UK wants WhatsApp to open a backdoor with federal services

Companies should take “more active role” combating criminal violence, hate messages

In the ongoing battle between state governments and national security agencies to ascribe regulations for encrypted IP-based communications, the UK government has now asked WhatsApp to open its encryption to security services in the world effort to combat off-grid cyberterrorism efforts.

Citing the example of Khalid Masood, who killed four people in London last week and used WhatsApp shortly before beginning his attack, UK Home Secretary Amber Rudd has begun a series of lecture pitches to urge online companies to become more aggressive in shutting down sites exploited by terrorists.

In addition to Rudd, several other government ministers have sharply criticized online companies for taking inadequate steps to stop the spread of criminal violence. The latest security concerns surround the inability of government and security agencies to intercept end-to-end encrypted communication data that is sent over IP-based mobile apps such as Apple’s iMessage platform, WhatsApp, Confide, Telegram and other services offering services where only communicating users can read the messages.

In one prominent example from December 2015, the Brazilian government blocked WhatsApp from its mobile telecom networks after the company refused to allow the government to see communications between alleged drug dealers involved in criminal case. Then in July 2016, the Zimbabwe government blocked the WhatsApp service to its citizens as country workers heeded calls for a “national shutdown” to put pressure on the Southern African regime that has been in power for almost four decades.

UK Home Secretary Rudd says the Internet is “serving as a conduit, inciting and inspiring violence, and spreading extremist ideology.” She has asked executives from several Internet companies to convene during a meeting this week. “They’re going to get a lot more than a ticking off,” she explained.

The contentious efforts by federal agencies to request confidential end-to-end encrypted data have been gridlocked by a series of rulings stemming from court cases and even Constitutional rights or common law, depending on country and region. In the UK, end-to-end encryption was banned in December 2016 under Section 217 of the Investigatory Powers Bill, allowing government agents with access to any communications needed for investigation. In the US, most companies have cited First Amendment protections against viewpoint discrimination in being compelled to write new software, as in the Apple vs. FBI case from last February. In that dispute, the company challenged at least eleven court orders citing the All Writs Act of 1789 – which as of 1977, gave courts the power to demand “reasonable technical assistance” from a phone company in accessing call records.

Of course, government agencies themselves are not any better at leading by example to the general public regarding the prevention of cyberterrorism over end-to-end encrypted communications. It was revealed in January that the Trump administration and White House staffers have been using end-to-end encrypted app Confide to send untraceable messages to one another containing data that should otherwise be kept for historical preservation under the Federal Records Act of 1950. The act places responsibility on each US federal agency to establish an ongoing records management program to keep communications that have “administrative, historical, informational or evidentiary value” for later retrieval and historical significance.

But Rudd’s point is more about the urgency to mitigate terrorist abuse of platforms such as WhatsApp, Google, Twitter and other prominent social media platforms. Her argument insists that companies need to be significantly more aggressive dealing with suspicious activity, which would imply a request to transform these companies from mere “gatekeepers” of encrypted information into active participants with federal agencies requesting information. This is something end-to-end encryption cannot provide by its very nature, however, as the encryption keys cannot be remade for offline use as some cryptographic researchers have suggested.

The only way that governments can obtain access to information contained within the guarded walls of WhatsApp and other similar apps is through a forced backdoor into a compromised mobile operating system. Federal decryption of firmware code is something both Apple and Google have publicly acknowledged in the past, often well before their product release dates.