Privacy

by Tim Cushing


Filed Under:
backdoors, communications, encryption, uk

Companies:
whatsapp



WhatsApp Reportedly Rejected UK Government Demand For Encryption Backdoor

from the under-pressure dept

The UK government has apparently already asked WhatsApp to provide it with an encryption backdoor, according to Sky News. The app developers were told they needed to come up with a way to give law enforcement access to message content but WhatsApp politely declined the probably not-all-that-polite "request."

That doesn't mean WhatsApp doesn't have anything it can give the government when it comes asking.

Sky News understands that WhatsApp co-operates with law enforcement to provide the metadata it does hold - the name of an account, when it was created, the last seen date, the IP address and associated email address.

WhatsApp says it "appreciates the work that law enforcement agencies do to keep people safe around the world. We are prepared to carefully review, validate and respond to law enforcement requests based on applicable law and policy".

But it does point out it can't give law enforcement what it doesn't actually have.

[T]he company argues that it can't provide data that WhatsApp itself does not collect in the first place, including the contents of a message.

Encryption didn't seem to be much of an issue in many recent terrorist attacks, but its use is undoubtedly on the rise. It's unclear what the government showed or told Sky News, but this assertion seems dubious at best.

Sky News understands that 80% of investigations into terrorism and serious crime are now impacted by encryption.

As is the case over here, law enforcement officials are arguing WhatsApp and other encrypted message services should sacrifice user security for the good of the government. While cybersecurity experts continue to point out the nonexistence of backdoored-but-secure unicorns, intelligence officials continue to assert it can be done. All that needs to happen is for messaging services to make their products a little bit less safe.

UK intelligence officials believe a compromise could be possible - pointing out that cybersecurity isn't binary and that services offer different levels of cybersecurity to deal with different levels of threats.

WhatsApp is unlikely to budge on its backdoor rejection, leaving it with the real possibility of exiting the UK market if the government turns its requests into encryption-targeting law. And, as the UK goes, so goes Australia. The Australian government has been echoing the anti-encryption rumbling of Theresa May and other officials, indicating it too would like encrypted services to not be quite so encrypted.

It's not as though UK law enforcement/intelligence services don't have lawful options if WhatsApp refuses to budge. As cryptography expert Riana Pfefferkorn points out, there's more that can be done, even if it won't be as easy as firing off a warrant.

Riana Pfefferkorn, a cryptography policy fellow at Stanford University, said she sees a legal battle coming if the UK continues to force the issue, but she doesn't necessarily think the UK wants that fight.

If courts determine that the Investigatory Powers Act is too broad, the public defeat in their fight against encryption would be a lot for the UK to overcome. Instead, Pfefferkorn said the government might just try hacking for the information they want, a power that the IP Act also allows.

"There are other avenues they can take to try to achieve the same end," she said.

For now, WhatsApp message content is still out of reach of everyone but users engaged in conversation. Metadata and lawful hacking are still in play, even though most officials prefer an easier route. If pressure continues to mount, WhatsApp may exit markets rather than compromise its users. As much as intelligence officials may believe cybersecurity to be something other than "binary," the companies they're applying pressure to really only have two choices: give in to the government or exit market left. Neither are palatable options.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    PlagueSD (profile), 21 Sep 2017 @ 12:26pm

    Cybersecurity and encryption have ALWAYS been "binary". You're either "secure" or you're "compromised". There is no in-between.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Sep 2017 @ 12:29pm

    Sky News understands that 80% of investigations into terrorism and serious crime are now impacted by encryption.

    Instead of traditional impacts like fire and sound wave dissipation.

    reply to this | link to this | view in chronology ]

  • icon
    Roger Strong (profile), 21 Sep 2017 @ 12:54pm

    Sky News understands that 80% of investigations into terrorism and serious crime are now impacted by encryption.

    The US Securities and Exchange Commission (SEC) already requires every person in the financial industry to make every e-mail, cellphone text and financial record available to the SEC in order to enforce insider trading and other financial rules.

    Thousands of bankers involved in fraud set off the 2008/2009 financial crisis, costing the U.S. taxpayer trillions of dollars. All that surveillance produced zero convictions. Adding encryption would not have had any impact.

    Sky News should explain that before "understanding" the impact of encryption.

    reply to this | link to this | view in chronology ]

  • icon
    TechDescartes (profile), 21 Sep 2017 @ 1:06pm

    Lies and Statistics

    Sky News understands that 80% of investigations into terrorism and serious crime are now impacted by encryption.

    This statistic is obviously false.

    The answer is 117%. Because they bring it up every. single. time. there is a terrorist attack and also times when there is not, just for good measure.

    reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 22 Sep 2017 @ 5:50am

      Re: Lies and Statistics

      47% of statistics are made up on-the-fly while 23,569374% are taken directly from arseholes.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Sep 2017 @ 10:22am

      Re: Lies and Statistics

      "Impacted" is such a weasel-word that the statistic is just meaningless, rather than true or false. It could mean encryption hampered the investigation, or it could mean they checked someone's browser history and saw an https link. Or maybe it has nothing to do with the target, but the investigator saw a certificate warning while Googling for them.

      reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 21 Sep 2017 @ 1:08pm

    The "good of the government"

    The good of the government is not the same as, and often runs contradictory to the good of the public.

    WhatsApp says it appreciates the work that law enforcement agencies do to keep people safe around the world

    Hopefully this is also to say WhatsApp appreciates the work that law enforcement agencies do to secure their own positions of power, often at the expense of the liberty and welfare of the public.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Sep 2017 @ 1:10pm

    Sky News is not credible. No News Corp companies are credible.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 21 Sep 2017 @ 3:26pm

    "We need to destroy your safety and security in order to protect your safety and security."

    Sky News understands that 80% of investigations into terrorism and serious crime are now impacted by encryption.

    Meanwhile 100% of investigations into terrorism are impacted by how much work the agencies are willing to put into them, such that if they can't be bothered to do their jobs and instead want everything handed to them on a silver platter they're not going to get much done.

    They have never, and will never have access to every bit of data they might want to have access to, so they need to stop tying to undermine public safety and security at large and focus on doing what they can with what they can get without causing massive problems for public safety and security.

    reply to this | link to this | view in chronology ]

  • icon
    Eldakka (profile), 21 Sep 2017 @ 10:23pm

    Sky News understands that 80% of investigations into terrorism and serious crime are now impacted by encryption.

    Considering that the GSM cell phone standard includes encryption from the handset to the base-station, but no further, it would not be a surprise to learn that 80% are impacted by encryption - because if it involves a mobile phone it should be encrypted as per the standard.

    However, the GSM standard only requires handset to base station encryption, therefore if the intelligence services have access to telco feeds (either from a co-operating telco or surreptitiously), they can collect the data once it's de-crypted at the base station (i.e. the cell tower) and enters into the telco's backhaul network.

    Even then, most of the mobile network encryption ciphers have been cracked and are subject to real-time cryptanalyst if the eaves-dropper can't get the unencrypted data from the telco's network directly.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Sep 2017 @ 4:03am

    Instead, Pfefferkorn said the government might just try hacking for the information they want, a power that the IP Act also allows.

    Indeed that would probably be easier.

    But that would have to be targeted. What they want is a backdoor into all 'encrypted' messages so they can go fishing.

    reply to this | link to this | view in chronology ]

  • identicon
    John E Cressman, 22 Sep 2017 @ 7:20am

    No... please... no...

    No, don't force WhatsApp to pull the app from the UK marketing because then terrorists will NEVER be able to get it...

    Oh wait... of course they will.

    reply to this | link to this | view in chronology ]

  • identicon
    Samir, 23 Sep 2017 @ 8:33am

    I am a mobile phone and software encryption specialist. Contact me if you need a phone or whatsapp hack.
    email: eightspyders@gmail.com

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Oct 2017 @ 6:23am

    Nice PR by Facebook.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer
Anonymous number for texting and calling from Hushed. $25 lifetime membership, use code TECHDIRT25
Report this ad  |  Hide Techdirt ads
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.