Jonathan Parker-Bray, CEO of Criptyque, Makers of Pryvate
Following the saddening events in Paris, the debate on end-to-end encryption has intensified. Many people in governments and the media are calling end-to-end encryption to task and saying that once these apps are installed on people’s devices, that these people ‘go dark’ and become invisible.
The fact is that this is untrue, there will always be meta-data available to law enforcement such as what number called what other number and which devices are communicating. This is generated because of the nature of the mobile phone networks and the internet, whereby this information is required to connect the devices in the first place and therefore it cannot be obfuscated or hidden, even for encrypted communications solutions. The real issue is that often this data is meaningless due to the ability of malicious actors to purchase disposable mobile devices freely. It allows anyone who wishes to make a secure call to buy a ‘burner phone’ with cash and discard it immediately afterwards.
Rather than weakening encryption, which will harm secure communications for the public and businesses by creating a backdoor that allows the content to be decrypted, what is needed is a national internet-device database which keeps a record of the purchaser/owner of every internet-enabled device. This would also include legislation on the supply of these devices which requires purchasers and re-sellers to record the ID of the purchaser and forces mobile operators/ISPs to require a license number before providing connectivity services. This would be a similar national licensing service to the one applied to cars/TVs, simply requiring registration for any that is in use in the country. By using this data, law enforcement would be able to obtain the paper trail they are hoping for, and draw connections when persons of interest communicate. It would also remove the capabilities for terrorists and criminal gangs to use burner phones and communicate freely over the telephone.
Interestingly there is precedent for this approach as the government has always placed restrictions and regulations on other devices capable of transmission of content, like TV and radio stations. If we look back to the radio and television eras, any device capable of broadcasting to a large number of people was regulated and licensed – so why should internet-enabled devices be any different?
A mobile phone, a tablet or a laptop in a digital society has the power to send a message to anyone anywhere in the world, and it is possible to find the originating device. It is perfectly reasonable for the police to be able to track who sent it, or who is talking to whom, but the answer isn’t access to the content en masse, it is better knowledge of the devices themselves. This proposed solution would enable tracking and group chat identification and is surely a much stronger and more robust solution than attempting to monitor the masses when in fact it’s the few that need this level of control.