In a recent op-ed, United Kingdom Home Secretary Amber Rudd argued strong encryption was thwarting the government’s ability to monitor terrorists and criminals. Rudd expressed skepticism about the need for end-to-end encryption, reasoning that “real people” don’t prioritize security in their technology. “Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family?” she wrote.
The answer is simple: I do, along with broad swaths of the human rights movement and many other people around the world.
Human Rights Watch defends the rights of people in 90 countries worldwide, spotlighting abuses and bringing perpetrators to justice. We rely heavily on networks of local NGO partners, witnesses, and victims, often located in closed societies where surveillance is pervasive. End-to-end encryption built into apps like WhatsApp shields our communications with these networks from abusive regimes and is a critical tool for ensuring we do not put contacts at risk of reprisal. Simply put, if we can’t guarantee the security of our communications, we can’t do our work. For that reason, every guide on digital security, including one previously funded by the UK, recommends the use of encrypted apps.
Who else uses end-to-end encryption? The list is long. Peaceful pro-democracy and reform activists in places like Hong Kong, Turkey, Central Africa, and across the Middle East. LGBT people living in countries where their sexual orientation is criminalized. Whistleblowers who reveal governmental or corporate malfeasance. Journalists everywhere trying to protect their sources.
Add to that list diplomats and government officials, including some in the UK parliament and Foreign Office. Or doctors, lawyers, and business people discussing sensitive and confidential information.
However, the home secretary’s question itself indicates a fundamental misunderstanding of modern cybersecurity threats – and the harms of undermining encryption. It doesn’t matter whether WhatsApp’s 1.2 billion users in 180 countries are using the app out of convenience or concern for security. End-to-end encryption protects all of them – students, pensioners, consumers, ordinary tax-paying citizens – from cybercriminals and identify thieves. As information security experts, former Five Eyes intelligence officials, and even Europol have warned, any attempt to enable surveillance by compromising encryption will broadly undermine cybersecurity for all users. And the bad guys will simply find other encrypted alternatives that are made outside the UK and not subject to its laws.
The good news: Rudd said the UK government has “no intention of banning end-to-end encryption.” This is a welcome statement as the government continues to interpret the 2016 Investigatory Powers Act, which contains provisions requiring Internet companies to take undefined “practicable” steps to provide data in unencrypted form.
But the home secretary then pivots to suggest that tech companies should give them access to unencrypted information anyway by working with governments through “confidential” conversations. What Rudd ultimately seeks is unclear. By definition, if communications are encrypted end-to-end, companies cannot access them.
Regardless, these conversations cannot happen out of public sight. The “real people” who make up the public have a right to know if the government has subverted the security of the tools many rely on every day.