After Washington Post rolls out HTTPS, its editorial board bemoans encryption debate

There's hope that by the time the Washington Post's editorial board takes a third crack at the encryption whip, it might say something worthwhile.

Late on Saturday, the The Washington Post's editorial board published what initially read as a scathing anti-encryption and pro-government rhetoric opinion piece that scolded Apple and Google (albeit a somewhat incorrect assertion) for providing "end-to-end encryption" (again, an incorrect assertion) on their devices, locking out federal authorities investigating serious crimes and terrorism.

See also

Why are we still talking about backdoors in encryption? No, really

FBI's director says he's not a "maniac" about encryption. The experts disagree.

Read now

Read to the end, and you'll find the editorial came up with nothing.

It was a bland and mediocre follow-up to a similar opinion piece, which was called "staggeringly dumb" and "seriously embarrassing" for proposing a "golden key" to bypass encryption.

Critically, what the Post gets out of this editorial remains widely unknown, perhaps with the exception of riling up members of the security community. It's not as though the company is particularly invested in either side. Aside the inaccuracies in the board's opinion, and the fair (and accurate) accusation that the article said "nothing" (one assumes that means nothing of "worth" or "value"), it's hypocritical to make more than one statement on this matter while at the same time becoming the first major news outlet to start encrypting its entire website.

The board's follow-up sub-600 worded note did not offer anything new, but reaffirmed its desire to see both tech companies and law enforcement "reconcile the competing imperatives" for privacy and data access, respectively. (It's worth noting the board's opinion does not represent every journalist or reporter working at the national daily, but it does reflect the institution's views on the whole.)

Distinguished security researcher Kenn White, dismissed the editorial in just three words: "Nope. No need."

Because right now, there is no viable way allow both encrypted services while allowing police and federal agencies access to that scrambled information through so-called "backdoor" means. Just last week, a group of 13 of the world's preeminent cryptographers and security researchers released a paper (which White linked to in his tweet) explaining that "such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend."

In other words: if there's a secret way in for the police and the feds, who's to say a hacker won't find it, too?

The Post's own decision to roll out encryption across its site seems bizarre considering the editorial board's conflicting views on the matter.

Such head-scratching naivety prompted one security expert to ask anyone who covers security at the Post to "explain reality" to the board. Because, clearly, the board isn't doing its job well if on two separate occasions it's fluffed up reporting on a subject with zero technical insight.

If the board, however, needs help navigating the topic, there is no doubt a virtual long line of security experts, academics, and researchers lining up around the block ready to assist. At least then there's hope the board can strike it third-time lucky in covering the topic.