The Telegraph on Monday published an op-ed by Amber Rudd, the U.K.’s present Home Secretary, making the case for a way for investigators to be able to see encrypted data without somehow breaking the fundamental principles of encrypted data. It’s behind a paywall, but I’ll quote the salient paragraphs. And, after setting the stage with a couple-hundred words about terrorism, we get to the titular topic:
Encryption plays a fundamental role in protecting us all online. It is key to growing the digital economy, and delivering public services online. But, like many powerful technologies, encrypted services are used and abused by a small minority of people. The particular challenge is around so called “end-to-end” encryption, where even the service provider cannot see the content of a communication.
Rudd admits that it’s a very small minority who lean upon encryption to mask their criminal deeds. But that’s the case for lots of different technologies: a small minority of people use a telephone to plan a crime and, even though GCHQ was able to record all phone traffic, their overbearing surveillance was found to be illegal. A small minority of people burn physical evidence of a crime, but fire isn’t outlawed.
To be very clear – Government supports strong encryption and has no intention of banning end-to-end encryption.
But the inability to gain access to encrypted data in specific and targeted instances – even with a warrant signed by a Secretary of State and a senior judge – is right now severely limiting our agencies’ ability to stop terrorist attacks and bring criminals to justice.
Again, there have always been ways for enterprising criminals to get around the interception of their communications: they can meet in person, or use coded phrases.
I know some will argue that it’s impossible to have both – that if a system is end-to-end encrypted then it’s impossible ever to access the communication. That might be true in theory.
No, that’s true in fact.
This is where things really start to break down for Rudd. She’s arguing here that providers of encrypted communications software can, somehow, intercept communications in a human-readable way without compromising the security of the system overall. Quite simply, that’s completely bunk.
But the reality is different. Real people often prefer ease of use and a multitude of features to perfect, unbreakable security.
Why not have both? User experience and platform security are completely different fields and, generally, do not compete, so much as work together.
So this is not about asking the companies to break encryption or create so called “back doors”.
Yes it is. That’s exactly what Rudd is asking for — a way for authorized users to eavesdrop on encrypted communications without creating a security vulnerability:
So, there are options. But they rely on mature conversations between the tech companies and Government – and they must be confidential. The key point is that this is not about compromising wider security. It is about working together so we can find a way for our intelligence services, in very specific circumstances, to get more information on what serious criminals and terrorists are doing online.
Rudd, like so many others in similar positions, is going up against math and physics with hopes and dreams of back doors in encryption. It isn’t going to happen.
The responsibility for tackling this threat at every level lies with both governments and with industry. And we have a shared interest: we want to protect our citizens and we don’t want platforms being used to plan ways to do them harm.
But Rudd is okay with introducing vulnerabilities in different software packages used by billions of people around the world, including users in authoritarian regimes with leaders who are more interested in controlling the citizens they rule instead of protecting them. Creating a still-mythical way for a government to peer into a WhatsApp or iMessage conversation is inviting harm upon billions of people who rely upon reliably secured and encrypted communications — including Britons.