The UK Government is Technologically Clueless
In a speech following the terrorist attack in London last week, UK Prime Minister Theresa May pledged to “regulate cyberspace to prevent the spread of extremism and terrorism planning” and to ensure there is no “safe space for terrorists to be able to communicate online”. This statement shows just how out of touch and clueless the government is in these matters.
First of all, she used the term “cyberspace”, which I’m pretty sure fell out of the common lexicon sometime in the late 90’s. But more importantly, it demonstrates a complete lack of understanding of how the technology behind online communication apps work.
A safe space for terrorists to communicate refers to any platform on which messages can’t be intercepted and read by government agencies or other third-parties. The most common way to stop messages being intercepted is to provide end-to-end encryption, which is what apps like WhatsApp, iMessage and Signal do. Properly implemented end-to-end encryption means no one but the intended recipient can read the message, and that includes the service operator and government agencies; i.e., not even WhatsApp can read the messages you send through it, only you and the person with whom you’re chatting can.
The current Conservative government is already pushing for services like these to implement back doors and deliberately broken encryption to allow government agencies to read the messages. They are not asking for unlimited fire hose access to all messages all the time, just the ability to request access on a case by case basis. However, the existence of a back door or deliberately weakened encryption in these apps, no matter how infrequently they may be used, would provide an obvious attack vector, making the apps less secure for all users. This is something that has already been written about at length.
Any semi-competent programmer could build en encrypted messaging application in an afternoon
What I haven’t seen mentioned in any other articles, and to me seems like a much bigger problem with this approach, is that any semi-competent programmer could build en encrypted messaging application in an afternoon. If terrorists aren’t already using custom built messaging apps to communicate, you can guarantee they will be if existing ones like WhatsApp become compromised by government legislation.
Considering the NHS was recently brought to its knees by a ransomware infestation, the last thing we should be doing is making our computer systems less secure, yet this is precisely what the government is proposing.
The Internet has matured to the point it has become an integral part of most people’s daily lives. A growing number of people, myself included, earn a living through it. It is no longer OK for lawmakers to be ignorant of the basic principles of the Internet, particularly with regards to encryption and security.