UK's Terrorism Law Reviewer Says Tech Companies Shouldn't Offer Encryption To Anonymous Users

from the nothing-to-hide,-everything-to-fear dept

Wed, Sep 6th 2017 3:29am — Tim Cushing

Once again, someone's suggesting the best way to combat the spread of terrorist-related communications online is to make the tech companies do it, have them foot the bill, and do it all without being legislated into submission or making impudent comments like "That's not how any of this works."

Traveling beyond the groundwork of "necessary hashtags" and constant threats to bludgeon tech companies into mandatory, worldwide speech policing, the UK's independent reviewer of terrorism laws -- former key terrorism prosecutor Max Hill QC -- suggests the better route lies not through legislation, but through some sort of tech wizardry.

[C]ooperation with tech giants such as Google and Facebook offered the best way forward, including the potential introduction of “verification” checks on social media users.

“A discussion I have had with some of the tech companies is whether it is possible to withhold encryption pending positive identification of the internet user,” said Mr Hill.

“If the technology would permit that sort of perusal, identification and verification, prior to posting that would form a very good solution… and would not involve wholesale infringement on free speech use of the internet.

“I’m talking about a nano-second.”

Yes, Hill is calling for encryption to be withheld from anonymous or pseudonymous users -- often the very users (dissidents, journalists, whistleblowers) for whom the added protection is key to survival. This pitch takes "nothing to hide/nothing to fear" to its illogical extremes, suggesting protected communications be limited to those who have made their personal information available to tech companies -- who then, in turn, can be forced to hand it over to various governments with a minimum of paperwork.

Hill is correct -- beating tech companies over the head with broadly-written legislative sledgehammers is unlikely to end well. But his "fix" isn't any better. In fact, the thing he thinks can be done in a "nano-second" may not even be possible. And that's by his own admission.

Mr Hill conceded that experts were divided as to whether such checks were feasible but that it was a debate “worth having”.

Something everyone can agree on -- "independent" or not -- is that tech companies should pay for whatever measures they're being forced to undertake for the government.

He added: “The vast sums of money that tech companies generate … means that we should all be looking to those companies to recycle some of those profits into the fight to take down extreme material.”

So, let's attempt to add this all up:

Hill thinks "sledgehammer legislation" would backfire. He also thinks tech companies should be able to flip switches somewhere to encrypt/decrypt communications as needed (million-dollar switches perhaps, but "recycle" those "profits!"). He also concedes no one has said these "nano-second" switch flips are actually possible. Finally, he believes tech companies will implement these measures and pay for them without being forced to by "sledgehammer legislation."

Hill has assembled a handful of logical flaws and presented them as a plan -- one whose impossibilities can be surmounted if everyone involved just talks about it for awhile. These are the words of a former prosecutor who has mistaken daydreaming out loud with acting as an independent overseer of terrorism-related legislation.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: anonymity, encryption, going dark, identification, max hill, privacy, uk

56 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Ninja (profile), 6 Sep 2017 @ 3:56am

I have a better idea. Why don't we acknowledge that 100% crime prevention is impossible anyway and that shit happens and then start dealing with what is actually causing such extremism by teaching tolerance in the schools, weeding out bigotry from the government, police, legislative, courts? Ah, it's easier to advocate for a mythical, magical solve all switch. Ok, carry on.

The escalation of extremism everywhere, from white supremacists and Jesus followers in the West, through radical Muslims in the middle-east to lunatic tyrants in Asia we humanity are ripe for mutual assured destruction.
[ link to this | view in chronology ]
- Anonymous Coward, 6 Sep 2017 @ 4:38am
  
  Re:
  
  and then start dealing with what is actually causing such extremism
  
  A major cause of extremism is the great disparity in wealth between rich and poor, and first and third world.
  
  The western Roman empire fell not because those outside the empire hated its way of life, but rather because they wanted a share of that way life.
  [ link to this | view in chronology ]
  - Ninja (profile), 6 Sep 2017 @ 4:44am
    
    Re: Re:
    This of course but if you focus on providing welfare to the masses with good public health, education and justice you are already a long way into fixing this issue. I'm not against billionaires, I'm against them existing while there are people in total misery. If everybody has the minimum to live with dignity then by all means go buy your yachts and planes.
    [ link to this | view in chronology ]
    - Anonymous Coward, 6 Sep 2017 @ 7:33am
      
      Re: Re: Re:
      It is in their best interests, long term, but they do not think long term. The wealthy need to wake the hell up and smell the disaster they are creating, it will impact them no matter how strong their bomb proof fortress is - this is quite obvious to many - but not them.
      [ link to this | view in chronology ]
      - Michael, 6 Sep 2017 @ 8:23am
        
        Re: Re: Re: Re:
        And the people that keep pointing at the "wealthy" really need to understand what "wealthy" means to the majority of the world.
        
        Because if you think "wealthy" means someone with hundreds of thousands of dollars in the bank, you are very much mistaken.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 6 Sep 2017 @ 9:57am
        
        Re: Re: Re: Re: Re:
        " if you think "wealthy" means someone with hundreds of thousands of dollars in the bank"
        
        Could someone like that afford a multi million dollar fortified bomb shelter?
        
        .... No, obviously not
        
        So what are you talking about there mister? It was quite obvious what was meant.
        [ link to this | view in chronology ]
        
        nasch (profile), 6 Sep 2017 @ 3:10pm
        
        Re: Re: Re: Re: Re: Re:
        I think what he means is that to "the rest of the world" wealthy means having: so much food you could actually throw some of it away; a car; electricity that actually works all the time; hot and cold running water (or even just reliable clean water); medicine when you need it. And so on.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 6 Sep 2017 @ 5:09pm
        
        Re: Re: Re: Re: Re: Re: Re:
        Yeah, I get that and it is a valid point ... but that is unrelated to the post he responded to.
        [ link to this | view in chronology ]
        
        nasch (profile), 6 Sep 2017 @ 6:57pm
        
        Re: Re: Re: Re: Re: Re: Re: Re:
        I don't know about that - if I can be so bold as to risk putting words in his mouth, I think his point is that it's not just the yacht crowd that is building up a disaster for themselves, but more or less the entire developed world. And that seems relevant. I don't know that he's right, though.
        [ link to this | view in chronology ]
    - Ben, 6 Sep 2017 @ 8:21am
      
      Re: Re: Re:
      "I'm not against billionaires, I'm against them existing while there are people in total misery."
      
      Wealth doesn't work that way.
      It isn't a zero-sum game.
      Someone being rich does not MAKE someone else poor.
      [ link to this | view in chronology ]
      - Anonymous Coward, 6 Sep 2017 @ 8:36am
        
        Re: Re: Re: Re:
        You've missed his point. If there are people that are that rich, there's clearly enough resources to go around so that there could be no one in abject poverty.
        
        Like he said, he's not against there being billionaires, only against there being billionaires while there are people in abject poverty. Some one making a lot of money doesn't necessarily make others poor, but making some one less rich could make some one else less poor.
        [ link to this | view in chronology ]
      - Anonymous Coward, 6 Sep 2017 @ 8:40am
        
        Re: Re: Re: Re:
        Because most rich people got that way through their own hard work, right? And the harder you work, the richer you get, right? Hardly. Most of the wealth added to the economy is done by those who will never be wealthy themselves. Most rich people were born that way and stay that way by finding ways to channel the wealth created by others to themselves.
        [ link to this | view in chronology ]
      - Anonymous Coward, 6 Sep 2017 @ 10:09am
        
        Re: Re: Re: Re:
        Perhaps, but then sometimes it does work exactly like that.
        For example why do you think there are so many employers who oppose providing their employees with a living wage in return for 40 hr work week? It's bad enough they do not provide any benefits and push their work on demand bullshit but then they expect others to cover their deficiencies via food stamps and welfare. Corporate subsidy needs to stop. They wag their fingers at the less fortunate with the "personal responsibility" demand while shirking their own - many people are getting tired of paying for these corporate slackers while they claim to be "good citizens" and looking out for your well being, what a crock.
        [ link to this | view in chronology ]
  - Anonymous Coward, 6 Sep 2017 @ 5:45am
    
    Re: Re:
    Do you make up your own facts and history all the time or is it more of just a hobby?
    [ link to this | view in chronology ]
    - Anonymous Coward, 6 Sep 2017 @ 7:34am
      
      Re: Re: Re:
      Please itemize those things from said post that you consider to be incorrect.
      [ link to this | view in chronology ]
      - Anonymous Coward, 6 Sep 2017 @ 10:05am
        
        Re: Re: Re: Re:
        Extraordinary claims require proof. Where are your citations?
        [ link to this | view in chronology ]
        
        Anonymous Coward, 6 Sep 2017 @ 10:11am
        
        Re: Re: Re: Re: Re:
        I made no claims .... just a question.
        Guess that is too difficult for you.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 6 Sep 2017 @ 10:26am
        
        Re: Re: Re: Re: Re: Re:
        Here is your claim:
        
        "The western Roman empire fell not because those outside the empire hated its way of life, but rather because they wanted a share of that way life."
        
        Where are your citations?
        [ link to this | view in chronology ]
        
        Anonymous Coward, 6 Sep 2017 @ 1:16pm
        
        Re: Re: Re: Re: Re: Re: Re:
        Look again as that was some other AC, please - do try to keep up
        [ link to this | view in chronology ]
  - tin-foil-hat, 6 Sep 2017 @ 7:23am
    
    Re: Re: Fall of Rome
    I thought it was the adoption of Christianity.
    [ link to this | view in chronology ]
- Anonymous Coward, 6 Sep 2017 @ 6:31am
  
  Re:
  You mean address problems instead of symptoms? That will never work!
  [ link to this | view in chronology ]
  - Anonymous Coward, 6 Sep 2017 @ 7:36am
    
    Re: Re:
    They don't even address the symptoms, they do a lot of hand waving, money grubbing and lying.
    [ link to this | view in chronology ]
- OA (profile), 6 Sep 2017 @ 7:39am
  
  Re:
  Agreed.
  
  Extremism / radicalization is spreading so efficiently because we don't recognize their root causes. We recognize causes that are immediately adjacent to manifestations that we consider important; like terrorism. By the time is gets that bad allowable responses have deteriorated and narrowed into "war responses". This is true in many, MANY domains not just international relations.
  
  The big names, like Terrorism, "suck all the oxygen out of the room". The fabric of our collective lives is the real monster that gives birth to these relatively baby monsters.
  [ link to this | view in chronology ]
  - Anonymous Coward, 6 Sep 2017 @ 11:50am
    
    Re: Re:
    "Extremism / radicalization is spreading so efficiently because we don't recognize their root causes."
    
    No, it spreads because of ignorance. Fear, the root cause, is well known and understood. The problem is the fact that people do not wish to remediate their ignorance.
    
    Thank you for being a part of the cycle of ignorance!
    [ link to this | view in chronology ]
    - Anonymous Coward, 6 Sep 2017 @ 12:37pm
      
      Re: Re: Re:
      Most of that fear and ignorance is spread by men of religion who called themselves learned.
      [ link to this | view in chronology ]
      - Anonymous Coward, 6 Sep 2017 @ 12:57pm
        
        Re: Re: Re: Re:
        > Most of that fear and ignorance is spread by men of religion who called themselves learned.
        
        If you want to call greed a religion.
        [ link to this | view in chronology ]
- Anonymous Coward, 6 Sep 2017 @ 8:31am
  
  Re:
  Maybe you should try practicing what you preach.
  [ link to this | view in chronology ]
Annonymouse, 6 Sep 2017 @ 4:28am

So when do we start prosecuting this facilitator of extremism and terrorism or is he under the protection of the mental health laws?
[ link to this | view in chronology ]
- Anonymous Coward, 6 Sep 2017 @ 4:44am
  
  Re:
  His remarks already give away his hate for anonymity so Force him to give up encryption for life now. No phone encryption, email or even HTTPS. People who attack freedom do not deserve to be protected by it.
  [ link to this | view in chronology ]
  - Anonymous Coward, 6 Sep 2017 @ 8:48am
    
    Re: Re:
    
    People who attack freedom do not deserve to be protected by it.
    
    Wait. I thought "true freedom" included the freedom to take other people's freedom away. No?
    [ link to this | view in chronology ]
    - Anonymous Coward, 6 Sep 2017 @ 11:13am
      
      Re: Re: Re:
      no!
      
      true freedom is the state where no one can tell YOU what to do.
      
      It has ZERO to do with you having power or justification to do something to others.
      [ link to this | view in chronology ]
      - Anonymous Coward, 6 Sep 2017 @ 12:52pm
        
        Re: Re: Re: Re:
        "It has ZERO to do with you having power or justification to do something to others."
        
        Like kicking them off land?
        [ link to this | view in chronology ]
      - Anonymous Coward, 6 Sep 2017 @ 1:18pm
        
        Re: Re: Re: Re:
        Perhaps the /s tag was implied and you missed it
        [ link to this | view in chronology ]
Hephaestus (profile), 6 Sep 2017 @ 4:45am

The UK seems to be leaning towards running their section of the internet in a very Chinese manner.
[ link to this | view in chronology ]
That Anonymous Coward (profile), 6 Sep 2017 @ 4:59am

Mr. Hill,
Please to go fornicate without a partner.

Tech companies are not & should not be placed in a position to decide if someone is a "Good Guy™".
Tech companies should not foot the bill to do bullshit feel good but worthless programs.

The problem isn't the technology but the billions of dollars brain-trusts like yourself have demanded be poured into programs that are modern day phrenology, expecting untested unproven "science" of an eye twitch will unmask terrorists.

The world can not be 100% safe. Stop telling people they can be 100% safe. Unless they are willing to surrender all rights & human contact & be sealed in their own personal cells it ain't happening.

The battle cry of "Tech should fix this!!!" is nice soundbite fodder, but how are they supposed to do what the billions you paid the phrenologists weren't able to do?

You are not serious in these attempts, this is PR spin to make sure people are pissed at tech instead of the impotent leaders who just want everyone, but them, monitored in real time 24-7 by invasive systems that can and will be abused by those with power.

Orwell would be pleased you read his book, he is rolling in his grave that you've all taken it as a blueprint to make the world better. Unity through Faith, Faith through Unity and lets just ignore the fingermen raping & beating girls because they have a badge that says "good guy™".

It was a warning, but the leaders are completely blind to what is coming as they strip away each bit of rights that supposedly make us free countries and we slide into the abyss of Big Brother telling us it isn't raining as we stand in the rain soaked to the bone... but no one will say it is raining to avoid the reeducation camps.
[ link to this | view in chronology ]
Anonymous Coward, 6 Sep 2017 @ 5:06am

>including the potential introduction of “verification” checks on social media users.

Just how does a company identify a user, when the create an account, and every time they use such an account? It is not unknown for people in the UK to have multiple identities for social benefits, and they have to interact with humans to verify their identity.
[ link to this | view in chronology ]
- Anonymous Coward, 6 Sep 2017 @ 8:56am
  
  Re:
  
  Just how does a company identify a user...
  
  Not easily. For example, even the FBI counter espionage unit has in the past been infiltrated by the very foreign spies it was supposed to be hunting because it failed to identify them as such, despite having virtually unlimited resources for doing so.
  [ link to this | view in chronology ]
aerinai (profile), 6 Sep 2017 @ 5:27am

Get ready for password sharing to be a prosecuted under anti-terror legislation
I'm a developer, and maybe that has jaded my thinking about issues and problems... I would have thought that lawyers would have had the same rationale as me, but I'm starting to think they are the yin to our yang.The more I think about it... developers try to close all loop holes and lawyers try to create as many as possible.

We try and create a solution that works for the largest amounts of use cases with the smallest amount of effort. In cases like this; where you are looking for a zero-tolerance policy (absolutely no terrorists/anonymous interactions) then you are setting yourself up for complete and utter failure...

When a workaround is as simple as sharing a password, STEALING a password, or using an open protocol (*gasp!*)... you have failed even the most rudimentary of protections... of course then you have to create an anti-terror law to fix this 'edge case'. etc. etc. etc.
[ link to this | view in chronology ]
Anonymous Coward, 6 Sep 2017 @ 5:42am

Math is Not a Crime
Tim,

You guys might need to bring back the "Math is Not a Crime" shirts with a new tagline at the bottom:

"Except in the UK"
[ link to this | view in chronology ]
- That One Guy (profile), 6 Sep 2017 @ 5:52am
  
  Re: Math is Not a Crime
  Unless you know the necessary hashtags, in which case the UK is willing to overlook your criminal knowledge so long as you are willing to work with their 'experts'.
  [ link to this | view in chronology ]
That One Guy (profile), 6 Sep 2017 @ 6:09am

'You are allowed to wear a mask only after you put on your name-tag.'
“A discussion I have had with some of the tech companies is whether it is possible to withhold encryption pending positive identification of the internet user,” said Mr Hill.

Translation: "People should only be allowed 'anonymity' after they've been identified."

Another not-so-hidden trick here is that if encryption can be toggled on it can just as easily be toggled off, so chalk this up to yet another attempt at conning/forcing companies to offer broken-by-design 'encryption.'

Mr Hill conceded that experts were divided as to whether such checks were feasible but that it was a debate “worth having”.

It would be curious as to what 'experts' think that such checks are feasible, because I can't help but suspect most or even all of those 'experts' have no actual expertise in the field of encryption.

I also can't help but suspect that, similar to those in the US who call for 'discussions' and 'conversations' regarding this sort of thing that he's not interested in any 'debate' that doesn't start and end with something along the liens of "Why yes, you are absolutely right, we'll get right on that on our time and our dime."

He added: “The vast sums of money that tech companies generate … means that we should all be looking to those companies to recycle some of those profits into the fight to take down extreme material.”

Translation: "They make a lot of money, 'extreme' stuff(like the ability to post anonymously) is bad, therefore they should spend some of that money to combat the 'extreme' stuff."

Pretty sure that as profitable as Google and Facebook can be they still have less money to throw about than the UK government, so if anyone should be paying for the development of such broken encryption the UK government should be the one paying the bills(or even better, have the idiots trying to undermine public safety and security via undermining encryption and anonymity foot the bill with their own personal funds).
[ link to this | view in chronology ]
- Advocate (profile), 6 Sep 2017 @ 6:40am
  
  Re: 'You are allowed to wear a mask only after you put on your name-tag.'
  By allowing the "feasibility" argument you've already lost. It doesn't matter if it's feasible because it's a bad fucking idea either way. That's a pure distraction.
  [ link to this | view in chronology ]
  - That One Guy (profile), 6 Sep 2017 @ 3:30pm
    
    Re: Re: 'You are allowed to wear a mask only after you put on your name-tag.'
    A very good point. It doesn't matter how feasible it may or may not be, the underlying idea is a terrible one and not deserving anything but a resounding 'NO' from those that understand it.
    [ link to this | view in chronology ]
    - Anonymous Coward, 6 Sep 2017 @ 5:17pm
      
      Re: Re: Re: 'You are allowed to wear a mask only after you put on your name-tag.'
      I propose a feasibility study in which we determine if I am able to take a million dollars right now and turn it into a reasonable retirement nest egg. Warning, this study may take many decades to complete.
      [ link to this | view in chronology ]
- Anonymous Coward, 7 Sep 2017 @ 4:10am
  
  Re: 'You are allowed to wear a mask only after you put on your name-tag.'
  All he wants is a compromise. The British way. Like "So we compromised. I've got what I wanted, and they didn't".
  [ link to this | view in chronology ]
Anonymous Coward, 6 Sep 2017 @ 6:10am

lolwut

Max Hill QC, the independent reviewer of terrorism legislation, said that it would be a “good solution” to the problem of Islamist and other dangerous material online if postings could only be made by people whose identity was known.

But they already know the identities of many of these extremists. They simply choose to do nothing about it.

Far easier to arrest some squaddies for being members of an obnoxious right-wing group than to deal with actual terrorists.
[ link to this | view in chronology ]
- Anonymous Coward, 6 Sep 2017 @ 7:40am
  
  Re: lolwut
  "But they already know the identities of many of these extremists. They simply choose to do nothing about it."
  
  Which in my small mind means that they are being disingenuous at best.
  [ link to this | view in chronology ]
Anonymous Coward, 6 Sep 2017 @ 6:21am

Had to check twice, but
Mr. Hill's first name is indeed Max, not Benny.
[ link to this | view in chronology ]
Anonymous Coward, 6 Sep 2017 @ 6:21am

Where is our resident TOR pirate to offer his pithy take on this story I wonder?
[ link to this | view in chronology ]
- Anonymous Coward, 6 Sep 2017 @ 7:41am
  
  Re:
  Probably nerding harder
  [ link to this | view in chronology ]
- Anonymous Coward, 6 Sep 2017 @ 6:45pm
  
  Re:
  out_of_the_blue doesn't really show up on encryption articles. Surveillance articles, possibly, to whine about the government increasing surveillance. By the government, he really means the NSA. And by the NSA, he really means Google.
  
  You're thinking of MyNameHere/Whatever/horse with no name/Just Sayin'. His gimmick is to be an apologist for adding backdoors and increasing surveillance on the basis of "everybody posts personal things on social media so you should have no problem with the government grabbing all that data, you willingly put it up, you're a pirate and I'm such a model citizen".
  [ link to this | view in chronology ]
Not an Electronic Rodent (profile), 6 Sep 2017 @ 9:36am

Opinion is divided

Mr Hill conceded that experts were divided as to whether such checks were feasible but that it was a debate “worth having”.

Mr. Hill has clearly been "up the old sea dog" and talking to Captain Redbeard Rum.
[ link to this | view in chronology ]
stderric (profile), 6 Sep 2017 @ 1:03pm

Mr Hill conceded that experts were divided as to whether such checks were feasible but that it was a debate “worth having”.

I hope they televise that debate:

Tonight's Topic: Bypassing Online Anonymity Safely and Securely

Max Hill - 'De-anonymized anonymity makes sense and is feasible to implement.'

Everyone Else - 'Max Hill is a fucking idiot.'
[ link to this | view in chronology ]
Anonymous Coward, 7 Sep 2017 @ 1:35pm

There you have it. They want an internet identification card.
[ link to this | view in chronology ]
Miles Mathis, 10 Sep 2017 @ 4:27pm

Nuclear Weapons Hoax
NUCLEAR WEAPONS DO NOT EXIST:

http://heiwaco.tripod.com/bomb.htm

http://www.big-lies.org

http://mileswmathis.com/trinity.pdf

ht tps://vexmansthoughts.wordpress.com/2017/08/27/what-the-nuclear-hoax-implies/
[ link to this | view in chronology ]
- nasch (profile), 10 Sep 2017 @ 5:49pm
  
  Re: Nuclear Weapons Hoax
  Wow, I hadn't heard that conspiracy theory before, though of course it exists. For everything that's ever happened it seems there's someone insisting it never happened.
  
  Make sure to click the second link though. Could be the worst designed web site in the history of humankind. I don't recommend you read it or anything, you might hurt your eyes, but just glance at it.
  [ link to this | view in chronology ]