Amber Rudd, the UK’s home secretary, has dutifully added her name to the growing list of British and US government politicians who’d like to see something done about “completely unacceptable” messaging encryption – and pronto.
Such calls have become a routine after tragic events: on this occasion it was a media report that Khalid Masood had sent a WhatsApp message two minutes before launching his terror attack in London on March 22.
Anyone involved in cybersecurity who heard the words “terror attack” and “WhatsApp” in the same story would have known by now what was coming next.
WhatsApp uses now fabled end-to-end encryption, which means that the police can’t access the message’s contents. Even working out who the recipient of that message is, on the basis of analyses of WhatsApp metadata, is uncertain.
WhatsApp is under no obligation to give police access to metadata but even if it did it wouldn’t extend much beyond the mobile number, receiving time-stamp and (possibly) a possible location. That’s a long way from having an account name and address as would have been the case with old-fashioned telephone numbers.
Like former prime minister David Cameron, who floated the idea of banning encrypted messaging apps two years ago, Rudd finds this aggravating, telling the BBC:
We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don’t provide a secret place for terrorists to communicate with each other.
Exactly what she means by “make sure” is unclear. Rudd’s talk of future legislation to (one infers) force internet companies to offer ways around encryption is a bit rich coming from a government that recently handed itself sweeping power through Investigatory Powers Act (IPA).
As for the technical feasibility of installing a hypothetical backdoor, Rudd has as much chance of getting US firms to buy that idea as successfully hosting a mad-hatter’s tea party with a chocolate teapot.
There will be no backdoors because, as Naked Security has pointed out before, they are a fool’s gold of unintended consequences. The fundamental reality is that the internet is a delicate edifice built on encryption. If you turn off a bit of encryption in one place, the effects of that eventually ripple across everything.
If there’s a back door in a messaging app used by hundreds of millions, might the same apply to other applications or the many layers of encryption on which digital commerce and civil society depends? Frankly, why not?
What Rudd is unwittingly asking for is the right to kick an ugly hole in security itself. Apparently an avid WhatsApp user herself, ironically she’d be among the first to suffer the consequences.
It could also be that Rudd’s enthusiasm for attacking encryption is driven by politics and the need to sound tough. Citizens like messaging apps but so, outrageously, do terrorists. One might as well argue that terrorists also take trains and drive cars, but when tragedies occur, an explanation is needed and right now the encryption is under suspicion.
Rudd is taking on a lot here – even the US government is struggling to cope with an issue as complex as this. These calls from politicians aren’t going to stop any time soon.