After making critical comments about unhelpful techies while
Stopping End-to-End Encryption
After the Westminster Bridge attack back in March, where the attacker was reported to have used WhatsApp, Home Secretary, Amber Rudd (in a TV interview) described a situation whereby terrorists can secretly talk to each other on a formal social media messaging platform as ‘unacceptable’. This led to her publicly spearheading a move to push for the removal of end-to-end encryption model that denies everyone (including government’s) access to message content, and to instead allow specific unscrambled messages to be handed to the government on warranted request, or accessed through ‘back doors’ being built into social media platforms.
Comments At Recent Meeting
During a recent fringe meeting, however, at the Conservative Party Conference, Home Secretary Rudd answered an audience question by saying that she didn’t need to understand how end-to-end encryption works to understand how it helps criminals, and suggested that legislators were "laughed at" for failing to understand the basics of the technology. She also suggested that she faced being patronised, and criticised by techies who don't like to help until "after an event has taken place”.
The replies from technical commentators have come thick and fast. The main criticism of Rudd’s comments and stance on end-to-end encryption is that end-to-end encryption cannot be simply altered without being completely broken, and, if a back-door is built into an app or social media platform for the authorities, that same back door could be exploited by hackers and other online criminals. Technical commentators have therefore pointed out that although Home Secretary Rudd has said that she doesn’t need to know how end-to-end encryption works, it would appear that the reverse (on a basic level) is true, particularly since she is a leading exponent of calls to stop it.
Critics have also pointed out that, even though the Westminster Bridge attacker is known to have used WhatsApp (with its end-to-end encryption) prior to the attack, there is no real evidence to suggest that it was used to communicate with anyone else who was involved in the attack or its planning.
Home Secretary Rudd has also been criticised for previously saying that she doesn't believe that "real people" actually care about end-to-end encryption, despite her highlighting it as an important issue, and for mixing up ‘hashtag’ with ‘hashing’ in an interview on the Andrew Marr show.
What Does This Mean For Your Business?
National security and Internet / data security for businesses are, of course, important issues. Clearly, the technical community (in this case) feels that the Home Secretary should try to understand and exhibit more knowledge about key online security issues, and in order to maintain good relationships and a common purpose, refrain from public criticism of those in the technology industry.
Security and privacy are important in business communications, whether by phone app, social platform, or by email system. Businesses could argue that (political arguments and political personalities and styles aside) UK businesses are now facing really serious risks from cyber criminals, many of whom have already shown themselves to be capable of exploiting situations where there are back-doors in software / platforms / systems, or where there is a lack of adequate encryption. Relaxing security protection (such as end-to-end encryption) for everyone (for the sake of a few) may therefore not be a response that will benefit businesses right now. The debate and the criticism, however, look likely to continue.