UK Home Secretary Amber Rudd is upset. She considers it “unacceptable” that she can’t read your private chat messages and wants that fixed. Naturally, she publicly ties her demand that you surrender your privacy to the fight against terrorism. Fortunately, Rudd won’t get her way. That’s not because her demand is evil and wrong-headed, although it is. It’s because her demand is impossible to implement.
British police and intelligence agencies want to read WhatsApp messages sent and received by Khalid Masood, who killed four and injured 50 on March 22 in London before being shot dead himself. They can’t access those messages because WhatsApp uses “end to end encryption.”
What this means is that WhatsApp messages are encrypted at the sender’s end and decrypted at the receiver’s end. The company itself never has access to the plain text of messages and therefore cannot turn that information over to police.
Rudd would like to see “back doors” built into applications so that governments can access messages’ plain text under “carefully thought-through, legally covered arrangements.” That’s a pipe dream, for two reasons.
First, such a “back door” would destroy both the security of, and the user base for, any app whose creator allowed it. If one government can get in through a back door, so can other governments, and so can non-government hackers. No one who cares about messaging security and privacy (including, but obviously in no way limited to, terrorists) will use such an app.
Secondly, there are, and always will be, secure “end to end encryption” alternatives to apps whose makers allow them to be legally crippled as Rudd would like. That genie escaped the bottle in 1991 when Phil Zimmerman released the first version of “Pretty Good Privacy,” a strong encryption program that anyone can install and learn to use on, these days, almost any device (using the OpenPGP standard).
Governments’ war on strong encryption has been over for more than two decades. Strong encryption, and the public, won.
That doesn’t mean your encrypted messages are secure, though. As WikiLeaks’s “Vault 7” release of CIA documents shows, the world’s intelligence agencies have shifted focus from hobbling encryption to compromising our devices and the operating systems that run on them. That way they can read our messages before we encrypt them or after we decrypt them.
Remember: It’s not Amber Rudd and us versus the terrorists. It’s Amber Rudd and the terrorists versus us.