The possibility of a crackdown on encryption systems in the UK has risen again, ringing alarm bells in the bitcoin community.
A terrorist attack that killed 30 UK citizens in Tunisia last month led one MP to question prime minister David Cameron on whether popular social networks and internet services would have to abandon their claimed privacy policies.
Cameron and the UK government are on record as saying they do not approve of any communication medium that is 100% secret.
The question is: given bitcoin’s cryptographic foundation, would bitcoin businesses find it impossible to function in the UK if such secrecy were banned outright? At least one company has threatened to leave, and others could follow.
A long time coming
The issue has been simmering since January, when Cameron delivered a speech in which he noted it has always been possible for governments to monitor communications under certain circumstances.
“In our country, do we want to allow a means of communication between people which, even in extremis, with a signed warrant from the Home Secretary personally, that we cannot read? Up until now, governments have said no.”
When Cameron’s Conservative Party won an outright majority in the UK’s general election in May, he pledged to parliament that his legislative agenda for the next five years would indeed include targeting the communications of “terrorists, pedophiles and other serious criminals” under the Investigatory Powers Bill.
The bill revives the UK’s so-called “snooper’s charter“, a mass surveillance and monitoring agenda for telecommunications that had been stymied in 2012 by the Conservatives’ then junior coalition partner, the Liberal Democrats. That coalition no longer exists.
Reports that the government’s plan would result in a ‘ban’ on PGP, Apple Messages or WhatsApp have been based on speculation so far. The government has not stated explicitly how it intends to handle the issue.
Inserting backdoors into encrypted systems for government agencies, however, would effectively render them open since it would be impossible for the provider and end user to ever be certain their communications were not being monitored.
Apple enabled system-wide encryption by default with the release of iOS 8, prompting a stark response from John Escalante, chief of detectives for Chicago’s police department, who said the iPhone would now become “the phone of choice for the pedophile.”
The realm of possibility
At this stage it is not clear whether the plan to ban encryption is even possible. The technology has been in the wild for decades now, and previous attempts to limit its use have been unsuccessful.
The UK’s own Parliamentary Office of Science and Technology said in a briefing that a ban on encryption is “infeasible” from a technological standpoint – though its report is not binding on government decisions.
The United States National Security Agency (NSA), as Edward Snowden’s leaked documents revealed, has tried to weaken encryption algorithms as part of its BULLRUN program. It is not known how successful these efforts have been.
Uncertainty over encryption boundaries appears to have cost the UK one business already.
Eris Industries, which assists other companies in building distributed blockchain and smart contract applications, announced in May it would shift its headquarters from London to North America if the government took further steps towards limiting encryption.
COO Preston Byrne told CoinDesk the issue is actually twofold: interference with encryption and retention of user data.
“The idea of banning crypto is so patently ridiculous that I and many others in the data security space were so stunned by the idea that we laughed it off.”
Eris, he said, is not a financial services company and does not hold any user funds. But the tools it uses to build its distributed applications such as PGP, Tox or IPFS, rely on strong cryptography in order to provide a peer-to-peer platform with the same functionality as a web server.
Any regulatory burden would fall on the operator of an Eris-based platform that is running a financial service.
Regarding data retention, Eris wants to hold as little user data as possible, preferably none. But there is a fear the telecommunications provisions of the government proposals may cover SaaS (software-as-a-service) companies such as his.
“From a business perspective, the only way you can secure data is by not recording it anywhere.”
Byrne added that the response from the community had been “mostly positive”. While there had been some grumblings that Eris Industries’ announcement was a PR stunt, he said the company had campaigned on civil liberties issues since its launch, and had submitted comments to the British government on the issues upon request.
Since Eris’ software is all open source, it would be difficult to insert anything into the code without users noticing. That said, the company still hopes the UK legislation will never make it to law, saying: “It’s our hope the bill will die in committee.”
The voucher shop
Akin Fernandez, founder and operator of London bitcoin voucher shop Azteco, also has doubts the government will be able to legislate against encryption. “There is little chance of this idea making it to the statues,” he said.
“It is not possible for any government to block encryption. They cannot block the software that creates encrypted messages and files, and they have no way of blocking transmission of those files over the net.”
Likening any attempt to block encryption to authorities’ failure to block transmission of copyrighted material over the years, Fernandez said computer-illiterate lawmaking is “completely toothless and impotent”.
Bitcoin businesses could move jurisdiction, but software like bitcoin does not rely on businesses to work. Therefore, the law of the internet is the law of the world’s least restrictive jurisdiction, Fernandez added.
“When they say, ‘bitcoin allows you to be your own bank’, this is meant literally, not figuratively.”
When asked to speculate on ways a national government might attempt to restrict bitcoin use, the entrepreneur suggested a ‘key escrow’ system similar to encryption-snooping proposals of the 1990s. With bitcoin key escrow, governments retain one private key of a multisig wallet and would retain the right to seize the funds in case of a user’s wrongdoing.
However, Fernandez pointed out that such a system would be fundamentally unworkable, as there is no way a government could maintain adequate key security in a world where all encryption is backdoored, or inherently broken.
This would also be true if governments were allowed to keep a ‘bitcoin master key’ to access any funds at will. Forcing 100% compliance on either program would also be difficult, since users would have access to bitcoins from outside such a system.
While Fernandez said he would not be making any changes to the way his company does business, the option to incorporate in a friendlier jurisdiction, like Luxembourg or Lithuania, still remains should the situation worsen.
A familiar scene
The early 1990s saw what has come to be known as the ‘crypto wars’, as the US government had laws to limit the world’s access to encryption it could not itself crack.
Leading the fight was Phil Zimmermann, inventor of the cryptography system in question, open-source ‘pretty-good privacy’ or PGP software. Alongside him was fellow ‘cypherpunk’ Hal Finney, also noted for receiving the first ever bitcoin transaction from Satoshi Nakamoto.
PGP was released onto the internet in 1991, and Zimmermann was investigated by the State Department and other US government agencies for his ‘crime’.
The authorities responded with their own encrypted chipset called the ‘Clipper Chip‘, to be used in all communications devices. It was released in 1993, but by 1996 it withered from lack of adoption by manufacturers.
PGP was already in the wild, widely used, and completely unstoppable. Its use was integral in facilitating the growth of the e-commerce economy. Zimmermann himself has described the UK proposals as “absurd”.
Any UK attempt to ban encryption, or restrict bitcoin in a similar manner, is highly likely to meet the same fate. Both are already firmly within the general public’s reach.
Collection and retention of personal data, however, remains popular with policymakers worldwide, and is likely to play a greater role in the way future commerce is conducted.