WhatsApp has been singled out as the messaging app of choice for terrorists. Amber Rudd, the UK’s Home Secretary, called the app “a secret place to hide”.
End-to-end encryption is the broader problem for politicians like Rudd. It scrambles messages for everyone except the sender and recipient, preventing unauthorized access by the authorities, and even the app’s developers. It also keeps your personal data secure.
There is a terrorist threat for all of us, and that isn’t the argument. Banning WhatsApp won’t deter terrorists. In fact, there’s solid evidence to suggest that banning encryption would make us all less safe while doing nothing to curb terrorism at all.
As the UK’s controversial Investigatory Powers Act is set for a legal challenge by Liberty, it’s high time we all pushed back against this increase in government snooping.
WhatsApp is Not the Problem
Three minutes before the Westminster Bridge attack, terrorist Adrian Ajao used WhatsApp to contact someone on his phone. The security services can’t unlock his messages, and Facebook — WhatsApp’s parent company — cannot unlock them either.
Police in Germany faced the same restrictions when they tried to access Anis Amri’s Telegram messages. He was the driver of an articulated lorry that crashed into a Berlin Christmas market in 2016. (Telegram has long been considered a tool of ISIS; it was used to plan the Paris attacks in 2015.)
Herein lies the first simple problem. WhatsApp is not the only secure messaging app we could ban. There’s Telegram, Signal, even Facebook Messenger. Terrorists will communicate using whatever medium is available. If one app is blocked, they will move on to another.
And a lack of encryption is not necessarily a barrier to communication. A surprising number of terrorists use Gmail (34% of emails studied in Trend Micro’s 2016 report).
How far should we go to go to completely stop terrorists communicating? Short of switching off every cellphone mast on the planet, it simply isn’t possible.
Bans Don’t Work
Some governments have tried to put bans in place already. WhatsApp was banned temporarily in Brazil after a court ruling. Turkey has blocked several messaging apps during times of political unrest. There are many more examples.
Telegram is an interesting example of why banning an app is an overly simplistic plan. Many of the Telegram channels that are used to spread information are, in fact, open to the public. And Telegram’s tech team have blocked some of those already. But it hasn’t stopped terrorism so far.
Let’s be clear. Once a government has powers to block apps or ban encryption, it becomes far more likely that those powers will be exercised questionable circumstances. This is concerning when you realise that politicians have little understanding of what they are asking for:
- Donald Trump’s called for Bill Gates to close the internet; a big ask, if it were even possible
- Michael Fallon, the UK’s defense secretary, wants military action against hackers, despite the fact that nobody knows who or where most of them are
- Australian Senator George Brandis wants companies to tell the government about every change to their IT infrastructure, potentially putting themselves out of business in the process
- UK Home Secretary Amber Rudd refers to WhatsApp as an “encrypted situation”, and wants people who understand “necessary hashtags” to help her out. (Yes – you read that correctly.)
These examples would be comical if the situation were not so serious. Many politicians don’t understand the technology that they want to ban. They just see the broader advantage in increased mass surveillance.
Terrorists are Developers Too
Terrorists have a slew of custom-made apps at their disposal. These are usable alternatives to commercial apps like WhatsApp.
It would be impossible, in any practical sense, to ban these homegrown apps from being used to coordinate terrorism.
Recorded Future and ReversingLabs looked at the many apps developed by organizations like ISIS and Al Quaeda. You can see screenshots of the apps alongside its research. These would be distributed as .apk files, without the need to download them from a central location.
In the list, there are encrypted SMS apps, instant messaging apps, and apps that exist simply to scramble text that can be copied and pasted anywhere. One of these apps had more than 20 different algorithms for encryption.
The only recourse that authorities have is to report these apps as malware in the hope that users will be put off using them. Recorded Future and ReversingLabs found evidence that suggests this may already have happened. But it hasn’t worked.
Banning Encryption Makes Us Less Safe
Encryption protects us from hackers, stops snoopers harvesting private data, and facilitates every e-commerce and banking transaction we have ever taken part in.
If encryption was banned, it would wipe out all online banking services immediately — and that’s just for starters.
Small businesses, and anyone that sells goods online, would see their businesses go under within days. How can a customer trust a business that does not guarantee their data security?
Even if bans were brought in in the United States, how would the government stop people using encrypted services from Canada?
Privacy is a difficult right to define, which is perhaps why we take it for granted. But as Amelia Tait argues, stopping you from using encryption would be a little like asking you to remove curtains from your windows.
Sure; you might not do anything illegal in your home. But the authorities would really like to be able to look through your windows 24/7, just in case you do. Unfortunately, that means that every burglar would have a great view of your valuables.
Bans are not just about terrorism. They an example of the constant creep of government surveillance into our private lives. And apart from being completely impractical, it infringes on the rights of every one of us.
The battle between privacy advocates and governments is being played out on the public stage. It’s high time we stood up against it.