Institutional Idiocy

This week the British Home Secretary made some particularly foolish statements about services that leverage end-to-end encryption in order to make communications secure. Since these sorts of services have started to experience wide levels of adoption, authoritarian politicians have been talking about how the companies that provide these services need to make it possible for governments to monitor what is being discussed, for the purposes of foiling terrorism and other criminal activity.

Amber Rudd said, this last week;

"I don’t need to understand how encryption works to understand how it’s helping the criminals. I will engage with the security services to find the best way to combat that."

She was speaking at the time about end-to-end encryption services, with particular reference to WhatsApp¹. Now, setting aside that it came to light this week² that her Party (The UK Conservative Party) has been operating a WhatsApp group to allow MPs to talk about Party matters with the benefit of the security that the platform offers, there are three really troubling things about her statement.

1. "I don't need to understand how encryption works..." - If it is your job, in part or in whole, to set policy for the security of British domestic society - her ministerial job as the Home Secretary makes her the person who heads the Home Office, which oversees the Police, MI5 and other government agencies, amongst other duties and responsibilities - then if you are going to try and claim that encryption of any kind represents a threat to that security, you had better understand how it works and more importantly understand the ways in which you believe it poses those threats.

2. "how it's helping the criminals" - there are two issues here. Firstly there is no evidence that I am aware of that end-to-end encrypted messaging services are helping 'the criminals', at least not that they are being helped by these tools any more than they are being helped by cars, self-storage services, supermarkets and indeed all the other things that we all use that criminals also get to use. The second, more telling issue is that WhatsApp, which is owned by Facebook, has been very clear that within the legal frameworks of the jurisdictions it operates in, it is very happy to cooperate with the government and security services in providing metadata around WhatsApp usage. The US government has previously confirmed that drone strikes were evaluated and green-lit based on metadata analysis, so there is already an appetite for it and a belief that it can help. On that basis alone, any terrorist, paedophile or indeed other class of criminal that is using WhatsApp is just asking to get caught. The fact that the details of the conversations cannot be revealed by Facebook is essentially immaterial (and actually impossible based on how the encryption works), because it is the context of who is talking to who at what times of the day or night and in what locations that is much more interesting.

3. The last point I want to make here is the really big one though. If I wanted to create a secure, end-to-end encrypted messaging platform, and then only invited my friends to use it, I could do that. There would be some engineering time and some costs, but it is in my reach, right now. Forcing WhatsApp, and other services like WhatsApp, to compromise their security at the whim of national governments cannot possibly change this fact. More importantly than that, we could just take computers out of the equation and pass hidden, encrypted messages to one another via more analogue methods. Ms Rudd's approach is to remove a convenient tool that allows people with entirely benign reasons to want some privacy the privacy that they need without stopping anyone who is up to no good communicating in a covert and practically undetectable manner. Moreover the rhetoric of "encryption bad" seems to ignore the fact that computer-based encryption empowers all kinds of really good things, like eCommerce, online banking, source control, keyless entry into your car... The list goes on and on and on. What is the government planning? Are we going back to the pre-computer age, when everything was on paper and we needed armies of clerical staff and no one could ever get anything done?

There has been some equally reckless talk about "back doors" into the services that offer end-to-end encryption. First of all, in order to remain secure this is impossible. The process that is used to encrypt on the transmitting device and decrypt on the receiving device so that the message is encrypted at every point in its journey, and never resides on WhatsApp's servers in a decrypted form, makes it impossible for WhatsApp to offer a "back door" into the system, unless all devices used the same private key. If this were the case any person or organisation with access to that private key would be able to read any and all traffic on the WhatsApp network. Not only is that far too much unregulated power and access for any government, but it only takes one leak to one criminal organisation and the scope for abuse goes far beyond authoritarianism and social control into serious personal risk. Why would anyone use a system that had a grip on security that was fragile at best? WhatsApp works by creating a new private key and a new public key on every single device. When you send a message to a contact or group of contacts, the message is encrypted such that it can be read using the private key of the person or people whose public keys were used to encrypt it. No other private keys will work to decrypt the message(s). The only way WhatsApp could allow governments to see the content of messages would be to use the same private key on every device, which would be utterly insecure and completely open to immediate exploitation, or to use a flawed algorithm to create the keys, such that they could create a "master key" to decrypt any message. This is no safer or more secure as the master key could be stolen or the flaws in the encryption algorithm could be discovered and exploited.

As things stand, there is nothing to stop governments from seizing someone's device and getting them to unlock it, or stealing the device of a person of interest cloning it and unlocking it at leisure, well nothing apart from ethical arguments, and this is the same burden placed on them in order to eavesdrop on the homes and businesses of people that they suspect of wrongdoing, so why should technology make things easier for them anyway?

So, what can we do? Well I am going to write to the Home Secretary, via my own MP, so that I will at least get an answer from her on where she is getting her information from, and how and why she feels confident to be setting policy on these issues and indeed even speaking in public about them.

I strongly recommend that if you can find the time you also consider writing to Ms. Rudd. As I understand it, if you write to her via your MP, and your MP does as you ask and passes on your letter to the Home Secretary, then she must respond to you. Even ten or fifteen serious, concerned letters on this subject might move the needle enough to open the door to more nuanced discussions.

I also strongly urge you to use encryption. Don't just use WhatsApp, get an account on Keybase, and if possible install GnuPG³ on your computer and get your own public / private keypair, so that you can send and receive encrypted email. I use these tools to talk with my colleagues about sensitive business issues, things that could conceivably lead to serious problems in terms of us losing our competitive edge or exposing us to unwanted cracking / break-ins on our hosted platform. There are many other, completely benign and justified uses for encrypted communication. You might want to run something by your lawyer, but not be able to see them in person, or you might want to organise a surprise for someone but don't want even the risk that they might see an open email. More troubling, but just as valid, is that you might be trapped in an abusive relationship and in need of a safe communication channel with someone that is offering you support. You might be a civil rights campaigner in a country with a repressive regime. You might be a journalist working on a contentious story that needs to maintain security, or you might be doing any number of things that are legal and moral but require a level of secrecy. You may be none of these things, but just unhappy that email is the digital equivalent of sending a postcard and that it takes little or no effort to read other people's emails and perhaps you don't want to use such an insecure mode of communication for some of the things that you want to say?

The point is that if you start to use encryption, particularly in ways that are not reliant on visible services, like WhatsApp, then you will help give weight and support to the idea that you have a right to adopt tools that give you privacy, and that no government has the right to take that freedom away from you. If everyone in the World were using encrypted email already, this would be a harder conversation for politicians like Amber Rudd to have, but then most people do not realise quite how insecure email actually is, so perhaps it is of little surprise that people have not taken to encryption until now.

I am all for harm reduction, and I believe that we as a society need to agree to allow some limitations on our activities in order to allow for genuine harm reduction. That being said, I firmly believe that the harm that will be unleashed if the UK Government and indeed other Governments attempt to regulate in a reckless and ill-considered fashion against encryption technologies, that are fundamental to so many useful and positive aspects of our modern lives, is many orders of magnitude greater than the risk that the next terrorist attack will be planned on WhatsApp, and I humbly submit that you should too.

¹ Other messaging services with end-to-end encryption do exist. If you would like to find out more about them, have a Google for Signal, OpenWhisper Systems, Telegram, and Threema. There are more, some are more secure and paranoid than others...
² Spectator Article about the Grant Shapps leadership conspiracy - it makes mention of the Tory Party WhatsApp Group.
³ GnuPG is a freely available toolchain for PKI encryption. It is available for Windows, Mac and Linux, and there are plugins for most email clients.