Encryption might seem like an easy target, but mess with it at your peril
It seems that encryption has been firmly established as the whipping boy du jour for pearl-clutching, public-safety panic merchants. Specifically, it’s encrypted messaging services like WhatsApp and iMessage that have found themselves in the crosshairs.
Following last week’s terror attack by the Houses of Parliament, it has emerged that the killer was communicating with someone via WhatsApp in the moments preceding his assault. It has been speculated – although not confirmed – that he may have been in contact with someone who conspired with him to plan the attack, although this afternoon the Met Police have said there’s no evidence he was directed by Islamic State.
This has fuelled fresh calls to severely weaken or outright ban the use of encryption by such services to secure their messages, echoing last year’s fierce debate over whether or not Apple should hack the iPhone of the San Bernardino killer. It’s worth noting at this point that even though a third-party company did eventually hack into Syed Farook’s phone, there is no indication that it offered any actionable intelligence.
Nevertheless, home secretary Amber Rudd and other Tory MPs are using this tragedy as an excuse to castigate and demonise encryption, with talk of coercing tech companies into installing backdoors into their code. It’s not the first time the government has proposed this, either; it was included in early versions of the Snooper’s Charter, but was ultimately dropped from the bill.
Naturally, the idea of messing with encryption has got the tech sector up in arms. Critics have called it “deeply misguided” and other (less printable) things. Supporters of the plan say that spies need to be able to read the messages of terror suspects, but experts are queuing up to tell Rudd and the rest of the anti-crypto club that technology simply doesn’t work that way.
In an exchange that would be funny if it weren’t so deeply depressing, Conservative MP Nadine Dorries made the case that WhatsApp should “develop a terrorist related exception” to encryption technology - presumably this is some kind of Java-based magic wand that would allow GCHQ to hack only the ‘baddies’.
This, along with Rudd’s laughable quote that we need people who “understand the necessary hashtags”, betrays a deep lack of technological knowledge throughout government. Of course, one would hope that the country’s elected leaders have better things to do than immersing themselves in the finer points of C++ and Python, but on the other hand, having one of the country’s top ministers saying things like “we don’t want to go into the cloud” is embarrassing, especially when she clearly doesn’t have the faintest idea what it means.
The experts are right, of course; if government spooks can read the WhatsApp messages of one terrorist, they can read the messages of everyone, from the 12-year-old at the bus stop all the way to the Pope. (This is assuming he doesn’t use a rival app, of course - PopeChat, perhaps.)
This is troubling for a number of reasons, most notably from a privacy standpoint. Naturally, the public has been assured that they won’t be covertly spied on by the intelligence services, who pinkie-promise that they’d only look at terrorists’ communications. We’re expected to take this on faith, but incidents like the Snowden leaks suggest that perhaps the government’s methods aren’t always unimpeachable.
We’ve also got to consider what future governments could do with any anti-encryption laws. If an anti-democratic, fascistic party found itself in power, for example, these laws could be very easily used to identify and round up immigrants, LGBTQ people and other ‘undesirables’. It’s a lot easier to grant powers than it is take them away and this goes double when applied to governments.
Here’s the thing, though: aside from the many legal, political and ethical issues with installing backdoors into services like WhatsApp, the biggest problem is practical. The fact is, there’s simply no way to block the use of encryption on a technical level. Theresa May could force WhatsApp to stop encrypting its messages, but how long do you think it would take terrorists to simply switch to a different app?
If there’s one thing you learn on the internet, it’s that there’s always a workaroundNot only are there innumerable encrypted chat apps available for web and mobile devices, there’s also plenty of free resources online to help you build your own, meaning that even an outright ban on encryption wouldn’t work. If there’s one thing you learn on the internet, it’s that there’s always a workaround.
Any steps to weaken the encryption of WhatsApp and other services would almost certainly do nothing to help fight terrorism. Instead, all it’s likely to do is force terrorists to use even less visible means of communication, whilst simultaneously putting the safety and privacy of innocent people at risk.
Despite the repeated protestations of the security and technology communities, the government continues to revisit this stunningly ignorant and fundamentally flawed plan. Before it goes any further, you should know that Rudd and her cronies aren’t just declaring war on WhatsApp - they’re endangering your freedoms too.