Should gov have access to encrypted messages?

In the wake of the Paris bombings on 13 November, increased pressure is being put on tech companies to allow governments access to popular encrypted messaging systems such as iMessage and WhatsApp.

These apps currently enable users to send messages which, unlike SMS messaging or email, is encrypted. The companies which supply these services are unable to access the information and are therefore unable to hand them over to government.

In the past this has been seen as a popular option. Being ‘spied on’ by the government is seen as an infringement of privacy, but since terrorist group IS has been reported to use Telegram, a secure, encrypted messaging app, the public tide may be turning.

It is being argued ‘backdoors’ into messaging systems should be incorporated, allowing law enforcement to view messages which may give intelligence into criminal activity.

These ‘backdoors’, known in the infosec world as quirk or mistake in the system which allows entry, are quickly fixed and some of tech’s biggest influencers say backdoors would be found by hackers, meaning the end of security for everyone, not just the criminals and terrorists.

Meanwhile Telegram, owned by Russian brothers Pavel and Nikolai Durov has today blocked 78 accounts which were reported to be used by members of IS. But Pavel pointed the finger of blame at the French government as well as IS. In an Instagram post yesterday, he said: “I think the French government is as responsible as IS… for this, because it is their policies and carelessness which eventually led to the tragedy”.

There is no clear evidence that the messages sent between the members of IS involved in the Paris attacks used an encrypted service. Le Monde reported that information on the whereabouts of the attackers was found on a phone which also contained a SMS message which read “we’re off, we’re starting”. The phone was found in a bin, outside the Bataclan concert hall where 89 people were killed.

Whitehall Media is hosting an event for Infosec, cyber security and risk management professionals across every major business sector on 26 April 2016 at Victoria Park Plaza, London. For more information or to register for a free delegate pass, visit the website.