The discovery that last week’s London terror attacker Khalid Masood used WhatsApp’s encrypted message service minutes before the killings have led for calls, not least by Home Secretary Amber Rudd, to give the government access to the un-encrypted content of messages on the platform.
In a weekend TV interview, Home Secretary Rudd described the current situation whereby terrorists can secretly talk to each other on a formal social media messaging platform as ‘unacceptable’. Home Secretary Rudd and the government’s frustration have meant that a meeting has been set for this week with Facebook and other technology companies to try and broker a work-around.
Shift From End-To-End Encryption
The government’s likely position at the meeting will be to seek a shift by social media platforms e.g. Facebook, WhatsApp and Apple’s iMessage, away from the complete end-to-end encryption model that denies everyone (including government’s) access to message content, towards allowing specific unscrambled messages to be handed to the government on warranted request.
Issues & Objections
The government’s wish to have greater access on request and surveillance powers have, however, been met with several counter-arguments and objections from technical and security commentators, tech companies, and even a former Ministry of Defence’s cyber-security chief. The arguments and objections against granting the government yet more powers include:
- There is already a wide-ranging Investigatory Powers Act (“Snooper’s Charter”) in place. As well as potentially enabling secret backdoors to be created in apps and thereby undermining public trust in their software, the Act is regarded by many as granting enough powers for now.
- Doubts exist as to whether the WhatsApp activity by the London terror-attacker were even related to the atrocity anyway.
- If encryption was banned or weaknesses / backdoors were built-in to popular platforms, determined criminals would simply obtain encryption products from other sources.
- Banning encryption e.g. as a knee-jerk reaction to specific attacks and / or to gain access to communications of a few people could pose much wide security risks to all of us. For example, we could all face greater privacy and security risks from authoritarian governments, foreign spies, hackers and other criminals.
What Does This Mean For Your Business?
Security and privacy is important in business communications, whether by phone app, social platform, or by email system. Businesses could argue that a more immediate and more likely risk comes from cyber criminals, many of whom have already shown themselves to be capable of exploiting situations where there are back-doors in software / platforms / systems, or where there is a lack of adequate encryption. Relaxing security protection for all for the sake of a few may, therefore, may not be a response that will benefit businesses right now. The debate, however, looks likely to continue for some time.