Is it a duty to encrypt your data?

Proposed mass data retention is so over-the-top repressive, here and in the UK, that some citizens have a positive duty to protect their sources, writes Crikey’s Bernard Keane.

Is it a duty to encrypt your data?

By Bernard Keane*

It didn’t take long for politicians to exploit the Paris massacres to push the case for more mass surveillance.

The victims had hardly been buried before our own Attorney-General George Brandis leapt into print in a News Corp publication to insist that data retention was a “vital” tool to fight terrorism, invoking both the Sydney siege and the Charlie Hebdo killings. Brandis’ piece was headlined “one more anti-terror tool”, though whether that referred to data retention or Brandis himself isn’t clear.

Brandis’ shameless connection of recent events with the need for data retention was a case of blatant lying, given that the perpetrators of both the Sydney siege and mass murders in France were well-known to counter-terrorism agencies and, in fact, had previously been under surveillance but, for reasons still being investigated, ceased being monitored. In neither case would data retention – and France has laws that go well beyond data retention – have had the slightest impact given the failures of counter-terrorism agencies. Indeed, there’s considerable evidence that mass surveillance actually makes the job of law enforcement and terrorism agencies more, not less, difficult. Still, it’s not the first time Brandis’ egregious mendacity has been on display in relation to the issue of data retention, even if there was something distinctly distasteful about his exploitation of tragic events.

But Brandis was, for once, outshone in both stupidity and grubby exploitation by British Prime Minister David Cameron, who used the Paris massacres to call, in essence, for an end to all encryption, saying:

“I will make sure it is a comprehensive piece of legislation that makes sure we do not allow terrorist safe spaces to communicate with each other.”

According to Cameron, “in extremis, it has been possible to read someone’s letter, to listen to someone’s call, to listen in on mobile communications. The question remains: are we going to allow a means of communications where it simply is not possible to do that? My answer to that question is: no, we must not.”

As Crikey explained in November, there is a growing attack on encryption and anonymisation tools by the UK and US governments; Cameron’s comments, which drew tentative support from Barack Obama, were only a sillier restatement of the views of many national security advocates.

As innumerable commentators have noted since, what Cameron proposes is nonsensical. It would involve banning Britons from using, or installing encryption tools, from anywhere in the world, even if they could not be developed in the UK. But encryption is embedded in many of the most basic interactions we undertake online, such as online banking – abandoning encryption simply isn’t economically feasible. Indeed, an NSA report leaked by Edward Snowden showed the NSA lamenting the slow uptake of encryption.

Moreover, it is impossible to have encryption to which only the “good guys” have access via backdoors; built-in access to encryption means other governments, crooked police and organised crime can use it as well; there’s no magic encryption key, as some journalists appear to believe. More likely, as commentator Ollie Balaam pointed out, Cameron wants to forestall the spread of inaccessible encryption tools among ordinary internet users, because widespread adoption of such tools will make mass surveillance vastly more resource-intensive for governments.

End-to-end encrypted communication is increasingly popular and now being offered as a standard feature of products by the biggest mainstream IT companies, directly as a backlash against the mass surveillance of the NSA and GCHQ. If a large segment of the population is using anonymity-enabling computer programs and software – like Tor or VPNs for their web browsing and internet use, and PGP for their emails – governments may still be able to monitor them, but it will cost them far more money than mass surveillance currently does.

Meanwhile, recent revelations have focused on a crucial aspect that again demonstrates why the government’s push to impose mass surveillance via data retention should be resisted by any credible media organisation.

Further Edward Snowden material just revealed showed that British signals intelligence arm GCHQ (photo) collected emails from journalists of the BBC, Reuters, The Guardian, The New York Times, Le Monde, NBC and The Washington Post via a surveillance device placed on key internet-backbone cables by spy agencies.

At the same time, British defence intelligence agencies were detailing how journalism was a security threat comparable to terrorism because “journalists and reporters representing all types of news media represent a potential threat to security”. On a threat matrix, investigative journalists rated below terrorists on “capability” but above them as a “priority”. Recall that, two years ago, the Pentagon deemed employees reading The Onion orSlate a potential security threat to be reported.

Britain is already in the throes of a debate over unfettered, and routinely exploited, police access to journalists’ metadata, which has gotten so bad the government has been forced to propose a ban on access to journalists’ metadata without a warrant.

Under Brandis’ and Turnbull’s data retention regime here, a wide variety of government agencies would have unfettered access to two years’ worth of telephone and internet records of every journalist, editor and producer in the country. Moreover, given the close relationship between GCHQ and other “5 Eyes” spy agencies such as the Australian Signals Directorate, it would be absurd to assume Australia’s intelligence agencies don’t share a similar view of journalism – Defence already employees dozens of media officers for the primary purpose of thwarting any embarrassing media coverage. There’s no clear reason why ASD and other agencies would baulk at collecting journalists’ emails as well.

All of us should be encrypting our systems and our online communications to thwart exactly the sort of cheap mass surveillance David Cameron and other politicians want to preserve and strengthen.

But for journalists, editors and producers, there’s no excuse – their ethical responsibilities demand they do their best to stymie exactly the sort of surveillance that both spy agencies, and the Australian government, wants to impose on them.

 

• Bernard Keane is Canberra political correspondent for Crikey, where this article first appeared.