Security experts have long criticized FIVE EYES governments' desire to curb the use of end-to-end encryption in messengers like WhatsApp. Authorities claim that the removal of robust encryption is necessary for national security reasons and to protect children. The reality is that the move would push criminals further underground while removing access to vital privacy services for law-abiding citizens.
Despite convincing arguments made by security and privacy advocates in favor of data privacy for all, governments continue to pursue backdoors into encrypted messages. What they inevitably fail to mention, is that backdoors would cause a security vulnerability that enemies of the state, hackers, and cybercriminals could also exploit.
Undeterred by this underlying conflict of interests, the UK Home Office is now ramping up its efforts to destroy consumer privacy once and for all. According to documents uncovered by Wired, Priti Patel is working alongside child protection charities to push for new legislation that would make encrypted messengers illegal.
If the Home Office gets its way, the British public will be subject to a data free for all – in which it becomes impossible for people to communicate privately using popular services like WhatsApp.
Worryingly, there is growing concern among tech companies that the government may seek to leverage the Technical Capability Notice (TCN) written into the Investigatory Powers Act to force companies like Facebook to provide access to encrypted messages without the public's knowledge.
If the government pursues this covert approach, it could begin intercepting messages en masse. As a result, users would have their messages intercepted despite believing that they are being sent securely to their intended recipient.
This would cause users to believe they are receiving a level of data security and privacy they aren't actually getting - putting journalists, lawyers, activists, whistleblowers, and anybody else who uses encryption to communicate privately at risk.
The idea that the government could begin enforcing gag orders to create secret backdoors into encrypted messages is unnerving, and yet it would be completely legal because of the Snoopers Charter.
Until now, it was not thought that the government would leverage TCNs to snoop on people's encrypted messages, even though the legal capability to do so already existed.
If this clandestine strategy came into force, providers like Facebook would need to break their encryption while also continuing to claim that their messenger services were using E2EE.
This would cause an enormous breach of trust and serious backlash against those services should it ever come to light. Unfortunately, there is little that tech companies could do because of the gagging nature of a TCN – which if broken would lead to serious legal penalties.
That said, it seems unlikely that the UK government could successfully use TCNs to access encrypted messages regularly without those actions being noticed. With this in mind, most agree that the government would still prefer to backdoor encrypted messages with message providers' full cooperation.
To this end, the UK government had until now been pursuing open engagement with messenger platforms in its attempt to convince them to provide backdoors. Now, however, there is concern that the government is losing patience.
Comments made by Minister for Digital, Oliver Dowden, are helping to foster the belief that the government is planning to leverage an injunction to prevent Facebook from implementing encrypted messaging across its infrastructure of messaging apps:
"We haven't ruled out any steps to protect against those abuses. But at the moment we are engaging with Facebook to try and resolve this in a way that is in the interest of everyone and that we have appropriate protections in place. We are keeping all options on the table, but the legislative vehicle would not be the Online Harms bill."
If true, this could set a precedent and open the door to more TCNs further down the line, putting messenger apps at the whim of the government – and potentially leaving them with no option but to pull their services from App stores altogether (without mention of the reason because of the gag orders involved).
The wrong course of action
In a blog post on the subject, UK advocacy organization Open Rights Group (ORG) states that the government's desire to limit encryption on Facebook services "clearly goes against user expectations".
"What is framed by the government as a means to 'detect crime' is, in fact, likely to reduce personal security, introduce new risks, and create opportunities for criminals and abusers," ORG states.
No one denies that the need to protect children against online abuse is important. That said, taking away people's ability to communicate privately is not the right course of action and leveraging the need to protect children to maneuver mass surveillance into place becomes entirely objectionable if it is done in such a way that leaves citizens under the impression that they are still encrypting their messages.
Instead, the government must consider approaches that remove the potential for harm without removing critical access to private communication for law-abiding citizens. "This could, by implication, require age verification to use an encrypted messaging app," ORG states.
Andy Burrows, NSPCC's head of child safety online policy, remains steadfast in his conviction that the best way to prevent child abuse is to completely remove end-to-end encryption from popular messaging services like WhatsApp.
What Burrows, various charities, and the right-wing think tank that is helping to push for backdoors fail to acknowledge, however, is that encryption will remain available to criminals via more covert means.
With criminals still able to continue their illegal activities, and little evidence to suggest that snooping on everybody will lead to tangible improvements to child safety, it is important to remain lucid and skeptical about the government's underlying motivations, which is to create an environment in which it can engage in the mass surveillance of everybody's messages.
Unfortunately, if the government forced its way into encrypted WhatsApp messages using a TCN, none would be the wiser. As a result, we might have to look for other clues that raise an eyebrow – such as Mark Zuckerberg being caught using Signal.