Home Secretary Amber Rudd, has continued to prove her lack of knowledge in areas where she is theoretically directing policy. While this in itself isn’t news, her lack of effort to understand encryption or even listen to those who do, is. Rudd appears to be unreasonably ignoring experts by demanding the impossible. One recurring issue is unbreakable end-to-end communication, with WhatsApp being a popular example of such technology.
How does this unbreakable end-to-end communication work? To get an idea, imagine Alice wants to post a box to Bob. Alice doesn’t want the postman looking inside the box, so she puts a lock on it that only she has the key for, and posts it to Bob. Bob receives the box, puts his own lock on, and posts it back. Alice takes her lock off, leaving only Bob’s lock, posts it back. Bob can then take his lock off and access the contents.The box has been sent securely without either key being made public.
The physical keys are analogous to what are called “private” keys, and the locks to the “public” keys in a cryptographic keypair. These keys are generally very large numbers, and are used to encrypt a message using a method that means the message can only be easily decrypted with the correct exchange of keys – similar to how the right key can open a lock easily, but opening a lock without that key is much more difficult. Like the locks, the public keys are in the public domain (and must be), but the private keys are private and must stay so.
Rudd wants the ability to snoop on communications by legislating software companies to include a backdoor in their encrypted communication software, allowing them, and presumably government organisations, access to encrypted messages. However, doing so securely is impossible. Returning to the lock analogy, this would mean giving every key to the government, or mandating that every lock have a master key. Either way, given their farcical history with sensitive data, the government will lose control of these keys.
There have been multiple leaks of information revealing software backdoors, including one that led to the WannaCry ransomware attack that affected over 150 countries and crippled many NHS hospitals. A leaked backdoor in these sorts of communications would give hackers free rein to read your private messages. Even if there are no leaks, this would still give government agencies carte-blanche to do the same.
The foundation of modern online activity is secure communication between institutions, organisations, and individuals. By legislating weaknesses into online communication, it is no longer secure, removing any trust for minimal security benefits. People with secrets to keep will just revert to other methods or just code their own communication software. While not trivial, it is easily feasible for a bedroom coder to put together secure communication software and distribute it to just one or two people.
During the Tory party conference, Rudd accused tech experts of ‘sneering’ at her for ‘not getting [encryption] right’. Are the techies right to sneer? Possibly, possibly not. Doing so may do more harm than good. Is the Government right to continue down the path of ignoring experts and making disastrous policy decisions? Doing so will definitely do harm, but that’s Amber Ludd for you.
Joe Hendley
Image: itsgoingdown.org