Next time you go to www.google.com, try adding “https://” to the beginning of it. You are now on the secure version of Google’s homepage, which uses a technology called SSL (short for “secure sockets layer”) to ensure that the only people who know that you are on Google are you and them. To everyone in between – your ISP, your wireless router, and, if the government’s latest proposals for internet tapping go through, GCHQ – it is possible to tell you are going to an encrypted website, but not what you do when you get there.
If you send email, you can go one step further. PGP, which humbly stands for “pretty good protection”, is trickier to implement than SSL, but its encryption is so good that the US military banned it from being exported, due to it being classified as “munitions”. To use it, both you and the person you are talking to need to have it installed, but if you do, then it is impossible to read what passes between you.
All of these technologies have been around since the 1990s, but for the most part people don’t use them. Why should they? Our ISPs are trustworthy, our governments don’t scan our communications, and there’s been no indication that any of that would change – until now.
The Home Office announced its plans at a meeting with the Internet Service Providers Association in January, but the news hit the headlines on Sunday when the BBC reported that the legislation was set to be announced “soon”. A Home Office spokesman told the broadcaster:
It is vital that police and security services are able to obtain communications data in certain circumstances to investigate serious crime and terrorism and to protect the public.
This may well be true, although others are more doubtful. But the real concern for the government must be that this announcement, and the incompetent way it has been handled (including the Home Office tweeting on the issue using the protest hashtag #telldaveeverything), is that they may have just made that aim much, much more difficult to achieve.
Right now, most people don’t encrypt most of their communications most of the time. This includes the criminals and terrorists that are the targets. But there’s no real reason for that other than a lack of public awareness around the issue. And what’s the best way to get the public looking at ways to protect their communications? Announce that you will build the capability to start reading all of them, that if they have done nothing wrong they have nothing to fear, and then allow misinformation to hang in the air.
Encrypted communications have been the future for the last twenty years, but with the climate of confusion that now exists over the changes, there is a very real chance that they will become the norm. If they do, GCHQ will have its work cut out swimming to stay still, let alone boosting its intelligence capability.