Amber Rudd, home secretary for the United Kingdom, recently made headlines by claiming average citizens do not care about secure communication. According to an opinion piece for the Telegraph, Rudd believes organizations already make security sacrifices for the sake of consumer convenience. Asking for backdoors into encryption technology is simply more of the same decision-making.
“Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family,” Rudd writes. “Companies are constantly making trade-offs between security and ‘usability’, and it is here where our experts believe opportunities may lie… Real people often prefer ease of use and a multitude of features to perfect, unbreakable security.”
Unfortunately, Rudd’s comments are not uncommon among government officials in the United Kingdom. Sadly, these beliefs have led to sweeping laws that seek to curb encryption technology use.
For example, Britain’s prime minister, Thersa May, is the author of the Investigatory Powers Act, which allows the government to compel communications providers to remove “electronic protection applied … to any communications or data.” In addition, May has repeatedly called for international agreements to “regulate cyber space,” often at the cost of encryption technology.
But, do “real” people actually want secure communication in their consumer technology? Or do they agree with Rudd’s comments and May’s legislative measures?
Venafi recently conducted a study that evaluated attitudes and opinions of 3,000 global consumers, including 1,000 from the United Kingdom, on initiatives that would grant governments more access to private, encrypted data. Overall, the vast majority of the respondents disagreed with the use of encryption backdoors. On the other hand, many consumers appeared to understand the full extent of the threats these backdoors would bring to their privacy and personal data.
For example, only 24% of UK respondents believe the government should have the ability to force citizens into handing over their personal data. In addition, 19% consumers from the UK believe that government should be able to force private companies to hand over user data without consumer consent.
However, nearly half of UK consumers believe laws that provide government access into encrypted personal data would make them safer from terrorists. In addition, only a quarter (25%) of respondents from the UK agree that allowing the government to access encrypted personal data would benefit cyber criminals.
Interestingly, consumers from the United Kingdom displayed the least amount of confidence in their nation’s ability to fight cyber crime. Although Investigatory Powers Act passed in 2016, it has done little to alleviate fears.
“Having lived and worked in both the UK and Silicon Valley, I know these important encryption issues matter not just to a few, but in fact to many ‘real people’,” says Kevin Bocek, chief security strategist for Venafi. “What Amber Rudd fails to understand is that encryption is fundamental to the success of the UK economy, from banking to trading, to e-commerce and encrypted messaging apps are just the tip of the iceberg. Overall, Venafi’s survey shows ‘real’ people in the United Kingdom disagree with encryption backdoors. However, there is much more work to be done.”
Do you agree with these results? How can security experts in the UK educate consumers on the threats government imposed backdoors bring to privacy?