The BBC recently published an article that, if you only read the headline, would lead you to believe that tech companies are developing a solution where they can read your messages, despite them being end-to-end encrypted. The headline is so misleading that I am tempted to flag it as fake news, and what makes it more disappointing is that the subject of the article is extremely important.
The article has caused not only a stir in the UK, but in the U.S. where many of these technology companies are headquartered. The BBC piece offers ‘a very simple question’ – ‘should technology companies be able to read people’s messages?’ The question is incorrect. What should be asked is – ‘should technology companies be forced by governments to provide a facility for the government and law enforcements agencies to intercept and read all messages, on all devices’?
Proposed legislation in the UK, the Online Safety Bill, will require technology companies to break the end-to-end encryption through a backdoor, allowing messages to be scanned for illegal content. So, the headline is very misleading, as it’s not big tech’s desire to read the messages, it’s the UK government.
Breaking security in this way opens the opportunity for cybercriminals to abuse this backdoor method, as well as for abuse by governments. If the facility to extract data from a secure communication existed then it would not be long before another headline appears stating that some rogue government is monitoring all its citizens, or have rounded up all those that oppose them.
Demand for end-to-end encryption is unquestionable
The demand for messaging apps that provide end-to-end encryption is unquestionable, with billions of users relying on them as a means of communication every day. The demand has been met with a variety of apps and technology companies moving existing services to offer end-to-end encryption. This means a conversation between two people, or a group, remains private and is only readable to the participants of the conversation. And these technology companies behind the apps and services are proudly stating that their platforms are secure and private, which is what we as consumers have demanded of them.
The issue with providing encryption functionality as default is that some individuals or groups will use it for illegal purposes, and the implemented security makes it complicated for law enforcement and government agencies to intercept the content in a form that they can read. At the same time, it makes it complicated for cybercriminals, those that may use the information for extortion, identity theft, or fraud.
There is a collision course set as many big tech companies that provide end-to-end encryption-services have stated that they will remove their services from the UK rather than break the security currently being used by a large proportion of the population.
A statistic used in the BBC article leans on emotion while claiming the majority of the population supports the ability to break the encryption and to scan messages for child abuse material. If asked, I would probably agree as well. And let’s be clear, I would support severe punishment to people guilty of these crimes, not just locking them up! The question posed to survey respondents should be ‘should a government policy force technology companies to break end-to-end encryption for everyone, on all their messages, on all devices, for all apps, to allow everything they send to be intercepted and scanned, either in transit or on their device’? This is likely to get a very different response.
Numerous security researchers, privacy advocates and experts have published their concerns in an open letter. Their concerns detailed in the letter need to be strongly considered as legislators attempt to push the proposed legislation through the process to become law. It’s also important to understand this will become a cat and mouse game as the people guilty of abusing end-to-end encryption to commit crimes will find other ways to stay hidden, which will require more legislation and likely involve further degrading of security for the entire population.
In my opinion end-to- end encryption of personal messages is not a nice to have, it’s essential, and there should not be any built-in method to circumvent this vital security.
Tony Anscombe has more than 20 years of experience as an established author, blogger and speaker on the current threat landscape, security technologies and products, data protection, privacy and trust and internet safety. He has spoken at RSA, Black Hat, VB, CTIA, MEF, Gartner Risk and Security Summit and the Child Internet Safety Summit. He has been quoted in BBC, the Guardian, the New York Times and USA Today, with broadcast appearances on Bloomberg, BBC, CTV, KRON, and CBS. This piece is exclusive to Broadband Breakfast.
Broadband Breakfast accepts commentary from informed observers of the broadband scene. Please send pieces to email@example.com. The views expressed in Expert Opinion pieces do not necessarily reflect the views of Broadband Breakfast and Breakfast Media LLC.