Debate is ongoing on the safety of end-to-end encryptions. Many governments across the world are attempting to bypass the technology, which would give them an insight into the private correspondences of potential criminals, as well as their citizens.
Unsurprisingly the USA, the self-proclaimed inventors of freedom, are keen to do away with the tech in order to keep a closer eye on their voters, and the UK is, as usual, following suit.
The UK’s Online Safety Bill would allow them to scan private communications in search of illegal activities - namely, child exploitation. While not specifically addressing encryption, the bill will force tech companies to compromise their security if they want to avoid legal issues.
Unsurprisingly, WhatsApp and its parent company Meta have opposed the plan, along with other companies, such as Signal and Viber (still a thing, apparently). BCS, formerly the British Computer Society, has warned of the dangers to public trust in technology should the bill be passed.
This is the most recent chapter in a book of debate within tech in the UK. In the past, Theresa May, Priti Patel and David Cameron all proposed different legislation to allow law enforcement to listen in on the people.
Does the end justify the means?
While legacy tools for espionage such as wiretaps are still legal and still used today (RIP Lance Reddick and Michael K Williams), bypassing encryption on apps that utilise end-to-end encryption is not possible without ‘fundamentally compromising the overall security of the platform’.
One argument for bypassing or banning end-to-end encryption is to tackle organised crime, specifically child exploitation online. In fairness to the UK government, this is a hard point to counter - anyone arguing for citizens’ privacy to be respected has to side with the paedophiles, abusers and online groomers.
Personal privacy aside, cracking down on paedophilia and generally taking steps to preventing child exploitation is obviously no bad thing. Terrorism, organised crime, drug dealing and more could be combated if the government was able to access private messages.
There are obviously reasons why this bill would be beneficial, as much as the tech giants would try to avoid those facts. And let’s not forget this is the same parent company as Instagram and Facebook, which recently came under serious scrutiny for misusing personal data.
For instance, although Meta cannot see the contents of texts of phone calls on WhatsApp, because WhatsApp communications are scrambled, on Facebook and Instagram employees can, theoretically, read people’s private messages. When asked, a source at Facebook said it was easily done, although it would result in consequences if they were caught misusing their position. Although trust in the government may not be optimal, there is no reason to trust the tech corporations either.
Overwhelming risks to bill cause outcry
In 2015, encryption was recognised by the United Nations as a key tool in ‘circumventing censorship’ and ensuring freedom of expression.
Despite this, five years later (2020 for those readers who aren’t quick with maths), politicians from the Five Eyes intelligence network, the US, UK, Canada, Australia and New Zealand, released a joint statement calling for tech companies to give back door access into encrypted messages for public safety.
Although the British government argues the bill ‘in no way represents a ban on end-to-end encryption’ and denies it will attempt to weaken the security of the companies, this is in effect what they will be doing. There is also the debate that even if the bill would be passed, it would not guarantee an improvement on malicious activity on the internet. BCS chief executive Rashik Parmer lamented:
Once a backdoor has been compromised, data and content protected by the encryption becomes accessible. This is exactly what many bad actors would welcome.
Removing encrypted messages would mean giving an enormous amount of trust to the UK government. This is an impartial publication, but in terms of recent incidents in UK politics (All things Dominic Cummings or Partygate are recent examples, but let’s not forget the Iraq war and the plethora of lies that came with it), one could argue they have done little to earn such trust. Edward Snowdon’s whistleblowing is fairly concrete proof that if the government is able to listen and store private messages, they will. Charles Mok, a former legislator in Hong Kong, argued removing end-to-end encryption and relying on the government and police is like:
‘the police telling people not to lock their doors so the police can conveniently come in and search’
Although a nice idea, the police would have unprecedented access into their citizens’ private lives. What’s more, Mok argued this would make it much easier for criminals, be they cyber or otherwise, to act against people. Aside from the UK and its citizens, there is worry that passing this bill will set a bad precedent for foreign governments who already have a strained relationship with their citizens.
Thailand’s current military administration Prayuth Chan-ocha has used NSO Group’s Pegasus spyware on its activists, and similar technologies have been used in Hong Kong, Iran and elsewhere. Sam Goodman, director of policy and advocacy at the UK-based Hong Kong Watch argued it would be ‘near to impossible’ to work with sources and sensitive information without encrypted messages.
Meredith Whittaker, President of the Signal Foundation argued Signal would refuse to lower their privacy standards regardless. They have implemented proxies and other tools in Iran when faced with a similar issue, and she said they would do the same in the UK if needed. Whatsapp, for their part, threatened to leave the UK outright.
A 2022 survey of over a thousand IT experts by the BCS revealed only 19% of experts thought the bill would make the internet safer. 58% argued it would harm freedom of speech. Both tech companies and the UK government say they are working in the interest of public safety.
In reality, although paedophilia and online child exploitation is a serious issue that must be dealt with, removing the security that end-to-end encryption brings is a dangerous proposition, especially when so much of people’s data and private lives are easily available to governments or malicious actors. Having a secure, private messaging service is extremely appealing to protestors, NGO’s, human rights activists and even just the general populace who would rather not have their or other governments involved in their private lives. As of yet, the debate continues.