The ABC’s 7.30 has a report tonight on ‘uncrackable phones’ allegedly being used by bikies to commission murder. The segment was calmly and rationally titled ‘Killer Phone’, a reminder that Aunty’s flagship is not above tabloid sensationalism. It featured a parade of interviews casting doubt on these ‘uncrackable phones’, made by Phantom Secure, but not a single voice in defence of them.
‘Are these phones, for example, being used to kill?’ asks Dylan Welch, the reporter, bringing to mind James Bond’s proto-smartphone from Tomorrow Never Dies, which included a stun-gun amongst its many tricks.
Instead of a stun-gun, however, the ‘killer’ feature these phones offer is ‘military grade’ encryption, that is, the ability to encode communications so that only the intended recipient can decode them.
Let’s, right now, demystify the ‘powerful’ and ‘military grade’ encryption these phones use. Encryption per se is commonplace. Your internet banking connection is encrypted; your ATM transactions are encrypted in transit; your wifi network is encrypted. There is nothing sinister about this.
‘Military grade’ encryption is harder to tie down: the manufacturer’s website doesn’t specify what encryption they use, except that it uses ‘the same technology that government agencies and large corporations use to protect their communications’. That probably refers to AES encryption, which, incidentally, is also used by Skype when you call your parents on Mother’s Day.
The reporter goes on: ‘Phantom Secure phones are marketed as a legitimate business tool, but they are also increasingly popular among the criminal underworld.’
Now read that sentence back but replace ‘Phantom Secure phones’ with ‘Phones’, ‘Cars’, ‘Computers’ or ‘Reading and writing’.
Cars are marketed as a legitimate business tool, but they are also increasingly popular among the criminal underworld.
We’ve been here before, in the 1990s, when public availability of cryptography was a high-profile public policy issue in the United States. President Clinton, on the advice of the NSA, actively campaigned for the adoption of the ‘Clipper chip‘, a voice-encryption chip that included a ‘backdoor’ allowing the US government to decrypt any call. The proposal was ultimately defeated, for good reason: a backdoor for the authorities is a backdoor for anybody who has the right key. Similarly defeated were strict controls on the export of strong cryptography, as it became clear that the benefits of such encryption, available globally, outweighed the costs. The ubiquity of online commerce today probably owes much to that decision.
And yet the Australian Crime Commission (ACC) seems to want to revisit this question in Australia.
Every new technology must be evaluated in a critical light: it is trite, and naive, to note that technology is value-neutral, neither good nor evil. There are technologies we collectively choose to regulate, trading a little of our liberty for a lot of security: guns and other lethal weapons; nuclear fission; even ammonium nitrate fertilisers (from which bombs can be made).
But communications technologies should never be in that category (except perhaps in times of war, in the face of an existential threat). Yes, encrypted messaging makes it harder for law enforcement agencies to eavesdrop on conversations. But so does passing notes by hand. Or invisible ink. Or meeting in a crowded theatre. If Edward Snowden’s revelations taught us anything, it is that the state and its enforcers have a vast arsenal of techniques for collecting intelligence and evidence. Losing this one reduces security, a little. It strengthens liberty immeasurably. Snowden himself relied on the now-defunct encrypted email service Lavabit to communicate with journalists. Wikileaks uses encryption to protect vulnerable whistleblowers.
Liberty is built on a bedrock of free – and private – speech. Any attack on encrypted communication is an attack on communication itself. Indeed, acting head of the ACC, Paul Jevtovic, pretty much acknowledges this in response to that first, so very leading, question from the interviewer (a reminder: ‘Are these phones, for example, being used to kill?’). He replies
‘Encrypted communications, and communications more generally, are used across a range of criminal acts in this country…’ [emphasis added]
Perhaps the piece should have been titled “Killer Speech”.
(Note: I’m defending the concept of unregulated encryption, not the Phantom Secure product in particular. The hype-filled website and security-though-obscurity makes me pretty sceptical of their claims.)