Instant messaging service WhatsApp has reportedly rejected a demand from the British government earlier this year for it to create a backdoor into its secure network. Such a system would allow UK security services to access messages sent through the service, which protects its users’ communications with end-to-end (E2E) encryption.
According to Sky News, British government officials demanded that WhatsApp come up with “technical solutions” to hand over messages believed to be linked to criminal or terrorist investigations during the summer.
The Facebook-owned messaging platform rejected this request, and said that to facilitate this special access would weaken the protection of encryption provided to all of its users.
It said it would put its security at risk.
Encrypted messaging apps were used by terrorists to orchestrate a number of terror incidents that hit the UK this summer. A security source commented that “It is crucially important that we can access their communications – and when we can’t, it can provide a black hole for investigators.”
End-to-end encryption works by scrambling messages so that the content cannot be intercepted in a readable format.
In an FAQ on WhatsApp website, it states: “WhatsApp has no ability to see the content of messages or listen to calls on WhatsApp. That’s because the encryption and decryption of messages sent on WhatsApp occurs entirely on your device.”
“Naturally, people have asked what end-to-end encryption means for the work of law enforcement.”
“WhatsApp appreciates the work that law enforcement agencies do to keep people safe around the world. We carefully review, validate, and respond to law enforcement requests based on applicable law and policy, and we prioritise responses to emergency requests.”
The revelation of this rejection comes just after UK prime minister Theresa May spoke about the need for technology companies to do more to tackle online terror content in front of the United Nations general assembly.
May asked these tech companies to “develop new technological solutions to prevent such content being uploaded in the first place.” It was not confirmed if this would extend to encryption.”
“We need a fundamental shift in the scale and nature of our response – both from industry and governments – if we are to match the evolving nature of terrorists’ use of the internet.”
“This is a global problem that transcends national interests.”
“Governments must work with and support the efforts of industry and civil society if we are to achieve real and continuing progress and prevent the spread of extremism [in] cyberspace.”
Everyone on the same side?
UK human rights defenders hit back against the demands May has laid down, citing privacy issues and limitations to freedom of speech.
“We need to recognise the limitations of relying on automated takedowns,” said Jim Killock, executive director of the Open Rights Group in a statement. “Mistakes will inevitably be made – by removing the wrong content and by missing extremist material.”
“Given the global reach of these companies, automated takedowns will have a wide-reaching effect on the content we see, although not necessarily on the spread of extremist ideas as terrorists will switch to using other platforms.”
>See also: Why 2017 will be the year of privacy
“This move by the British, French and Italian governments could also be used to justify the actions of authoritarian regimes, such as China, Saudi Arabia and Iran, who want companies to remove content that they find disagreeable.”
Similarly on Twitter, the Electronic Frontier Foundation (EFF) wrote: “UK government wants secret backdoor from WhatsApp, but can’t even keep its own demands from leaking.”
Commenting on the news Javvad Malik, security advocate at AlienVault, said: “From a technological perspective, the way in which WhatsApp has implemented end-to-end encryption means that it cannot be back doored without breaking the current implementation. Implementing a backdoor would significantly weaken the overall protection afforded by WhatsApp. History has repeatedly shown us that any backdoor will be found by adversaries and exploited for their gain; thus potentially causing more harm than good.