UK Police Deems HTTPS Use an Act of Terrorism

A man arrested by UK police for engaging in terrorist activities has been charged with publishing his blog using the HTTPS protocol. Samata Ullah, 33, from Cardiff, was arrested and charged with six terrorism offences related to his blog, which purportedly contained instructions on how to use guided missiles and disguise USB drives as cufflinks, designed to aid ISIS operatives, with “the intention of assisting another or others to commit acts of terrorism.”

One curious charge levelled against Ullah, though, is “developing an encrypted version of a blog,” which can only refer to his use of HTTPS to publish his site. HTTPS is a secure internet protocol which is increasing in popularity online since it protects internet users from eavesdropping or tampering. Using HTTPS to publish a website is considered best practice, and most social media sites, including Twitter and Facebook, use it.

Internet encryption is not illegal in the UK – not yet, anyway, and it is already illegal to withhold encryption keys from police – so it is strange, to say the least, to see it (and hiding USB drives in cufflinks, which, again, doesn’t appear to be a crime in of itself) attached to charges of terrorism. While Ullah may well be guilty of encouraging terrorist activities, the fact that these secondary, seemingly innocuous charges regarding encryption and concealed storage devices is worrying, and could be seen as a test case to scrutinise their legality in the interest of public safety.