30th March 2017
There are well-founded fears that few of the politicians tasked with devising legislation covering the use of encryption technology have any expertise in that field – and in many cases, much understanding of how it even works. Yet a growing number of politicians and their aides are getting hands-on, day-to-day experience of encryption through their use of messaging apps for that most traditionally political pastime: plotting.
The Times recently revealed that Brexit-backing MPs have been coordinating their attacks on chancellor Philip Hammond, Bank of England governor Mark Carney, high court judges and other perceived enemies of a hard exit from Europe via a WhatsApp group called “ERG DExEU/DIT Suppt Group”. Meanwhile, on the left, a WhatsApp group called the Birthday Group reportedly played a key role in the coordination of Labour frontbench resignations in 2016, in an effort to unseat Jeremy Corbyn.
The appeal of these apps for political plotting lies in their immediate, always-on lines of communication – enabling instant control of spin and talking points. As one MP told the Times: “Our real power is that, by using the WhatsApp group, we can also ask everyone to shut up.”
They also appeal because they promise secrecy, which is somewhat unexpected, as Jim Killock, executive director of the Open Rights Group, points out. “When MPs argue for back doors into encryption, they fail to see how vital encryption is for our everyday lives – whether for communicating, shopping or banking securely,” he says. “The fact that MPs are increasingly using WhatsApp to communicate is rather ironic, given that they have just voted for a law that undermines the privacy of the UK population.”
So, despite claims in some quarters of government and media that encrypted apps are an enabler for terrorism, it turns out they are a handy alternative to huddled conversations in the nooks and corners of Westminster and Washington alike.
The Washington Post recently claimed that a number of Donald Trump’s administration have taken to using messaging app Confide, which not only encrypts messages but deletes them after they have been read, to avoid getting caught leaking to the media. As John Naughton noted on these pages last month, it’s difficult to square Confide with the US legal requirements to archive all communications within the presidential team.
This could encourage more politicians to buck the terrorist-enabler narrative and/or make an effort to properly educate themselves about how the technology works. However, it also raises questions about transparency. If these apps are being used by members of the government to discuss government business, they should be covered by Freedom of Information legislation, just like email, or other forms of communication.
However, as Matt Burgess, who runs FOI Directory, says: “It’s impossible to know whether these groups exist without them being admitted to, which makes them hard to request information about. There are also record-keeping issues with using commercial apps that are end-to-end encrypted, as they make it harder to extract conversations that need to be kept for archives.”
In January there was a successful FOI request in Ireland for WhatsApp chat within the Dublin government over their response to Brexit, but if there have been any requests in the UK, their results have not been made public. However, their content could leak into the public domain via other means, such as hacking.
“The current digital goal for those trying to sway elections is to discredit candidates and undermine them personally. All it takes is one private conversation shared publicly, one internal memo, or one message confirming an unpublicised indiscretion to lose an election,” says Alan Duric, chief technology officer of communications app Wire.
His company is preparing to publish a series of educational blog posts aimed at politicians and civil servants – part marketing for Wire, of course, but also a recognition that these people may need the advice.
“It is vital that politicians educate themselves about the differences between channels and protocols, and what is and isn’t safe,” says Duric. “It is not acceptable for those people who are entrusted with the running of our countries to be ignorant of others trying to listen in on conversations, and they need advice on how this can be prevented.”
Could self-interest alone rein in the impulse among politicians to call for more monitoring and built-in back doors, if they are enjoying the benefits of private, encrypted conversations for their parliamentary plotting? We shall see.
Secret service: the MPs’ apps of choice
Facebook-owned WhatsApp reached the milestone of 1 billion active users in early 2016, and proceeded to expand its use of end-to-end encryption technology later that year.
“The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to,” wrote CEO Jan Koum in a blog post that April.
“No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us.”
And not Jeremy Corbyn, who was reportedly schemed against by frontbench colleagues in a WhatsApp group called the Birthday Group in June 2016. Remain campaigners were also accused of using a private WhatsApp group that year, to avoid their discussions being targeted by FOI requests.
Confide is the app being used by some members of Donald Trump’s staff to communicate with journalists at a time when the administration is on the warpath over leaks.
The app encrypts messages and also erases them after they are read. It came to prominence in 2014, when it pitched itself to Hollywood studios as a secure alternative to email in the wake of a high-profile hack of Sony Pictures.
Confide’s use by Trump aides has been causing concern in the digital-security community, however. Unlike rival apps such as Signal, it has yet to make its code available to the community for scrutiny.
“Ultimately, the application warrants a cryptographic review before I could endorse its use in the White House,” security expert Jonathan Zdziarski blogged last month.
Before Confide’s latest brush with the headlines, Signal was regularly hailed as the go-to app for politicians and other public-sector officials seeking secure messaging.
It certainly has the pedigree: Signal was developed by Open Whisper Systems, a well-respected company in online privacy and security circles. It also got top marks in a 2014 “scorecard” of secure communications services published by the Electronic Frontier Foundation.
Signal has been given a boost by the recent US presidential election. In January, the Wall Street Journal claimed that aides of Donald Trump, Barack Obama and Hillary Clinton had switched to it, while prominent Republican Rudy Giuliani is also a user.
Following the high-profile leak of emails from and to Clinton’s campaign boss John Podesta, downloads of the app increased by 400%.
For WhatsApp in the Labour party, read Wickr in the upper echelons of the Australian political establishment.
In spring 2015, then-communications minister Malcolm Turnbull was accused of using the app with a close circle of colleagues to plan his strategy for a leadership contest. That strategy paid off: later that year, Turnbull successfully unseated party leader Tony Abbott to become prime minister.
Like Confide, Wickr’s appeal is not just its encryption technology, but its ability to erase messages after they are read. It too has faced criticism for not releasing its code to the online-security community for review, although it has now done that.
Wickr also has a nonprofit arm called the Wickr Foundation, which in 2016 invested in an app called Whistler for whistleblowers and activists.
guardian.co.uk © Guardian News & Media Limited 2010