People look at floral tributes in Parliament Square, London, Sunday, March 26, 2017, laid out for the victims of the Westminster attack on Wednesday. Khalid Masood killed four people and left more than two dozen hospitalized, including some with what have been described as catastrophic injuries. The Islamic State group claimed responsibility for the attack.
POLITICIANS around the world are calling for so-called back doors to let them read messages on encrypted chat apps. But the surprising fall-out from Australia's sweeping new encryption regulations reveals that such breaches of privacy can have unexpected consequences. During her time as UK prime minister, Theresa May repeatedly called for tech companies to provide her government with ways to access encrypted messages, believing that terrorists were using them to communicate. This sentiment hasn't gone away.
Australia's parliament passed controversial legislation on Thursday that will allow the country's intelligence and law enforcement agencies to demand access to end-to-end encrypted digital communications. This means that Australian authorities will be able to compel tech companies like Facebook and Apple to make backdoors in their secure messaging platforms, including WhatsApp and iMessage. Cryptographers and privacy advocates--who have long been staunch opponents of encryption backdoors on public safety and human rights grounds--warn that the legislation poses serious risks, and will have real consequences that reverberate far beyond the land down under. For months, the bill has faced criticism that it is overly broad, vaguely worded, and potentially dangerous. The tech industry, after all, is global; if Australia compels a company to weaken its product security for law enforcement, that backdoor will exist universally, vulnerable to exploitation by criminals and governments far beyond Australia.
When Edward Snowden made it known to the world that pretty much all traffic on the Internet was collected and searched by the U.S. National Security Agency (NSA), the U.K. Government Communications Headquarters (GCHQ), and various other countries' secret services as well, the IT and networking communities were furious and felt betrayed. A wave of activism followed to get traffic encrypted so as to make it impossible for NSA to indiscriminately snoop on the entire world population. When all you have is a hammer, all problems look like nails, and the available hammer was the SSL/TLS encryption protocol, so the battle cry was "SSL/TLS/HTTPS everywhere." A lot of nails have been hit with that!
RCS is supposed to be the spiritual successor to classic SMS and MMS texting, but the lack of built-in encryption puts a damper on that -- someone could theoretically snoop on your messages where they can't with services like iMessage. You might get your privacy after all, though. The 9to5Google crew has found evidence of plans to add end-to-end encryption to RCS conversations in Google Messages. While full details of how this would work aren't clear, you could decide whether not third-party apps see encrypted messages. It's also safe to assume that both participants would need a compatible app with reliable data connections.