After the saddening events in Paris, the debate on the rights and wrongs of end-to-end encryption has intensified. Many people in government and the media are complaining that once these apps are installed on people’s devices, these people go dark – that is, they become invisible to security services.
The fact is, this is untrue. There will always be metadata available to law enforcement. They will always know what number called what other number and which devices are communicating. This information is generated by mobile phone networks and the internet in order to connect the devices in the first place and therefore it cannot be hidden or disguised, regardless of whether the communication itself is encrypted or not. The real issue is that often this data is meaningless owing to the ability of malicious actors to purchase disposable mobile devices: allows anyone who wishes to make an untraceable call can buy a ‘burner’ with cash and discard it immediately afterwards.
Rather than weakening encryption by creating a ‘backdoor’, which would harm secure communications for the public and businesses alike, what is needed is a National Internet-Device Database that keeps a record of the purchaser or owner of every internet-enabled communication device. This would also include legislation to control the supply of these devices, which would require purchasers and re-sellers to record the identity of the purchaser and force mobile operators and internet service providers to require a licence number before providing connectivity services. This would be a similar national licensing service to the one applied to cars and TVs, and would require registration for any that are in use in the country. By operating this system, law enforcement would obtain the paper trail they need to make their connection, and take note when persons of interest communicate. It would also remove the capabilities for terrorists and criminal gangs to use burners and communicate without creating significant metadata.
Interestingly, there is precedent for this approach. The government has always placed restrictions and regulations on other transmitting devices. If we look back to the radio and television eras, any device capable of broadcasting to a large number of people was regulated and licensed – so why should internet broadcasting devices be any different?
A mobile phone, a tablet or a laptop in a digital society has the power to send a message to a single person, or a million people, anywhere in the world, and it is possible to find the originating device. It is perfectly reasonable for the police to be able to track the sender of a message, or determine who is talking to whom. But we need to draw a sharp distinction between that, and accessing content en masse. This proposed solution would enable tracking and group chat identification and is surely a stronger and more robust solution than attempting to monitor everyoine, when in fact it’s the few that need this level of control.
Jonathan Parker-Bray is chief executive of Criptyque and Pryvate Now