WhatsApp-ening with encryption?

Over the weekend the Home Secretary has taken to the television studios to demand that she and the security services can look at what you are doing online. Dan Barker takes a look at what she has been saying and why she is probably wrong.

***

Encryption is essential to how the modern web works. It protects your bank accounts, your medical records, your sexts, your emails, your online searches, everything. But has it gone too far?

That’s what the government think. Governments around the world have been targeting encrypted messaging applications like iMessage and WhatsApp for years. Brazil have banned the use of encrypted messaging platforms entirely – not that it stops anybody from doing so.

But since the attack on Westminster Bridge and parliament the government and Amber Rudd, the Home Secretary, have identified WhatsApp as a target.

Its use of end-to-end encryption, meaning that anybody other than the sender and receiver will see a random string of characters that they cannot decipher without the private key, has annoyed the security services since its inception because it means that they need access to the physical device.

Rudd told Andrew Marr that this is “completely unacceptable”.

“There should be no place for terrorists to hide. We need to make sure that organisations like WhatsApp, and there are plenty others like that, don’t provide a place for terrorists to communicate like that.

“It used to be that people used to steam open envelopes or listen to phone when they wanted to find out what people are doing – legally, through warranty – but on this situation we need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp”.

 


Amber Rudd used WhatsApp hours after her appearance on the Andrew Marr show.

Jim Killock, executive director of the Open Rights Group, a technology rights organisation, says that that government is going too far.

“It is right that technology companies should help the police and intelligence agencies with investigations into specific crimes of terrorist activity, where possible. This help should be requested through warrants and the process should be properly regulated and monitored.

“However, compelling companies to put backdoors into encrypted services would make millions of ordinary people less secure online. We all rely on encryption to protect our ability to communicate, shop and bank safely.”

Facebook, the company that own WhatsApp, aren’t cooperating. They, like Apple are in the United States, are refusing to to put backdoors into the encryption.

The Home Secretary says that the end-to-end encryption is “completely unacceptable”.

“There should be no place for terrorists to hide. We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don’t provide a place for terrorists to communicate like that.

“It used to be that people used to steam open envelopes or listen to phone calls when they wanted to find out what people are doing – legally, through warranty – but on this situation we need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp”.

 

 

One internet security expert told JUS News that removing encryption from the internet would mean that you couldn’t be confident of the integrity of the websites you access.

“How do you make something secure and then put a backdoor in it? Symmetrical encryption doesn’t work like that,” he said, “even WhatsApp doesn’t know what’s been sent.”

“If WhatsApp gets hacked or compromised, like what happened to Yahoo, if you don’t have the data it can’t get leaked. It’s a way of securing the company as well as the user, because if they get hacked no data that is usable can be lost.

“Maybe it is ethical to do it but it’s not mathematically possible to have cryptography secure if there’s a backdoor in it. The problem is if you do have a backdoor key you don’t know it’s been used by the right person. If hackers get hold of it they can undermine the encryption.

“I think they’re trying to use the attack as an agent to pressure the technology companies – they have extra spying laws but the problem is with encryption even if you have all the data you can’t see it. Now there’s a terrorist attack they’re trying to get backdoors in”.

And that’s that appears to be happening. The government introduced the Investigatory Powers Act which legalizes extra ways for the British state to spy on its citizens. The act has been described as the most sweeping, broad surveillance powers and a lot of civil liberties groups like Liberty and the current Brexit secretary David Davis have been campaigning against.

But even when the state and ISPs collect all this information, they cannot do anything with it until they have the encryption key. As soon as they are released to a third party, though, they are pointless.

On the one hand the government wants to encourage tech companies to come to the UK yet on the other they are doing their best to lumber them with more and more work. Likewise, they have been promoting internet security after the alleged Russian hacks – this would require a huge increase in encryption technologies. The very ones the Home Secretary is against.

Until they square this circle the government is stuck in a very difficult situation. Do they want us to be more secure online and protect our freedoms, or do they want to take away our freedoms online to combat people who are trying to take away our freedoms in the streets?

 

Daniel Barker

Covering Chesterfield. Hater of TED talks.