June 13, 2006 | Suw Charman Anderson
Cryptography and fallacy
The Times has an emotive piece on the implementation of Part III of RIPA, the Regulation of Investigatory Powers Act, which demands that people hand over their cryptographic keys.
The internet has transformed life for billions, making the once time-consuming swift and the once complex straightforward. Unfortunately the beneficiaries include paedophiles who now have a frighteningly easy vehicle with which to peddle the most depraved and exploitative material that would turn the stomachs of those unfortunate enough to come across it. The advance of computer technology now makes it cheap to render such material inaccessible, even to experts in software code-cracking. This is a problem that directly affects the safety of Britain’s children.
Punishing silence - Comment - Times Online
I'm always suspicious of overly emotional pieces like this, because they're full of logical fallacies which are designed to undermine rational argument. The first I spotted is called 'argumentum ad metum', which is Latin for 'giving you the screaming heebie-jeebies' - you can see it in that last sentence about 'the safety of Britain's children'.
There's also a hefty dose of 'argumentum ad odium', which is all about appealing to your hatred of, in this case, people who do nasty things to children. Yes, paedophiles are depraved and exploitative, and yes child pornography would make your stomach turn. But the reason for including that sentence is not to provide you with information, but to whip up your hatred of paedophiles.
The question is not 'are paedophiles bad?', but 'should people be forced to hand over cryptographic keys, and punished when they do not?' By reframing the argument as if it is only about paedophiles, The Times evokes an emotional response that 'yes, paedophiles are bad, so yes, we should have legislation that forces them hand over their keys.'
They fail to consider that of the people using cryptographic keys, paedophiles are in the minority. This is a logical fallacy of it's own called 'secundum quid', which is when you make a hasty generalisation based on a small and unrepresentative sample. The paedophiles are presented as the general problem, and the author ignores all other types of people - such as business people - who use cryptographic keys.
As Ian Brown says, it seems that the Times has had a briefing from the Home Office, resulting in this rather slick paragraph:
Punishing silence is a dangerous concept and should be rejected in all but severe cases. But the consultation paper circulated by the Home Office sets out the hurdles, designed to protect the innocent, which prosecutors would have to jump. For a suspect to be charged and face a prison term of more than two years for failing to unlock computer files, he would have to be a convicted paedophile; his computer would have to contain indecent pictures of children; or there would have to be evidence that he had communicated the encrypted information to someone else. The court would have to be satisfied that the encrypted data was likely to contain illegal images of children. The battle against paedophiles, like that against money-launderers, has been made more complicated by the internet. It is reasonable that law enforcement acquires stronger powers to fight back.
Of course, it's not just paedophiles... it's obviously money-launderers, and before you know it, it will be anyone they fancy. That's what you call 'mission creep'.
(And there you might accuse me of committing the logical fallacy of 'the slippery slope', where you imply that one step in the wrong direction must, perforce, lead to disaster. But when you have a point of principle at stake, then examining the wider ramifications is not a slippery slope argument. The point of principle here is, Should people be forced to give up their cryptographic keys? and if you concede Yes, then any community of cryptography users is at risk and it's fair game to point that out.)
There are a bunch of other fallacies used in this piece, and I'm not even an expert fallacy spotter yet.
'Argumentum ad modum', a call for proportion: "It is reasonable that law enforcement acquires stronger powers to fight back."
'Shifting the burden of proof', which runs through the whole of the article, and says 'prove why we shouldn't demand cryptographic keys' or 'prove that these files aren't evil', rather than proving why we should or why they are.
'Petitio principii', which is basically where your conclusion is the same as your argument, in this case it's that 'police should have access to cryptographic keys because they need to access cryptographically concealed computer files'. This one is quite well dispersed, but it's there in the first paragraph: "Mr A was caught trying to procure a 10-year-old child for sex. Police found in his possession a number of computer files. They almost certainly contained illegal images and further damning evidence. They may also have contained clues. But officers were unable to read them because they were encrypted."
Finally, we have 'half-concealed qualification', a limited claim which is expressed in an inflammatory way so that you don't hear/see the disclaimer: "In recent years, police investigators have run up against encrypted data with increasing frequency. Even if they succeed in getting into protected files, they may be unable to comprehend the contents without a second key. This is more than frustrating when a suspect is in custody and the clock is ticking until he must be charged or released. A dangerous man could be allowed home." In this section, the 'increasing frequency', 'clock ticking' and 'dangerous man' undermine the 'may' which qualifies the existence of the putative second key.
For more on RIPA Part III (which sounds an awful lot like the last installment of a slasher film trilogy), take a look at Spy's blog on the Home Office Consultation
, and for background see FIPR's RIPA Information Centre