Euro Security Watch with Mathew J. Schwartz

Encryption & Key Management , Governance & Risk Management , Next-Generation Technologies & Secure Development

'Real People' Don't Want Crypto, UK Home Secretary Claims

British Government's Love Affair With Scapegoating Encryption Continues
'Real People' Don't Want Crypto, UK Home Secretary Claims
U.K. Home Secretary Amber Rudd. (Photo: Amber Rudd)

"We don't want to ban encryption, but ... "

See Also: Live Webinar | Navigating Identity Threats: Detection & Response Strategies for Modern Security Challenges

So reads the headline of an article in the Telegraph authored by U.K. Home Secretary Amber Rudd. It was timed to appear on the eve of Rudd's Tuesday visit to a closed-door Silicon Valley meeting focused on combatting the spread of extremist material online.

To that end, she asserts that "real people" don't really want unbreakable, end-to-end encryption; they just like cool features. So can't we just compromise and add backdoors, thus breaking crypto for everyone?

Prime Minister Theresa May's government - like David Cameron's before her - is no stranger to scapegoating encryption, especially in the wake of terror attacks. Their governments used the specter of such attacks to ram through controversial mass surveillance legislation - the Investigatory Powers Act, derided by critics as the Snooper's Charter. The law enshrines the government's right to practice "bulk data collection," despite the EU's high court ruling that untargeted collection violates human rights.

Hashtag: #Facepalm

Rudd, meanwhile, shot to cybersecurity fame in March after suggesting that extremist material could be obliterated if only social networks would hire more smart people "who understand the necessary hashtags to stop this stuff even being put up." (A government minister later claimed that she had meant hashes - digital fingerprints - of extremist images and videos.)

Since then, Rudd has remained on the anti-crypto offensive.

Amber Rudd's July 31 article in the Telegraph.

"Real people often prefer ease of use and a multitude of features to perfect, unbreakable security," she writes in the Telegraph. "So this is not about asking the companies to break encryption or create so called 'back doors.' Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family? Companies are constantly making trade-offs between security and 'usability,' and it is here where our experts believe opportunities may lie."

As translated by the operational security expert known as the Grugq, don't call it a "backdoor," but rather "a plaintext copy of your data stored in the cloud."

What remains unsaid by Rudd is that WhatApp, Facebook and others began rolling out end-to-end encrypted communications after Edward Snowden's leaks revealed that British and American intelligence agencies were intercepting these services' plaintext communications en masse, apparently with little or no oversight.

Such revelations remain a big concern for very many real people.

"What a lot of politicians and lawmakers fail to understand is that if the U.K. government has a backdoor into encryption software, so does every other government on the planet," according to Dublin-based cybersecurity expert Brian Honan. "So that means the Chinese, the Iranians, the North Koreans can get to that data. And they may not have the same qualms or structures in place to make sure that only authorized people get those keys or those keys are only used under certain conditions."

Crypto 'Front Doors'

It's not clear if pronouncements by senior British government figures are born out of feigned ignorance or a poor grasp of technology, as with Rudd's reference to hashtags or need to invoke "experts" when suggesting that security should be traded for usability, when both are possible - as work funded by Britain's GCHQ intelligence agency continues to demonstrate. Likewise, Cameron was derided for poor technology literacy when he suggested his government wasn't demanding backdoors, but front doors.

Many of these politicians certainly aren't practicing what they preach. For example, Australian information security expert Troy Hunt notes that Rudd herself is an avid user of encryption, whether or not she knows it.

Let's Talk Extremist Content

Amber Rudd addresses the Global Internet Forum to Counter Terrorism on August 1.

What makes Rudd's anti-crypto pronouncements look most like political theater, however, is the fact that she was in San Francisco to attend the inaugural meeting of the Global Internet Forum to Counter Terrorism. Facebook says the group, which includes Microsoft, Twitter and Google's YouTube, launched last month to help the companies more easily "work together to curtail the spread of terrorism and violent extremism on our hosted consumer services."

Hence Rudd launched a broadside against crypto just before attending a meeting devoted to curbing the online spread of extremist content.

On that front, law enforcement agencies say extremist groups have become expert at running social media campaigns designed to recruit followers and glorify terror attacks or other forms of violent extremism (see Europol Details Online Jihadist Hunt).

Policing such content, however, remains difficult, and this is a problem for which better solutions need to be found. But sacrificing encryption in the name of security remains no solution at all.



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.