David Cameron wouldn’t ban PIN codes, so why does he want to get rid of SSL?

We’ve given Prime Minister David Cameron’s proposed ban on encryption a few days to sink in - but it still makes no sense at all. He suggested in a speech on 12 January that SSL should be outlawed because, in his words, “in our country, do we want to allow a means of communication between people which we cannot read?”.

Posted on 21 January 2015 - Security
Tibus BY Tibus

We’ve given Prime Minister David Cameron’s proposed ban on encryption a few days to sink in - but it still makes no sense at all. He suggested in a speech on 12 January that SSL should be outlawed because, in his words, “in our country, do we want to allow a means of communication between people which we cannot read?”.

It made a nice headline to suggest that he was doing something to tackle cyber terrorism, but there was nothing of substance or use behind his announcement.

'Shame on his advisors'

It is difficult to know where the idea could have come from. As a PR man turned politician, Cameron himself is unlikely to have the technical knowledge to be able to decide whether this is a good or bad idea. But he should have advisors around him who do and it appears that they have offered up some woeful advice. 

As the always excellent Ben Hammersley put it: “The PM's ‘Ban All Crypto’ pledge is a textbook Why Does My Authority Not Extend Over Modern Reality cry for help. Shame on his advisors.”

If Cameron is a layman on these matters, so are most people who use SSLs. In that respect, there’s nothing wrong with having this debate, such as it is, in layman’s terms.

The encrypted technology that Cameron wants to ban is what protects our details when we shop online, book flights or send money to relatives. It is what keeps payments between businesses and small suppliers secure.

Removing it would also take the UK completely out of step with a system that is currently used successfully around the world and leave the country digitally isolated. It would add an unnecessary layer of complication to business, commerce and travel across borders. 

In other words, it would be a massive inconvenience for voters.

Cheap, effective and apolitical

The policy is tantamount to banning all PIN codes on bank cards because of a mugging or because you found a skimmer on an ATM. Yes, our PINs get into the hands of bad guys very occasionally, but at least the baddies have to work for them. For the most part, a PIN code keeps us secure and stops our information being misappropriated.

It is exactly the same with crypto. Yes, it is sometimes used by people with dubious motives but that is a drop in the ocean compared to the harmless use we all get out of SSL every day.

SSL is so successful because it is a cheap, effective and apolitical way of maintaining a secure Internet.

The good news is that it would be so technically impractical to implement, let alone police, an SSL ban that, reelection or no reelection, this policy is unlikely to come into fruition. Which just leaves us wondering how it ever got to the stage of the Prime Minister allowing it to see the light of day in the first place.