Home Secretary Amber Rudd has made remarks suggesting a shocking misunderstanding of messaging apps that use end-to-end encryption, saying that they aid terrorism.
Taking aim at messaging apps like WhatsApp, Rudd wrote in The Telegraph that end-to-end encryption is “severely limiting our agencies’ ability to stop terrorist attacks”.
Rudd met with major technology companies like Google, Facebook and Microsoft in a California summit on Tuesday.
In a joint statement, the companies involved said that they were working together to “substantially disrupt terrorists’ ability to use the internet in furthering their causes”.
What is end-to-end encryption?
End-to-end encryption is a way of securing that messages sent over apps can only be read by the recipient and the person who sent it.
Therefore, data is encrypted on the sender’s system, and only the recipient’s device is able to decrypt it.
This bypasses third parties looking to access this data, such as internet service providers, app service providers or hackers.
In an interview with the BBC, Rudd reinforced the government stance on encryption:
“We support encryption, we support its place in making sure that we have secure facilities in banking, in our daily lives when we use the internet. However, there’s a problem in terms of the growth of end-to-end encryption, it’s a problem for the security services and police who are not, under the normal way, under properly warranted paths, able to access that information”.
Thus, Rudd has argued for technology companies to work closer with the British government on end-to-end encryption, calling for companies to share more information when there is a “particular need” for it. More specifically, she argues companies could share more metadata with the government, but what type(s) of metadata she did not specify.
Rudd also stated that app service providers should remove uploaded terrorist data, or even prevent it from being uploaded in the first place.
The response
Critics of this view have said that any sort of ‘back door’ to encrypted data could be abused by hackers, posing even more of a security threat.
Jim Killock, the executive director of the UK digital liberties Open Rights Group, said that “compelling companies to put backdoors into encrypted services would make millions of ordinary people less secure online. We all rely on encryption to protect our ability to communicate, shop and bank safely”.
Furthermore, some have slammed Rudd’s comments to say that if WhatsApp reformed how they encrypted data, terrorist groups could just switch to another end-to-end encrypted app that doesn’t have any ties or work with the UK government.
In response to Rudd’s claim that ‘real people’ don’t need end-to-end encryption, Jim Killock also said that “the suggestion that real people do not care about the security of their communications is dangerous and misleading. Some people want privacy from corporations, abusive partners or employers. Others may be worried about confidential information”.
IT and internet lawyer Graham Smith tweeted that “if you take technical steps to make the internet unsafe for terrorists and criminals, you make it unsafe for the rest of us”.
I sure hope that people start to notice how after every time a jihadi ‘goes kinetic’ the Tories response is to attack internet privacy!
Their disinterest in tacking terrorism is quite obvious.
There was a time when ministers were not allowed to make stupid statements without first being informed by the civil service.
What we have now is career politicians shooting their mouths off with no intelligence.
Does Rudd really believe we think she has any understanding on encryption?
i doubt most of the civil service understand encryption properly. Most are career government workers and very few taken out of the tech industry.
On a basic level it does limit the security services, but so do looked doors. The need for security against terrorism needs to be balanced against the other threats posed such as id thieft and privacy.
I think she failed to get her certificate.
it appeals to daily mail readers, job done.
She’s probably 100% correct ppl don’t like the facts …
She’s ‘probably’ not.
There, your “fact” is countered!
Why would ppl believe the facts when Joe know nothing blogs in the street can make a good story up
If the civil service and business truly understood the value of encryption, then all of their communications would be encrypted to at least a basic level.
Like mine.
Amber Rudd, you are an utter idiot.
Our intelligence agencies, and all others, employ people from all walks of life to spy.
The simplest way for a spy to pass their relevant info back to a handler is via an encrypted communication.
This ensures some level of safety for the spy, and in providing that safety increases the likelihood a person is willing to risk their life to spy in the first instance.
Removing the ability of the person in the street to have access to this level of encryption restricts such useful information traffic to hid amongst.
Spy’s would not be exposed by such a lack of traffic, they would simply not use such communication methods, making their tasks so much more dangerous and difficult.
Spying has often had justifiably bad press, but as noted by Sefton Delmar, it’s sometimes good to know your enemy is spying on you, so they know you are not up to something.
So there are not uncounted numbers of unsavoury types trying to gain access to my data for their own ends….gosh Amber thanks for letting me know that as a normal person I don’t need to concern myself with cyber security………anyone want my bank account details…. NI number…..I’m sure no one would ever think to clone my identity fit for criminal purposes or steal all my money. By the way I’m on holiday next week and the house is empty if you fancy popping around.
And how does Amanda think she can stop software developers across the world from developing applications with high end encryption? How does she imagine she can prevent people in the UK from downloading and installing those applications? UK government cant even prevent music and video piracy. She’s an idiot to waste her time thinking that she can even try. Legislation isn’t going to fix this. Technology might but you’re going to need to spend some serious money developing IT with enough compute that it can crack all the variations in a high end encryption.