In the wake of the terrorist attack in the UK, government officials are demanding that encrypted services contain backdoors.
Some call it the war on encryption while others call it the war on math. Whatever you call it, governments are pushing to compromise the security of encryption to further be able to pry into everyday conversations of ordinary citizens.
Some might think of this debate as a relatively new debate in the world of privacy. Some might remember some of the attempts to install backdoors a year or so earlier in the US. As a matter of fact, the debate on privacy vs. government security extends much farther back. In fact, the privacy debate extends further back than my whole career. The earliest example I was able to cover this story was back in 2005. Back then, I was covering the privacy debate in Canada as controversy arose for the so-called “lawful access” bill in Canada.
Canada wasn’t the only country to try and push for surveillance of its own citizens. In 2008, I covered the passage of warrantless wiretapping in the US. The controversy then surrounded the famous “splitter” room where all traffic on the AT&T network was duplicated and sent to American spy agencies. When the cover of the secret room was blown, government scrambled to give ISPs legal immunity from litigation.
As EDRI points out, the UK also had their own debate in privacy back in 2015. At that point, the Snowden revelations had already been well known where governments from around the world were spying on ordinary citizens on a mass scale. At that point, the government was considering a bill called the Investigatory Powers Bill. The bill became widely known as the “Snoopers Charter”. The bill obligates ISPs to retain browsing histories of ordinary citizens. The data would then be readily accessible to spy agencies in the UK.
Of the three countries, Canadians were the only ones successful in fending off legislation that would allow spy agencies to pry into the online private lives of ordinary citizens. Of course, for countries who scrapped civil rights in the name of security, what will the next step be for the privacy debate? Well, in response, many citizens began turning to encryption. Whether that encryption be through apps, VPN’s or even TOR, ordinary citizens became less at ease about their lives on the open Internet. For a lot of people, it isn’t that they had anything to hide, it’s just that they chose not to have their daily activities monitored and stored.
Knowing this, it makes the governments war on encryption the next logical step in the privacy debate. There have been efforts in the past to try and undermine the security of encryption in the US such as attempts to peal back the layers of TOR. More recently, however, apps like WhatsApp have made headlines in the UK in the wake of a terrorist attack in the UK.
WhatsApp is an end-to-end instant messaging service for smartphones. It was initially released in 2009 by WhatsApp Inc. The free app has been downloaded and used by many people all over the world. The encryption capabilities have allowed for some level personal privacy when communicating to others over the Internet in the wake of the encroachment of government spying over the years.
Last month, in the wake of a terrorist attack in the UK, Amber Rudd singled out WhatsApp and made the accusation that the app is a place for terrorists to hide because governments didn’t have access to the contents of peoples messages. From the report:
Speaking to BBC One’s Andrew Marr Show, Ms Rudd said: “It is completely unacceptable, there should be no place for terrorists to hide.
“We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don’t provide a secret place for terrorists to communicate with each other.
“It used to be that people would steam open envelopes or just listen in on phones when they wanted to find out what people were doing, legally, through warrantry.
“But on this situation we need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp.”
As a result, there have been calls to create backdoors to all encrypted services to allow governments to access the communications of any citizen it wants to spy on. That has privacy and technology experts up in arms. From the Guardian:
Cameron’s legislation has not happened, and there’s a simple reason; encryption is a binary. Either something is encrypted, and thus secure from everyone, or it’s not. As the security expert Bruce Schneier has written: “I can’t build an access technology that only works with proper legal authorisation, or only for people with a particular citizenship or the proper morality. The technology just doesn’t work that way. If a backdoor exists, then anyone can exploit it.”
That’s the crux of the problem. While you can legislate to only give state agencies access to terrorists’ communications, and with proper oversight and authorisation, you cannot actually build encryption that works like that. If you put a backdoor in, it’s there not just for security services to exploit, but for cyber-criminals, oppressive regimes and anyone else.
Even if the UK government got exactly what they wanted, the net effect is that innovation will ultimately flee the UK. An app that helps protect the privacy of ordinary citizens will always be sought after. If it one application starts compromising its security, privacy minded people will look elsewhere. That will include apps whose developers are located in other countries. The end result is an arms race between innovation and the government.
The chances of this battle ending well is very slim. How far the governments around the world are willing to escalate this battle remains to be seen.