Webster in The Oldie

Contact Webster...

Newsletter - sign up here

Ask Webster

Search Webster

Webster's pieces from The Oldie

Webster's Webwatch

WhatsApp snooping

2021

Do you want our government to read your WhatsApp messages? Neither do I, and thanks to end-to-end encryption (E2EE), they can’t – at the moment.

Using E2EE, only the writer and the recipient can read the message; nobody else, not even the message service itself. WhatsApp uses E2EE and Facebook intends to, soon; those two cover half the active message senders worldwide.

However, officialdom doesn’t seem to like us keeping secrets and the Home Office has just started yet another attempt to ban E2EE.

It is at least their third effort; in 2018 they linked it to terrorism, claiming WhatsApp provides a “secret place for terrorists to communicate”. They wanted a skeleton key; this received a very cool reception from an industry that rates security pretty highly.

In 2019, the GCHQ cyber spooks claimed their spying was being hampered by E2EE; they suggested that all encrypted messages should have a ‘ghost user’; in other words, a copy of every message you send would be covertly sent to whatever state organisation they nominated.

This too was firmly rejected by the industry, after they had stopped laughing. An impressive group of 47 civil rights groups, trade associations, businesses and security experts co-ordinated a powerful argument against the GCHQ plan. As part of a detailed response, they pointed out the huge potential for misuse, not least around fraud and online scams; a back door works for the bad people as well as the good ones. That cooled things down for a bit.

Now the Home Office is trying again by bringing the safety of children into the argument, always an emotive subject.

The NSPCC, clearly in cahoots with the Home Office, recently commissioned a report that, in a nutshell, suggests that children are put a risk if adults are allowed secrecy. The previous objections to E2EE are dismissed; the report even bizarrely suggests that allowing government access to your encrypted messages is somehow analogous to speed limits on motorways; it’s for our own good.

Unfortunately, the report is, in my view, far from even handed. Not surprising, given that of the 16 ‘experts in the field’ interviewed, only one was a Civil Rights group; seven were Government and law enforcement organisations (including the Home Office itself), and another six clearly had axes to grind in this area, having opposed E2EE before.

To be fair, they did also speak to Google and TikTok, but Google was the only one of the 47 signatories of the 2019 counterblast that was consulted this time.

I’m not impressed; it would be easy to gather a spectrum of opinion, but it seems to me that the intention was to produce a report that supported a particular campaign.

It’s bad enough that a major charity puts its name to a partisan document like this, but what’s worse is that the Home Office can now hide behind the NSPCC’s good name and wave the report around citing ‘experts’ and ‘child protection’, all in the name of peering at our messages.

The serious problem here is that the NSPCC is right; E2EE probably does make tracking child abusers harder, but we didn’t need this report to convince us of that. My real fear is that even if encryption makes it more difficult to keep us safe, a lack of encryption will make it even harder for everyone, including children, to stay safe.

On top of that, it’s not the only solution; encrypted WhatsApp already uses successful data analysis to close over 300,000 accounts each month that are suspected of child-related abuse.

No, as the Home Office has shown before, they want to read our messages; this time the excuse is a desire to save children. If they get their way, it won’t stop there. Mark my words.

A few links

1.              This is the NSPCC report I mention.
https://www.nspcc.org.uk/globalassets/documents/news/e2ee-pac-report-end-to-end-encryption.pdf

2.              GCHQ’s original ‘Ghost User’ proposals
https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate

The 2019 response from the industry to the ‘Ghost User’ proposal
https://regmedia.co.uk/2019/05/30/letter_to_gchq_ghost_user_cryptobusting_plan.pdf

4.              A UNICEF report on the subject including the comment that E2EE ‘means that every … child or adult will be provided with a technological shield against violations of their right to privacy.’
https://www.unicef-irc.org/publications/pdf/Encryption_privacy_and_children%E2%80%99s_right_to_protection_from_harm.pdf

All content on www.webstersblog.co.uk is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.