Most technologists understand that end-to-end encryption in messaging keeps people safe and empowers commerce. But the UK government is launching a publicity blitz to have that layer of protection removed.
The decision will affect every nation the UK does business with, including those that still value the right to privacy and free speech.
Privacy versus safety
Rolling Stone reports the UK has developed an emotive ad campaign around child safety to build support for its argument. Of course, this campaign comes nowhere near addressing the threat to free speech, commerce, or privacy in such a move. Naturally, the reaction across most of the tech industry has been a series of shared oaths as people who know about this stuff ask: “Do we have to explain this again?”
Robin Wilton, director of Internet Trust at the Internet Society told Rolling Stone:
“Without strong encryption, children are more vulnerable online than ever. Encryption protects personal safety and national security.… What the government is proposing puts everyone at risk.”
The report also explains that the UK government doesn’t seem to want to address the privacy-versus-security debate. Instead, it simply seeks to inflame reaction with an emotive campaign that raises public support for such a move while utterly ignoring the multitude of arguments against it.
One slide mentioned cites a request that the campaign “must not start a privacy vs. safety debate,” except, of course, that it automatically does. To get some sense of the many nuanced protections provided by encryption, take a look at this clear and comprehensive piece.
Lack of security as a design feature
One of the few points of agreement between Apple and Facebook is about the need for privacy protection. Both companies have long opposed attempts to weaken security protection, arguing that doing so poses numerous threats.
What sort of threats?
- Entrepreneurs working on confidential business ideas may find blueprints stolen by state and non-state actors who have penetrated their messaging system.
- People of different genders and sexualities could be exposed to reprisal by authoritarian governments.
- Opposition politicians, community advocates, and dissident intellectuals can be identified, tracked, and monitored, stifling civic freedom and free speech.
- Lack of encryption on a platform scale threatens smart logistics and smart infrastructure by weakening protection.
- Financial transactions might be more easily exposed.
Ongoing revelations around NSO Group (and of PRISM many years ago) shows the extent to which surveillance is already used in an egregious manner. The removal of end-to-end encryption simply makes it easier to do by removing an important layer of protection.
Such a pointless move
What’s worse about the idea is its innate futility. After all, if larger entities are forced to abandon encryption, the criminals the government says it wants to target will be savvy enough (and guilty enough) to find alternatives, such as:
- Third-party encryption apps;
- Pre-encrypted messaging;
- Encrypted data embedded inside fake photos.
There are so many options available to the guilty that those most impacted by the UK government plan will be those who are innocent, who will become more vulnerable and lose privacy in exchange for less, rather than more, security.
The former head of UK intelligence service, Jonathan Evans, in 2017 warned against weakening messaging encryption, pointing to the commercial need for such protection.”
It’s very important that we should be seen and be a country in which people can operate securely — that’s important for our commercial interests as well as our security interests, so encryption in that context is very positive,” he said.
If you can scan one thing more, what would it be?
The UK intent generates rather disturbing echoes following Apple’s flawed plan to introduce on-device CSAM scanning on its devices. While the iPhone maker seems to be sitting on those plans now, the UK government’s new campaign suggests why the company developed the tech – and hints how easily it could be extended into other fields.
John Hopkins Information Security Institute Associate Professor of Computer Science Matthew Green warns: “Don’t listen to anyone who tells you ‘they’ll never give in to government pressure’ when it’s obvious they already are.”
Copyright © 2022 IDG Communications, Inc.