Recently, the topic of a government’s right to have unfettered access to encrypted data for national security reasons was back in the news when it came to light that Khalid Masood, the British extremist who killed four people outside parliament had used WhatsApp a few minutes before he launched his attack.
For many people, privacy is a sacred, indisputable right. On a less existential note, an argument can be made that it’s of little to no value for a government to jeopardize the privacy of so many people since there are too many social media and messaging apps for it to realistically monitor. Backdoor WhatsApp and terrorists will switch to some other messaging app – and then what?
First, what many people don’t realize is that their privacy has long been compromised. What they are fighting for is the illusion of privacy.
For decades, all “communication providers” in all western countries – Verizon, T-Mobile, AT&T, your local cable provider, etc. – are already supervised by the authorities. By law, these companies are subject to Lawful Interception (LI) requirements. That means that a government entity can enter any communications provider’s data center and install a box that forwards all “relevant communications” to national collection centers. Providers can either comply, or not do business in those countries.
The only reason tech vendors are not already subject to LI regulation is because most regulators didn’t predict social media platforms would become the primary communications channels they are today, and that security controls put in place would make it non-trivial for governments to monitor, despite having complete visibility into the underlying communication infrastructure. Had that been foreseen, Microsoft, Google, Facebook, and their brethren would have had no choice but to accept LI requirements as a basic tenant of doing business, specifically in the U.S.
Second, from a counterterrorism and counterintelligence perspective, government interception of these messaging providers’ encrypted traffic serves a valid purpose because it erodes one of a terrorist’s biggest assets, anonymity – their ability to blend into the crowd. If the communication and messaging channels used by the vast majority of a given population are monitored and, in fear of their traffic being intercepted by law enforcement, terrorists move over to a different, non-monitored application, just by doing that, they’ve excluded themselves from the general population. By making that one hop to another platform, they“marked” themselves as objects for further surveillance, and hence, easier to detect by counterterrorism agencies.
Identifying a suspect doesn’t necessarily mean intercepting an incriminating message, in most cases it first and foremost involves identifying an indicative operational pattern that excludes that subject from the vast majority of the population. Not being able to intercept the actual message content during this exclusion process is a minor problem, since once a person becomes a surveillance object, there’s no shortage of ways for counterterrorism and counterintelligence to supervise his activities.
Therefore, an argument can be made that it can be worthwhile to lawfully intercept private information of legitimate users on social media for the greater good, assuming we have the right processes in place to protect the intercepted information. Law enforcement’s access to a given social platform should likely be based on the number of users – those social platforms that have above a certain threshold should be subjected to Lawful Interception regulation.
Bottom line: with 80 percent of the traffic already subject to LI, drawing the line at WhatsApp doesn’t make sense.
Or does it?
What do you think?