Simon Says – Musings of a Technology CTO

Shocking revelations in a BBC news story today on the number of active cybercriminals – No, not the story itself, that was old news to industry veterans, but the closing quote from Troels Oerting, head of Europol’s Cybercrime center.

“Imagine in the physical world if you were not able to open the trunk of a car if you had a suspicion that there were weapons or drugs inside… we would never accept this.

“I think that should also count for the digital world. I hate to talk about backdoors but there has to be a possibility for law enforcement, if they are authorised, to look inside at what you are hiding in your online world.”

Really? There has to be a possibility for law enforcement to decrypt data? 

Even in an absolutely perfect world, where so called “law enforcement” was beyond corruption, undeniably pure of motive, and technically brilliant in correctly interpreting data, I would argue they still don’t have the right.

And, in this imperfect world, do we as citizens want to give up our privacy to our elected imperfect peers?

I appreciate the position Troels is in – cryptography is making his job significantly harder. In the last 100 years we’ve gone from steaming open envelopes to reveal their secrets, to technically perfect cryptography available to everyone (note, I said “technically perfect”, because the weak link is still you, the user).

Law enforcement obviously gets more challenging when you KNOW there is evidence in the laptop sitting in front of you, but you can’t read it. It’s also exactly the same thing which protects bloggers and activists in oppressive regimes, and the same thing which protects companies from nefarious competitors trying to steal their secrets.

I would respond to Troels:

“Imagine I put all my incriminating evidence in an uncrackable safe, and refuse to tell you the combination?”

What’s law enforcements response then? Maybe something along the lines of the mandatory key disclosure RIPA act that only the UK had the audacity to pass?