Home Secretary Amber Rudd has spoken out against strong cryptography, following reports that the person responsible for four deaths in Westminster last week sent a message via the popular WhatsApp chat service shortly before his attack, claiming she will enlist the help of people 'who understand the necessary hashtags.'
Strong end-to-end encryption is a cornerstone of the modern internet. From usernames and passwords to your banking details, search history, and - yes - even your porn habits, end-to-end encryption ensures that the data you send and receive is kept both private and is not molested during transit. It's also the bane of governmental security services, preventing them from monitoring communications protected in this manner - unless, of course, they encourage the use of known-broken algorithms
, block the exportation of strong ciphers
, insert backdoors where the data is stored
, or just take control of the endpoints and client devices directly
End-to-end chat applications, meanwhile, pose a bigger problem for the security services. Where your encrypted connection to most email servers, for example, stops being encrypted the minute it hits the server, applications like Signal and WhatsApp use end-to-end encryption: a message is encrypted on the sending device to a key known only by the receiving device, meaning the message cannot be read, monitored, or modified en route - even on Signal or WhatsApp's own servers. In the wake of last Wednesday's tragedy in Westminster and the claims that the attacker responsible used Facebook-owned WhatsApp - a service also used by over a billion people a month
who did not carry out any attacks on Wednesday - Home Secretary Amber Rudd is calling for the effective abolition of such protections.
'We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorists to communicate with each other,
' Rudd told the BBC
during an interview this weekend. 'It used to be that people would steam open envelopes or just listen in on phones when they wanted to find out what people were doing, legally, through [court-issued] warrantry. But in this situation we need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp.
Embarrassingly, Rudd also stated that she would employ the assistance of 'the best people who understand the technology, who understand the necessary hashtags to stop this stuff ever being put up, not just taken down, but ever being put up in the first place are going to be them.
' At present, it's unclear whether her use of 'hashtags' - content-specific tags used on social media services like Twitter to classify posts and link related topics, named for the presence of a hash symbol at the start - is the result of a deep lack of any technical knowledge or a misguided attempt to appear in-touch with the nation's youth.
Privacy campaigners are, naturally, displeased with Rudd's apparent knee-jerk reaction to Wednesday's tragedy and seeming attempt to push through anti-privacy legislation the government has been after for years. 'It is right that technology companies should help the police and intelligence agencies with investigations into specific crimes or terrorist activity, where possible. This help should be requested through warrants and the process should be properly regulated and monitored,
' claimed Open Rights Group executive director Jim Killock following the interviews. 'However, compelling companies to put backdoors into encrypted services would make millions of ordinary people less secure online. We all rely on encryption to protect our ability to communicate, shop and bank safely.
While Rudd has suggested that any such compelled backdoor would be highly secure and accessible only by the security services in cases of court-approved warrantry, the truth is that it is impossible to secure backdoors against malicious use. Government agencies are frequently the target of attacks from those would would seek to use such access themselves, and earlier this month WikiLeaks published thousands of top secret documents from the US Central Intelligence Agency (CIA)
including details of how the agency already gets around end-to-end encryption (to whit: by attacking the sending or receiving device directly and capturing the messages before they are encrypted or after they are decrypted, neither of which requires a backdoor in the encryption itself.)
In 2015, then-Prime Minister David Cameron launched a similar attack on strong cryptography
off the back of an attack on French satirical publication Charlie Hebdo that left twelve people dead. At the time, Cameron voluntarily described his proposed law as 'very intrusive
,' claiming it would deny terrorists 'safe spaces' to communicate while conveniently ignoring that it would also deny every other person in the world a similarly safe means of private communication. 'Do we allow terrorists safer spaces for them to talk to each other? I say no, we don’t – and we should legislate accordingly,
' Cameron said at the time. 'The powers that I believe we need, whether on communications data [metadata] or on the content of communications, I feel very comfortable these are absolutely right for a modern, liberal democracy.
Rudd has not yet indicated plans to introduce legislation along the lines of that mooted by Cameron.