UK Home Secretary Amber Rudd has announced that she would like to abolish end-to-end encryption within messaging applications, like WhatsApp.
The home secretary believes that ‘real people’ don’t need this feature, and that end-to-end encryption (E2EE) only aids terrorist attacks. This statement is in wake of the recent terror attacks in the UK, and claims that E2EE is hindering the government’s ability to stop terrorist attacks and bring terrorists to justice.
WhatsApp is an instant messaging application for Smartphones, using the internet to send messages, images, videos, documents, make voice and video calls, almost anything to connect you to another user.
End-to-end encryption is a way of making messages only readable by the sender and the recipient. It prevents anyone else from being able to access the cryptographic keys needed to decrypt the messages, even for the service providers, internet provider and telecom providers. It is designed to defeat any sort of surveillance or interfering.
However, WhatsApp isn’t the only messaging service to offer end-to-end encryption: Signal, Silent Circle, Viber, to name a few. Facebook Messenger operates an opt-in E2EE service, which is only activated on the conversations that have been ‘opted-in’. In addition, Apple’s iPhone messenger service, iMessenger, has the Apple-developed encryption.
There are arguments about E2EE, concerning allowing a ‘back door’ into the encryption, however this would leave the service wide open for attacks and abuse from particularly skilled or knowledgeable cyber criminals. The encryption was introduces to increase security and protection for user privacy.
Mark James, ESET IT Security Specialist, talks about end-to-end encryption and whether the home secretary is correct to ditch it in messaging applications.
“Unfortunately, my line of thinking actually sits on both sides of the fence here.
“When it comes to terrorism, whatever we can do to stop or limit it has to be the right thing, providing of course that what we do is going to stop or hinder it.
“Is asking messaging apps to stop end-to-end encryption going to stop terrorists using it? Honestly no.
“There will always be something to use or some means to send information that others can’t read.
“For the average public person, encryption may not be needed but for some it’s a necessity their circumstances may require the ability to send messages from one source to another without the concern of it being compromised either for security or safety reasons.
“The bad people we have to deal with in our lives will use whatever they can to do what they think is right.
“Buying guns and explosives without the proper reasons is banned or illegal, but does that stop them?
“Agreed they can’t pop down to the local convenience store, but that does not stop them from acquiring them if they need too.
“Sadly, this is one of those situations that cannot simply be stopped by doing one thing or another.
“It will continue to be debated with very good reasons for and against but one thing is for sure, companies that provide social media applications or services require only one thing – people.
“The more people that use a platform, the more likely it is to succeed.
“You might have the best messenger application in the world that is ‘incredibly user-friendly and a cheap way of staying in touch with friends and family’ but if none of your friends and family are using it, then it’s just an unused icon on your smart phone or desktop.
“The developers of these products have to supply something that the public want to use.”
Do you think end-to-end encryption is important in a messaging app? Or does it not bother you either way? Let us know on Twitter @ESETUK.
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.