Brits back home secretary on WhatsApp snooping plan - but experts insist it would make us less safe
The majority of Brits think the police should be given access to encrypted WhatsApp messages in order to thwart future terrorist attacks, a poll has revealed.
But security experts say putting a “backdoor” in secure messaging apps would put the privacy of users at risk and make everybody less safe.
Home secretary Amber Rudd called for intelligence services to be given access to WhatsApp messages after it emerged Khalid Masood used the service minutes before killing four people in a terrorist attack in Westminster.
Ms Rudd told the BBC: “We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don’t provide a secret place for terrorists to communicate with each other.
“We need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp.”
The Cable.co.uk poll of 2,000 UK adults – the first of its kind since the Westminster attack – found that 66% believe the ability of intelligence agencies to intercept messages between terrorist plotters is more valuable than the digital privacy of the population as a whole.
Only 18% said their digital privacy was more valuable.
More than half (51%) said they would feel safer if WhatsApp and other messaging services were unencrypted because message sent by terrorists could potentially be picked up by police.
A quarter said they would feel less safe because hackers would more easily be able to access their messages and private details.
'A weakening of security does not help'
Bruce Schneier, chief technology officer at IBM Resilient, said “of course” security services should not be given access to encrypted messages.
“That would make us all less safe,” he told Cable.co.uk. “The companies would break security for everyone, because they won’t know in advance who the government wants to eavesdrop on.”
WhatsApp uses end-to-end encryption, which means messages are scrambled as they leave the sender’s device and can only be encrypted by the intended recipient.
Professor Tim Watson, director of the University of Warwick’s WMG Cyber Security Centre, said adding a “backdoor” would involve modifying the app so it either sends the key needed to decrypt a message to a third party or sends a fake key to the recipient, allowing the message be intercepted in transit.
He said that while this would make justified surveillance straightforward the system could be “insufficiently protected”, allowing criminals to read people’s messages.
Prof Watson told Cable.co.uk: “We don’t want backdoors in software. The security services have a vital role to play in keeping us all safe but a backdoor or a weakening of security does not help.
“End-to-end encryption works like a secure Royal Mail service. You write to your friend in the privacy of your own home, seal the letter in a secure envelope, send it and your friend opens the envelope. Adding a backdoor is like opening someone’s mail in transit.”
Prof Watson said government agencies already have multiple ways of invading the privacy of those suspected of endangering security – including bugging rooms, infiltrating surveillance software into suspects’ devices and using informants – none of which are defeated by end-to-end encryption.
“While it would make life easier to have a backdoor into end-to-end encrypted services it would be sacrificing a secure way for us all to communicate and to maintain our privacy,” he added.
Professor Carsten Maple, director of research at the WMG Cyber Security Centre, said: “From a technological point of view, it is pointless to request that Whatsapp stop using end-to-end encryption (e2ee).
'Absurd and naive'
“If that was to happen those who wanted to keep messages concealed would simply move to another service that offered e2ee.
“If it was made illegal, then there would be either illegal services or those out of jurisdiction. In essence, you cannot ‘uninvent’ e2ee, so therefore have to accept it as part of the landscape.
“There is no business case to make providers alter their service, and no legal or regulation space to put e2ee back in the bag from whence it came.”
James Scott, a senior fellow of the Institute for Critical Infrastructure Technology, said any attempt to undermine encryption is "a blatant attempt to jeopardize cybersecurity".
"There will always be a readily available mechanism for terrorists and other threat actors to 'plot in secret'," he said.
"Law enforcement cannot feasibly monitor every possible app, game, forum, protocol, etc. to detect malicious communication.
"Compromising popular commercial applications on the miniscule chance of capturing terrorist chatter is absurd and naïve.
"Average, law-abiding users will experience privacy harms, law enforcement will divert precious resources on fruitless monitoring and legal proceedings, and adversaries will plot and operate unimpeded."
In a statement published yesterday (3 April), the Home Office said it is looking to strike a balance between “protecting information online and the need for police and intelligence agencies to read, subject to appropriate authorisation, encrypted messages”.
Responding to a written question from shadow digital minister Louise Haigh, security minister Ben Wallace said the Westminster attack “has highlighted the need for a proper public debate on this issue”.
“The government will be working with internet companies to ensure they fulfil their moral and social responsibility to help our police and security services to keep us all safe.”
- WMG Cyber Research Centre, University of Warwick
- Institute for Critical Infrastructure Technology
- Home Office
- Amber Rudd MP
- Ben Wallace MP
Why do we need your postcode?
Once you enter your postcode, Cable.co.uk will perform a live lookup and check all the available providers in your area.
This ensures you receive accurate information on the availability of providers and packages in your area.
Your information is safe with us. We won't share your postcode with anyone. Guaranteed.