It is little wonder as to why the UK appears to struggle with the digital security when the Government looks clueless throughout the national media on aspects like hashtags usage and ‘end-to-end encryption’. Amber Rudd MP yesterday (Sunday 26th March) speaking on Andrew Marr on the BBC wants to stop the method of ‘end-to-end encryption’ on social messaging applications such as WhatsApp, branding it as ‘totally unacceptable’ in the wake of the recent events in London in the past week. She adds, there should be ‘no place for terrorists to hide’. Her other comments on ‘understanding the necessary hashtags to stop this stuff ever being put up’ and ‘we don’t want to go into the cloud’ is truly despairing to anyone working within the internet community. Would someone wanting to commit terrorist or other criminal acts or incite others to do the same use a ‘hashtag’ on social media? Do such ‘hashtags’ really exist?
But with the escalation of high-profile hacking incidents in recent years such as at Yahoo!, iCloud and TalkTalk, these comments are ill thought out and show a complete lack of understanding in the fundamentals of cybersecurity, data protection and privacy. Or indeed, how secure and encrypted communications over the internet actually work.
The ‘totally unacceptable encryption’ is in fact absolutely necessary.
So what is ‘end-to-end encryption’?
Encryption prevents unauthorised access to your data, from emails to messages, shopping and bank details. This is achieved by making the information sent from one person to another unreadable for anyone else attempting to access it. When the data is encrypted only the sender and the receiver can only decrypt the information into a readable format. This is achieved by ‘keys’ which grant only the users involved to access to modify the data to make it readable again.
As far as WhatsApp goes, every message has it’s own unique lock and key and only the sender and reader have access to those keys. For anyone else, the relayed information is unintelligible gibberish as no-one else has the key to decrypt the content. Not even WhatsApp employees can read the information sent over it’s own network. This is what is referred to as ‘end-to-end encryption’ or ‘E2EE’ for short.
Of course, this type of encryption is not limited to WhatsApp but is offered in many applications like other mobile applications and smart gadgets in the home mostly with password protection or a PIN, similar to a bank debit or credit card.
Amber Rudd was rightly rounded on by the internet community after her ill-advised remarks were aired on Sunday morning and was trending on Twitter for most of the rest of the day.
If she wants to end encryption than she needs to apply the same removal of encryption to banking, the NHS and other industries throughout the UK and indeed the rest of the world. Even the HM Revenue & Customs (HRMC) and .gov sites uses encryption. Removing encryption from those services that we trust with our personal data leaves the public wide open to criminals and spies, not just terrorists. Yet, such a criminal may well be a 16 year old working from his bedroom selling the stolen data on for money. It would be like leaving your front door to your house wide open 24 hours a day, 7 days a week for anyone to look and take whatever they wanted.
Amber Rudd and the Government as a whole should educate themselves on what they are talking about before airing such remarks. Firstly by saying ‘we don’t want to go into the cloud’, sorry to say the government is already in the cloud. In 2013, the government adopted a ‘cloud first’ strategy for it’s data storage and servers. Second, if encryption was removed on WhatsApp or other communications, surely people with something to hide would just move onto another application or disappear into the ‘dark web’.
Speaking in 2015, Tim Cook was particularly critical of weakening encryption:
‘If you halt or weaken encryption, the people that you hurt are not the folks that want to do bad things. It’s the good people. The other people know where to go.’
Where does the line of what is considered private actually begin? Tim Cook at Apple argued this when the FBI wanted to unlock an iPhone of a suspect in the US. Cook told the crowd at an Apple event that:
‘We need to decide, as a nation, how much power the government should have over our data and our privacy.’
It is impossible to know if Amber Rudd is as ignorant as she is making out by demanding a ‘backdoor’ that is somehow not a ‘backdoor’. A ‘backdoor’ that can be accessed by the security services but not by other criminal elements or foreign spies is perhaps an impossible task. For the security services, all of this makes the haystack bigger and the needle is harder to find wasting yet more finite resources and money and stretching them to such a point where something is critically missed. This despite the fact that the UK security services already have world-class surveillance powers. The Snooper’s Charter, passed into law as the Investigatory Powers Act (IP Act) in November 2016, grants the UK some of the most intrusive and extreme surveillance powers ever seen in the democratic world.
It will be interesting to hear what will come out of the meeting between the social media giants, blogging platforms such as WordPress and the Government on Thursday 30th March. I doubt much common ground as far as encryption goes will be found as all these companies will argue that they put user privacy first. The government will undoubtedly try and force their hand in some way, the IP Act gives them the power to do just that perhaps by forcing them to decrypt all communication.
This quote from one of the founding fathers of the United States of America, Benjamin Franklin is quite applicable right now. Funnily enough it is used in the ‘Civilisation III’ game for the ‘Liberalism’ technology.
‘Those who surrender freedom for security will not have, nor do they deserve, either one.’