UK targets WhatsApp, encrypted messaging apps following London attack

The UK government has focused its attention on WhatsApp, claiming there should be "no place for terrorists to hide."

screen-shot-2017-03-27-at-11-02-45.jpg
GCHQ

The UK government is gathering itself for an assault on end-to-end encrypted messaging services, demanding that providers including WhatsApp offer intelligence agencies access to content following the London attack.

Last week, Khalid Masood killed a total of four people and injured many others after driving a car into pedestrians on Westminster Bridge and stabbing an unarmed police officer before being shot dead by law enforcement.

It is believed that Masood sent messages through the WhatsApp mobile app just before the attack, which lasted for only a few minutes.

Following the attack, UK Home Secretary Amber Rudd said there must be "no place for terrorists to hide," and it is important for spy agencies to have access to the encrypted messages sent by the terrorist -- or failing that, a future way to do so.

On BBC One's Andrew Marr Show on Sunday, Rudd said that providers of end-to-end encryption services, such as Telegram, Signal, and WhatsApp, provide a "secret place for terrorists to communicate with each other," and such services are "completely unacceptable."

"We need to make sure that organizations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorists to communicate with each other," Rudd said. "It used to be that people would steam open envelopes or just listen in on phones when they wanted to find out what people were doing, legally, through warranty."

"But on this situation we need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp," the Home Secretary added.

End-to-end encryption (E2E) not only encrypts messages on the users' device before sending it to recipients for decryption but also prevents any other party -- including the service provider, ISPs, telecoms, and government agencies -- from being able to read these messages.

Companies such as WhatsApp, therefore, cannot hand over this information even under court order, and if cyberattackers should compromise the servers supporting E2E, they too could not decipher message content.

Intelligence agencies cannot find out what Masood said through WhatsApp before the London attack, despite the company saying it was "horrified" at the attack and pledging to co-operate with law enforcement throughout the investigation.

One way to do so in the future is to create so-called backdoors into software for the use of law enforcement agencies, but doing so weakens the entire structure of both privacy and security for the general public as a whole.

Once a backdoor is implemented, should cybercriminals discover such a security hole, they could then use such weaknesses to compromise modern mobile devices en masse. In addition, if technology vendors are made to introduce backdoors, this is likely to cause distrust amongst consumers and will potentially be a decision that impacts customer bases and reputations.

Should the UK government attempt to ban E2E outright, this is likely to cause an outcry not only by civil rights campaigners, tech vendors, and security experts but potentially from members of the general public who use these popular services and want to maintain this level of privacy.

This is not the first time that law enforcement and technology giants have clashed over encryption and privacy.

Apple has been taken to court by the FBI for refusing to unlock an iPhone used by a shooter in the San Bernardino case, and while fighting an order to unlock the device, law enforcement paid another company for a security vulnerability which allowed them to do so anyway.

See also: In legal showdown, FBI vs. Apple could make or break Silicon Valley

Rudd told the BBC that Apple CEO Tim Cook, who believes it is wrong for governments to request that Apple builds backdoors into products, should "think again about other ways of helping us work out how we can get into the situations like WhatsApp on the Apple phone."

The UK government has already awarded itself extensive powers to spy on citizens. In 2016, the government passed what is known as the Snooper's Charter, which forces ISPs to record subscriber activity, allows law enforcement to hack into citizen PCs and devices, and also forces technology vendors to disclose new security features before products go to market.

The most shocking internet privacy laws:

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All