Cybersecurity and Human Rights Groups Warn UK Against Encryption Ban

Some 50 leading security, human rights and technology experts have put their names to a new letter that accuses the UK Government of “misleading the public” with a “scaremongering” campaign against the use of end-to-end encryption on the internet, which helps to keep everything from financial transactions to messaging secure.

Encryption is used all over the place, for everything from securing your credit card transactions to keeping your messages private, as well as for cryptographic protocols such as Transport Layer Security (TLS) and Hypertext Transfer Protocol Secure (HTTPS) – as used to secure your link to this very website. It also supports investigative journalism and makes it possible for those living in repressive regimes to safely communicate.

Encryption is thus an essential tool, the last line of defence against criminals’ intent upon gaining unlawful access to our personal data, and one that works best when the decryption keys are kept hidden, sometimes even from the service owner to both avoid any chance of employee abuse (i.e. the bigger the company, the bigger the risk of leaks) and to obstruct hackers.

However, the UK Government has long been concerned that such technology can also be used to conceal conversations between criminals and terrorists, which makes it harder for the police and spies to catch them. Finding a balance on this front is difficult because E2E encryption is, at its most basic, something that any coder could build. Likewise, it often seems to have just as many positive uses, as negative ones.

The new Online Safety Bill (OSB) will, among many other changes, attempt to clampdown on internet communication services that use E2E encryption. In an ideal world it seems the UK’s Home Office would prefer an encryption system that social media giants could decrypt, upon request from law enforcement (i.e. encryption keys would be controlled by company officials, rather than hidden from all in an E2E setup).

As part of all this, the Government has launched somewhat of a public anti-encryption campaign, which naturally only focuses on the negatives. In response, the representatives of 50 security, human rights and technology organisation – including the Open Rights Group, Index on Censorship, the Internet Society and Article 19 – have written an open letter (published further down) that calls on this “misleading … scaremongering” to be stopped.

Jim Killock, Executive Director of the Open Rights Group, said:

“The way the government has been using scare tactics damages trust with its citizens. The government exploiting emotive narratives for their campaign is manipulative and does not provide a balanced view. The truth is that encryption is vital for online safety.”

Home Secretary Priti Patel has spent more than half a million pound of taxpayers money to mislead the public on Internet Safety. Her scaremongering campaign is a desperate attempt to demonise end-to-end encryption, which in truth makes the Internet much safer.

If the government weakens encryption for messaging apps, it’ll only help predators, criminals, blackmailers, and scammers.

Even the UK privacy watchdog, the Information Commissioner’s Office (ICO) has warned that her plans puts “everyone at risk” including children.”

As security experts so often warn, you can’t allow one state or group to have special access and then expect that not to be abused by others (e.g. hackers or less democratic countries). On this point the Government are perhaps guilty of not being very worldly, since weakening the encryption supplied by British firms will do little to stop its use by criminals or terrorists.

Encryption is not Apple, Facebook or Twitter. As mentioned earlier, encryption is a method that anybody can create and use. A clever terrorist probably has better ways to keep in touch with their fellow nut-jobs than to post a private message on Twitter or Facebook (they’ve been known to create their own apps), although the latter has previously acted as a useful promotional platform for such groups.

Meanwhile, it could be argued that the security services already have a wealth of data at their disposal, but often what they lack is the manpower to monitor suspects in the off-line world. We recall one police force saying that it’s possible for up to 60 officers to be involved with the monitoring of just 1 individual, and when you have thousands of potential targets.. that’s a problem.

Furthermore, we can’t always assume that the UK will be governed by a truly democratic system that protects our freedoms and privacy. Giving a future anti-democratic government such control over what we can access and how we communicate would thus seem to be unwise.

In any case, whichever side of the fence you reside, defining E2E encryption in law will be tricky without a mass of exclusions and the risk of breaking things on a much wider scale. At the same time Criminals, who by their definition don’t have even the slightest interest in following the law, will almost certainly switch to using another service that still deploys E2E encryption (or make their own); there’s no shortage of choices on that front.

The Open Letter

The UK Home Office plans to force technology companies to remove the privacy and security of encrypted services such as WhatsApp and Signal as part of its Online Safety Bill. Even worse, the Home Office has launched a scaremongering campaign wasting hundreds of thousands of pounds on a London advertising agency to undermine public trust in a critical digital security tool to keep people and businesses safe online.

Undermining encryption would make our private communications unsafe, allowing hostile strangers and governments to intercept conversations. Undermining encryption would put at risk the safety of those who need it most. Survivors of abuse or domestic violence, including children, need secure and confidential communications to speak to loved ones and access the information and support they need. As Stephen Bonner, executive director for technology and innovation at the UK Information Commissioner’s Office recently noted, end-to-end encryption “strengthens children’s online safety by not allowing criminals and abusers to send them harmful content or access their pictures or location.”

Operation: Safe Escape and LGBT Tech—two organisations that represent and safeguard vulnerable stakeholders—stress the vital importance of encrypted communications victims of domestic abuse and for LGBTQ+ people in countries where they face harassment, victimisation and even the threat of execution. Far from making them safer, denying at-risk people a confidential lifeline puts them at greater and sometimes mortal risk.

Anti-encryption policies threaten the fundamental human right to freedom of expression. Compromising encryption would undermine investigative journalism that exposes corruption and criminality. According to the Centre for Investigative Journalism, without a secure means of communication, sources would go unprotected and whistleblowers will hesitate to come forward.

Contrary to what the Home Office claims, leading cybersecurity experts conclude that even message scanning “creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic.” Backdoors create an entry point for hostile states, criminals and terrorists to gain access to highly sensitive information. Weakening encryption negatively impacts the global Internet and means our private messages, sensitive banking information, personal photographs and privacy would be undermined. MI6 head, Richard Moore, used his first public speech to warn of the increased data security threat from hostile countries. By Mr. Moore’s analysis, the UK would be making things easier for hostile governments, in waging a war against our personal and national security.

The UK government must reassess their decision to wage war on a technology that is essential to so many people in the UK and beyond.

Signatories:
1. Access Now
2. ACLAC (Latin American and Caribbean Encryption Coalition)
3. Adam Smith Institute
4. Africa Media and Information Technology Initiative (AfriMITI)
5. Alec Muffett, Security Researcher
6. Annie Machon
7. ARTICLE19
8. Big Brother Watch
9. Centre for Democracy and Technology
10. Christopher Parsons, Senior Research Associate, Citizen Lab, Munk School of Global Affairs &
Policy at the University of Toronto
11. Collaboration on International ICT Policy for East and Southern Africa (CIPESA)
12. Cybersecurity Advisors Network (CyAN)
13. Dave Carollo, Product Manager, TunnelBear LLC
14. Derechos Digitales – Latin America
15. Digital Rights Watch
16. Dr. Duncan Campbell
17. Electronic Frontier Foundation
18. Faud Khan, CEO, TwelveDot Incorporated
19. Fundación Karisma
20. Global Partners Digital
21. Glyn Moody
22. Index on Censorship
23. Instituto de Desarrollo Digital de América Latina y el Caribe (IDDLAC)
24. Internet Society
25. Internet Society Brazil Chapter
26. Internet Society Catalonia Chapter
27. Internet Society Germany Chapter
28. Internet Society India Hyderabad
29. Internet Society Portugal Chapter
30. Internet Society Tchad Chapter
31. Internet Society UK England Chapter
32. Internet Freedom Foundation, India
33. JCA-NET (Japan)
34. Jens Finkhaeuser, Interpeer Project
35. Prof. Dr. Kai Rannenberg, Goethe University Frankfurt, Chair of Mobile Business & Multilateral
Security
36. Kapil Goyal, Faculty Member, DAV College Amritsar
37. Khalid Durrani, PureVPN
38. Prof. Dr. Klaus-Peter Löhr, Freie Universität Berlin
39. LGBT Technology Partnership
40. Liberty
41. Luke Robert Mason
42. Mark A. Lane, Cryptologist, UNIX / Software Engineer
43. OpenMedia
44. Open Rights Group
45. Open Technology Institute
46. Peter Tatchell Foundation
47. Privacy & Access Council of Canada
48. Ranking Digital Rights
49. Reporters Without Borders
50. Riana Pfefferkorn, Research Scholar, Stanford Internet Observatory
51. Simply Secure
52. Sofía Celi, Latin American Cryptographers.
53. Dr. Sven Herpig, Director for International Cybersecurity Policy, Stiftung Neue Verantwortung
54. Tech For Good Asia
55. The Law and Technology Research Institute of Recife (IP.rec)
56. The Tor Project
57. Dr. Vanessa Teague, Australian National University
58. Yassmin Abdel-Magied