UK's flip-flops on encryption don't help anyone
Commentary: Home Secretary Amber Rudd is both a critic and a fan of end-to-end encryption. She's seeking a middle ground, but does that exist?
In the battle over encrypting private communications versus giving the government backdoor access to better thwart terrorism, it's hard to tell where the UK government stands.
"Encryption plays a fundamental role in protecting us all online."
"We need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp."
"To be very clear – Government supports strong encryption and has no intention of banning end-to-end encryption."
"There is a problem in terms of the growth of end-to-end encryption."
These statements sound contradictory, but they have one thing in common: They can all be attributed to UK Home Secretary Amber Rudd.
Rudd has said all of these things and more about encryption in various speeches, interviews over the past few months and a self-penned articles earlier this week.
It's not just you. From reading these statements, even in context, they're pretty confusing.
WhatsApp's 'end to end' encryption is "absolutely unacceptable...there should be no place for terrorists to hide" says @AmberRudd_MP #marr pic.twitter.com/aVtDP6FRvD
— The Andrew Marr Show (@MarrShow) March 26, 2017
The comments add more muddle to the debate over encryption, which has become a bugbear of the British government in the wake of multiple terror attacks in the UK over the past year. While encryption guards our privacy, it also prevents authorities from reading messages between terrorists. Prime Minister Theresa May has called multiple times on tech companies to "do more" to tackle the terror threat. Rudd, ahead of attending the Global Internet Forum to Counter Terrorism on Tuesday in San Francisco wrote an editorial in the Telegraph saying that the UK isn't looking to ban encryption but does want some kind of change.
The back and forth from Rudd is counterproductive because she's seemingly seeking a middle ground that doesn't exist. By parsing her statements, Rudd appears to suggest a version of encryption that is almost, but not absolutely, unbreakable. But end-to-end encryption means that not even the companies that create and enforce security measures can decrypt your messages, so the idea of an emergency access point seems far-fetched.
"Amber Rudd must be absolutely clear on what co-operation she expects from internet companies," said Jim Killock, executive director of UK digital rights campaign Open Rights Group. "She is causing immense confusion because at the moment she sounds like she is asking for the impossible."
It's not like tech companies aren't willing to help. Facebook, Twitter and Google have shown willingness to work with governments to tackle terrorism.
Home Secretary Amber Rudd speaka at the Global Internet Forum to Counter Terrorism this week.
But they aren't bending on the issue of putting in backdoors for government access. As tech companies and security experts have repeatedly pointed out: If the companies themselves have a way of accessing these communications, so potentially do those with malicious intent.
A game of whack-a-mole
Breakable encryption could also, as numerous experts including Facebook Chief Operating Officer Sheryl Sandberg point out, chase terrorists onto other platforms that aren't as willing to cooperate with governments.
"If people move off those encrypted services to go to encrypted services in countries that won't share the metadata, the government actually has less information, not more," Sandberg said in an interview broadcast by the BBC last week.
In fact, it's already happening. On Wednesday, three men were found guilty in the UK of plotting a terrorist attack and had been using the encrypted app Telegram to communicate with one another. Telegram was called out by Europol chief Rob Wainwright earlier this year for "causing major problems," by not cooperating with law enforcement.
'Real people' don't want encryption?
One allegation Rudd has leveled at end-to-end encryption is that "real people" don't care about it. People don't use WhatsApp because it is secure, she said in her Telegraph editorial, but because it is convenient, cheap and user-friendly. This is more than a huge generalization, it's an assertion for which she provides absolutely no supporting evidence.
Indeed, her comments have attracted criticism from privacy organization Big Brother Watch, which said they were "at best naive, at worst dangerous."
"Suggesting that people don't really want security from their online services is frankly insulting, what of those in society who are in dangerous or vulnerable situations, let alone those of us who simply want to protect our communications from breach, hack or cybercrime," Renate Samson, the organization's chief executive, said in a statement.
"Once again the government [is] attempting to undermine the security of all in response to the actions of a few," he said. "We are all digital citizens, we all deserve security in the digital space."
Rudd maintains "there are options" for using end-to-end encryption and also making sure terrorists "have no place to hide" online. But these options remain a mystery to everyone but her. For the sake of the British public, many of whom do care that their communications are kept private and secure, she needs to explain how this will work.
The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter. Here's what they're up to.
Intolerance on the Internet: Online abuse is as old as the internet and it's only getting worse. It exacts a very real toll.