WhatsApp Again Affirms It Will Not Break Encryption To Appease Government Entities
from the governments-invited-to-go-fuck-themselves dept
The debate over end-to-end encryption continues in the UK. It’s really not much of a debate, though. government officials continue to claim the only way to prevent the spread of child sexual abuse material (CSAM) is by breaking or removing encryption. Companies providing encrypted communications have repeatedly pointed out the obvious: encryption protects all users, even if it makes it more difficult to detect illicit activity by certain users. It’s impossible to break encryption to detect criminal activity without breaking it for every innocent user as well.
Sometimes the UK government argues with itself. The Information Commissioner’s Office put out a report earlier this year that stated encryption was essential to children’s online safety, directly contradicting assertions by other UK government entities which claimed breaking encryption was the only way to protect children.
At the center of this debate is WhatsApp, the popular messaging service that has provided end-to-end encrypted messaging since early 2016. And since that point, multiple governments have tried to get WhatsApp to ditch encryption or, at the very least, provide them with backdoors. That includes the UK government, which made its request only a few months after WhatsApp finished rolling out its end-to-end encryption.
WhatApp rejected the UK government’s request in 2017. That hasn’t stopped the UK government from repeatedly approaching the company in hopes of talking it out of its encryption. And nothing has changed for WhatsApp, which has again made it clear it’s not interested in compromising user security on a country-by-country basis.
Will Cathcart, who has been at parent company Meta for more than 12 years and head of WhatsApp since 2019, told the BBC that the popular communications service wouldn’t downgrade or bypass its end-to-end encryption (EE2E) just for British snoops, saying it would be “foolish” to do so and that WhatsApp needs to offer a consistent set of standards around the globe.
“If we had to lower security for the world, to accommodate the requirement in one country, that … would be very foolish for us to accept, making our product less desirable to 98 percent of our users because of the requirements from 2 percent,” Cathcart told the broadcaster. “What’s being proposed is that we – either directly or indirectly through software – read everyone’s messages. I don’t think people want that.”
It’s good to see WhatsApp take this stand (again), even as the voices clamoring for the end of encryption are now claiming its primary purpose is to allow distributors of CSAM to escape justice. It’s pretty tough to take a principled stand when opponents are accusing you of siding with child molesters.
And the pressure isn’t going to let up. The UK government still believes it is entitled to encryption backdoors. The European Union, which the UK recently exited, has expressed the same desire for broken encryption, using the same disingenuous phrase trotted out so often by the likes of FBI Director Chris Wray: “lawful access.”
But simple refusals like these allow companies to call governments’ bluffs. If governments can’t get the backdoors they want, they’ll have to decide whether they want their citizens to have access to encrypted communications. And while it may seem some governments don’t want their citizens to enjoy this protection, very few have been willing to eject popular services that won’t comply with their demands.
Filed Under: csam, encryption, surveillance, uk
Companies: meta, whatsapp
Comments on “WhatsApp Again Affirms It Will Not Break Encryption To Appease Government Entities”
I’m going to side with the British government on this one.
These people could be sharing CSEM, and that’s reason enough for encryption to be broken.
I just don’t understand why the government doesn’t use RIPA to jail the people until they cooperate like they do with other people who refuse to tell them a password.
Re:
Do you realize that you are agreeing that the government can monitor everything you do online, in case you are sharing CSAM. Enjoy your life in the goldfish bowl.
Re:
You could be sharing CSAM, your communications should all be public, including your banking and health data. Because that’s what you get with broken encryption and assuming the line that “someone, somewhere COULD be sharing CSAM”.
And Oh my, the little authoritarian tyrant inside you is very, very loud isn’t it? Forcing people to share their passwords based on “they could be sharing CSAM” is any dictators sweet dream. What do you think of Russian govt throwing the book at Ukranians to share their passwords because they “could be sharing CSAM”?
And please enlighten us how are we going to do online banking, govt services and virtually any service that needs authentication to protect abuse by crooks with encryption broken.
Re: Re:
Banks, government websites and stores aren’t even remotely the same as communication platforms.
Re: Re: Re:
Not when the data is in transit. which is what WhatsApp protects. in transit, Encrypted data is encrypted data. They can’t verify its actually a banking transaction unless they look at it, and encryption prevents that.
Thats the whole point, for encryption backdoors to work, they need to be ubiquitous, and once they are, someone who shouldn’t use them will find a way to use those backdoors.
Re: Re: Re:
Yes they are. They use encryption the same way. You don’t break encryption to communications without breaking for all.
Re: Re: Re:
Fuck me to tears, but if you had a brain, you’d be dangerous. As it is, you are not yet equipped to deal in an adult fashion with the actual definitions of the words you used. I should flag you for being as stupid as the guy who puts a turd in the punchbowl, but instead, I won’t do that…. you’re one of those that we keep around for the laughter value.
Thanks for the yucks.
Re: Re: Re:
When you make a payment or check your balance, you’re communicating with your bank. When you contact your local councillor or MP, you’re communicating with the government. And when you put in an order on Amazon or Tesco’s website, you’re communicating with those websites. So, you were saying?
Re:
You know what would catch even more criminals? A government mandated camera in every room of every home, so that they could monitor what anyone was doing at any time of the day or night.
Will you volunteer to be the first person to submit to 24/7 surveillance?
Re:
Okay then, I request a copy of ALL your communications, everyone you’ve ever contacted, and every website you’ve visited. After all, you could be sharing CSAM.
Just because a tool can be abused by malicious actors does not justify taking that tool away from EVERYONE who is using it for it’s intended purpose. The tool is not the problem, it’s the person using it.
Re:
You must be a government employee, probably a British one, yes? Because you don’t realize that absolutely every government official and employee uses encryption to communicate with their superiors, their underlings, with each other, and with their counterparts in other countries. All in the name of keeping the public (you know, the ones who pay their salaries) in the dark. “Wouldn’t be cricket to have the hoi-poi learning what we’re doing to them, now would it?”
And while we’re at it…. did you not ever stop to think that…. Oh wait… no, you didn’t. Here, let me help you out. Let me ask you, do you honestly believe that CSAM came about because of the internet was invented? That there was no such thing before 1993? Really? ‘Cause I’ve some bad news for you – it’s been around a helluva lot longer than you and/or I have been living, I’m here to tell you. History is full of stories of this kind of thing, the people who perpetrate it, and the people who hunt them down and jail them.
So in the end, all this will do is drive them further underground, where it’ll be way more tougher to catch them, ala the Backpage fiasco, and the harder time the police now have of trying to catch these bastards. Yes, yes, yes, a child saved is a child saved, and that’s a good thing, no one’s arguing against that. But as in all things in life, there are compromises. Most of the time, a compromise leaves a feeling like “it could’ve been worse, but it’s OK”, whereas here it’s like “Do we cancel the safety of absolutely everyone on the internet, just in case we might catch one bastard?”. No, that’s not gonna fly, there are too many known needs for encryption, and if most quoted figures are correct, only a rounding error in terms of how many CSAM abusers are also using the internet.
Next time, I suggest that you think it through before you let your emotions get the better of you. IOW, don’t lead us to think that you’re suffering from constipation of the brain and diarrhea of the mouth, ’cause it’s not a pretty picture. Such people often get flagged into oblivion, if you know what I mean.
Re:
I live in Singapore, and they’ve already sued the cousin of the Prime Minister over a “private” Facebook post.
I assume that EVERYTHING I do is monitored, logged and worse, not because I am a criminal, but because I am a Singapore citizen and we don’t get to enjoy any rights outside of the bottom of Maslow’s hierarchy.
I will also assume I can get sued, or arrested for no good reason at any time, and no one will be willing to lift a finger to help me.
And COVID made the entire situation worse since now they also have access to location data “for contact-tracing purposes” and I know they’ll just abuse the damn thing for totalitarian purposes.
If you really want me to continue living that sort of life then please kindly DIE.
Every time, every last time, without any exception, any time a government has been able to abuse an investigation tool, it has been abused. Every time, every single last time “We will only use it for X, HONEST!” it never was.
CSAM is the excuse. Successful prosecution and convictions were obtained long before digital encryption. All breaking encryption does is to save thought and shoe leather. I have been one of those people charged with finding people doing things they shouldn’t be. Their weak point is never technology, it’s stupidity. Can’t encrypt stupid.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
Do it. Lets do it for 1 week.
Lets see what they THINK when the police use phones that are not encrypted.
Lets see how the internet runs when the gov. Cant send Private msgs.
Re:
They’d lose it if someone ever showed them that their “encrypted” radio traffic was a simple
[tech details self censored].
In the US, the feds and really large cities are about the only ones with effective encryption on their radio traffic last I checked. It has been a while though.
Re: The 'You first' test
Any company that’s faced with a government ‘request’ to cripple encryption should respond by telling the agency/individual involved that they’re willing to consider a test run of it entirely comprised of the accounts for anyone who works for the government, both their personal accounts and work ones.
If encryption is only used by criminals they wouldn’t want to use it themselves after all, so they should have no problem going without so the company can see how well it works out.
Criminals use privacy, down with privacy!
Criminals sharing illegal content use encryption to prevent law enforcement from knowing that they are doing so, this is a fact. At the same timme vastly more people, including kids use encryption to protect themselves from criminals, so if you get rid of encryption to possibly catch criminals you do so at the price of the public’s privacy and security.
Gutting encryption would be a minor speedbumb for criminals but it would be enormously overshadowed by the countless non-criminals who’s information would be ripe for the picking, causing not a reduction in crime but an explosion of it.
It’s good to see WhatsApp take this stand (again), even as the voices clamoring for the end of encryption are now claiming its primary purpose is to allow distributors of CSAM to escape justice. It’s pretty tough to take a principled stand when opponents are accusing you of siding with child molesters.
But only child molesters and distributors of child porn fully realise the value of encryption and would knowingly use it, which is why every single employee of GCHQ and the NSA should be arrested for sexual abuse of children without delay.
Re:
And politicians. Of all stripes.
Who knows what they could be doing to the children?
Re: You must admit, they make a compelling case for their argument
As they like to frame it only criminals want or use encryption.
Government agencies use encryption.
Therefore…
mobiles
Nice Post!!!