Encrypted Messaging

[FourPart]

Something that has been in the news recently is the case where the authorities are 99% certain that there is some relevant information regarding the London Terrorist incident to be found on his WhatsApp account, but due to the encryption protocol are unable to access it, and WhatsApp are refusing to allow them access to this.

Therein lies the ethical question. What price the cost of Privacy?

Personally, I am all in favour of encrypted privacy, as it is the best defence against Spammers, Scammers & Identity Theft & all sorts of Cyber Security. However, I believe that when it comes to National / International Security & other levels of Criminal Investigation, then the relevant authorities should be allowed access to this. I have always been a believer of the "If you have nothing to hide, you have nothing to worry about" principle. However, I am also aware of the strong leaning from others towards it being the "Thin end of the wedge towards Big Brother". Remember, this isn't merely restricted to acts of Terrorism, but a plethora of other criminal activities as well. After all, the security of WhatsApp encryption is a Godsend for Paedophiles to share their images, for example. Is this a valid argument or is it just Scaremongering?

Opinions?

[spot]

FourPart;1507901 wrote: due to the encryption protocol are unable to access it, and WhatsApp are refusing to allow them access to this.


That's not true at all.

The WhatsApp encryption protocol isn't a secret. Anyone can see the protocol. What's secret is the one-time keys protecting a single message. Nobody, including WhatsApp the company, knows the secret keys - they're made when needed and thrown away immediately afterwards.

The WhatsApp code encrypts the content from the sending phone all the way to the receiving phone. It can't be decrypted by anyone along the route. It can't be decrypted by WhatsApp the company. It can only be decrypted by WhatsApp the app, at the one handset to which it was sent.

The government can - and does - plant monitoring patches onto any Apple or Android phone used by someone they consider suspicious, and that patch will copy all the WhatsApp messages in cleartext to the government agency who's monitoring it.

If the government doesn't have a patch on a specific handset then they don't get to see the content. They can't go back and check what was sent unless they had a monitoring patch in place at the time. They weren't, they say, monitoring the chap in Westminster's phone though I can think of several good reasons why they might be lying when they claim that.

The government could, if it chooses to, put the patch on every phone in England and see the plaintext of any WhatsApp messages after an event. That's their option, it's easy to do, and it would work.

As for putting a backdoor into WhatsApp itself, on the other hand, it is absolutely impossible to do that and prevent crooks from using the backdoor too. That's a process called reverse engineering. No code can contain a secret. If code has a backdoor then reverse engineering will tell any skilled coder how to use the backdoor. The backdoor might consist of a weakened protocol instead of an override login but again, reverse engineering would show a criminal how to take advantage of that weakness and read encrypted messages too.

What crooks do at the moment is they put patches onto phones when they can. They get permission from the phone owner by social engineering - that's what we used to call lying. Then they steal bank account logins and steal money. Stealing money on a phone has nothing to do with encryption, it's to do with some daft prat giving consent to a bogus app to watch his keystrokes.

Perhaps the government could settle for every phone in the country carrying the government patch from the moment of manufacture, with the code of the patch guaranteeing that the only destination it could send its intercepts to is a government server. That would work, that would be legal and it wouldn't help criminals.

Putting a backdoor into WhatsApp would let any aware criminal, not just the government, see what people were writing to each other.

There are a hundred apps like WhatsApp. Putting a government-access backdoor into each of those, one app company at a time, seems a major undertaking. A hundred new WhatsApp-like apps with no backdoor would spring into existence the following week. Putting one keystroke monitor patch onto each phone for the government, to watch the traffic on any of those hundred WhatsApp-like apps, seems more of a possibility.

Spammers, Scammers & Identity Thefters never ever break any encryption on a phone, they invariably fool people into giving permission for the criminal to be told what's being typed or stored on the phone. The time when they might break encryption is if they steal millions of weakly-encrypted login passwords and usernames from an online company, if the encryption they're breaking at that level is badly constructed which it very often is.

[Bryn Mawr]

Last time this happened the (US) government went to the Israelis and they decrypted it for them - secure is a relative term.

Mind you, I think they were only following form and they had a back door all the time - just couldn't be seen to be using it.

[spot]

That wasn't a messaging protocol, it was the unlock key to make the storage content visible.

Apple had coded a memory-wipe lockout after ten tries, and had taken steps to prevent the memory being copied elsewhere and a million tries being performed for all possible six-digit access codes.

The agents hadn't made ten tries so the memory was intact. The bypass was in successfully taking the memory copy despite the attempted barrier Apple had put in place.

WhatsApp wipes memory securely after the message exchange, the message content would have been gone by then if it had been deleted or not stored.

[minks]

If you are involved in any kind of criminal activity you should be investigated, and exposed, right down the label on your underwear.

You committed a crime, you loose your rights.

Truly this world has lost sight of consequences. Maybe if there were harsher consequences there would be a few less crimes.

[spot]

minks;1507916 wrote: If you are involved in any kind of criminal activity you should be investigated, and exposed, right down the label on your underwear.

You committed a crime, you loose your rights.

Truly this world has lost sight of consequences. Maybe if there were harsher consequences there would be a few less crimes.


Perhaps you could give your opinion on whether you should lose your rights - if indeed you actually have any right to privacy at all - before you commit a crime. Everything discussed in this context, by Amber Rudd (our Police Politician) or the Prime Minister, is about whether someone suspected of potentially becoming a criminal should be bugged. Do you insist (you seem to, if I'm reading your post right) on there being evidence that they're involved in any kind of criminal activity? Or is suspicion sufficient.

[minks]

you committed a crime you loose your rights.

Perhaps my wording is incorrect, you are convicted of a crime, you loose your rights. Authorities can look further into your activities and dig deeper.

Not suspected of doing a crime. Gosh then we will all be bugged.

[spot]

minks;1507920 wrote: you committed a crime you loose your rights.

Perhaps my wording is incorrect, you are convicted of a crime, you loose your rights. Authorities can look further into your activities and dig deeper.

Not suspected of doing a crime. Gosh then we will all be bugged.
So what's wrong with the current law, then? The chap in the background of this thread committed a crime and he was shot dead by government authority within two minutes of doing it. I've not seen anything saying that was the wrong outcome. Who do you want to bug?

[minks]

Meh I don't follow the current laws on this anywhere, I am just of the belief that once convicted, your rights to privacy should be revoked because you may be a part of a much larger ring of crime.

[spot]

If the bugger was still alive and in custody, they'd be able to read the missing message. The only reason the secret no longer exists is that he can no longer recall it for the authorities.

The same applies to that rather bigger fish Osama Bin Laden too, of course.

[Saint_]

FourPart;1507901 wrote: Is this a valid argument or is it just Scaremongering?

Opinions?


I'm ambivalent. Governments have always spied on their own citizens, and always will...till the end of time. The thing I worry about and what worries most men of good will is the amount of spying. You want to take pictures of me driving around town at the streetlights. Fine. You want to listen in to my living room conversations through my TV? Go to Hell.

Like most people who have nothing to hide, I operate under the general rule, "If you don't want to be spied on, don't be a criminal." That's incredibly naive, I know, but oh well.

Interestingly, I had a conversation the other day with the Verizon guy:

Dumb Verizon guy: "Your PIN number matches your last four digits of your SS number. You should change that. It isn't secure.

Me: "Why isn't that secure?"

Guy: "Someone could get it use it and set up other lines."

Me: "Did you just tell me that Verizon can be hacked?"

Guy: "No."

Me: "How is the hacker going to know my PIN if he doesn't get it from you?"

Guy: "Um. He could get it somewhere else."

Me: "Put a note in my file not to call me until after 3:00 pm anymore."

Guy: "I can't do that."

Me: "You have a computer and my file, right? Are you looking at it on the screen?"

Guy: "Yes."

Me: "Well just put a message on the file for the next guy not to call until after 3."

Guy: " I can't do that, you can tell them next time to call you back later."

Me: "Did you just tell me that you are going to continue to bother me at school, whether I want you to or not?"

Guy: "No."

Me: "Are you recording this conversation?

Guy: "Yes."

Me: "Then would you please forward this to your supervisor and inform him that your marketing strategy is PISSING ME OFF!"

*CLICK*

[Wandrin]

Saint_;1507947 wrote: I'm ambivalent. Governments have always spied on their own citizens, and always will...till the end of time. The thing I worry about and what worries most men of good will is the amount of spying. You want to take pictures of me driving around town at the streetlights. Fine. You want to listen in to my living room conversations through my TV? Go to Hell.

Like most people who have nothing to hide, I operate under the general rule, "If you don't want to be spied on, don't be a criminal." That's incredibly naive, I know, but oh well.

Interestingly, I had a conversation the other day with the Verizon guy:

Dumb Verizon guy: "Your PIN number matches your last four digits of your SS number. You should change that. It isn't secure.




What legitimate reason could Verizon possibly have to know your SS number?

[Clodhopper]

In theory I might be in favour of the right to privacy being revoked while an investigation is going on but I think it should be returned when the conviction happens or the sentence is completed (not sure).

But I don't go with this,"If you have nothing to hide you have nothing to fear" thing. It's just not true. Sadly, there are corrupt police and government officials in all countries except possibly Antarctica and with a partner from Chile who grew up under Pinochet I'm very aware that the innocent suffer most in corrupt states.

[FourPart]

minks;1507920 wrote: you committed a crime you loose your rights.

Perhaps my wording is incorrect, you are convicted of a crime, you loose your rights. Authorities can look further into your activities and dig deeper.

Not suspected of doing a crime. Gosh then we will all be bugged.


It's a Catch 22 situation then. You lose your rights to privacy once convicted of committing a crime. However, in order to convict you of committing that crime you first need to have those supposed rights to privacy breached. Innocent until proven guilty, remember.

In my opinion authorites should have full access to encrypted files - after following due procedure to obtain legitimate warrants, of course, and in order to attain those warrants should have to demonstrate reasonable cause for suspicion.

[spot]

FourPart;1508103 wrote: In my opinion authorites should have full access to encrypted files - after following due procedure to obtain legitimate warrants


The person we're discussing was shot dead before he could be questioned.

How would you like the authorities to have full access to encrypted files in this instance?

[FourPart]

spot;1508104 wrote: The person we're discussing was shot dead before he could be questioned.

How would you like the authorities to have full access to encrypted files in this instance?


I would consider his actions to be classed as "Reasonable Cause".

[spot]

FourPart;1508106 wrote: I would consider his actions to be classed as "Reasonable Cause".


Okay - so they have "Reasonable Cause" because he mounted the pavement on Westminster Bridge?

Two minutes later he's dead. And you can't ask a dead guy what the password is. He's dead already.

You couldn't plant a keystroke logger on his phone earlier, because he wasn't a suspect until he reached Westminster Bridge?

Are you happy with the intelligence services putting keystroke loggers on every phone in every Carphone Warehouse in the country, just in case, for next time? What's the "Reasonable Cause"? Or is that a reasonable response - to put a keystroke logger on every phone. If you do, the bad guys will just disable it before they use the phone because they'll know it's there on every phone on sale, and how to disable it. And if you don't bug every phone in creation, even if he'd become a suspect last Christmas and you'd bugged him back then, he'd just step into a Carphone Warehouse and pick up a handset the day before reaching Westminster Bridge and do his secret texting or phone calling on that unbugged phone instead.

I've seen no practical answer so far.

I can offer a practical answer, if anybody would like one - disable the rampaging knife-wielding terrorist non-lethally instead of shooting him in the chest, because then you can ask him for the password to his phone. Killing terrorists is extremely counter-productive because then you can't expose what he knows to public examination. And we're back to the Bin Laden puzzle - why on earth was bin Laden deliberately executed instead of arrested for questioning.

Stop killing terrorists. They're criminals. They're supposed to be arrested with the bare minimum of necessary force. We do not live in a video game.

[spot]

This, for anyone following the game, is still in play:

To follow up on the recommendations of the High-Level Group17, the Commission will present
in the first half of 2025 a roadmap setting out the legal and practical measures it proposes
to take to ensure lawful and effective access to data. In the follow-up to this Roadmap, the
Commission will prioritise an assessment of the impact of data retention rules at EU level and
the preparation of a Technology Roadmap on encryption, to identify and assess technological
solutions that would enable law enforcement authorities to access encrypted data in a lawful
manner, safeguarding cybersecurity and fundamental rights.

https://eur-lex.europa.eu/legal-content ... 2025PC0148

(bolding mine, document dated April 2025)

[Bryn Mawr]

This, for anyone following the game, is still in play:

To follow up on the recommendations of the High-Level Group17, the Commission will present
in the first half of 2025 a roadmap setting out the legal and practical measures it proposes
to take to ensure lawful and effective access to data. In the follow-up to this Roadmap, the
Commission will prioritise an assessment of the impact of data retention rules at EU level and
the preparation of a Technology Roadmap on encryption, to identify and assess technological
solutions that would enable law enforcement authorities to access encrypted data in a lawful
manner, safeguarding cybersecurity and fundamental rights.

https://eur-lex.europa.eu/legal-content ... 2025PC0148

(bolding mine, document dated April 2025)

I have no problem with having a backdoor with a one time key system being written into each and every commercial encryption algorithm as long as the legal safeguards are in place to ensure that it is secure and not abused by governments and the police.

The only trouble with that is the fact it’s so easy to write a home brew messaging system that cannot be cracked for small scale communications.

[spot]

I agree entirely with your constraints on the authorities, but the bad actors are outside of the law and will have no such delicacy.

Code: Select all

john@L14:~$ cat to-ted.base64 
ove4T+w+SdX2HRc2oPR6HlbCga5OUfSxOEFqNLp9me9tca5xjjIMoZg01N8qvxoO5IwR/VXAt1tz
W5/7r/A7xvB8NYgUs0RAbQlTsUYVAQwTzldbifvwDnZGgW0d1oDDCz7tpJAjWyRaGawuPKoTVMhm
POO1LWqP/ercNLW6WN5Jv3Juy/ni5szqol5RPig6H8NkreAj9Q17sI/RstIoHW7SKDLITQp5GCfA
onCUEuEfYZrk9aytgAJLnKQxPgGwkG9vqf6CglY55MlTVfYG6W0aaW0CBGZrTzNUgsxhpRq/Zj1l
NZDoZluiBFk1NGGOqyLEMT6EdMqJvo3tGMIigX3e8NP5DYL9Pt5//1pNfeyJQx04wzzbOhFtBtyV
MoZPyvBAQn79QrMSIDdvEt1ljFopeUQFQUpPsOWKfB2mT7azHg9pPvKlihwRWESg8fbOiZFpOYA9
uF3SoG9JwOIAKHXVzVssMmGPbz7rbl60tIkO2wqvwhkGJgRgGsccoDZ8Ehz2nv0527BreV+hwyML
chBHEXQSoHTUqHvUngZ6trsThtseAlF3VRGPYe1UG4NDL2MelsdQF3ReU7aU9587C6qJ65+AcUA4
1FkXtfXulgrnoEpSdKnE9EPxgDoP/ppY16ImS9qfKr+bBv/dwM/qo1zthTqsNOklh38gyTm9OHcY
MC6b4XUPCstf0bslz6juVso3BzGqs4eewyTjkEFpUzAeWlIDToR+oShdnfLm2SSBSFi4+EUGCrLb
THq0Cl9v99jGaKNwcL3lmfJZ6yPrvZzHCDLzNCOVtFpwa9lLNBhWoWhiKt9Z9pgz955MJjiAXw/f
5QlDS3nEdkRVqi6lbJbef2T+vJkG/5k1zml9w9KLRumZNXD2SezWrdN4uVVGw4Z4l748TEkeoM0v
mzH2uwad0/oq6b0chVUQ69QgFn/+BX6C86UWgCSa+hiSgtLvArgD+0MKWhmiwiC2h3T2lA1UpQWO
6OstX6tsl1R51ROdvSCGyRpczKqpoa2V16DelRKAyuXyLwhV216d0pG7cjtaYQHbk9LEvyrsYgcs
SGwULfHFqeicUs5x7nnn4XqzJhNG50i3/QuqMvOA+tN9VyDhjqAwv7pnfgpSUABrJ0VykH0t9maa
wW6nKRR+OE/JQhFieah5rfjzjtIFfau3vNn4ACZ33zHtlAonrJa0dfYmO61xJ7hzwC6Fa2Q=
john@L14:~

Assume everyone sticks with fully secure key pairs.

I start with a plaintext. I do something to the plaintext which distorts it in a way that only the owner of a secret can reverse. That secret, universally at the moment, is a private key paired to the recipient's public key. The sender doesn't know the recipient's private key so even the sender can't decrypt what was sent.

So backdooring in this case involves sending it twice - encrypted to a private key known to the recipient only, and sent again encrypted to a key known to the authorities only. And that hasn't weakened the encryption process, so bad actors can't break in (unless the authority private key is stolen, which makes it a desirable target - think how many such keys were acquired during DRM cracking).

Or you can weaken the encryption. I can't think of an alternative to these two approaches. You can't just append the decryption password to the message in some jumbled form because you don't know it, you only know enough to encrypt the plaintext in the first place.