02 June 2015

S4M-13338 Scotland Can Do

The Presiding Officer (Tricia Marwick): The next item of business is a debate on motion S4M-13338, in the name of John Swinney, on Scotland can do: a framework for entrepreneurship and innovation.

... ... ...

Stewart Stevenson (Banffshire and Buchan Coast) (SNP):

At least one civil servant is due some congratulations from us all. Finding “CAN DO” from the words “capable”, “ambitious”, “networked”, “demand” and “opportunities” is a pretty neat way of capturing the whole idea. I have worked with computers for many decades and we used to do that sort of thing all the time—and it used to be the greatest fun we had.

I want to talk about a rather eclectic subject, but one that is utterly relevant to the topic of debate. It is about one of the threats that come from one of the bills brought forward in the Queen’s speech last week. I refer specifically to the investigatory powers bill that the Tory Government proposes. Within that, the key proposal is a requirement for a back door in software that would enable the security services to read the content of private messages protected by encryption. That all sounds very geekish, and in many ways it is, but it really does matter.

I acknowledge that terrorism is an important part of the threat to business and to people’s lives throughout the world, and we need to respond to it in an appropriate way. However, if we are to continue to be, as the motion says,

“a can do place for business”,

the core of the proposal in the investigatory powers bill simply cannot proceed.

If we have to protect messages—I will go on to talk about the kind of messages that we need to protect—opening up the software that protects messages so that some people have privileged access to read them will create a series of difficulties. First, the lawbreakers simply will not use software that has back doors—they will write their own—so the measure will not particularly affect those who choose to break the law and conceal the content of their messages. It will affect those who are obeying the law; those with evil intent will be unaffected.

Secondly, and more critically, it will open up all our financial transactions to open scrutiny and potential interference. If there is a way in, that way in will become a way in for lots of people. Why does that matter for entrepreneurs in Scotland? It matters, and it matters differentially, because we are a leading source of innovative software for the financial sector. Margaret McDougall just referred to innovative software in her speech. In future, under the kind of regime that is proposed to be introduced, that kind of software might not be produced here. We have a significant interest in producing secure banking software, but if it cannot be developed here, it will be developed elsewhere.

We heard reference to Skyscanner, which depends, for the integrity of the transactions between it and customers worldwide, not just on that little padlock that appears in the top line of the browser but on the software behind it, which provides that protection. The opening up of software, through the bill proposed by the Tories in the Queen’s speech, will damage the integrity of that protection.

That is not just theoretical. Already in the United States, Phil Zimmermann, who is the creator of the world’s most widely used email protection system—the pretty good privacy or PGP system—has started to move his company to Switzerland, because the United States Government is doing something similar. If legislation proceeds in that way, high-tech and high-value contributors to our being what the motion refers to as an “entrepreneurial and innovative nation” will simply depart. That is quite easy to do, as they are not people with fixed assets here, such as big factories. The intellectual skills in those people can move, and they can move tomorrow without any substantial difficulty.

We have to accept that, once a back door has been created, the knowledge of that back door that is supposed to be restricted to the security services—but to lots of people in the security services—will inevitably leak. The most secure software is always open-source software in respect of which everyone can look at the algorithm and improve it. The secrecy is in the key, which is a unique piece of information that is held by a single person. However, the operation and algorithms associated with back doors will inevitably be bypassable. If they are thought to be secret, they will soon be disclosed.

None of that is new. Napoleon’s peninsular war campaign was undermined by Wellington’s cryptologist, George Scovell, who was able to read the intercepted and encrypted orders to the French troops rapidly and routinely. Of course, Napoleon lost the war because that was able to happen.

Each generation moves on to new methods of protecting information. In world war one, the Cherokee and Choctaw Indian tribes were used over the radio because nobody could understand their languages. In the second world war, the Navajo, the Lakota, the Meskwaki, the Comanche and even Basques were used to protect information. Therefore, the need to protect information in sensitive environments is nothing new whatsoever.

The UK lost out on a key opportunity. We all have a little token that we use for accessing the Parliament’s websites and facilities, which has the letters RSA on it. RSA stands for Rivest, Shamir and Adleman. Those American mathematicians developed a very secure way of communicating. Thirty years ago, of course, a single sheet of A4 paper, which was a secret document and which came to light only 10 years ago, showed that, nearly 10 years before Rivest, Shamir and Adleman developed their system, Government Communications Headquarters and its predecessors were already developing it. We lost the commercial opportunity in the UK, and now the USA controls things. It is important that innovation is not stifled by legislators simply not understanding the importance of and manners of working that there are for technology.

If we were to proceed with the proposal in the Queen’s speech, we would no longer be as secure in our banking and communication as we currently are. That is a huge risk. The migration of services will inevitably take place; indeed, that is already beginning to happen in the United States. That will damage a key sector of the economy of the UK as a whole, but differentially for Scotland, for which that sector is even more important.

I hope that the cabinet secretary and his officials will think about that and that all the parties here will be able to work with colleagues at Westminster to ensure that what has been proposed does not happen. I am disappointed that the Liberals are not with us today, because I know that they are sensitive to the matter and will be onside in helping to oppose the particular so-called innovation to protect us from terrorism. It will not do that, but it will damage business if it goes ahead in the proposed form. I hope that we will all oppose it.


Stewart Stevenson
does not gather, use or
retain any cookie data.

However Google who publish for us, may do.
fios ZS is a name registered in Scotland for Stewart Stevenson

  © Blogger templates The Professional Template by 2008

Back to TOP