Last week reports emerged in the media that the proposed Investigatory Powers Bill may lead to the banning of popular communications apps Snapchat, WhatsApp and Facebook Messenger. This was in many ways not news as the same reports had appeared in January but with the Home Secretary announcing that the Bill would be published in the autumn it made the threat of a ban feel more real. In response, one UK newspaper asked its readers to respond to a poll asking whether they supported such a move. They reported on Tuesday “a meagre 12% of 52,200 readers surveyed agreed with [the] Prime Minister’s plans to intercept online communications.” So the question is why are services like Snapchat and WhatsApp seen as a threat to national security and should they be banned?
The reason the security and intelligence services, and thereby government, have these services in their sights is because they offer end-to-end encryption of messages. This is for our security. It means if someone intercepts your Snapchat message they cannot see its contents as the message is encrypted. This is a problem for the security and intelligence services as they too cannot get access to the message without first removing the encryption. This is highlighted in the recently published RUSI report A Democratic Licence to Operate which was commissioned in 2013 by the then Deputy Prime Minister. Encryption is a recurring theme in the report and the Independent Reviewers noted that “content is becoming increasingly difficult to access because of the growth in sophisticated encryption.”
This is seen as a threat and the Reviewers recommend “agencies such as the National Crime Agency and MI5 should be able to access data under legal and properly authorised circumstances. Encrypted data should not, as a principle, be beyond the reach of law enforcement.” This echoes the Prime Minister’s comments in January: “In our country, do we want to allow a means of communication between people which even in extremes, with a signed warrant from the Home Secretary personally that we cannot read? My answer to that question is no we must not. If I am prime minister, I will make sure it is a comprehensive piece of legislation that makes sure we do not allow terrorist safe spaces to communicate with each other”.
It seems the Prime Minister still has work to do to convince the UK public. As well as reporting the outcomes of its survey the Daily Express also published some select readers comments. The best is probably the reader arguing the theoretical underpinning of any move to limit or remove end-to-end encryption: “the stupidity of the government, to imagine that banning WhatApp will curb the communication capabilities of an ISIS or whoever else. Those guys are very far ahead of us lesser mortals in their technology, & for sure will not use a WhatsApp message to order an execution or a bombing, they’re not that stupid. Mr. Cameron is doing is nothing but blatantly invading the personal privacy of millions of Britons.”
There is a further argument that the removal or limitation of end-to-end encryption will actually harm public safety. We rely on end-to-end encryption for a number of things, not least online banking and online payments. Also though it protects our messages and (in theory) our data. We have already seen with the Apple iCloud Hackand the PlayStation Network Hack how vulnerable our data is. Since then these the companies involved have spent millions improving security; arguably for the government to mandate them to weaken protection is reckless.
Further it is not a strong argument to say only the police and security services will have access to this data so the risk is minimised. The government does not have a good track record in protecting our data with even the Serious Fraud Office and the MoD losing valuable data. Also in 2014 it was reported GCHQ had hacked Yahoo webcams and had obtained “substantial quantities of sexually explicit communications”. Do we really want these people to have unfettered access to our WhatsApp or Snapchat?
Lawyers talk of balancing rights. We have a right to privacy but we also have a right to life, liberty and security. The government must seek to strike the right balance between our privacy and security rights and our right to public safety and security. At the moment it seems the balance is shifting too far in favour of public safety and the interests of the security services. Yes they have a role and a responsibility to keep us safe in an increasingly dangerous world but equally throughout the entirety of the IRA bombing campaign on mainland UK the security services never asked for, nor were given, blanket rights to surveil the UK population.
There is a risk that a terrorist cell may use WhatsApp to organise a terrorist attack, but equally there is a risk they will use a family car to carry a car bomb or public transport to get to their target. Are we also going to ban public transport and family cars unless the security services have the ability to monitor everyone who makes use of them? What about the sale of knives or even petrol? The infinitesimal risk that Snapchat or Whatsapp could be used in this manner needs to be set against the much greater risk that data security breaches will see our bank or credit card details revealed or our personal communications compromised.
I am pleased to say that in his response to the drafters of the recent open letter on surveillance powers the Minister of State for Security has pledged that “new legislation will be published for pre-legislative scrutiny later this year and we do intend this to be a very consultative process, subject to full parliamentary scrutiny”. This is to be welcomed. There has been for too long an overwhelming democratic deficit in the scrutiny and review of UK surveillance powers: at times to make sense of them has felt like trying to do a jigsaw in the dark and with some of the pieces hidden from us. We will hold the Minister to his pledge. It is time for a full public and parliamentary review of the law.
This post was first published on Huffington Post on 15 July 2015. Re-published here with permission.