The title is misleading. WhatsApp is not “refusing” to do it. It physically, programmatically, mathematically, cannot do it. By design.
What are the authorities in England clamoring for? Outlawing encryption?
Gotta love this: “Police in Germany knew Anis Amri was planning a suicide attack nine months before he drove a lorry into a packed Christmas market in Berlin last December, killing 12, because they had been able to access encrypted Telegram messages.” Yes, being able to access encrypted messages did a lot of good, didn’t it?
I don’t see how they can do that (“ban” it that is). The various encryptions’ math is out there, available to everyone. So are encryption libraries. Even if they manage to ban those, any half-way competent programmer can write it from the basic principles reasonably quickly.
If governments manage to intimidate major software companies into building backdoors for the intelligence services into all their communication software, there will be lots of small, foreign, companies that will provide this service. Or the particular terrorist or other groups will write their communication software themselves. It will be cruder than the slick stuff out there right now, but it will do the job.
The best the government can reasonably hope for is to make encryption illegal. Doing so will not prevent it’s use by bad people. I suspect Telegram will lose users over this publicity. WhatsApp may gain some.
Banning encryption is stupid. (See Okrahoma’s post.)
Requiring services to be able to initiate a tap on a specific person’s conversations, if there is a warrant, seems like a reasonable request though. The client and their servers would just need to be recoded to be able to selectively encrypt or not encrypt certain conversations.
This is a classic fallacy which probably has an accepted name but which I call the “steady state” fallacy. It’s the assumption that if you change only one thing, certain obvious consequences will follow, without taking into account other changes which will occur consequent upon the single change you make.
The thinking goes “terrorists’ electronic messages can be encrypted so we can’t read them. So if we ban encryption, then we will be able to read terrorist electronic messages”. But terrorist communication methods are not steady state. If one can read their electronic messages, they won’t communicate using electronic messages.
One will once again not be able to read terrorist messages, but now one will have prevented oneself from using encryption for benign purposes.
Good one. I’ll use that from now on. Although my particular example is perhaps a subset of the straight line fallacy. It’s where you are not only assuming a straight line, you are assuming the line will stay straight even while doing something that will surely upset it.
Either there is a backdoor in the system through which the internet service provider, the government, the Russian Mafia, Chinese Intelligence, 400-pound guys living in their parents’ basements in Joisey, etc, etc, ad infinitum can enter, or there is not.
In addition to the “steady state” / “straight line” fallacy, the UKcrats are trying to pull what in the US is known as the “Washington Monument” ploy (“You’re cutting our budget? Hokay, we’ll close the Washington Monument to save money. Have fun explaining to the tourists from your district.”)
In this case, the ploy rests on the pretense that there are no alternative means of investigation available (just as the Washington Monument ploy rests on the pretense that there are no better places to cut). Of course, this is nonsense. Hacking suspects’ phones and computers, planting hidden shoulder-surf cams, good old-fashioned shoe-leather work, etc etc etc work just fine, encryption or no encryption. Note that these methods require case-by-case deployment and thus are practical only for individual targets, not mass surveillance – a feature for citizens, but an intolerable bug for power-hungry apparatchiks.
As before; nothing to see here. He wasn’t a ‘terrorist’, no one is seriously making a case for this, a politician took the opportunity to represented the interests of the security services, move on.
I don’t know any terrorists, but I knew some higher level drug dealers who don’t trust commercial encryption, so they paid trusted coders to build them apps that use Steganography with deniable encryption to communicate with each other. From the outside, all anyone can tell is that they are sharing funny joke pictures with each other, and the messages are hidden in the pictures.
This is why banning encryption is useless. The “bad guys” are already using it, and will continue using it no matter what it’s legal status is.
Descriptions of the all-else equal fallacy go back to 2008 at least. I’m sure the concept is far older. The basic “all else being equal” idea is an assumption economists and statisticians make to simplify analysis - it can easily be irrational or unfounded under many (most?) circumstances.
I don’t know how WhatsApp works, but I feel reasonably confident that the phones are finding each other and sending messages to each other by relaying through WhatsApp servers. That means that the client has no way to know whether the encryption key for the connection was generated by the target customer or by the WhatsApp server.
They just need to switch from end-to-end to end-to-middle-to-end.
Unless the government, Mafia, and China hack into WhatsApp, the communications will still be just as secure as they are now.
Since the designers of WhatsApp are not drooling morons, the system includes a method of verifying that the public key used in a connection is the recipient’s actual public key rather than an alternate key generated as part of the man-in-the-middle attack scenario you’re suggesting. Obviously, this only works if the user pays attention, just as a doorlock only works if you remember to lock it when you leave.
Unless somebody decides to steal your car, it’s A-OK to leave it unlocked with the keys in the ignition.
The problem of hacker attacks is precisely why communication service providers choose to lock themselves out of the loop – that way, the motive for hacking them is greatly reduced (all an attacker can achieve is denial of service, not access to confidential information).