So David Cameron has been making the news recently over banning encrypted messaging applications. The responces are what you would expect. Some of it confusedly thinks Cameron wants to ban all encryption. For the most part though, they focus on the small chance it could outright ban What’s App, because that’s what most people care about. This is true but what are the benefits?
Everyone and David Cameron knows that terrorists are the most gentlemenly of people, who wouldn’t dare break the law. David Cameron imagined the following situation and decided that yes, passing a law banning encrypted messaging will fix all our problems.
Jim: Death to the west, Jerry.
Jerry: Death to the west, Jim. What can I do for you?
Jim: Well, Jerry. This whole thing with the government spying on all our conversations is making life very difficult.
Jerry: I’ll say. It’s a real kick in the teeth, Jim.
Jim: Well I was thinking, Jerry. Maybe we could use one of those illigal encrypted messaging applications.
Jerry: How DARE you, Jim. That would be in total contravention on David Cameron’s law.
Jim: You’re right, Jerry. Sorry for suggesting it.
Of course using What’s App would be quite difficult if it were banned, as it uses your phone number. So even if, heaven forfend, some of the terrorists are less than gentlemanly there would just be no way of using What’s App. It’s best at this point if you just forget about the hundreds of alternatives (like Jitsi).
“But wait!” you cry. “What if, heaven forfend, the terrorists turn out to be less than gentlemanly and write their own messaging app?”
Jim: Marhaba, Jerry.
Jerry: Marhaba, Jim.
Jim: I was thinking I could probably write an encrypted messaging app in a couple of hours and…
Jerry: Just stop it, Jim. It’s not legal.
Jim: You’re right again, Jerry. Sorry for suggesting it.
Well I think that’s rather unlikely. Terrorists? Breaking the law? Please. But lets see what they could do with next to no technical expertise (just basic programming knowledge) in a few hours.
- A quick Google seach will tell you that OTR (off the record) is a secure, modern and popular encrypted messaging protocol (5 minutes).
- Find a library for using OTR (5 minutes).
- Design the UI in Java (120 minutes - I know it’s only a chat program, but y’know, Java)
- Add sockets so one person can set up as a server and others connect (120 minutes - remember no technical expertise)
- Connect the chat to the UI (60 minutes)
Done. Half a day well spent. They could tell each other where to connect on an unencrypted messaging app in code (e.g. “The Eagle Flys and Midnight” means 18.104.22.168) to hide from mass searches on unencrypted IM apps. Having everyone use a good anonymous proxy would also help.
That’s a pretty good first iteration. Next they could have the program send a stream of useless data when it’s not sending messages to stop the application from looking like an encrypted chat program on the ISP end. Finally they’ll also want something to ensure the person you think is connecting, is the person that actually is connecting.
Done, nothing Cameron could ever really do to stop that if such terrible people existed. Thankfully after this law passes no terrorist would dare and I’m pretty sure we won’t have to worry about it. And all this at absolutely no cost the the British public.
Jim: I was thinking of sending a picture of my genitals to my beloved, Jerry. Do you think the government will see it?
Jerry: Almost certainly, Jim.
Jim: Rats, Jerry.