WhatsApp: All the ways Amber Rudd can already get into a terror suspect’s phone

Does she really need new powers?


While Amber Rudd is suddenly concerned that a WhatsApp message might theoretically be unavailable for her to read, let’s first remember all the ways in which she can already get information about the likes of Khalid Masood, who carried out the Westminster attacks last week.

She has all the metadata

The UK tries to collect everyone’s metadata, so that they know who people are communicating with and when. Sometimes, as with WhatsApp, the metadata will exist at the company, and she can compel them to hand it over.

Usually the metadata is more important than the message. If Masood was talking to Daesh on WhatsApp, he wasn’t discussing pizza toppings.

The UK stores everyone’s phone records, IP addresses and email records for a year. The government has the power to add web visits as well, and may already be doing so.

She can hack his phone

GCHQ have powers to hack devices, and are well known to be highly skilled in breaking into mobile devices. They can also use their cable taps to interrupt web traffic and inject attacks.

For instance, friend requests on Facebook and LinkedIn were replaced with links that helped GCHQ gain permanent access to targets’ computers.

Once a phone or computer is hacked, WhatsApp messages can be read, just as you can read them by looking at the screen’s display data.

She has all the government’s records to check

Employment, tax and other databases are handed over to GCHQ in case they are helpful. GCHQ then data mine these to find information about possible targets.

She can intercept his communications

Not everything that people send or say is encrypted. When you use an ordinary phone, that is easy to listen to. Most data is still unencrypted. Even when content is encrypted, the metadata is usually more important.

She can tell companies to remove or limit encryption

Wait … she wants the power to ask WhatsApp to remove encryption? She does in fact claim the legal power to do this already, under a Kafka-esque sounding Technical Capability Notice.

These can tell companies to re-engineer their products so that messages can, er, be read by Amber Rudd’s underlings.

This is as scary as it sounds, and it is unclear that these have sufficient safeguards to ensure that security is not made weaker, or companies aren’t compelled to do things that would endanger their reputations, or involve lying to the public.

Changes to secure technologies along these lines are almost inevitably going to make products easier for criminals to hack.

The price of national security is therefore business and personal security.

The process to decide to weaken security products is entirely secret. And once served a TCN, companies must discuss changes to their products with the security services before implementing them.

In fact, we believe that if Amber Rudd was genuinely serious about WhatsApp, she wouldn’t be telling us about it, she would be acting in secret in order that she wouldn’t be tipping off the people she claims she needs to surveil that little extra bit.

But let’s not distract ourselves too much by Rudd’s confusion about the powers she already has.

Let’s remember that she has already weakened our security by obtaining these powers last Autumn. She’s already made it non-credible to be a UK security company offering secure communications to businesses and people across the globe.

Jim Killock is Executive Director of Open Rights Group. Follow him on Twitter @jimkillock

See: Theresa May’s Snoopers’ Charter is a ‘death sentence’ for investigative journalism

As you’re here, we have something to ask you. What we do here to deliver real news is more important than ever. But there’s a problem: we need readers like you to chip in to help us survive. We deliver progressive, independent media, that challenges the right’s hateful rhetoric. Together we can find the stories that get lost.

We’re not bankrolled by billionaire donors, but rely on readers chipping in whatever they can afford to protect our independence. What we do isn’t free, and we run on a shoestring. Can you help by chipping in as little as £1 a week to help us survive? Whatever you can donate, we’re so grateful - and we will ensure your money goes as far as possible to deliver hard-hitting news.

4 Responses to “WhatsApp: All the ways Amber Rudd can already get into a terror suspect’s phone”

  1. Craig Mackay

    Surely you’re not suggesting that Amber Rudd would be using the opportunity of what is showing all the signs of not actually being an IS motivated attack as an excuse to beef up the ridiculous levels of access that a right-wing Tory government keeps trying to push for? What a shocking suggestion!

    But you are absolutely right. There are lots of ways to get into these funds and, if you remember, all the fuss and bother about the US attempt to access an iPhone it turned out that by using some everyday hackers they were able to get in quite painlessly. All the pressure went away.

    We keep being told how insecure smartphones actually are. For people who really want to get inside them it’s not very hard at all.

  2. jon tooth

    Perhaps Amber Rudd and her cronies should stop supporting the bigger terrorists (the US drone strikes) which kill 1000s of innocent civilians every year. Then the UK would stop being a target for retaliation.

  3. Filipescu Mircea Alexandru

    Just to put things into perspective here: This debate is about an important politician in an important country, complaining about a simple chat program called WhatsApp. The government of a nation… is obsessing over… a little piece of software… called “whatsapp”. If this is not proof that modern society took a sudden turn and derailed into madness, I do not know what is.

Leave a Reply

You must be logged in to post a comment.