Amber Rudd has been flapping her big stupid mouth again, making more stupid comments about encryption that do little more than prove she has no idea what she's talking about. Today, in her latest quest to undermine encryption, she claimed that "real people" don't need end-to-end encryption.
Writing an op-ed in the Telegraph today (paywall), the home secretary, who hasn't made it a secret that she isn't a big fan of encryption, argues that people don't use services like WhatsApp because of the high-end security. Instead she claims that people prefer ease of use and a good feature-set, and use WhatsApp because it's a cheap, user-friendly way of staying in touch with people.
While she has a point that people use WhatsApp because it's free and convenient (plus most of their friends and family will use it), the idea that nobody cares about secure messaging is downright stupid. While I'm not sure I count as a "real person", being quite tech-oriented, but if you asked anyone if they actually want to risk having their messages intercepted and read by someone else (whether it's by hackers, spies, the government, or what not) I doubt anyone would be ok with it.
Jim Killock, executive director of UK digital rights campaign Open Rights Group, seems to be of a similar opinion, releasing a statement saying:
"The suggestion that real people do not care about the security of their communications is dangerous and misleading. Some people want privacy from corporations, abusive partners or employers. Others may be worried about confidential information, or be working in countries with a record of human rights abuses. It is not the Home Secretary’s place to tell the public that they do not need end-to-end encryption.
Amber Rudd must be absolutely clear on what co-operation she expects from Internet companies. She is causing immense confusion because at the moment she sounds like she is asking for the impossible. She must give the public a good idea of the risks she wants to place them under."
Rudd is still insistent that encryption is "severely limiting" UK security agencies' abilities to stop terrorist attacks. This is despite Facebook COO Sheryl Sandberg claiming that the unencrypted metadata (ie who is talking to who, and when) is actually more beneficial to security services than the actual contents of the message.
The key information in Rudd's op-ed is that she insists the government doesn't actually want to ban encryption or compromise it with backdoors. She just wants to ensure law enforcement can access encrypted data with a warrant signed by both the Secretary of State and a senior judge.
"I know some will argue that it's impossible to have both - that if a system is end-to-end encrypted then it's impossible ever to access the communication."
Which is giving me some serious flashbacks to a few weeks ago, when the Australian PM declared that the rules of mathematics don't apply must be subservient to Australian law.
Rudd is currently in the US, and according to Ars Technica is meeting with the likes of Google, Twitter, Facebook, Microsoft, and Apple to try and convince them to consider "options" that might help UK-based security and law enforcement "to get more information on what serious criminals and terrorists are doing online."
Personally I have no idea how Rudd attempts to convince the companies to do what she wants, particularly since she really does seem to be asking the impossible. Access to encrypted data without compromising security? Sounds like an oxymoron to me. Plus, let's not forget that governments do not have the desk track record when it comes to keeping data secure and ensuring backdoor exploits don't fall into the wrong hands. Wannacry and what just happened in Sweden are both prime examples of that in action. [Telegraph via Business Insider].