about the security of citizen data. She's being mocked for a reason (as is Australian Prime Minister Malcolm Turnbull, who responded to the encryption debate by saying the laws of mathematics are subservient to the laws of Australia).
The mockery is not because she's a rube who doesn't know all the ins and outs of how encryption works. Most people don't and probably never will, even as they depend on it to protect their private information.
Rudd and others like her are being mocked because they're constantly, repeatedly refusing to consider or care about the dangers to private citizens when data are not secure. Any tool or mechanism that can be used to bypass cybersecurity can be used by anybody who has access to it (or is able to replicate it). There is no such thing as a tool to bypass data security that only the "right people" can use.
Rudd wants to make every citizen of the United Kingdom—indeed, everyone around the world—give up privacy to help fight crime. But her policy would put all of us at a greater risk of crime, and would further expose us to surveillance from people with sinister intentions.
Equifax, which failed so terribly to protect U.S. consumers' data, has now received a $7.5 million no-bid contract from the IRS to verify the identities of taxpayers and prevent fraud. Governments already do a terrible job protecting citizens' privacy. The last thing we should want is to let them compromise the cybersecurity on offer from private companies.