It is like deja vu – the date and venue are different, but the hue and cry over encryption and backdoor access is the same. Then, it was a smartphone – now, it’s an app. Seems like advocates for weakening security actually salivate over a purported terrorist attack so they can press their case.
In the US, nearly two years ago in the San Bernardino case, the FBI and Apple locked horns over unlocking an iPhone, and a debate raged over allowing law enforcement to gain entry into devices via backdoors. It’s a bit different in the most recent attack, but only in semantics.
The latest incident, on London’s Westminster Bridge, has provided the government with another opportunity – this time in a call for decrypting an app – to weaken security for all, to serve its own narrow interests. After all, that’s what this is really all about, isn’t it? Sooner or later, those in law enforcement must grasp the concept that to allow them access is to allow ANYONE access. There is no middle ground.
Another thing – by fuming over the lack of access, law enforcement conveniently and craftily diverts attention away from itself and any potential surveillance shortcomings on its part in not preventing an attack! With all the sophisticated systems and legal framework in its favor, what precluded it from identifying the attacker and thwarting the attack?
Indeed, reports indicate that Masood has been known to the intelligence community for his potential links to extremism as early as 2010, after he returned from teaching English in Saudi Arabia.
No, the internet is too big and too easy a target, despite the apparent call for an end to encryption. So, it’s not surprising to hear UK Home Secretary Amber Rudd lambasting end-to-end encryption in apps like WhatsApp as “completely unacceptable.” She added that there should be “no hiding place for terrorists.”
Her comments merely fuel the debate over banning encryption, while also absolving the cops and their tactics from responsibility for flushing threats out.
This brouhaha comes on the heels of revelations that the assailant, British extremist Khalid Masood, used WhatsApp a few minutes before killing four people and maiming a score more in Westminster last week. Furthermore, Rudd refused to rule out passing new legislation to tackle encrypted messaging if she did not get what she wanted. But is her quest realistic, or even possible? Experts have grave doubts.
“My impression was that primarily she doesn’t know what she is talking about,” says Paul Bernal at the University of East Anglia, UK. Rudd, perhaps purposely, chooses to forget that government security services themselves rely on strong encryption to preclude unwanted access. Not to mention online banking and shopping sites.
Brian Paddick, the Liberal Democrats’ home affairs spokesman and former deputy assistant commissioner of the Metropolitan Police, believes that such demands are disproportionate to the situation:
“These terrorists want to destroy our freedoms and undermine our democratic society. By implementing draconian laws that limit our civil liberties, we would be playing into their hands. My understanding is there are ways security services could view the content of suspected terrorists’ encrypted messages and establish who they are communicating with.”
The answer my lay in internet companies’ willingness to comply with law enforcement in decrypting devices (if they indeed can) on a specific, case-by-case basis. At least that’s the rationale offered by the internet privacy organization The Open Rights Group’s director Jim Killick:
“This help should be requested through warrants and the process should be properly regulated and monitored. However, compelling companies to put back doors into encrypted services would make millions of ordinary people less secure online. We all rely on encryption to protect our ability to communicate, shop and bank safely.”
Regarding the London incident and apropos to Killick’s comments, WhatsApp is cooperating with the authorities, saying that it was “horrified” by the tragedy. It isn’t known at this time whether Masood was sending or receiving an app message. Maybe companies can do more to help though. They can start, as Rudd opines, by realizing that they are de facto publishing companies, and should be careful about publishing extreme and extremists’ materials.
Since encryption is so pervasive and vital to everyone, trying to legislate it out of existence is virtually impossible. New encryption methods would be developed soon after to replace it. And, while it is fanciful to wish for specific backdoors be made available to police, the inescapable reality is that soon the bad guys, too, would be able to gain access.
It appears that the answer is in performing law enforcement more effectively using the myriad and powerful surveillance tools it already has at its disposal. That’s the only thing which will work in free, economically vibrant societies, in my judgment.