British, American and other intelligence agencies from English-speaking countries have concluded a two-day meeting in London amid calls for spies and police officers to be given special, backdoor access to WhatsApp and other encrypted communications.
[…]GCHQ, the UK agency which monitors and breaks into communications, has suggested that Silicon Valley companies could develop technology that would silently add a police officer or intelligence agent to conversations or group chats.
The moment these fascists turn the backdoor into a legal requirement and manage to steer it through their respective legislitave bodies – by calling it the If You Do Not Support This You Are A Pedophile Act or whatever – the game is pretty much over. The technology companies will roll over and implement these backdoors overnight – just look at how happily technology companies work with the Chinese government.
In fact, Facebook is already testing a backdoor in this style today:
To solve this problem, Facebook announced earlier this year preliminary results from its efforts to move a global mass surveillance infrastructure directly onto users’ devices where it can bypass the protections of end-to-end encryption.
In Facebook’s vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on the user’s device, scanning each cleartext message before it is sent and each encrypted message after it is decrypted.
This is going to happen, and it’s going to be a disaster.
I don’t have any what’s-app/whatever-socialnetwork account. Nor do I have any Facebook, and have not had any since 2014. To be honest, I will never go back to Facebook. I will not sign up for any other social networks. Other than those forums that I use for my hobby. Yet the big social networks are something that I will never sign up for again.
next they come to whatever else you may be using, Signal, Telegram, your email? Don’t think they stop a just WA, ..! :-/
As a tech worker this is very concerning. Even though there is criticism of current large companies, they come and go, however state is much harder to change.
Basically, I see three major differences:
1. It is easy to change companies, but not easy to change states. If I do not like WhatsApp, I can switch to Signal, Skype, or something else. If I do not like what the state is doing, moving to another country is not as easy.
2. Companies (generally) can be held accountable. At worst, post damage, people could be held accountable (remember Enron?). However states have something called “sovereign immunity”, and even if they are found guilty no one could be held accountable (unless they fell from favor among the political elite).
3. Companies are generally more open with what they are doing. At least it is easy to be a whistle-blower. However states can use NSLs, hidden courts, and all the might of the media to prevent any “leaks” of “not so positive” information.
So I would prefer to have the industry to come together and form a self regulating body to keepsafe user security and privacy. If it was left to bureaucrats with little experience on the matter, I will not expect a bright future.
sukru,
They had their chance, but they showed they’d rather profits over social responsibility. The industry is untrustworthy, and new “disruptors” will keep popping up and refuse to learn from the past.
And no amount of self-regulation can stop a government from demanding backdoor access. It’s harder to change the state, but changing the state (ie understanding voting for issues and not personalities) is the only way.
Yes, industry is missing their chance. They had done good work previously (like ESRB for game ratings when public became concerned), however I still think there is some time this time around too.
Even though state has some tools for change, it is generally too slow, and new bureaucracies almost never die. (Someone mentioned a “ratcheting mechanism”). And they tend to lie to get their way (“think about the children”, “don’t let the bad guys win”, “if you have nothing to hide” are some of the excuses they use).
We are still protecting communication oligopolies and not letting cities to build local ISPs due to some arcane rules. Same with Tesla being unable to sell their vehicles in many US states, or subsidizing corn at Federal level even though it is not the healthiest product:
https://www.downsizinggovernment.org/agriculture/subsidies
[ edit removed last part, it is same as (1) ]
Even the former head of the NSA thinks encryption backdoors are a bar idea:
https://twitter.com/GenMhayden/status/1153722298861535232
These days, freedoms are lost under the pretenses of : fighting terrorism, protecting children, or religious morality.
Matrix (https://matrix.org/) is starting to look better and better each day.
I know, it really seems like the solution to this crap.
Lennie,
The availability of secure alternatives isn’t the underlying problem. While clients and servers that are capable of integrating diverse protocols under one roof are nice, the effectiveness of any solution remains dependent on actually getting users completely off the centralized networks. We’ve been able to do P2P securely for eons, but without a critical mass of users, most communications will remain tethered to commercial services where communications can be compromised.
The reason why alternatives fail may not be technical, but simply the lack of widespread social acceptance. Without a killer application, it’s all but impossible to get the masses on board, meaning family, friends, coworkers, clients, leads, etc. Maybe you can convert a few, but competing with facebook/google/ms/apple/etc rarely works. And if a newcomer ever becomes a viable threat, most developers would sell out for the right price. Whatsapp sold out to facebook for $19B…who would blame them? I’m curious if anyone has a proposal to fix these problems?
Only killer app apart from for philosophical reasons to not use a centralized service (we can all list them) is: one app to connect to all the networks, nobody wants to use lots and lots of apps. One app is just easier to deal with.
Matrix is open source and does not depend on a company.
This was a direct result of Apple and Facebook refusing to grant access for criminal trials to iphones and message histories. For me, I think it is reasonable that, with a court order and judiciary checks, this information should be granted to criminal investigations.
What I don’t want to see is a return snooping charters which grant access without protections
Adurbe,
Too late:
https://www.youtube.com/watch?v=D2fSXp6N-vs
I disagree, communication should be secure, and the vendors should have no access to the actual message content. Otherwise we will continue to have huge data breaches each and every week. Instead the policy need to do their detective work and intercept communication at the targets, you know with microphone, spyglasses and what not.
The backdoor is already there they just need to carry on with the charade to deny there existence. They need the criminals to believe the platforms are safe or else they find themselves in an never end catch up game of software evolution.
It’s spy craft 101, like when the UK broke enigma they still had to allow civilian carrying ships to be sunk by U-boats.
It’s also why Apple’s publicly denies allowing access to encrypted devices despite the calls for it. Apple are not without a conscience, they will happily help whenever they can as long as you believe they haven’t! All the big enterprises are the same.
What was that? I couldn’t hear you over the sound of your tinfoil hat crinkling
Drumhellar,
In a post-Snowden world, believing everything’s above board is the unreasonable position.
Somewhat OT: while I’m not an expert on WW2 history, my recollection from what I have read was that the British put a fair amount of effort into both finding ways to act on intelligence gained through Enigma decrypts, while also attempting to avoid alerting the German forces to the fact that it had been broken. E.g. if they learned of a high-value naval convoy, instead of sending bombers first, they would send out a scout plane to give the appearance of having discovered the convoy by luck/accident, and THEN send out the bombers after a plausible amount of time.
So every one start using signal messenger:
https://signal.org/
which they will demand the same backdoor next.
yeah, well: apparently the UK already made a backup copy of all of EU’s SIS: UK unlawfully copying data from EU police system
https://euobserver.com/justice/141919 https://www.youtube.com/watch?v=WUHhAkCGfhs
The back door is already legislated in Australia. And I think it was Australia which brought it the the 5 eyes attention since they are members.
https://www.schneier.com/blog/archives/2018/12/new_australian_.html