David Cameron, listen to technologists on surveillance not your policy wonks, urges privacy guru

'I want to challenge Prime Minister Cameron to listen to 15 of the world's top cryptographers - what you are asking for is not possible,' says Privacy by Design inventor Ann Cavoukian

The Prime Minister's plans to make all communications easily accessible by police and intelligence agencies have been under sustained criticism ever since he announced them in the wake of the Charlie Hebdo terrorist attack in France. Last week a group of the world's foremost computer science and cryptography experts released a report that condemns these plans, and similar ones put forward by the FBI, as unworkable and potentially harmful to the functioning of the entire internet.

Dr Ann Cavoukian, former information and privacy commissioner of Ontario, Canada, who developed the concept of Privacy by Design, says Cameron's proposals are concerning.

"I'm worried because you can't predict which direction it is going to go in; it could cause enormous harm," she said. "He's listening to policy people and lawyers but he's not listening to the technologists."

She implored the PM to read the experts' report.

"I want to challenge Prime Minister Cameron to listen to 15 of the world's top cryptographers. Read that report Mr Cameron and see that what you are asking for is not possible. It's going to tear apart everything, all of the valid encryption systems and protections that we have in place. It will tear this apart and is not going to achieve the objective you think it's going to achieve, so please listen to these world experts, " Cavoukian urged.

Together with many of the report's authors, Cavoukian had argued against similar plans by the US government in 1997.

"We had the same debate with the Clipper chip [a chipset developed by the NSA with a built-in back door] and we fought one heck of a battle and thank God we won that one."

That scheme sought to have copies of all strong encryption keys held in a third-party escrow account where they could be accessed on legal request by government agencies. However, the scheme was quickly found to be prohibitively complex, expensive and unpopular and was abandonned.

The latest surveillance demands by the UK governement and the FBI are in many ways even more unworkable than Clipper, the report says. Not only are they broader and more vague, but since 1997 the amount of commercial activity carried out over the internet has grown massively, and that trade depends on encryption.

Any attempt to allow exceptional access would weaken the security of the internet and would inevitably decrease trust in its validity as a commercial medium, the report, entitled Keys Under Doormats, argues.

There are other broad lessons that can be learned from Clipper too, it says.

Allowing access to a range of different communications by multiple different agencies (including those of "friendly" states) would substantially increase system complexity, which in itself would make those systems more vulnerable.

In addition, the security credentials to unlock the data would have to be retained by the platform provider, law enforcement agencies, or some other trusted third party, creating a very juicy target for any potential hacker or state agency. The report notes that every time vulnerabilities are introduced, it is only a matter of time before they are exploited by other actors.

The Investigatory Powers Bill, due to be introduced this autumn, looks to make good on Cameron's demands post Charlie Hebdo that all providers of encrypted communications technology allow access by the authorities. Noting that the big global email providers such as Google, Microsoft and Apple (all of whom have come out against these plans) and messaging services like WhatsApp now routinely encrypt email messages, the report questions how this will work at the scale required. It predicts criminals will simply bypass these services, and that strict enforcement will damage the economy and harm innovation.

Had such provisions been put in place in 1997 it is "doubtful that companies like Facebook and Twitter would even exist", the report states.

The experts also pour cold water on intelligence claims that the internet is "going dark" because of encryption.

"Another important lesson from the 1990s is that the decline in surveillance capacity predicted by law enforcement 20 years ago did not happen," the report says.