“Deeply misguided”: tech industry rejects Rudd’s attack on encryption
Experts warn that banning encryption leaves UK open to hackers
Last week, Britain was shocked by a terror attack in Westminster that left five dead and 50 injured. When Home Secretary Amber Rudd appeared on The Andrew Marr Show to discuss the government's response to the tragedy, she had some strong words for encrypted messaging apps.
In particular, she said that WhatsApp's use of end-to-end encryption was "completely unacceptable", and said that communications apps provide "a secret place for terrorists to communicate with each other". She also appeared to suggest that a spy-friendly backdoor into communication technologies would be a good thing, saying: "We have to have a situation where we can have our security services get into the terrorists' communications."
The immediate reaction to the Home Secretary's comments has been one of mockery, with various critics taking to social media to pour scorn on Rudd's apparent lack of technological understanding, taking particular issue with her assertion that the country needs people "who understand the necessary hashtags" in order to fight online terrorism.
Rudd has also been criticised for what some say is an overly simplistic view of encryption, and Wikipedia founder Jimmy Wales offered to explain the basics of encryption to her.
However, many public figures and industry professionals, particularly within the cybersecurity field, have expressed genuine concerns over her statements. Some fear that the government could use this latest atrocity as an excuse to push through legislation that would cripple - or outright ban - encrypted communication, further damaging UK citizens' privacy.
"These terrorists want to destroy our freedoms and undermine our democratic society," said Liberal Democrat shadow Home Secretary and former Deputy Assistant Commissioner in the Metropolitan Police, Brian Paddick. "By implementing draconian laws that limit our civil liberties, we would playing into their hands. Having the power to read everyone's text messages is neither a proportionate nor an effective response."
"These services have become mainstream since revelations of government mass surveillance came to light," argued F-Secure's Andy Patel. "As much as they provide a safe space for terrorists to communicate, they also help keep activists, journalists, and members of the general public safe from surveillance and government prosecution."
There are also arguments that weakening encryption would actually put the UK at risk from cyber attacks. Open Rights Group executive director Jim Killock said: "Compelling companies to put backdoors into encrypted services would make millions of ordinary people less secure online. We all rely on encryption to protect our ability to communicate, shop and bank safely."
TechUK deputy CEO Antony Walker agreed, stating: "Encryption technologies are a fundamental tool for ensuring the UK remains cyber-secure. End-to-end encryption is the best defence we have available to keep the data and services we all rely on safe from misuse. From storing data on the cloud to online banking to identity verification, end-to-end encryption is essential for preventing data being accessed illegally in ways that can harm consumers, business and our national security."
In particular, concerns have been raised that these measures could make it easier for Britain to be hacked by agents of a foreign power, particularly given the current allegations of Russian hacking looming over the US government. Sam Dumitriu, head of projects at thinktank the Adam Smith Institute, called the proposal "deeply misguided", and warned of the dangers of thinking that encryption can be weakened selectively.
"It is mathematically impossible to build a backdoor for just the good guys," he said. "It means building a backdoor to your private message for Putin's favourite hacker Guccifer. It means opening up your private photos to perverts like the iCloud hacker."
This is something that the government has advocated before. Prime Minister Theresa May was an outspoken opponent of encryption during her stint as Home Secretary, and her flagship Investigatory Powers Act (also called the Snooper's Charter) initially included similar provisions.
The tech industry at large has also taken exception to her implication that tech companies aren't doing enough to cooperate with the security services and stamp out terrorism on their platforms. "Tech companies take their responsibilities to work with the authorities on extremism and counter-terrorism investigations very seriously," Walker rebutted.
"Working within the strict confines of the law they engage daily in constructive and proven partnerships with security agencies, the police, policy makers and wider civil society bodies. Counter-terrorist operations would not succeed without the ongoing assistance and support of tech companies."
Killock also agreed that companies had a responsibility to help police with their investigations. "It is right that technology companies should help the police and intelligence agencies with investigations into specific crimes or terrorist activity, where possible," he said. "This help should be requested through warrants and the process should be properly regulated and monitored."
WhatsApp, for its part, has decried the attack, and pledged to work with the government. "We are horrified by the attack carried out in London earlier this week and are cooperating with law enforcement as they continue their investigations," a spokesperson for the company said.
Some are now nervously awaiting further privacy-impinging legislation from the Conservative Party, with questions still hanging over whether or not such a bill would actually prove effective. F-Secure's Patel claimed that even if WhatsApp abandons encryption, terrorists would simply find an alternative.
"If a service is forced to weaken, backdoor, or remove its encryption people will move to another one. While governments utilise technology to better track and monitor potential activist or terrorist activities, they shouldn't expect it to solve the root causes of these problems."
In the words of the shadow Home Secretary, "the real question is, could lives have been saved in London last week if end-to-end encryption had been banned? All the evidence suggests that the answer is no".
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now