Just a day after Australian proposals to introduce encryption backdoors were shot down by NordVPN, British Prime Minister Theresa May has once again weighed into the encryption debate; this time with Telegram in her sights.
Speaking to global business leaders at the World Economic Forum in Davos, the Prime Minister fell back on a familiar narrative as she called on tech companies to take more action to tackle terrorism and extremist materials on their sites.
But while she repeated her demands for the likes of Facebook and Twitter to commit their best minds to ensuring that such content is automatically removed, this time she also took aim at some of the smaller providers too, in particular Telegram.
May rounds on Telegram
For those not familiar, Telegram is a secure encrypted messenger service founded by Russian entrepreneur Pavel Durov. It operates in a similar way to WhatsApp and has attracted a loyal audience of professionals and individuals who want to be able to communicate securely and privately.
But inevitably the service has also attracted more nefarious individuals too and it has in the past been accused of enabling terrorists to communicate. They have taken steps to remove such content from their site, but the nature of end-to-end encryption means that even the platform itself cannot always be aware of what is being discussed on its site.
But despite these efforts, Theresa May has clearly reached the conclusion that they have not gone far enough, as she singled them out for an attack in her speech.
She said, “Just as these big companies need to step up, so we also need cross-industry responses because smaller platforms can quickly become home to criminals and terrorists. We have seen that happen with Telegram. And we need to see more cooperation from smaller platforms like this.”
Telegram is certainly not the only small encrypted messenger service out there, although they are one of the more successful ones. It is therefore not entirely clear why she has picked on them rather than another one.
The UK Government’s familiar, but uninformed refrain
But her attack does echo a familiar refrain which she has repeated throughout her time as Home Secretary and which her successor Amber Rudd has also used many times since.
In the wake of the string of terror attacks which took place in the UK last year, May pointed the finger at tech companies despite the lack of any clear-cut evidence to suggest encrypted messaging played a role in any of the attacks.
The narrative goes that because intelligence and law enforcement agencies are unable to access encrypted communications, terrorists, therefore, have a safe-haven where they can plot attacks without the risk of being caught.
Current Home Secretary Amber Rudd has continued to push this line, despite admitting publicly that she doesn’t understand encryption, but then remarkably arguing that she doesn’t need to.
Needless to say, the argument they are making is flawed on various levels. Firstly, there is no evidence which can prove that a successful terrorist attack would have been thwarted with access to the perpetrator’s encrypted communications.
Then there is the crucial point that if a backdoor is added to Encryption, that encryption ceases to be worth anything. Given the extent that we rely on encryption for essential service such as online banking, the potential repercussions of compromising encryption are potentially very severe too.
Adding backdoors to established encrypted messenger services, such as Telegram, which are happy to share some limited useful information with Governments when legally required to do so, will also force terrorists and other criminals onto more obscure and uncooperative providers. Governments are therefore risking losing the useful information they already get from these providers.
Encrypted messenger services know this, and Telegram is one of many that has been vociferous in its defence of the rights of its users to enjoy the protections afforded by encryption. They are even standing up to the Russian authorities who have recently demanded encryption keys, despite the company founder heralding from that country.
It is also worth noting that the UK Government has already given itself the powers to force companies to compromise their encryption in the Investigatory Powers Act 2016. However, they are yet to test these powers, probably because they know most companies would refuse to comply.
Rather than force companies to act, the UK Government and their allies are seeking to apply continuous pressure to persuade them to act voluntarily. But this betrays a chronic lack of understanding of the impact that their demands would have.
A company like Telegram will never compromise its encryption because to do so would destroy its business in an instant. So, the situation will remain as a standoff until the Government of one country or another takes decisive action and suffers the inevitable consequences.
As we wrote yesterday, Australia had appeared to be the prime candidate for this. But given Theresa May’s shocking personal record of turning the UK into a surveillance state, Britain also has to be seen a likely place to take the plunge too.