Ending WhatsApp Encryption to Stop Terrorism Would Actually Make People 'Less Safe'

whatsapp encryption amber rudd privacy
A photo illustration shows a chain and a padlock in front of a displayed Whatsapp logo, January 13, 2017. REUTERS/Dado Ruvic/Illustration

Privacy advocates have criticized U.K. Home Secretary Amber Rudd after she called for security services to be able to access encrypted messaging services like WhatsApp in order to fight terrorism.

Rudd said there must be "no place for terrorists to hide" following Wednesday's attack in London that killed four people. Police believe the perpetrator had accessed WhatsApp two minutes before carrying out the attack.

"We need to make sure that organizations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorists to communicate with each other," Rudd said on BBC One's Andrew Marr Show on Sunday.

WhatsApp said in a statement it was "horrified" by the attack and is cooperating with law enforcement as they continue their investigations.The Facebook-owned messaging platform, which has more than 1 billion users worldwide, introduced end-to-end encryption last year to protect people from "cybercriminals," "hackers," and "oppressive regimes."

Many at the time praised WhatsApp's decision to enable encryption. Jacob Ginsberg, a senior director at encryption firm Echoworx, told Newsweek that it was a "great leap" forward.

Responding to Rudd's statement, privacy advocates and online safety groups tell Newsweek that it would be dangerous to create security loopholes that would allow intelligence services to bypass encrypted services.

"It is right that technology companies should help the police and intelligence agencies with investigations into specific crimes or terrorist activity, where possible," says Jim Killock, executive director of Open Rights Group. "This help should be requested through warrants and the process should be properly regulated and monitored.

"However, compelling companies to put backdoors into encrypted services would make millions of ordinary people less secure online. We all rely on encryption to protect our ability to communicate, shop and bank safely."

Several widely-used messaging services also use encryption, including Telegram, Signal and Wickr. Apple's default messaging app, iMessage, also uses encryption and the tech firm has been involved in high-profile battles to protect its devices and platforms from surveillance.

In 2016, Apple rejected a court order to help the FBI break into an iPhone used by one of the attackers in the San Bernardino shooting that left 14 dead, saying to do so would set a "dangerous precedent."

Rudd said: "I would ask Tim Cook to think again about other ways of helping us work out how we can het into the situations like WhatsApp on the Apple phone."

Liberal Democrat home affairs spokesman Brian Paddick said such measures were disproportionate. "These terrorists want to destroy our freedoms and undermine our democratic society. By implementing draconian laws that limit our civil liberties, we would be playing into their hands," he said.

"My understanding is there are ways security services could view the content of suspected terrorists' encrypted messages and establish who they are communicating with."

Encrypted messaging apps are not enough by themselves to protect a user's privacy, due to potential vulnerabilities with devices. Hackers and security agencies have in the past taken advantage of security flaws to monitor or take control of people's smartphones, tablets and computers.

Documents released earlier this month by the whistleblowing organization WikiLeaks revealed that intelligence agencies had developed hacking tools to break into phones and messaging apps, effectively rendering encryption obsolete for compromised devices.

WikiLeaks stated: "These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the 'smart' phones they run on and collecting audio and message traffic before encryption is applied."

The documents, which cover techniques used by the agency up until 2016, describe software vulnerabilities within Android and iOS devices. Google and Apple said they were investigating the disclosures but claim the vulnerabilities have already been fixed. It is not clear whether similar tools are still in use.