Why F-Secure and Others Are Opposing the Snoopers’ Charter

whatsapp logoIt’s widely expected that next week the government will unveil details of its hugely controversial Snoopers’ Charter, aka the Investigatory Powers Bill. To preempt this and in a bid to influence the debate cyber security firm F-Secure and 40 other tech signatories presented an open letter opposing the act.

The bill most controversially is expected to force service providers to allow the authorities to decrypt secret messages if requested to do so in extremis. This is most likely going to come in the form some kind of order effectively banning end-to-end encryption.

I heard from F-Secure security adviser Sean Sullivan on this to find out why the bill is such as bad idea.

To precis what I wrote in this Infosecurity article, his main arguments are that forcing providers to hold the encryption keys will:

  • Make them a likely target for hackers, weakening security
  • Send the wrong signal out to the world and damage UK businesses selling into a global marketplace
  • End up in China or other potentially hostile states a service provider also operates in also requesting these encryption keys – undermining security further
  • Be useless, as the bad guys will end up using another platform which can’t be intercepted

I completely agree. Especially with Sullivan’s argument that the providers would become a major target for hackers.

“End-to-end encryption makes good sense and is the future of security,” he told me by email. “Asking us to compromise our product, service, and back end would be foolish – especially considering all of the back end data breach failures that have occurred of late. If we don’t hold the data, we cannot lose control of it. That’s just good security.”

One other point he made was the confusion among politicians about tech terminology as basic as “backdoor” and “encryption”.

“A lot of UK politicians end up putting their foot in their mouth because they don’t properly understand the technology. They try to repeat what their experts have told them, but they get it wrong. UK law enforcement would probably love to backdoor your local device (phone) but that’s a lost cause,” he argued.

“The politicians (who actually know what they’re talking about) really just want back end access. As in, they want a back door in the ‘cloud’. They want to mandate warranted access to data in transit and/or in the back end (rather than data at rest on the device) and fear that apps which offer end-to-end encryption, in which the service provider doesn’t hold any decryption keys, are a threat.”

Let’s see what happens, but given the extremely low technology literacy levels among most politicians I’ve got a bad feeling about this one.

Advertisements

Cameron on a hiding to nothing if he really does want encrypted comms ban

whatsapp logoThis week, prime minister David Cameron seemed to indicate that if he is elected this May he’ll do all he can to ensure strongly encrypted communications are banned in the UK.

Well, that’s the gist of what he said. More correctly, he made it clear that no form of comms should exist where, in extremis, the security services can’t eavesdrop on private conversations – to stop criminals, terrorists etc.

His comments have been widely criticised in the media and by the technology industry, and rightly so.

Although others including the FBI, US attorney general Eric Holder and even Europol have voiced concerns about encrypted communications, none have gone as far as Cameron – who is now apparently off to the US to try and get support for his plans from Barack Obama.

A few thoughts sprung to mind as I reported on this breaking story:

  • If Cameron thinks he can take on the might of Apple, Google et al over this, he’s mistaken.
  •  His comments are at odds with European security agency Enisa which has just released a document praising encryption and calling for MORE privacy enhancing technologies (PETs), not fewer
  • There’s no evidence that the Paris attacks would have been prevented if encrypted comms were banned
  • The UK’s burgeoning tech industry will suffer
  • UK business will react angrily if they can’t use strongly encrypted comms, as will UK entrepreneurs –  it’s sending out a dreadful signal to potential investors in our supposedly liberal democratic country. Also, these are exactly the sort of traditional Tory supporters Cameron needs on side.
  • If encrypted comms were banned, or backdoors were engineered into products so the security services could access them if needed, the bad guys would eventually find a way of exploiting them too.
  • Terrorists and criminals will continue to use encrypted comms, downloaded from regions where they are still legal.

Sophos global head of security research James Lyne summed up the whole farce neatly in comments he sent me by email:

“Even if regulation was brought in to force legitimate companies to use encryption the government (in extremis) could intercept, unless they plan to build a great firewall of China (but even bigger and better – or sinister) to prevent people getting their hands on open source tools available in other countries it isn’t going to stop the darker side of the net from using it,” he told me.

“At the end of the day, terrorists will use any tools at their disposal to communicate, so this is unlikely to solve the real problem. The intention behind the statement was likely a little different to the way in which it has appeared but the suggestion as it stands would do the UK more harm than good and clearly lacks insight into how the internet works or how such controls might be implemented.”


2015: the Year of the Mobile Messaging Wars

whatsapp logoI’ve just finished another piece for IT Pro in Hong Kong covering the intensifying battle between WhatsApp and the slew of Asian mobile messaging firms in the chasing pack.

It’s shaping up to be an exciting 2015 for those in the space as these platform players look to differentiate in an increasingly crowded market, while the telecoms operators struggle to recoup the cash they’re losing from decreased SMS and voice call revenue.

Canalys analyst Jessica Kwee was quick to point out the pressure these traditional telecoms players are under.

“SMS/texting in the traditional sense has been impacted greatly, especially as people see more value in messaging apps – as in many cases they are considered ‘free’ as they are part of the data plans,” she told me via email.

“Plus, messaging apps are also more flexible and can handle more than traditional texting – no character limits, and on opposite spectrum, you don’t feel obliged to try to use up the character limit either, so it’s easier to text something very short and quick. Also, there’s the ability to communicate in groups, send pictures, videos, voice notes, emoticons, etc.”

However, there are some opportunities for operators.

“People will increasingly rely on an always-on connection and not be able to just rely on wi-fi at home or at work, as they will want to be connected all the time,” Kwee explained. “So even though it is much more difficult to get people to spend a lot of money on expensive data plans, especially in price-conscious markets, it could be a compelling alternative where telecoms provide cheaper data plans to exclusively use such apps.”

Frost&Sullivan principal analyst, Naveen Mishra, added that adoption of mobile messaging apps has soared over the past 12-18 months thanks to their added functionality and free price tag.

“Increasing smartphone penetration and growing internet adoption is driving this usage. Emerging markets like India, are growing extremely fast, both in terms of adoption and usage,” he told me.

“Between May 2014 and Oct 2014, WhatsApp’s monthly active users grew from 50 million to 70 million, which is 10% of the total user base. The next 3-5 years are also looking very promising, as key emerging markets have large opportunities of growth. In India alone, there are over 930 million mobile subscriptions out of which only 70 million are current WhatsApp users.”

As for the various market players, success will come down largely to innovating with new features.

“All the OTT application companies are constantly trying to innovate, however the success of the application largely depends on the value a new feature brings in,” he said.

“Line has tied up with LG Electronics, where through its chat session, LG appliances can be activated and controlled. On the other hand, WhatsApp is working on a voice calling service, which is expected to be launched in early 2015.”