With intensified fears over domestic terrorism, Prime Minister David Cameron is considering banning WhatsApp and other private chat applications if they don’t implement “back doors” that let the government access data, and he is encouraging President Obama to do the same.
“Are we going to allow a means of communications which it simply isn’t possible to read?” Cameron said on January 12. His comments came one week after Iran’s judiciary issued another ruling calling for a WhatsApp ban.
At a joint press conference with Obama on January 16, Cameron reiterated those calls. While Obama didn’t express a clear position of support, he did say, “The laws that might have been designed for the traditional wiretap have to be updated. How we do that needs to be debated both here in the United States and in the U.K.”
The concerns of the two leaders are not without merit, but in our long war to defend freedom from terrorism, banning popular applications should be a bridge too far. There’s nothing inherently wrong with governments spying to monitor potential terrorist threats. The question of “freedom versus safety” requires balance and compromises. But a key difference between wiretapping and banning apps is that wiretapping doesn’t directly restrict anyone’s freedom.
Not All Who Seek Security Are Malefactors
There are a lot of reasons why someone might want to use encrypted communications applications, and not all of them have to do with fear of the government (itself a reason not entirely without merit). The biggest threat the average person faces isn’t the government but private hackers and identity thieves. Hackers can exploit the Wi-Fi at a cafe to capture your passwords or credit card information. A jealous boyfriend or girlfriend can hack into your accounts to check your messages. Business or political figures have discussions about important topics that rivals and media outlets would love to get their hands on. Even using secure messaging apps to try to avoid government is justifiable for journalists or controversial activists. Government app bans hurt all of our security.
In fairness, Cameron’s preferred solution seems to be to make apps accessible to spy agencies, thus avoiding a ban. But this may bring down the overall level of security when we should be trying to make things more secure. Cory Doctorow, co-editor of BoingBoing and former employee of the Electronic Frontier Foundation, wrote on BoingBoing that even a seemingly targeted solution like back doors—“deliberately introduced flaw[s],” as he called them—could be exploited by criminals. “There are enormous problems with this: there’s no back door that only lets good guys go through it,” he wrote.
There are always hacking advances that cause programmers to have to up their game and so on. It would be far better for government spy agencies to be forced to improve their hacking abilities rather than to try to bring down the security of their targets. Moreover, anyone who is really trying to evade the government will have the ability to evade government bans on applications.
WhatsApp is available almost everywhere—and it’s not even among the most-secure apps. According to the Secure Messaging Scorecard released by the Electronic Frontier Foundation in November 2014, it only meets two of the group’s seven security conditions. Apps like TextSecure, Silent Text, Signal/Red Phone, CryptoCat, and ChatSecure meet all of their conditions. Even common apps like FaceTime and iMessage are more secure by the scorecard’s standards. If WhatsApp is banned in Britain, it, and other chat apps, will still be available in other countries, and could be accessed with a proxy or virtual private network (VPN) that connects to the Internet over foreign infrastructure.
I know. I have continued to use websites such as Facebook and Twitter while living in China over the past two years. After the Occupy Central protests broke out, Instagram (where photos were shared) was blocked in China, but it was still accessible by VPN.
Snowden Has Caused a Security Surge Everywhere
Ever since the Edward Snowden leaks, information security has been a big issue. There has been a 60-percent increase in the amount of Americans using encrypted technologies to access the Internet, according to a report released by broadband equipment company Sandvine in spring 2014. Google and Facebook have been more careful about encrypting their web traffic. Google is now automatically encrypting all of its Chinese search traffic.
The National Security Agency is worried about encryption. According to a December 2014 article by the German magazine Der Spiegel, the NSA has trouble hacking some of the off-the-record chat applications that use end-to-end encryption. An internal document published with the story quotes an NSA employee as saying, “Did you know that ubiquitous encryption on the Internet is a major threat to NSA’s ability to prosecute digital-network intelligence (DNI) traffic or defeat adversary malware?”
It goes on to say, “Twenty years ago, the fact that communications were encrypted meant they were very likely to contain foreign intelligence, because only governments or other important targets had the resources to purchase or develop and implement encrypted communications. Today, anyone who uses the internet can access web pages via the strong commercial encryption provided by HTTPS, and companies of all sizes can implement virtual private networks (VPN) to permit their employees to access sensitive proprietary company data securely via an Internet connection from anywhere in the world.”
There is, then, nothing inherently suspicious about someone taking privacy precautions to access the web. Indeed, in a world besieged by threats of cyber terrorism, hacktivists, and disgruntled employees, we need more, not less, security online. Nothing is safe—not passwords, not credit card numbers, not even Hollywood films. It’s not just big corporations that get hurt. According to a study conducted by the Verizon RISK Team, data breaches compromised more than 174 million records in 2011. Hackers can steal credit card numbers from restaurants just by attacking the in-store Wi-Fi.
Also Consider the Effects on Democracy
On the merits, the case is sufficient to say that banning secure chat applications is bad public policy. But it’s about more than just policy. There’s also the principle involved. Even if you agree that the government should have the power to spy as best as possible on citizens both domestically and abroad, you can still acknowledge that the citizens have some rights, too. We ought to be able to use most applications we want, barring extreme circumstances. The government should have to meet a very high bar if it wants to ban such things that are not inherently dangerous.
Attempts to regulate our everyday Internet use are bound to be unenforceable, and attempts to regulate the Internet to the degree that they would be enforceable are bound to run up against sacred freedoms. Wild-eyed warnings about 1984 that were not credible in the immediate wake of Snowden’s leaks will become closer and closer to realization if the government tries to ban WeChat.
In the end, people might be paranoid to think the government is spying on them, but would the government not be paranoid, too, to think that WeChat is so filled with criminals as to warrant banning it? Bureaucrats often fail to account for predictable responses to their policies. Right or wrong, it would be predictable that, given our press freedoms and our media situation, some details of NSA programs that skirt the law would eventually get published. It would be predictable that, in the wake of such leaks, much of the public would adopt a greater vigilance regarding their own privacy. It is predictable that if governments ban popular chat applications in democratic countries, the public will only become more fearful and distrusting of those governments.