Applications will not have to over keys to secure communications, as keys are generated on the device.
Talking to IT Security Guru, Brian Spector, CEO of CertiVox, said that if it is not physically possible to hand over the keys, then it’s not physically possible for Government to demand access to secure communications.
Earlier this week, Prime Minister David Cameron said that he would stop the use of methods of communication that cannot be read by the security services even if they have a warrant, with the app-based WhatsApp and Snapchat and Apple iMessage coming under particular scrutiny.
Cameron said: “In our country, do we want to allow a means of communication between people which […] we cannot read?” Also according to BBC News, Cameron said he would increase the authorities’ power to access both the details of communications and their content, and that legislation would be needed to allow for “more modern forms of communication”.
Spector said that those apps will not have to hand over the keys, because they won’t have them to hand over. He said: “The keys are generated on the device, and Apple won’t have access to them. So the Government can’t go to Apple and say ‘hand over the keys’, because it’s a moot point.
“So Apple and Google are baking this kind of encryption into their products because it is smart. It’s smart because it’s the only way to defeat legitimate bad guys who are snooping on communications to get passwords and other data to break into user’s accounts.”
He went on to say that the Government is short sighted, as they don’t realise that they will be creating a huge security problem for everyone if they ban encryption, yet it will be incredibly easy for the bad guys to act at will without this type of encryption.
At the end of 2013, Spector told IT Security Guru that CertiVox chose to take its secure email encryption service PrivateSky offline after a warrant was issued by a division of GCHQ, despite having “tens of thousands of heavily active users”.
Dr. Wael Aggan, CEO of CloudMask, said: “Cameron is trying to convince the world that some fantasy version of security is possible—where ‘good guys’ can have a back door or extra key to your home but bad guys could never use it. Anyone with even a basic understanding of security can tell you that’s just not true.
“The issue is much bigger than secure emails and chats, it is about the safety of our society and the lives of our citizens. Just imagine removing encryption for controllers of our infrastructure. Cameron’s proposal is a disaster for all of us.”
Privacy rights campaigners Open Rights Group said in a blog that if it finds that Cameron is seeking to limit people’s access to safe and truly effective encryption technologies, then he will find a great deal of resistance.
“People can write their own encryption software, and run it themselves: this is hard to stop,” it said.
“Companies supply many markets, and may be unwilling to sacrifice technologies that make their products effective. The prospect of lowering privacy and security
across the globe, and increasing the surveillance powers of states that have less regard for human rights may begin to look distasteful. But first Cameron needs to explain what he really means.”
