Should Authorities Decrypt VPNs and Tor – or Ban Them Altogether?

Home > All >

There are many legitimate uses for technology such as VPNs and Tor but of course there are those who use them for criminal and objectionable practices. As Russia prepares an attempt to ban Tor completely, police in Sweden now want to be able to gain access to encrypted communications in cases of serious abuse. But should the privacy rights of millions be utterly compromised because of the activities of the few?

encryptionIf the revelations of Edward Snowden have taught us anything, it’s that our activities online can hardly be considered private.

When we write private emails or fire off instant messages, someone somewhere has the ability to access their contents and, if necessary, act on what they’ve seen.

We’re told that this is a necessary evil, that our countries’ security depends on us giving up some of our freedoms, indeed some of our rights – including the right to privacy – in order to keep us all safe from the ill intentions of the world’s bogeymen.

But despite the assurances of our leaders, most of us simply don’t want to be spied on.

You almost certainly can’t tell, but this article was placed on TorrentFreak’s servers using an encrypted connection. There’s nothing illegal about this article or the way it was written and its author isn’t wanted for crimes anywhere and isn’t trying to cover any up. Encryption has simply become part of life and turning on a VPN here is now as natural as firing up a browser.

But with the perhaps needlessly over-cautious cast aside for a moment, there are those who really do need to stay encrypted for genuinely important reasons. For dissidents around the globe privacy can be a matter of life and death and for whistle-blowers the need to remain in the shadows is paramount, as the unfortunate cases of Manning and Snowden illustrate.

Sadly, and despite all the good carried out via encrypted communications such as Tor, there’s a bitter pill to swallow. There are criminals – serious criminals committing horrible crimes – that use these very same systems in order to hide their identities. What’s to be done about these individuals when their online activities are cloaked? Swedish police think they have the answer.

“We must have a law that allows us to get access to the encrypted services. We need to get a key to access the serious crime,” says Per-Åke Wecksell from the Cybercrime Section of the National Criminal Investigation Department.

Wecksell says gaining back-door access to encryption services is necessary to clamp down on the growing problem of child abuse. Those who engage in such activities are now acutely aware they’re targets for the police so they’re increasingly taking special steps to ensure they remain untraceable.

But of course, once police have the authority to decrypt encryption (and it’s currently extremely unclear how that could be achieved from a technical standpoint), the security of non-abusers using these systems take a massive hit too, through no fault of their own.

data“In the world outside the Internet, the police do not go to any lengths to try to chase criminals, for the simple reason that it would hurt other people. It’s the same online,” says Anna Troberg, chairman of the Pirate Party.

“For example, I have talked with a lot with human rights organizations that are totally dependent on having encrypted information to do their work with activists in other countries, that opportunity would surely be threatened if the police have the ability to decrypt things.”

Of course, it could be argued that restraints could be put on the police so that any new law states clearly that decryption could only take place in cases of suspected child abuse. However, during the crafting of any new legislation there would be calls by interested parties to throw other crimes into the mix – terrorism and issues of national security for instance.

A likely catch-all term of decryption for only “serious crimes” would then be wide open for manipulation by interested parties, meaning that while today abusers and terrorists would be hunted down, tomorrow’s targets would include whistleblowers traitors such as Edward Snowden and alleged copyright infringers master criminals such as Kim Dotcom.

Russia is currently grappling with the same issue, although they appear to be going down a different route. According to local news reports, the head of the Federal Security Service (FSB) has initiated a process which will see the introduction of laws that will not allow the decryption of Tor and other anonymous networks, but will ban them completely from the Russian controlled Internet.

The process was uncovered when a request to have Tor blocked on the grounds it is used by child abusers was sent to the FSB by the Bounty Hunters civil movement. But even the movement have their doubts about blocking. Their chief, Sergey Zhuk, told Russian media that he would prefer it if Tor operators were forced to work with the authorities instead.

So it appears we are left with three current approaches.

1 – The status quo where everyone keeps their privacy, serious criminals included.
2 – Trusting the police with the keys in the hope they only go after the really bad guys.
3 – Blocking anonymity tools altogether.

The battle now, to maintain a free and open Internet and the privacy rights of millions, is to find a way to weed out the bad guys without ruining it for everyone else. It might be the most complicated Internet task ever carried out, but someone is going to have to find a fourth option.


Popular Posts
From 2 Years ago…