Writing in The Telegraph (it’s behind a paywall, but here’s the pertinent bit) UK Home Secretary Amber Rudd writes:
“Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family?
“So this is not about asking the companies to break encryption or create so called ‘back doors’.
“Companies are constantly making trade-offs between security and ‘usability’, and it is here where our experts believe opportunities may lie.
“Real people often prefer ease of use and a multitude of features to perfect, unbreakable security.”
Hmm.. “real people” voted a few weeks ago in the United Kingdom’s snap general election, stripping away the ruling Conservative party’s majority, and leaving us with a hung parliament.
Amber Rudd herself was feeling the shock after the majority in her own parliamentary seat was slashed to just 346 votes.
"Real people" don't want Amber Rudd.
— Graham Cluley (@gcluley) August 1, 2017
The suggestion that services like WhatsApp should stop using proper encryption because the only beneficiary are terrorists is bonkers.
Encryption is a good thing, not a bad thing.
Encryption protects our privacy from hackers and organised criminals. It defends our bank accounts, our shopping, our identities.
There are too many data breaches involving online companies who have failed to properly secure our data.
Too many hacks where criminals and state-sponsored hackers have intercepted sensitive information and used it to their own advantage.
Too many instances where security services and intelligence agencies have spied on their country’s citizens either with the approval of authoritarian regimes, or broken the law to illegally collect vast amounts of personal data without proper oversight or the public even being aware of what was going on.
Real people care about their privacy. They close the door when they go to the bathroom. They put on clothes before they step outside on the street. They protect their online accounts with passwords.
It’s not as if “breaking” WhatsApp’s encryption would really help the fight against terrorism and organised crime anyway (WhatsApp is – for some reason – seemingly the service most commonly in the UK Government’s firing line).
Criminals would simply use other services if WhatsApp no longer provided secure end-to-end encrypted messaging, or “roll their own” sending them even further out of the reach of intelligence agencies.
So, in summary, UK Home Secretary Amber Rudd argues that people would be happy with imperfect, breakable security.
I believe that most “real people” would be concerned that such a step would increase the chances of their privacy being invaded, and criminals taking advantage of weakened security.
This stupid woman doesn't even realise that WhatsApp doesn't offer "perfect, unbreakable security".
The German police are already breaking WhatsApp messages by hacking into the phone instead.
>The German police are already breaking WhatsApp messages by hacking into
>the phone instead.
Of course. So are all the other LEA around the world, including here.
Is Rudd joking? I'll not do any business over the Internet if she has her way.
Politicians seem happy to flaunt their utter ignorance of science, engineering and technology. They are the successors of King Canute. For her child-like ignorance, Rudd should curl up with embarrassment. Better still, she should keep her mouth closed.
"Companies are constantly making trade-offs between security and ‘usability’"
Really talking about a trade-off between security and government access – does she honestly believe 'real people' are too stupid to see through this? Behind-the-scenes encryption makes no difference to the end-user experience, so her WhatsApp example falls flat. And while people might not choose to use WhatsApp because of its encryption, they might also choose *not* to use it if they feel its encryption has been compromised (as you've pointed out, this includes terrorists – who are also 'real people' of course, not just the boogeymen of the media).
Was she asleep when Clare Foges had a similar crack at being a tech pundit?
https://www.techdirt.com/articles/20151123/10050732890/telegraph-publishes-dumbest-article-encryption-youll-ever-read-written-david-camerons-former-speechwriter.shtml
Politicians are not human souls. They lack the ability to acknowledge how ridiculous, illogical rubbish is expected to be believed.
From fake Brexit to spying on everything we are doing. Politicians have these jobs to pay for their prostitutes, drugs and many houses, not because they have any knowledge of or interest in humans.
I worked for the security services for 4 years and the things I discovered would make you physically sick. Projectile style.
Hear, hear! Politicians are not selected to run for office at Bilderberg conferences, because they are warm, humane and caring. They are selected when they can demonstrate that they can be bribed, can sell their own family down the river for the right price, and have a hedonistic, short-sighted outlook on life which forgoes community. Basically, that they are far nastier than they are nice. :-) Also, politicians are told that they are not running the show, but certain elite families are. These families will dictate their agendas over whatever terms they are going to be serving.
looking at the comments… a perfect example of the arrogance and supposed superiority of us in IT and infosec.
I'm pretty sure Rudd is right about this: if you polled 1000 people and asked "would you like end-to-end crypto in messaging apps banned, so the cops can more easily catch terrorists?" I'd be surprised if it was better than 70/30 in favour.
Note I'm not saying her apparent intentions are a Good Idea, just pointing out that the majority of people really don't care. You don't have to look far to see market-based evidence of that – the market success of Android and Windows, for instance.
Sorry, Graham, most people out there don't care what us "boffins" think or say.
I think you are wrong on that – people are not as stupid as you make them out to be. The feedback I get when I tell people that Whatsapp is end-to-end encrypted, and even Whatsapp can't decipher the messages on their own servers, is relief!
There are many good reasons why people's personal comms should not be easily deciphered. Information gleaned from what people believe to be private comms with their family and friends, can be used to steal identities, case their homes for burglary, kidnapping, and all other sorts of nefarious activities. If you know when and where someone will be before they get there, and they have told nobody but a friend or family member, then you have an advantage over them. As crime rises in the Western world, that advantage will be progressively more capitalised on.
From a quick canvas around the mostly non IT literate people I know, I believe it's not a case of don't care but more they don't understand. If they were asked, would you allow potentially anyone to read or eavesdrop on your messages, I suspect a different answer may be returned. Like any poll, it's all about the question and how it's interpreted.
What I think Amber Rudd implies in her article relates to the recent BlackHat 2017 keynote by Alex Stamos. In one of his key points he suggest that we all as ITsec community should descend from our "olympus" and recognize that in some cases partial security for masses is better than no security at all and the tradeoffs are sometimes justifiable. In this context her article takes different angle.
It's well worth watching:
https://www.facebook.com/security/videos/10155111383296886/
(although my take was that he was not advocating poking holes in encryption – just not calling politicians idiots when they suggest it).
Sorry guys, real people don't care about security. Just look at the multitude of people who leave their Facebook/Twitter/Instagram accounts open, reuse easy to guess passwords on multiple sites, don't update operating systems/apps/applications all because it's too hard/I don't how to etc.
Sites like this forever contain stories of major companies being hacked and tell us to not do the above.
While I disagree with the belief that it is right to have governments intruding and interfering with our privacy, Amber Rudd's sentiment that real people don't care is correct.
Let the flaming begin!!