The U.K. wants to break WhatsApp and Facebook encryption because terrorists
The U.K. government is considering legislation that would force Facebook to reveal WhatsApp messages sent by the man who attacked the British Parliament last week, part of broader plans to force all tech companies to stop “providing secret spaces for terrorists to communicate.”
The suggestion by Home Secretary Amber Rudd in an interview on the BBC Sunday drew immediate backlash from privacy advocates saying it’s not only impossible to do what the government is asking but that any move to install backdoors in messaging services would put everyone at risk.
A secret place for terrorists
Rudd said it was “completely unacceptable” that police and intelligence agencies are unable to view messages sent by Khalid Masood on WhatsApp, a service he reportedly was using moments before he carried out the attack, which killed four people, including a police officer.
— The Andrew Marr Show (@MarrShow) March 26, 2017
“We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don’t provide a secret place for terrorists to communicate with each other,” Rudd told the BBC’s Andrew Marr Show, adding that she might be forced to legislate in order to gain access to the messages — though she would prefer the companies gave access voluntarily.
Other politicians joined Rudd’s calls. “To help keep our streets safe, we need to rise up against companies like #Apple and #Whatsapp who provide space and comfort to terrorists,” MP Nadine Dorries tweeted — from her Apple iPhone.
Would a ban on encryption technology have prevented a man getting a knife from his kitchen and driving a car? No, it simply would not.
— Hacker Fantastic (@hackerfantastic) March 26, 2017
Speaking against such proposals Jim Killock, executive director of the U.K.-based Open Rights Group, said: “Compelling companies to put backdoors into encrypted services would make millions of ordinary people less secure online. We all rely on encryption to protect our ability to communicate, shop, and bank safely.”
Responding to this criticism, Dorries said the government was seeking to “develop a terrorist-related exception,” but as Wikipedia founder Jimmy Wales pointed out, this is just not possible:
Encryption is mathematics. It is not possible to ban encryption or to impose legally that only some weak types are used. Period.
— Jimmy Wales (@jimmy_wales) March 27, 2017
“Baking security into products is essential, and designing products with a ‘secure backdoor’ is practically impossible,” a Privacy International spokesperson told VICE News.
The technical aspects of encryption and how it works appear to be at the heart of the confusion, with Rudd’s comments — and subsequent hyperbolic media coverage — widely criticized by privacy advocates and cybersecurity experts, who question the home secretary’s basic understanding of the issues.
“Understanding the necessary hashtags”
In her interview on the BBC, Rudd said: “The best people who understand the technology, who understand the necessary hashtags to stop this stuff ever being put up, not just taken down, but ever being put up in the first place, are going to be them.” Unsurprisingly this led to many mocking Rudd’s basic understanding of the issues at play. But there may be bigger gaps in knowledge that need to be addressed.
First, the government cannot force Facebook to reveal the contents of Masood’s WhatsApp messages, as end-to-end encryption means data cannot be intercepted – even by the companies who operate the service.
Second, because the police are presumably now in possession of Masood’s phone — as it was being used just before the attack — the only reason they would not be able to access his WhatsApp messages would be if the phone was protected by a passcode. In which case, they will need to talk to the manufacturer of the phone, not Facebook.
Indeed, a WhatsApp spokesperson told VICE News that the company is “cooperating with law enforcement as they continue their investigations.” This should come as no surprise, since WhatsApp has regularly handed over sensitive information such as the date and time messages are sent, which numbers are contacted, and the location of the person sending the messages.
In fact, Rudd’s suggestion for legislation to access encrypted messages is moot, given the wide-ranging new powers given to the U.K. intelligence community in the IP Bill, passed in 2016.
These definitions are more than broad enough to apply to WhatsApp. Suggestions of new legislation is power grabbing nonsense. pic.twitter.com/pjjsnlKijz
— Sean Sullivan (@5ean5ullivan) March 27, 2017
“The main reason governments don’t like encryption is because it is a barrier to them indiscriminately monitoring all our personal data,” head of advocacy at Amnesty International Allan Hogarth, told VICE News. “They already have a range of tools at their disposal for surveillance of specific targets. Making the haystack bigger will not help find the needle of terrorism.”
A little rant about WhatsApp from over on Facebook pic.twitter.com/81QliCcJzz
— Neil Hughes (@enhughesiasm) March 27, 2017
The debate over gaining access to encrypted data has been raging between tech companies and lawmakers across the globe for several years, with the FBI taking Apple to court over gaining access to an iPhone used by the San Bernardino shooter in 2016. In the end the FBI reportedly paid $1 million for a so-called “zero-day exploit” to access the data on the phone.
On Thursday Rudd will meet with a number of leading tech companies at the Home Office to discuss tackling extremism. Google has confirmed to VICE News it will be attending, but Facebook and Apple did not immediately respond to requests for comment about their attendance.
A BuzzFeed report on Monday appeared to show Rudd using WhatsApp herself, with her icon last seen at 8:37 a.m. GMT.
Cover: Arno Burgi/picture-alliance/dpa/AP Images