The possibility of a crackdown on encryption systems in the UK has risen again, ringing alarm bells in the bitcoin community.
A terrorist attack that killed 30 UK citizens in Tunisia last month led one MP to question prime minister David Cameron on whether popular social networks and internet services would have to abandon their claimed privacy policies.
Cameron and the UK government are on record as saying they do not approve of any communication medium that is 100% secret.
The question is: given bitcoinâs cryptographic foundation, would bitcoin businesses find it impossible to function in the UK if such secrecy were banned outright? At least one company has threatened to leave, and others could follow.
The issue has been simmering since January, when Cameron delivered a speech in which he noted it has always been possible for governments to monitor communications under certain circumstances.
âIn our country, do we want to allow a means of communication between people which, even in extremis, with a signed warrant from the Home Secretary personally, that we cannot read? Up until now, governments have said no.â
[post-quote]
When Cameronâs Conservative Party won an outright majority in the UKâs general election in May, he pledged to parliament that his legislative agenda for the next five years would indeed include targeting the communications of âterrorists, pedophiles and other serious criminalsâ under the Investigatory Powers Bill.
The bill revives the UKâs so-called âsnooperâs charterâ, a mass surveillance and monitoring agenda for telecommunications that had been stymied in 2012 by the Conservativesâ then junior coalition partner, the Liberal Democrats. That coalition no longer exists.
Reports that the governmentâs plan would result in a âbanâ on PGP, Apple Messages or WhatsApp have been based on speculation so far. The government has not stated explicitly how it intends to handle the issue.
Inserting backdoors into encrypted systems for government agencies, however, would effectively render them open since it would be impossible for the provider and end user to ever be certain their communications were not being monitored.
Apple enabled system-wide encryption by default with the release of iOS 8, prompting a stark response from John Escalante, chief of detectives for Chicagoâs police department, who said the iPhone would now become âthe phone of choice for the pedophile.â
At this stage it is not clear whether the plan to ban encryption is even possible. The technology has been in the wild for decades now, and previous attempts to limit its use have been unsuccessful.
The UKâs own Parliamentary Office of Science and Technology said in a briefing that a ban on encryption is âinfeasibleâ from a technological standpoint â though its report is not binding on government decisions.
The United States National Security Agency (NSA), as Edward Snowdenâs leaked documents revealed, has tried to weaken encryption algorithms as part of its BULLRUN program. It is not known how successful these efforts have been.
Uncertainty over encryption boundaries appears to have cost the UK one business already.
Eris Industries, which assists other companies in building distributed blockchain and smart contract applications, announced in May it would shift its headquarters from London to North America if the government took further steps towards limiting encryption.
Preston Byrne with the Eris teamCOO Preston Byrne told CoinDesk the issue is actually twofold: interference with encryption and retention of user data.
âThe idea of banning crypto is so patently ridiculous that I and many others in the data security space were so stunned by the idea that we laughed it off.â
Eris, he said, is not a financial services company and does not hold any user funds. But the tools it uses to build its distributed applications such as PGP, Tox or IPFS, rely on strong cryptography in order to provide a peer-to-peer platform with the same functionality as a web server.
Any regulatory burden would fall on the operator of an Eris-based platform that is running a financial service.
Regarding data retention, Eris wants to hold as little user data as possible, preferably none. But there is a fear the telecommunications provisions of the government proposals may cover SaaS (software-as-a-service) companies such as his.
âFrom a business perspective, the only way you can secure data is by not recording it anywhere.â
Byrne added that the response from the community had been âmostly positiveâ. While there had been some grumblings that Eris Industriesâ announcement was a PR stunt, he said the company had campaigned on civil liberties issues since its launch, and had submitted comments to the British government on the issues upon request.
Since Erisâ software is all open source, it would be difficult to insert anything into the code without users noticing. That said, the company still hopes the UK legislation will never make it to law, saying: âItâs our hope the bill will die in committee.â
Akin Fernandez, founder and operator of London bitcoin voucher shop Azteco, also has doubts the government will be able to legislate against encryption. âThere is little chance of this idea making it to the statues,â he said.
âIt is not possible for any government to block encryption. They cannot block the software that creates encrypted messages and files, and they have no way of blocking transmission of those files over the net.â
Akin Fernandez, Aztecoâs Founder, outside his London shopLikening any attempt to block encryption to authoritiesâ failure to block transmission of copyrighted material over the years, Fernandez said computer-illiterate lawmaking is âcompletely toothless and impotentâ.
Bitcoin businesses could move jurisdiction, but software like bitcoin does not rely on businesses to work. Therefore, the law of the internet is the law of the worldâs least restrictive jurisdiction, Fernandez added.
âWhen they say, âbitcoin allows you to be your own bankâ, this is meant literally, not figuratively.â
When asked to speculate on ways a national government might attempt to restrict bitcoin use, the entrepreneur suggested a âkey escrowâ system similar to encryption-snooping proposals of the 1990s. With bitcoin key escrow, governments retain one private key of a multisig wallet and would retain the right to seize the funds in case of a userâs wrongdoing.
However, Fernandez pointed out that such a system would be fundamentally unworkable, as there is no way a government could maintain adequate key security in a world where all encryption is backdoored, or inherently broken.
This would also be true if governments were allowed to keep a âbitcoin master keyâ to access any funds at will. Forcing 100% compliance on either program would also be difficult, since users would have access to bitcoins from outside such a system.
While Fernandez said he would not be making any changes to the way his company does business, the option to incorporate in a friendlier jurisdiction, like Luxembourg or Lithuania, still remains should the situation worsen.
The early 1990s saw what has come to be known as the âcrypto warsâ, as the US government had laws to limit the worldâs access to encryption it could not itself crack.
Leading the fight was Phil Zimmermann, inventor of the cryptography system in question, open-source âpretty-good privacyâ or PGP software. Alongside him was fellow âcypherpunkâ Hal Finney, also noted for receiving the first ever bitcoin transaction from Satoshi Nakamoto.
PGP was released onto the internet in 1991, and Zimmermann was investigated by the State Department and other US government agencies for his âcrimeâ.
The authorities responded with their own encrypted chipset called the âClipper Chipâ, to be used in all communications devices. It was released in 1993, but by 1996 it withered from lack of adoption by manufacturers.
PGP was already in the wild, widely used, and completely unstoppable. Its use was integral in facilitating the growth of the e-commerce economy. Zimmermann himself has described the UK proposals as âabsurdâ.
Any UK attempt to ban encryption, or restrict bitcoin in a similar manner, is highly likely to meet the same fate. Both are already firmly within the general publicâs reach.
Collection and retention of personal data, however, remains popular with policymakers worldwide, and is likely to play a greater role in the way future commerce is conducted.
David Cameron image via 360b / Shutterstock.com
