Amber Rudd claims 'real people' aren't interested in encryption
Home secretary's comments come ahead of Silicon Valley counter-terrorism forum
Home secretary Amber Rudd said she believes "real people" are not interested in encryption, ahead of a San Francisco counter-terrorism forum she is set to take part in.
Rudd wrote that "real people" are not interested in secure end-to-end encryption on messaging services in an article in The Telegraph, arguing that its one billion daily users are more interested in its ease of use.
"Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family?" she wrote, arguing that secure encryption isn't a must-have for regular users.
"Companies are constantly making trade-offs between security and 'usability', and it is here where our experts believe opportunities may lie," she said. "Real people often prefer ease of use and a multitude of features to perfect, unbreakable security."
Jim Killock, executive director at the Open Rights Group, branded her comments "dangerous and misleading", adding: "Some people want privacy from corporations, abusive partners or employers. Others may be worried about confidential information, or be working in countries with a record of human rights abuses. It is not the home secretary's place to tell the public that they do not need end-to-end encryption."
"Amber Rudd must be absolutely clear on what co-operation she expects from internet companies," he continued. "She is causing immense confusion because at the moment she sounds like she is asking for the impossible. She must give the public a good idea of the risks she wants to place them under."
Rudd is taking part in is called the Global Internet Forum to Counter Terrorism (GIFCT), which was set up by major tech companies in the US such as Microsoft, Twitter and Facebook.
In a joint statement, the organisers said the aim of the forum is to make their services "hostile" to terrorists and violent extremists. It will allow those taking part to "structure and formalise existing and future areas of collaboration" too.
Rudd told the BBC that the UK government supports encryption, but only if it has certain conditions, saying: "We support its place in making sure that we have secure facilities in our daily lives."
But she claimed the growth of end-to-end encryption is a problem for security services and police, who are not able to access the information, even if they use a warrant. When WhatsApp introduced end-to-end encryption in 2016, it said: "While we recognise the important work of law enforcement in keeping people safe, efforts to weaken encryption risk exposing people's information to abuse from cybercriminals, hackers, and rogue states."
But Rudd called for tech firms to work more closely with authorities so they can access data under warrants. WhatsApp's end-to-end encryption means even its own staff don't have access to people's conversations. Rudd also wants companies to allow the government access to metadata from messages being sent on their services, although she did not specify what kind she wanted. She said: "I'm having those conversations in private."
She warned that if companies did not address extremist content on their services then it was possible new legislation could be introduced as an alternative. She underlined that companies should be looking to block extremist material, and pointed how some companies have been using AI to do this.
After the Westminster terror attack that left five dead and 50 injured in March, Rudd insisted UK spy agencies should have access to encrypted messaging services. She said it was "completely unacceptable" that terrorist groups had a "place to hide" because of WhatsApp's security measures which prevent people from hacking into the service.
Prime Minister Theresa May used the terror attack at the start of June to hint at introducing backdoors to encryption. "We cannot allow this ideology the safe space it needs to breed. Yet that is precisely what the internet-and the big companies that provide internet-based services-provide" she said.
Image source: Bigstock
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now