In the UK, running a blog over HTTPS is terrorism, says Scotland Yard
In a bizarre case, Scotland Yard is accusing a person for six separate acts of preparing terrorism. Those six acts include researching encryption, developing an “encrypted version” of his blog, and instructing others how to use encryption.
This is one of those cases where you do a double take. As reported by Ars Technica, UK’s Scotland Yard is charging a Cardiff person with preparing for terrorism – but the list of charges show activities we associate with very ordinary precautionary privacy measures. “Developing an encrypted version of a blog” can be read as, and probably means, publishing it over HTTPS – such as this blog and many others, simply because it’s considered best practice.
He was also charged with having a flash drive in a cufflink with a bootable operating system, presumably Tails. Using open and free operating systems with the capacity for general-purpose encryption is now an act of terrorism?
Three things are noteworthy in this bizarre case, in terms of predictions coming true.
The first is that four years ago, I predicted that the UK won’t just jail you for encryption, but for carrying astronomical noise, too. It’s already a crime to not give up keys to an encrypted document in the UK (effectively making encryption illegal), but it’s worse than that – it’s a five-years-in-prison offense to not give up the keys to something that appearsencrypted to law enforcement, but may not actually be. In other words, carrying astronomical noise is a jailable offense, because it is indistinguishable from something encrypted, unless you can pull the documents the police claim are hidden in the radio noise from a magic hat. This case takes the UK significantly closer to such a reality, with charging a person for terrorism (!) merely for following privacy best practices.
The second observation is that in the cat-and-mouse game between surveillance and encryption, there will come a point where authorities start mistaking a right to attemptbreaking into somebody’s privacy with a right to succeed with breaking into somebody’s privacy. Such a right has never existed, of course: even if law enforcement gets a search warrant for a house, including a right to attempt breaking a safe, there is never a right tosucceed breaking into a safe, or a right to magically find what they think is there.
The third observation is the bizarre charge of “researching encryption” and “instructing others in how to use encryption”. According to Scotland Yard, learning and teaching mathematics is apparently terrorism. This would affect lots of efforts – for example, EFF’sHTTPS Everywhere and Linux Foundation’s Let’s Encrypt. Possibly even all the Linux repositories, as they contain lots of encryption and instruct others in setting it up.