Ex-military and security firms oppose Home Sec in WhatsApp crypto row
'We are in real trouble if we apply blunt weapons to this'
UK government ministers calling for increased surveillance abilities in the wake of last Wednesday's terrorist attack have encountered opposition from a somewhat unexpected quarter.
Home Secretary Amber Rudd went on TV at the weekend to say it was "completely unacceptable" that authorities were unable to look at the encrypted WhatsApp messages of Westminster terrorist attacker Khalid Masood. There should be "no place for terrorists to hide", she added.
Not so, according to the Ministry of Defence's former cybersecurity chief. The case for increased surveillance powers following is "weak", especially just months after the Investigatory Powers Act became law, according to Major General Jonathan Shaw.
"There's a debate in Parliament about the whole Snooper's Charter and the rights of the state and I think what they are trying to do is use this moment to nudge the debate more in their line," Shaw told BBC Radio 4's Today.
What the Home Secretary seems to want is for services such as Facebook, WhatsApp and Apple's iMessage to shift their approach from using end-to-end encryption to something that (at least) allows them to hand over messages in response to a warranted request. Such a move would make it easier for authoritarian governments, foreign spies and criminals to access communications. And such a move would not make it easier to foil future terrorist attacks. For one thing terrorists would likely move to more secure methods of communication.
"The problem will mutate and move on," Shaw argued. "We are aiming at a very fluid environment here. We are in real trouble if we apply blunt weapons to this, absolutist solutions."
Some tech firms have also weighed in against Rudd's call for security services to have access to decrypted WhatsApp messages.
Tony Anscombe, senior security evangelist at Avast, said: "We understand why governments want to be able to access the content in these messages but, unfortunately, banning encryption in order to get to the communications of a select few opens the door to the communications of many, and renders us all less secure and our lives less private.
"If you build a back door, it's there for everybody to access. And if you store that data you collect, even in encrypted form, how secure is it? All these data breaches we hear about show our privacy is regularly being breached by hackers, so the action suggested by the Home Secretary would only open us all up to further invasions of privacy."
Homebrewed jihadist crypto apps have been shown to be weak. Alternatives, such as Telegram, to mass-market Western message utilities have also had heir share of flaws. Pushing terrorists towards crypto alternatives is still not necessarily a good idea, according to Anscombe.
"It would be naïve of us to think that by removing the public methods of encryption which we use to protect our identity, our freedom of speech and to keep us safe from persecution, that those terrorist organisations will not develop alternative methods to encrypt their communications. If this were to happen, we'd only be pushing these people further underground, presenting a greater challenge to security intelligence services." ®