After last week’s terror attack at the Houses of Parliament, the UK government wants to crack down on the secure ways terrorists can communicate with one another.
At the weekend, the home secretary Amber Rudd attacked end-to-end encryption, used on messaging platforms such as WhatsApp and Facebook Messenger as it allows terrorists to communicate “in secret” as the police and security services cannot access these messages.
We need to make sure that organisations like WhatsApp – and there are plenty of others like that – don’t provide a secret place for terrorists to communicate with each other.”
What is encryption?
End-to-end encryption means that only you and the person you’re messaging can read what is sent, and the app’s 1bn customers make use of it daily.
WhatsApp explains this on its website, saying:
Your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read your message. For added protection, every message you send has a unique lock and key.”
There is no way to turn off this encryption; it is automatically available on the platform. Facebook Messenger also has this feature, named Secret Conversation, but you have to activate this yourself, meaning it isn’t automatic.
Why is it important?
Encryption isn’t just used to send secure messages; it is part of our everyday lives as well.
“We use it for an awful lot of things we do online, including online shopping, for email and when we do our banking. We’re actually very reliant on encryption to make sure that nobody who isn’t meant to be prying gets to see information,” David Emm, principal security research for Kaspersky Lab, the internet security software company, told Verdict.
If the UK government did attempt to go after end-to-end encryption, it could make other aspects of our online lives insecure as well.
People have become more concerned about their privacy in recent years as they have become more aware of the fact that we rely on technology. There is the potential that other people may be able to gather information about us,” said Emm.
For developers like Facebook-owned WhatsApp, Apple or Google, privacy like encryption is crucial to allow their users to feel that they are secure.
This has been attacked in the past: after the San Bernadino shooting in 2015, the FBI pushed Apple to hack into an iPhone belonging to one of the shooters.
Apple refused, claiming that creating a back door to unlock one device would all its customers vulnerable, should the information end up in the wrong hands.
Back door access is what it says on the tin really, it’s a way for someone to gain access to a secure platform.
“It’s a bit like having a key under the mat, say because you want your child to be able to find it and they will never be locked out – and that’s fine,” said Emm. “But you can never guarantee that somebody else would be able to find it – that fact they key exists at all is a potential security weakness.”
Andrew Whiting, security studies lecturer at Birmingham City university agrees, as once a backdoor is opened, anyone can then gain access.
“That backdoor may be set up for ‘our’ security services and law enforcement but once it’s in place the guarantee of secure communication is gone; the backdoor will serve as a point of access to whoever discovers it and thus essentially undermines the entire purpose of the encryption,” he said in an email to Verdict.
There is no guarantee that the UK government will attempt to put a blanket ban on end-to-end encryption using the terrorism argument.
Then-prime minister David Cameron raised this issue back in 2015 and nothing was put in motion around it. As well, it would be difficult to get developers to agree to make their own platforms insecure, when privacy and security are necessary online.
However, even if the government was successful in targeting WhatsApp in particular, terrorists and criminals would just move to another platform. It is well known that there are other secure apps such as Telegram and Signal that are well-used by the likes of the so-called Islamic State (IS).
Criminals will then just avoid WhatsApp and use something that is encrypted. Or they could take something open source and custom build a solution that uses encryption technology for their own purposes, which the government has no visibility into,” said Emm.
“The potential danger is that law-abiding citizens would end up not having encryption because we don’t want to break the law. The only people making use of it then are criminals and the rest have gained no benefit from it,” he adds.
It is frustrating that during difficult times, such as the Westminster attack, security concerns can blow up out of proportion and be used to target everyone, not just those who are guilty of crimes.
“With four people dead and over 50 injured in the attack, it is inevitable and right to reflect upon and reassess the security measures currently in place. However, we must strive to remain critical in our assessment, be realistic about what level of security is achievable and desirable and not allow security to become synonymous with protection against terrorism at all costs.
“The home secretary’s comments in relation to encryption threaten to undermine security online and infringe upon the citizenry’s right to privacy,” said Whiting.
What happened after Rudd’s tech meeting?
Rudd met with representatives from tech companies including Facebook, Google, Microsoft and Twitter to discuss the removal of terrorist content on their platforms. The tech companies have agreed to set up an industry board to tackle removing the content.
However, in an open letter response from the companies to Rudd, published by City A.M., any discussion on end-to-end encryption was notably absent.
If you are concerned about secure communications, here are the apps you can use.
Three apps for secure communications
This is an email security app, available on iOS that provides automatic end-to-end encryption directly on your devices. Users can easily manage keys and it can be used across different devices too.
Scrambl3 goes one step further to secure your privacy: it uses a top-secret grade virtual private network (VPN) to achieve end-to-end encryption.
“As a result, Scrambl3 achieves an exponential increase in security so that hackers are effectively shut out from voice and text messages,” said the app’s developer, USMobile chief technology officer, Brad Arant.
And, no personal information is used to sign up, making it completely anonymous.
As well as encrypting messaging, Wire also offers encrypted live audio and visual group calling, which is one of the reasons it was named the most secure instant messenger by Linz University in Austria. It works by using different keys for each device, with the app sending a unique keycode for every different login to maintain security.