Compliance Management, Data Security, Encryption, Privacy

UK official: Backdoor needed into WhatsApp

Following the terror attack on Parliament last week, home secretary Amber Rudd has suggested law enforcement must be able to listen in to WhatsApp conversations, as British-born Khalid Masood, who carried out the attack, is said to have used WhatsApp moments before murdering pedestrians with his car, and stabbing an unarmed police officer to death.

Speaking on BBC One's Andrew Marr show, Rudd spoke of an era when law enforcement would “steam open envelopes, or just listen in on phones, when they wanted to find out what people were doing”, adding: “We need to make sure that our intelligence services have the ability to get into encrypted situations like WhatsApp.”

Rudd suggested that such encrypted communication apps “give terrorists a place to hide”. MI5 has also previously said it uses "equipment interference" (hacking) in the majority of high profile cases, which is one way of accessing encrypted messages without breaking encryption. Although Masood was ‘ known' to MI5, who decided to stop surveilling him, describing him as a peripheral figure.

SC Media UK questioned the Home Office on Rudd's anti-encryption stance, asking how it plans to go about listening to WhatsApp conversations which are protected by end-to-end encryption. A spokesperson told us “we have nothing to add on top of the Home Secretary's comments at this time.”

There has been no word of any new legislation to aid this, as the newly cemented-into-law Investigatory Powers Act does, theoretically, afford government the powers to force technology companies into breaking their product's encryption, thus creating a ‘back door' for them to listen to conversations through. However the same applies here, the government is yet to detail plans on how it plans to enforce this.

Major General Jonathan Shaw, the Ministry of Defence's former head of cyber-security, has accused the government of trying to "use" the Westminster attack to grab unnecessary and intrusive surveillance powers.

Speaking to BBC Radio 4's Today programme, Shaw said ministers are attempting to  "use the moment" to push for security services having more control, despite there being only a weak case for it.

Shaw said: "I think there's a lot of politics at play here. There's a debate in Parliament about the whole Snooper's Charter and the rights of the state and I think what they are trying to do is use this moment to nudge the debate more in their line."

Shaw argued that if the Government does push through laws to listen in to conversations on WhatsApp, terrorists would simply use other encrypted chat apps.

Nick Clegg, Liberal Democrat MP and ex-deputy prime minister, opined that “we've been here before.”

Clegg writes: “Powers that could have been used to force companies to remove end-to-end encryption have been on the statute book since 2000, but have never been used. David Cameron railed against end-to-end encryption in a speech in January 2015. Nothing happened. Why?”

Clegg cited reasons such as encryption being a useful technology, “Businesses rely on it to prevent cyber-crime and to reassure customers that their data is secure. It's used in everything from banking to online shopping.”

Clegg also claims a ban would be impossible to enforce unless we took the dramatic step of cutting the UK off from the rest of the internet. He wrote: “End-to-end encrypted messaging services aren't limited to WhatsApp and iMessage.”

Marr went on to compare the situation to US law enforcement wanting access to iPhones following the San Bernardino attack, to which Rudd responded “If I was talking to Tim Cook, I would say something completely different. I would not say 'open up', we don't want to 'go into the cloud', we don't want to do all sorts of things like that.

“But we do want them to recognise that they have a responsibility to engage with government, to engage with law enforcement agencies, when there is a terrorist situation. We would do it all through the carefully thought through, legally covered arrangements.”

On Thursday, Rudd is to meet with top tech companies to discuss the topic, and the posting of questionable content on major providers such as Google and Wordpress. When SC knows more of the outcome of the meeting, it will provide a follow on report.

SC approached Facebook, which owns WhatsApp, for comment on whether or not the breaking of encryption is possible, a spokesperson responded: “We are horrified at the attack carried out in London and are cooperating with law enforcement as they continue their investigations.”

Tony Anscombe, ambassador and senior security evangelist at Avast, told SC:  “We understand why governments want to be able to access the content in these messages but, unfortunately, banning encryption in order to get to the communications of a select few opens the door to the communications of many, and renders us all less secure and our lives less private.”

“If you build a back door, it's there for everybody to access. And if you store that data you collect, even in encrypted form, how secure is it? All these data breaches we hear about show our privacy is regularly being breached by hackers, so the action suggested by the home secretary would only open us all up to further invasions of privacy.”

“A lot of these terrorist organisations are already well resourced. It would be naïve of us to think that by removing the public methods of encryption which we use to protect our identity, our freedom of speech and to keep us safe from persecution, that those terrorist organisations will not develop alternative methods to encrypt their communications. If this were to happen, we'd only be pushing these people further underground, presenting a greater challenge to security intelligence services.”

During a recent Israel-UK  Ambassadors roundtable at the Royal Society in London,  Professor Sir David Omand of the department of war studies, King's College London, former director of GCHQ, had highlighted the government's awareness of the policy issue tensions between wanting hard encryption to spread to benefit industry, and how to get round hard encryption by law enforcement and the intelligence agencies.

It was accepted that strong encryption is needed for everyday use, while simultaneously law enforcement needs access and the secret intelligence agencies are trying to help law enforcement, with the government doing its best to satisfy each of these conflicting requirements.  It appeared that the UK government's aim is to circumvent encryption, with the cooperation of the tech companies in specific cases, rather than break it for all, and in fact it is encouraging the building of more resilient cyber-security including Quantum computing.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.