UK gives WhatsApp another spanking over e2e crypto

UK gives WhatsApp another spanking over e2e crypto
From TechCrunch - October 4, 2017

The UK government has once again bared its anti-technology teeth in public, leaning especially heavily on messaging platform WhatsApp for its use of end-to-end encryption security tech, and calling it out for enabling criminals to communicate in secret.

Reuters reported yesterday that UK Home Secretary Amber Rudd had called out end-to-end encryption services like WhatsApp, claiming they are being used by paedophiles and other criminals and pressurizing the companies to stop enabling such people from operating outside the law.

I do not accept it is right that companies should allow them and other criminals to operate beyond the reach of law enforcement. We must require the industry to move faster and more aggressively.They have the resources and there must be greater urgency, Rudd reportedly added.

Earlier this week she also admitted she doesnt really understande2e encryption.

Asked about her understanding of the technology at the Conservative Party conference, Rudd came out with this gem: I dont need to understand how encryption works to understand how its helping the criminals. I will engage with the security services to find the best way to combat that.

She also complained about being ridiculed by the tech industry for not understanding the technologies shes seeking to regulate. Whilst apparently doubling down on the ignorance that has attracted said mockery.

This of course led to more mockery

You can see the problem with this strategy. Unless youre the UK government, evidently.

But what exactly is Rudd trying to get WhatsApp to do?The company has repeatedly pointed out it cant hand over decrypted message content because e2e crypto means it doesnt hold the keys to decrypt and access the content.

Which is exactly the point of e2e encryption, and also explains why its better for data security.

The Facebook-owned companyreportedly rejected a government demand it come up with technical solutions to enable intelligence agencies to access e2e encrypted WhatsApp messages this summer (per a Sky News report).

And an e2e encryption system with a backdoor wouldnt be an e2e encryption system, as Rudd apparently cant understand. (She wrote some otherconfusing words on that topic this summer.)

Meanwhile Facebooks Sheryl Sandberg has tried to sell governments on the notion that access to itsdoubtless high resolutionmetadata should be enough for their counterterrorism/crime-fighting needs.

(Note for Rudd: U.S. intelligence agencies have previously said they kill people based on metadata, so Sandberg probably has a point. But maybe you dont fully grasp what metadata is either?)

Yesterday Reuters also quoted UK security minister Ben Wallace, whose brief covers counterterrorism and comms data legislation, bashing on services that use e2e encryption for preventing security services from tracking and catching criminals because we cant get into these communications.

Wallace also reportedly had this to say:There are other ways I cant talk about which we think they can help us more without necessarily entering into end-to-end encryption. So we think they can do more.

What other ways is the government thinking of? A backdoor into an e2e encrypted messaging platform given any other name would still be, er, a backdoor. Unless youre just getting your hands on an unlocked device and reading the plain text messages that way. (Which is of course one possible workaround for security services to access e2e encrypted comms.)

We asked WhatsApp (and Facebook) for comment on the governments latest attacks on its messaging platform. Neither replied.


Continue reading at TechCrunch »