Most technologists understand that end-to-end encryption in messaging keeps people safe and strengthens commerce. But the British government is launching a publicity blitz to remove this layer of protection.
The decision will affect every country the UK does business with, including those that still value the right to privacy and freedom of expression.
privacy vs security
Rolling Stone reports that the UK has developed an emotional ad campaign around child safety to bolster its case. Of course, this campaign is a far cry from addressing the threat to free speech, commerce, or privacy to such an extent. Naturally, the reaction in much of the tech industry has been a series of divided oaths as people in the know ask, "Does this still need to be explained?"
Robin Wilton, director of the Internet Trust at the Internet Society, told Rolling Stone:
“Without strong encryption, children are more vulnerable than ever online. Encryption protects personal security and national security... What the government is proposing puts everyone at risk.
The report also explains that the British government does not seem to want to address the debate between privacy and security. Instead, it simply seeks to inflame backlash with an emotional campaign that builds public support for such a move while completely ignoring the myriad of arguments against it.
One mentioned slide cites a request that the campaign "should not start a privacy vs. security debate," except, of course, that it does so automatically. To get an idea of the many nuanced protections that encryption provides, take a look at this clear and comprehensive article.
Lack of security as a design feature.
One of the few points of agreement between Apple and Facebook concerns the need to protect privacy. Both companies have long opposed attempts to weaken security protection, arguing that it poses too many threats.
What kind of threats?
For example:
- Entrepreneurs working on confidential business ideas can find plans stolen by state and non-state actors who have breached their email system.
- People of different genders and sexualities could be exposed to retaliation from authoritarian governments.
- Opposition politicians, community advocates, and dissident intellectuals can be identified, tracked, and monitored, stifling civic freedom and free speech.
- The lack of encryption across the platform threatens smart logistics and smart infrastructure by weakening protection.
- Financial transactions could be exposed more easily.
The ongoing revelations about NSO Group (and PRISM many years ago) show how brazenly surveillance is already being used. Removing end-to-end encryption just makes it easier by removing an important layer of protection.
Furthermore, what begins with law enforcement ends with criminals and repressive regimes. The impact? Everyone becomes less secure.
what a useless gesture
The worst thing about the idea is its innate futility. After all, if larger entities are forced to abandon encryption, the criminals the government says it wants to attack will be smart enough (and guilty enough) to find alternatives, such as:
- third party encryption applications;
- Pre-encrypted messaging;
- Encrypted data embedded in fake photos.
There are so many options available to the guilty that those most affected by the UK government's plan will be the innocent, who will become more vulnerable and lose their privacy in exchange for less security rather than more.
Former UK intelligence chief Jonathan Evans warned in 2017 against weakening message encryption, highlighting the business need for such protection.
It is very important that we are seen and that we are a country where people can operate safely; it's important to our business interests as well as our security interests, so encryption in this context is very positive," he said.
If you could scan one more thing, what would it be?
The UK's intention is generating some rather disturbing echoes behind Apple's misguided plan to introduce on-device CSAM scanning on its devices. While the iPhone maker appears to be sitting on those plans now, the UK government's new campaign hints at why the company developed the technology and how easily it could spread to other areas.
Matthew Green, associate professor of computer science at the John Hopkins Institute for Information Security, cautions: "Don't listen to someone who tells you they will never cave to government pressure when it's obvious they already have."
Follow me on Twitter or join me at AppleHolic's bar & grill and Apple discussion groups on MeWe.
Copyright © 2022 IDG Communications, Inc.