Encryption

Another Terror Attack Leads to Yet Another Government Assault on Your Right to Tech Privacy

The British government uses its own intel failures to demand weakening of encryption.

|

Theresa May
i-Images / Polaris/Newscom

After Khalid Farood launched a terrorist attack in Westminster, England, last week, killing four before getting killed himself, officials made it clear that Farood was not on the government's radar as a potential threat.

While the details of the case are still under investigation, the theory at the moment coming out of Scotland Yard and investigators was that he was a lone attacker that self-radicalized. Farood did have a previous criminal record, but he was not seen as a terrorist threat, and it's not even clear yet whether he should have been.

In response to the attack, Prime Minister Theresa May gave a short speech talking about how the United Kingdom's commitment to Democracy, freedom, human rights, and rule of law made them targets, but "Any attempt to defeat those values through violence and terror is doomed to failure."

Then, over the weekend, her own administration took to the media to demand that citizens abandon those freedoms and human rights to serve the government's interests.

Specifically, Amber Rudd, home secretary (the leader of the U.K.'s various national security and policing agencies) went to the press to complain about encryption as a threat to national security, though there's absolutely no evidence that encryption played any role in the failure to predict or prevent this attack.

The targets here are communication tools like WhatsApp, which has end-to-end encryption that has the potential to thwart investigators. Authorities are trying to determine whether Farood communicated with anybody through encrypted messaging, but this is after-the-fact research. Whether or not authorities could have penetrated Farood's encryption wouldn't have prevented the attack because, again, he wasn't considered a terror threat.

Nevertheless, the fact that Farood might have had a way to communicate without the government being able to access it is again bringing up the decades-long fight by officials to try to prevent citizens from communicating secretly. Rudd is insisting that she wants these communication apps to assist the government in bypassing encryption on demand in order to assist government investigations.

We've seen these arguments a lot, both out of the United Kingdom and in the United States. The leaders of both, May and President Donald Trump, are open supporters of mass surveillance and have shown very little respect for citizen privacy.

Rudd, like many of these anti-encryption officials, insist that they don't want to totally destroy our tech privacy but simply demand that tech companies assist government to gain access to targeted people's communications when they have proper warrants. The problem remains—and Rudd, like other government officials, refuses to acknowledge or engage with it—that there's no such thing as an encryption back door or bypass that can only be used by the "proper" authorities. Any bypass can be cracked by hackers, be they criminals or foreign government officials who don't have the United Kingdom's commitment to "human rights."

Fortunately, Rudd is getting pushback from privacy activists (and even other officials) in England. From The Guardian:

Brian Paddick, the Liberal Democrat home affairs spokesman and a former deputy assistant commissioner in the Metropolitan police, said that giving the security services access to encrypted messages would be "neither a proportionate nor an effective response" to the Westminster attack.

"These terrorists want to destroy our freedoms and undermine our democratic society," he said. "By implementing draconian laws that limit our civil liberties, we would be playing into their hands.

The United Kingdom has, unfortunately, already recently implemented draconian surveillance laws in the Investigatory Powers Act, which does have the potential to allow the government to try to force encryption back doors in software or devices produced by companies with offices in England. I explained what the law says in the March issue of Reason magazine. Read up here.