The spotlight once again fell on the world’s largest technology companies and their unwavering commitment to online end-user security (whoever that user may be) after a terrorist attack in London’s Westminster.
Following reports the attacker used WhatsApp just minutes before the incident occurred, the UK’s home secretary Amber Rudd had a stark warning for the Facebook owned messaging service, stating it was “completely unacceptable” terrorists were able to communicate “in secret” on the platform, given intelligence and police services were unable to access end-to-end encrypted messages (a feature WhatsApp introduced in 2016).
The issue raises a wider debate on the level of accountability the operators of social media must take in regards to terrorists using their platforms – to communicate with each other or publish propaganda – and Rudd summoned the likes of WhatsApp, Google and Facebook for a meeting.
But, despite her tough talking, encryption appeared to be the elephant in the room at the showdown.
A joint statement released by those present (Facebook, Microsoft, Twitter, Microsoft, but not Apple) did not mention encryption, as the companies instead announced a plan to create a cross industry forum to tackle online terrorist material on the web.
As market watchers have observed, encryption in itself is a binary state, and Rudd’s comments led to The Guardian newspaper suggesting the home secretary’s grasp of the technology was “hazy” for this very reason.
End to end encryption is a way of transmitting a message so that it can only be read by the person it is intended for, and cannot be intercepted by accessing the servers, or indeed the networks via which the message is sent.
The message, in effect, is scrambled as a series of digits which can only be understood by the sender and the recipient.
So, building backdoor access to a platform like WhatsApp for the government’s intelligence services may seem like the obvious thing to do in the case of terrorism, and in effect canning the protection of encryption for the average user. But it also means the technology companies are creating a route for hackers and cyber criminals to access a user’s personal details and messages.
Rudd is not the first politician, and the UK not the first government, to come to blows with technology companies over security related incidents.
Apple’s feud with the FBI springs to mind, when the tech giant refused to give the agency access to an iPhone, despite it being linked to a person involved in a shooting incident. At the time, two of the US’ major operators spoke out in support of Apple, arguing users’ security should not be compromised.
So, we have come to an impasse between both arguments.
Technology will only really advance with the confidence users are safe and secure online, but the pressure to open these platforms up will only continue to grow if they inadvertently aid and abet activity which puts the world’s security and its citizens at risk.
OTT must take responsibility
Alexander Michael, director of Consulting – Digital Transformation, at analyst company Frost & Sullivan, concurs, stating it is unlikely an amicable solution will emerge which represents a win-win for everyone.
He does, however, believe OTT providers and the technology community now need to take responsibility, while questioning whether encryption of WhatsApp messages is even necessary.
“I’d argue that it isn’t,” he said. “I don’t think end-to-end encryption is an essential part of the OTT service value proposition for ordinary citizens. We talk about the Snowden effect, meaning that ordinary citizens know a lot more about surveillance than they ever did before. It is possible to have an adult discussion about the need for encryption and the needs of law enforcement agencies.”
In an interview with Mobile World Live, Michael raises the point about the wider boundaries of surveillance, and whether accessing this information should then only be used to prevent terrorism, or whether such data could be used to investigate other types of crime like tax evasion.
A long-term approach, according to the analyst, lies in combining policy making with the development of technical standards, so that standards agencies and vendors can work together and strike a compromise on the citizens’ expectations, and the separate needs of the police.
Creating backdoor access, he believes, “is a terrible idea”, because they create a false sense of privacy, whereas they will be abused.
“If something can be abused, it will be abused. You can never have enough safeguards in place, because it would be unpractical, and unauthorised access is often perpetrated from the inside.”
He suggested one solution could be for OTT providers and technology players to take the onus on “analysing bulk databases themselves”, picking up on activity which might be terror related and then alerting the police.
“They would hate having to do that, but I think it would be fair,” he said.
In relation to the London terror attack a fortnight ago, a WhatsApp spokesperson already stated it did not have data that the government wanted. “When you send an end-to-end encrypted message, no one else can read it – not even us.”
As a wider issue, an age old debate around technology companies is how exactly they should be regulated? Michael said, ideally, they should be subject to the same laws as local operators.
However, he noted this is pretty much impossible because they fall outside of jurisdiction of one country. He also warned against national legislation going after the national operators even more, “in order to show citizens that the government is doing something”.
“Already, the playing field is not level, so if additional legal requirements are imposed on national operations, but OTT operations go free because they can’t be pinned down to a single country, then we have achieved absolutely nothing, except distorting competition further,” he said.
And here’s something to highlight. Just five days after the UK government’s calls, messaging platform Telegram (also called out by Rudd in her comments) announced its intentions to roll out encrypted voice calls in Western Europe, and then the rest of the world in the coming month.
The company said the service had been “built upon the time-tested end-to-end encryption of its chats”.
The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.