UK home secretary Amber Rudd has called on messaging apps like WhatsApp to ditch end-to-end encryption, arguing that it aids terrorists.
Writing in The Telegraph on Tuesday, the Conservative minister said that "real people" don't need the feature and that tech companies should do more to help the authorities deal with security threats.
But activists have reacted with concern to her remarks, blasting them as "dangerous and misleading." Strong end-to-end encryption involves encoding messages or data so it cannot be read by anyone other than the intended recipient — including the company whose tech encrypts it, or law enforcement with a warrant. WhatsApp, which is owned by Facebook, end-to-end encrypts all its messages by default. Messenger, another messaging app from Facebook, offers the security feature as an option (though it's not switched on automatically), as does Allo, a messaging app from Google, among numerous other apps.
In both the UK and around the world, end-to-end encryption is a contentious subject. Some in law enforcement argue it impedes security services' capability to detect and respond to threats. Privacy activists and technologists respond that the tech is necessary to protect users' data, and any "back door" or weakening of security would be open to abuse.
In the wake of multiple terror attack in Britain in 2017, Rudd claims that the tech is making it more difficult for authorities to fight terrorism: "The inability to gain access to encrypted data in specific and targeted instances ... is right now severely limiting our agencies' ability to stop terrorist attacks and bring criminals to justice."
The politician says the British government does not intend to ban end-to-end encryption — but would like companies to voluntarily move away from it, arguing it isn't necessary for "real people."
She wrote: "Real people often prefer ease of use and a multitude of features to perfect, unbreakable security ... Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family? Companies are constantly making trade-offs between security and 'usability', and it is here where our experts believe opportunities may lie."
Some critics have slammed Rudd's remarks, arguing that if WhatsApp (and other similar apps) did make such a change, extremists and terrorists would simply switch to another end-to-end encrypted messaging app that doesn't cooperate with the UK government. Meanwhile, ordinary users would be left less safe, they said.
Jim Killock, executive director of UK digital liberties group Open Rights Group, said in a statement: "The suggestion that real people do not care about the security of their communications is dangerous and misleading. Some people want privacy from corporations, abusive partners or employers. Others may be worried about confidential information, or be working in countries with a record of human rights abuses. It is not the Home Secretary's place to tell the public that they do not need end-to-end encryption."
Paul Bernal, a senior lecturer at UEA Law School, told via email: "Amber Rudd's comments are depressingly unsurprising — this is part of a bigger trend against encryption that we've been seeing for some time — and are based on a fundamental misunderstanding of both the technology and of privacy itself. From a technological perspective, it misses that creating an opening for law enforcement or the intelligence services creates an opening for all kinds of others — from criminals (and indeed terrorists themselves) to foreign powers, to malicious individuals."
He added: "Serious and competent criminals and terrorists can apply their own encryption — and incompetent ones can be caught any number ways. It's only ordinary people — in Amber Rudd's hideous terms, 'real people' that will suffer from her plans." Facebook and WhatsApp did not immediately respond to request for comment.
Here's the key section of Amber Rudd's op-ed (emphasis ours):
So, there are options. But they rely on mature conversations between the tech companies and the Government - and they must be confidential. The key point is that this is not about compromising wider security. It is about working together so we can find a way for our intelligence services, in very specific circumstances, to get more information on what serious criminals and terrorists are doing online.
Download SafeUM — communicate privately, without advertising and spam.