A lot of dust has been raised in the UK over Snooper’s Charter, a proposed bill which would see all encrypted communications apps banned on the Island.
Those apps would include WhatsApp and Snapchat, to name a few. While the government argues that such steps are necessary to keep the nation safe from potential terrorist attacks, the general public is mostly against the ban and see it as a violation of privacy.
I’ve gotten a chance to speak to Matt Little, VP of Product Development at PKWARE on the topic.
PKWARE is an international data security and smart encryption company, and Mr Little believes this initiative is, put in shortest possible terms – pointless.
How would the process of banning “unwanted” apps go? How would the government know if I installed the “illegal” app, and how would it force me to uninstall it?
ML: The Google/Apple App stores have the ability to restrict content for a given market. This is easy to do for third-party apps like WhatsApp. This is difficult when it comes to native apps like iMessage and FaceTime, as they are core to the iOS experience. In these instances, iOS itself would have to be significantly modified to support these “bans”. Workarounds to the modification include:
- Obtain a non-U.K. version of the handset w/ non-U.K. locale
- Jailbreak (Apple) or root (Android) your handset and use a third-party app store. This is a well-established approach that exists outside the issue at hand.
Would you say that potential terrorists could actually benefit from the banning of encrypted communication and how exactly?
ML: There is no way to technically enforce the ban so everyone – including terrorists – can take simple steps to ignore it.
Even if the law gets implemented, how easy would it be to work around it?
ML: The effort and technical prowess would be trivial. Encrypted message app replacements will appear in droves similar to what happened when mobile carriers tried to ban “tethering apps” several years ago. At that time, carriers were forced to evolve. Now, law enforcement must do the same.
Is this idea even doable? This would mean instant messaging companies would need to store huge amounts of data just to keep working. Would the cost be too great?
ML: Unlike the majority of apps which provide value by storing and relating data, security apps provide protection by not storing it. Good security separates encryption keys from the information being protected. Folks shouldn’t be looking at secure communications apps that store insecure copies of that communication.
Does implementing a backdoor also mean increased risk of hackers breaking in and stealing the data?
ML: Yes. Backdoors don’t differentiate between good and bad entrants. Anyone who knows where the door is can use it.
Prime Minister David Cameron recently said: “In our country, do we want to allow a means of communication between people which we cannot read? “My answer to that question is: ‘No, we must not’. How would you comment these words?
ML: David Cameron is being ill advised on this topic. In the information age, things have never been easier for law enforcement. Continuing to focus the discussion on criminalizing encryption is fundamentally flawed because it’s impractical and dangerous.