Why government plans to spy on WhatsApp will fail – Naked Security
Last week, a man deliberately ran over more than 50 pedestrians on Westminster Bridge in London.
Four of the victims have already died of their injuries.
The attacker then jumped from his car and charged into the area surrounding the Palace of Westminster – the UK’s Houses of Parliament, seat of the national legislature – and stabbed an unarmed policeman to death, before being shot dead himself.
The UK has had to come to grips with what was, in effect, a terrorist attack, albeit by a man who might well turn out to be a lone sympathiser with the so-called Islamic State.
Understandably, people want to know not only how this attack came about, but also how it might have been foreseen and prevented.
When news emerged that the man, Khalid Masood, might have used WhatsApp shortly before the attack, anyone with an interest in computer security, privacy and encryption knew just what was coming next…
…an official call to regulate secure messaging services, and to force companies like WhatsApp to deliver its services in a way that makes surveillance and investigation easier.
And that call has come, loud and clear, from none other than Amber Rudd, the UK home secretary, the UK equivalent of American secretary of homeland security.
According to UK newspaper The Guardian:
The home secretary said it was “completely unacceptable” that the government could not read messages protected by end-to-end encryption and said she had summoned leaders of technology companies to a meeting on Thursday 30 March to discuss what to do.
What to do?
Strictly speaking, true end-to-end encryption can’t be intercepted in transit, at least not without the sender or recipient noticing, as a matter of terminology.
If you can decrypt an enciphered data stream along the way – whether for archiving, surveillance or even simply for scanning for risky content such as spam or malware – then you didn’t really have end-to-end encryption in the first place.
Indeed, many services we think of as “encrypted” are subject to what’s called lawful interception, which is supposed to mean that with the right sort of authorisation from the judiciary, supposedly confidential data that was sent or stored using the service can recovered.
Lawful interception may lead to traffic being monitored in real time, or (given the sheer volume of data involved these days) recovered and decrypted later to help an investigation or prosecution.
Decrypting at the end
For example, your online banking transactions are typically encrypted end-to-end as you conduct them, but the bank needs to keep a permanent record of what you did – for its own rather obvious commercial reasons, as well as for regulatory purposes.
Likewise, you typically keep a record at your end, in case of disagreements.
If you’re wise you’ll store your bank statements on an encrypted disk or in an encrypted file, but you can recover them later if you choose.
Courts can, and often do, order the release of banking data for legal purposes: even if you don’t comply, the bank almost certainly will, using its own decryption keys to unlock the data unilaterally if needed.
Decrypting in the middle
Likewise, mobile phone networks are required to make technological provisions for lawful interception, so that they can comply with court-imposed orders to unlock both phone calls and SMS messages.
That way, even if both you and the recipient of a message covered by a court order refuse to co-operate, or claim you no longer have the relevant data, the mobile network operator can, in theory at least, step in and come up with the data you can’t or won’t reveal yourself.
Technically, the lawful interception process in the GSM and UMTS cellular networks isn’t a backdoor, because it’s not covert, or undocumented, or a regulatory secret.
Whether you approve or not, it’s a documented feature rather than a sneaky hole or a bug.
Mobile phone networks therefore don’t really use end-to-end encryption: the traffic is encrypted between each subscriber and the network, but is generally decrypted and re-encrypted in the middle, where it may be subject to lawful interception.
Cutting out the middleman
The “decrypt and disclose on due demand” regulations that apply to industries like online banking and mobile telephony don’t apply to services like WhatsApp, which is neither a financial institution nor a cellular network.
WhatsApp, and similar services, can and do provide a true end-to-end encryption system, implemented so that it’s not possible to decrypt the data in the middle.
All the service sees is that data is flowing – it can’t see what’s inside the traffic, even if it wants to – so there’s no point in a subpoena or warrant demanding services of this sort to reveal and decrypt messages, either in real time or after the fact.
That’s not a mistake – it’s a feature. (Indeed, it’s trickier to program proper end-to-end encryption via a middleman than it is to encrypt just from each end to the middle.)
It’s a feature because if you don’t collect the data in the first place, then you can never leak it by mistake, for example in the event of a data breach.
And you can never be forced to reveal it against your own moral compass, for example in the face of a hostile government, or as a result of an unexpected change in the law that you were unable to warn your users about.
Can Rudd’s will be done?
All of this raises the question, “Given the way that true end-to-end encryption works, is the home secretary wasting her time making her demand in the first place?”
Technically, no, because she isn’t asking for the impossible.
WhatsApp and other products of the “true encryption” sort could indeed be compelled by UK law to behave like mobile phone services, and forced to reimplement their software, regressing it to make lawful interception possible on demand.
Would it work?
Would this be a workable idea in practice, and would it be worthwhile?
We don’t think so, for several important reasons:
- UK law wouldn’t apply to services run by US companies and operated outside the UK, for example on servers hosted elsewhere in the EU. So the companies could simply do nothing, other than to close down any part of the business run inside the UK. That would leave everyone in the UK, including the vast number of law-abiding WhatsApp users, stuck with less secure communications than people in the rest of the world. It’s hard to see how this could end positively.
- The UK on its own wouldn’t have much of a stick to beat companies like WhatsApp with, nor much of a carrot to entice them to change. If the entire EU were to stand behind the UK, that might help, as it helped in squeezing Google to accept the so-called “right to be forgotten” rule. But the UK will soon be leaving the EU, and anyway, not all EU countries agree about the principle of weakening encryption in the hope of somehow making it stronger.
- Governments that have attempted to force secure messaging services to fall back to weaker encryption methods “for the good of the country” have typically lost face internationally as a result. Forced decryption may make a country look oppressive, backwards-looking, or a risky choice for future economic investment. This is especially true in an era of concerns about state-sponsored industrial espionage and other anti-competitive behaviour.
- Despite having apparently been radicalised in prison, and having come to the notice of the UK security services in recent years, the Westminster attacker wasn’t under scrutiny at the time of his murderous rampage. So no one in the intelligence community or in law enforcement would have been watching his WhatsApp messages anyway.
In other words, if the recent Westminster tragedy is the sort of case that Amber Rudd’s proposed cryptographic regression hopes to deal with…
…we’re talking about after-the-fact investigation of personal communications that were collected en masse “just in case”.
That means the nation-state scale accumulation of personal, private messages – data that will need to be collected from everyone in the UK, if the process is to be effective after the fact – and the concomitant need to store it securely for later, “just in case”.
Can you imagine what an appealing target all that data would make, especially to the very criminals and terrorists against whom it was supposedly collected in the first place?