It has been reported this morning that British Home Secretary Amber Rudd is urging messaging apps like WhatsApp to ditch end to end encryption as ‘real people do not need it’; the home Secretary is arguing that the feature is only aiding terrorists.
Her statement has been met with widespread criticism. Below is some comments on this news, from Cybersecurity Experts in the industry.
Lee Munson, Security Researcher at Comparitech.com:
“If normal people do not need end to end encryption, I’d love the Home Secretary to explain who such people are.
From family conversations to the exchange of authentication information, lovers’ secret words to each other to family photos, everyone should expect and demand privacy when communicating online.
For businesses, the need for secure communication is even more important, given the amount of sensitive information almost every organisation has under its control.
As for terrorists, the banning of encryption in popular apps is immaterial – new apps, outside of British jurisdiction, will enter the market to fulfil that need in the blink of an eye.
So come on Amber Rudd, stop and think and tell us how such a policy can be enforced and who wins and who loses from it. And, while you are at it, please tell the British people who the special people are who DO need end to end encryption.”
Mark James, Security Specialist at ESET:
“Unfortunately my line of thinking actually sits on both sides of the fence here.
When it comes to terrorism whatever we can do to stop or limit it has to be the right thing- providing of course that what we do is going to stop or hinder it. Is asking messaging apps to stop end-to-end encryption going to stop terrorists using it? Honestly no. There will always be something to use or some means to send information that others can’t read; for the average public person encryption may not be needed but for some it’s a necessity; their circumstances may require the ability to send messages from one source to another without the concern of it being compromised either for security or safety reasons.
The bad people we have to deal with in our lives will use whatever they can to do what they think is right- buying guns and explosives without the proper reasons is banned or illegal, does that stop them? Agreed they can’t pop down to the local convenience store. but that does not stop them from acquiring them if they need too.
Sadly this is one of those situations that cannot simply be stopped by doing one thing or another. It will continue to be debated with very good reasons for and against, but one thing is for sure- companies that provide social media applications or services require only one thing – “Socials”. The more people that use a platform the more likely it is to succeed. You might have the best messenger application in the world that “ is incredibly user-friendly and a cheap way of staying in touch with friends and family, but if none of your friends and family are using it then it’s just an unused icon on your smart phone or desktop. The developers of these products have to supply something that the public want to use.”
Andrew Clarke, EMEA Director at One Identity:
“Without knowing the full facts, we can be quick to disparage a tool such as WhatsApp that is really being used very effectively across business and personal lives – and improving collaboration. The fact it now has the ability to protect our information through encryption is a great enhancement; it allows us to share confidential information knowing we do that safely.
It also does aid governments to determine who is talking to one another since despite the actual message being encrypted, the metadata is not meaning information about sender/receiver is available Removing encryption from WhatsApp, means people would just move to another tool that did encrypt and maybe did not share metadata.
The impact is that the government would have access to less information than it does now. The best outcome of this discussion would be to encourage providers of messaging services to collaborate such that any suspect users or content can be identified across the platforms to limit their overall impact. By putting identity management at the core of the argument, we can provide a much more controllable environment.”
David Emm, Principal Security Researcher at Kaspersky Lab:
“Creating a ‘backdoor’ to decipher encrypted traffic is akin to leaving a key to your front door under the mat outside. If a government backdoor were to fall into the wrong hands, cybercriminals, foreign governments or anyone else might also be able to inspect encrypted traffic – thereby undermining not only personal privacy, but corporate or national security.
A blanket ban on encryption would be just as dangerous. Cybercriminals would either make use of encryption capabilities developed in another country (i.e. beyond the reach of the UK government), or implement encryption for themselves.
Theresa May must surely be conscious of the fact that there’s no way to restrict the use of encryption to honest, law-abiding citizens. No company can guarantee 100 per cent that its systems will not be breached, so encryption is essential to ensure that such a breach doesn’t result in the loss of sensitive information.”