Backdoor access to WhatsApp? Rudd's call suggests a hazy grasp of encryption

UK home secretary wants police to be able to access WhatsApp, but any backdoor also makes services vulnerable to criminals

Tech companies are facing demands from the home secretary, Amber Rudd, to build backdoors into their “completely unacceptable” end-to-end encryption messaging apps. Speaking on Sunday, just five days after a terror attack in Westminster killed five and injured more than 50, she said “there should be no place for terrorists to hide”.

This may sound familiar. Two years ago, after the Charlie Hebdo attack in Paris, the then British prime minister David Cameron said Britain’s intelligence agencies should have the legal power to break into the encrypted communications of suspected terrorists. He promised to legislate for it in 2016.

Governments are increasingly butting against technology companies over encryption and security, and not just on messaging services. In the standoff between Apple and the FBI over the San Bernardino shooter’s iPhone, the tech giant stood firm. It refused to compromise the security of its operating system and in the process the security of all other iPhone users. Eventually the FBI was forced to find another way to access the device.

WhatsApp must not be ‘secret place for terrorists to communicate’, says home secretary

Cameron’s legislation has not happened, and there’s a simple reason; encryption is a binary. Either something is encrypted, and thus secure from everyone, or it’s not. As the security expert Bruce Schneier has written: “I can’t build an access technology that only works with proper legal authorisation, or only for people with a particular citizenship or the proper morality. The technology just doesn’t work that way. If a backdoor exists, then anyone can exploit it.”

That’s the crux of the problem. While you can legislate to only give state agencies access to terrorists’ communications, and with proper oversight and authorisation, you cannot actually build encryption that works like that. If you put a backdoor in, it’s there not just for security services to exploit, but for cyber-criminals, oppressive regimes and anyone else.

So how do you allow security services access to terrorist communications? The UK government could conceivably ban messaging companies that offer end-to-end encryption from operating in the UK. However, it is not clear how you would enforce that – and indeed it would be the people who do not want to be monitored who would find ways to avoid it.

How encryption works

Some argue banning end-to-end encryption entirely is a price worth paying for greater safety. But idea that “the innocent have nothing to fear” does not stand up to scrutiny. They do; they may not have anything to fear from the government, but they would be vulnerable to criminals who would also take advantage of a lack of encryption.

Fortunately, Rudd appears not to want to go down that road. She put the emphasis on working with the tech companies to find a solution rather sweeping legislation. Later, she clarified her views on encryption. She told Sky’s Sophy Ridge on Sunday programme: “End-to-end encryption has a place. Cybersecurity is really important and getting it wrong costs the economy and costs people money, so I support end-to-end encryption.”

She said she supports end-to-end encryption for families (presumably those using WhatsApp?), for banking and for business. But she insisted: “We also need to have a system whereby when the police have an investigation, where the security services have put forward a warrant signed off by the home secretary, we can get that information when a terrorist is involved.”

Ridge challenged Rudd that this was “incompatible with end-to-end encryption”. Rudd said it wasn’t. But Ridge is right: it is incompatible. As Cory Doctorow wrote when Cameron was suggesting the same thing: “It’s impossible to overstate how bonkers the idea of sabotaging cryptography is to people who understand information security.” A lot of things may have changed in two years but the government’s understanding of information security does not appear to be one of them.

Where Rudd is on firmer ground is in promising more action on hate-filled terrorist content. Other countries – notably Germany – are using legislation to make tech companies responsible for content on their platforms, with fines to help enforce compliance. Rudd could do the same in the UK, although she says she’s keener to work with the industry and talks of the companies getting round a table, or an industry-wide board.

She told Marr the best people to solve the problem were those “who understand the technology, who understand the necessary hashtags to stop this stuff even being put up”. Whether Rudd knew what she meant by “the necessary hashtags” is unclear. Maybe these magical “necessary hashtags”, which can apparently stop the posting of extremist content, can also be repurposed to let the government read only terrorists’ messages, all without breaking encryption. Or maybe they do not exist.

In the wake of a shocking terror attack, and with pressure from the press to take a tougher line with the tech companies, it’s easy to see how Rudd felt the need to be seen to be doing something. Perhaps she knows full well that selectively breaking encryption is not possible. But perhaps it is also true the home secretary would rather the focus was on the workings of WhatsApp than on her own department, the police or security services.


Jonathan Haynes

The GuardianTramp

Related Content

Article image
Top tech firms avoid encryption issue in government talks
Executives commit to removing extremist material but do not address Amber Rudd’s concerns after Westminster attack

Peter Walker Political correspondent

30, Mar, 2017 @7:18 PM

Article image
No 10 repeats Rudd's call for authorities to access encrypted messages
Downing Street backs home secretary’s call for agencies to have access to WhatsApp and other encrypted messaging apps

Peter Walker and Heather Stewart

27, Mar, 2017 @12:56 PM

Article image
WhatsApp must be accessible to authorities, says Amber Rudd
Critics say home secretary’s demand for access to encrypted messaging to thwart terrorists is unrealistic and disproportionate

Andrew Sparrow Political correspondent

26, Mar, 2017 @8:29 PM

Article image
The snooper’s charter is flying through parliament. Don’t think it’s irrelevant to you | Scarlet Kim
While the Apple v FBI row makes world headlines, people in the UK are disregarding a bill that permits hacking and gagging

Scarlet Kim

14, Mar, 2016 @10:30 AM

Article image
WhatsApp adds end-to-end encryption using TextSecure
Security boost initially available within WhatsApp’s Android app, but will also come to iOS version. By Tom Fox-Brewster

Tom Fox-Brewster

19, Nov, 2014 @10:12 AM

Article image
Apple and WhatsApp condemn GCHQ plans to eavesdrop on encrypted chats
GCHQ ‘ghost protocol’ would seriously undermine user security and trust, says letter

Alex Hern

30, May, 2019 @4:00 AM

Article image
Calls for backdoor access to WhatsApp as Five Eyes nations meet
Countries focus on increasingly effective encryption of communications

Dan Sabbagh Defence and security editor

30, Jul, 2019 @7:32 PM

Article image
Take that, FBI: Apple goes all in on encryption
Apple’s newest encryption tool better secures files on all its devices, just the latest in a move to widespread encryption in the tech industry

Nathaniel Mott in New York

15, Jun, 2016 @10:42 AM

Article image
Is the FBI v Apple PR war even about encryption?
What the US intelligence agency is asking the tech company to do may not affect mobile security as much as its CEO Tim Cook wants you to believe

Alex Hern

23, Feb, 2016 @10:39 AM

Article image
Minister explains Rudd's 'necessary hashtags' after week of confusion
Home Office minister says home secretary was talking about hashes, which are used to detect recurring images or videos online

Alex Hern

04, Apr, 2017 @10:00 AM