No, Bloomberg, end-to-end encryption isn't a worthless 'marketing device'
Seriously, Bloomberg used to be a respected publication. However, its latest opinion column on technology has taken the recent WhatsApp security flaw to mean that all security, specifically end-to-end encryption is a "smokescreen" by technology companies.
Everyone makes mistakes. And anyone can misunderstand a subject, most certainly when it's to do with technology and security. Yet Bloomberg has just published a piece that effectively advises us all to leave the front door of our houses open. A criminal who wants to get by our locks could do it, so, hey, just open the door now and be done with it.
"'End to end encryption' is a marketing device used by companies used by companies such as Facebook to lull consumers wary about cyber-surveillance into a false sense of security," writes Bloomberg opinion columnist Leonid Bershidsky
He does throw in that "encryption is, of course, necessary," but does so in a paragraph that Bloomberg notes was "updated to clarify uses of end-to-end encryption." And then he immediately goes on to dismissing it as a "smokescreen" used by technology firms trying to avoid "government snooping."
This is in the wake of the WhatsApp attack where a security flaw meant it was possible to install spyware on Android and iOS phones. You had to be what Facebook, which owns WhatsApp, described as advanced and highly motivated in order to exploit this flaw, but it could be done and of course that's serious. Of course you must update to the latest WhatsApp to remove it.
If Bloomberg's Bershidsky were worried by this, that would be natural. If he's exasperated by how there are so many security issues or if he were just plain scared by it all, we'd understand and agree.
He's an opinion columnist rather than a news writer, too, so a piece about what this means for us all is fair and you wouldn't expect it to go into detail about the technology. But you would expect that he'd at least have a clue what he was offering opinions about — or that he wouldn't presume his readers don't.
Instead, the stated position is that the kind of end-to-end encryption which is intended to protect us is nothing more than an advertising gimmick.
"'End-to-end encryption' sounds nice," says Bershidsky, "but if anyone can get into your phone's operating system, they will be able to read your messages without having to decrypt them." Yes, and if you can get into someone's bank account, you could clean them out. If you can get to their potted plant by a front door, you could find the house key hidden there and get in.
These are legitimate concerns, but what they most definitely are not is a reason to abandon keys and bank accounts and security. Criticize them, even lament failings in them, but you cannot argue that we'd be better off without them.
Bershidsky and Bloomberg are choosing to take an actual spyware attack and extrapolate that out to say that all technology security is worthless. They say that "if anyone" can get in, but they want you to ignore the word "if" and see only "anyone".
That's not a mistake. If it's misunderstanding, that's one thing and we would hope that Bloomberg would correct the piece beyond the token updating of one paragraph. We'd likely be waiting for a while, as it's now been seven months Bloomberg made a monumentally huge and roundly ridiculed security accusation against the likes of Apple.
We're still waiting for Bloomberg to either prove that or correct it. We know the publication spent at least a little time re-investigating its claims, and the writers involved abruptly stopped being published afterwards. Yet we don't know any of that from Bloomberg itself so we don't expect a correction over this column either.
Nor to any of the steadily increasing number of just wackily inaccurate Apple stories from Bloomberg.
Apple ignored those, as it usually does, but with the security story it did respond. Tim Cook described it all as a simply a lie and there's a reason that word is rarely used. Calling it a lie means more than it being wrong or mistaken, it means deliberately, intentionally false.
This new piece about end to end encryption is an opinion column rather than a news story and, again, anyone can make mistakes. Yet if we're not going to call this deliberately and intentionally false, we are going to call it irresponsible, and simply dangerous.
"Truly secure communication is really only possible in the analog world," concludes Bershidsky, "and then all the old-school spycraft applies."
If that seems a sudden lurch away from the topic of technology, it is. That reference to old-style espionage is there to stand up the reason Bloomberg illustrated this nonsense with a photo from a movie dramatisation of John le Carr's "Tinker, Tailer, Soldier, Spy."
The Bloomberg piece, again, isn't a column about security at all. It is entirely a dangerous piece looking for excuses to write something that looks good, and reads easy, with no room for actual explanations of what happened or why.