Encryption: The battle over government access to private WhatsApp and Facebook chats

Fight could decide how safe and secure conversations are in the future

Andrew Griffin
Wednesday 31 July 2019 10:52 EDT
Comments
Amber Rudd says WhatsApp's encryption of messaging may come to an end after Westminster terror attack

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

End-to-end encryption is the technology that keeps messages sent on WhatsApp, iMessage and other secure platforms. It is also becoming a major battleground in deciding the future of the internet.

On one side stands many of the most powerful people in the UK and US governments. On the other is some of the largest technology companies in the world.

And between them is the fight for whether communications over the internet should be able to be read by security services and the police, and whether it is worth weakening the protections that keep them private to do so.

The debate has been revived by senior politicians on either side of the Atlantic. Most recently, new home secretary Priti Patel suggested that encryption on Facebook-owned platforms was hindering investigations by law enforcement.

What are backdoors?

To stretch the not especially good metaphor of their name, it is as if every phone that sends a message is a key, and every phone that receives one is a lock. Messages will only work if those two things match up exactly – and without the two coming together, the key and the lock are entirely meaningless.

A backdoor is another lock, and one that governments can open in every case. Rather than having to ensure the key and door match up in every case, they can simply use that backdoor to circumvent the encryption and read whatever is being passed between the two.

More precisely, and a little more technically, it is a kind of master key. It means that encrypted messages can be intercepted and opened, no matter who they were sent by and meant for.

When an encrypted message is sent, the phone that is doing so scrambles up the message so that it looks meaningless to anyone who would see it. The only way to unscramble that nonsensical message is to use the recipient's key to put it back together again, which ensures that messages are protected as they are passed between devices.

The backdoor can unlock any message. In doing so it undermines the promise of end-to-end encryption – the message can be read in the middle – but theoretically means that messages could still be kept safe.

Why do people want them?

Supporters of backdoors, who oppose strong encryption, argue that it is unsafe to allow people to send messages completely privately. The government needs a backdoor so that it can monitor people's conversations, they argue, because those conversations could be used to plan criminal activity or recruit people into it.

That is the argument now being offered by the UK government.

“This is not an abstract debate: Facebook’s recently announced plan to apply end-to-end encryption across its messaging platforms presents significant challenges which we must work collaboratively to address,” wrote Ms Patel in her new Telegraph article.

“The use of end-to-end encryption in this way has the potential to have serious consequences for the vital work which companies already undertake to identify and remove child abuse and terrorist content.”

“It will also hamper our own law enforcement agencies, and those of our allies, in their ability to identify and stop criminals abusing children, trafficking drugs, weapons and people, or terrorists plotting attacks.”

Why do others oppose them?

As long as these kind of backdoors have been discussed, technology companies and privacy advocates have opposed them. They argue that it is not only bad to provide a backdoor into encryption but technically impossible – and that there is no way to weaken encryption for the government without weakening encryption for everyone.

Any backdoor that is added can potentially be opened for anyone, they argue. The tools to read messages could quickly fall into the wrong hands, and as a result would make anyone using those chat apps unsafe.

Last year, for instance, a coalition that calls itself "Reform Government Surveillance" – which includes Apple, Facebook, Google, Microsoft and a host of other technology companies – once again dismissed talk of backdoors.

"We have consistently raised concerns about proposals that would undermine encryption of devices and services by requiring so-called 'exceptional access' for law enforcement," it wrote in a statement in May, during one of the previous discussions over backdoors.

"Recent reports have described new proposals to engineer vulnerabilities into devices and services – but they appear to suffer from the same technical and design concerns that security researchers have identified for years. Weakening the security and privacy that encryption helps provide is not the answer."

But it is not simply technology companies and privacy advocates who argue that weakening encryption is not the approach. This month, Michael Hayden – who served as director of the National Security Agency as well as in many other senior roles in the US establishment – suggested on Twitter that he too did not think the the security risks of giving governments backdoor access to private communications were worth it.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in