Of course, since there are no emoticons here which so indicate. 
That’s the “Royal Yacht Ploy” here.
It should be pointed out that programs like WhatsApp exist because of wide spread collection and monitoring of communications by groups like the NSA. If they break that trust they will pretty much destroy their future as a company.
It should also be noted that applications like WhatsApp only protect communication from the device to another device. Multiple leaks show that the NSA and other state actors routinely use man in the middle attacks or trojan horses to access the data after it has been decrypted.
If they set the precedent to open up to the UK government will they also open up to the likes of Iran?
It is also critical to remember that in the EU “Data protection is a fundamental right enshrined in Article 8 of the EU Charter of Fundamental Rights, which is distinct from respect for private and family life contained in Article 7 of the Charter.”
Just as the ACLU defended nazi march in Skokie WhatsApp needs to take a stand. Fundamental rights are often lost and gained by actions taken against those who take actions which are difficult to defend.
But the same rights that protect individuals with repugnant views and universally objectionable actions are the same rights that protect everyone.
And on Monday, August 6, 2001, President George W. Bush received a comprehensive daily briefing document warning that somebody named Osama bin Laden was “determined to strike within the US”. Yes, having the CIA, NSA, and FBI protecting the nation did a lot of good, didn’t it? Disband them all! :rolleyes:
A more sober analysis reveals that in both cases, a significant contributing factor was lack of coordination between agencies. Also Bush’s propensity to take long relaxing vacations at the worst possible times, but that’s another story.
Is it typical for the German police to monitor not-terrorists in this way?
Wouldn’t do any good for someone who doesn’t draw the government’s attention until after the shit hits the fan.
True, but that’s how criminal cases work in general.
It’s utterly impossible to require this, Apple could remove all apps with strong encryption from the app store in the UK, but it’s trivially easy to create an account for an overseas app store. So lets say Apple (and Google) remove all apps from all their app stores world wide? Well in Android it’s trivially easy to side load apps that are not in the app store, so there will still be plenty of apps with strong encryption available from servers in other countries which don’t have laws against strong encryption. If they require backdoors then as said, companies in countries without laws requiring backdoors will write strong encryption apps and make them available worldwide.
If they somehow magically manage to actually make it hard to find apps with strong encryption, well you can send unbreakable messages across standard email (or snail mail) using a one time pad.
Strong encryption is the ultimate genie that can never ever go back in the bottle.
Yes. But you’re demanding a level of security that is stupid. What I suggest is so far more secure than your average phone conversation and, implemented properly, still secure from anyone who doesn’t have a legal warrant.
Why is it stupid? The extra security doesn’t affect my ability to use Whatsapp in the slightest, so why shouldn’t I use it and ensure protection from undesirables. That the ‘undesirable’ might happen to have a warrant is of no concern to me unless they serve me directly with it.
Pointless. The first time the backdoor is used, people concerned about privacy (both ordinary citizens and the bad guys) then people will change to a different app published in a country where backdoors are not required.
Here’s one: Open Whisper Systems makes the strong encryption app Signal, which is free and open source, so the source code is already archived all over the world. They are based in the US but since it’s an international open source effort they could relocate anywhere pretty easily. Since the source code is available people can make sure that it doesn’t have backdoors. And whats more the source code is GPL, so if there’s any concern in future about Open Whisper Systems motivations, then a new group can take the source and make a new branch of the app using known good source code.
So it’s both mathematically impossible and totally impractical to ban use of strong encryption (not to mention that the worlds financial systems depend on it for secure transactions and corporate VPN’s).
Agreed - an encryption methodology with a backdoor like that would be, by definition, a pretty insecure and worthless one - To be worthwhile, encryption needs to:
[ul]
[li]Happen as near to the endpoints as possible (i.e. encrypted in the sender’s hand, decrypted in the recipient’s hand[/li][li]Use methods that inherently fail to work unless you are the proper sender and recipient[/li][li]Break irretrievably on tampering or interception mid-stream[/li][/ul]
Funny thing about backdoors, it is really hard to prevent others from using them.
Backdoors are welcome mats for hackers.
Key verification is SOP for avoiding man-in-the-middle attacks.
You’re attempting to conflate “secure from anyone who doesn’t have the backdoor key” (the reality) with “secure from anyone who doesn’t have a legal warrant” (the talking point). Obviously, a computer system cannot magically respond differently to someone to whom the Wizard has given a certain fancy piece of paper; it can only respond to the bits and bytes fed into it.
In any case, the fundamental problem is that a system that creates one big fat target for hackers (the backdoor key) is, by definition, not implemented properly.
The other important point is that putting backdoors into popular messaging apps makes it much easier to monitor the general public, but it does very little or almost nothing to help catch bad guys.
Legitimate intelligence agencies already have a whole raft of tools even with strong encryption apps. They can perform traffic analysis, even on communications they can’t break. Or there is reason to believe that NSA / FBI / CIA has unpublished exploits to break into the OS and install key logging software on individuals phones or computers (which would log the passcodes needed to unencrypt). (yes some of these were leaked and patched but its likely they have new ones). Or they just do what they did for the Silk Road admin, they performed physical surveillance then they grabbed him and his laptop at a moment when he was already logged in to all his secure accounts.
Plus there is a slippery slope problem here, do you realistically think that if the NSA or the UK has a back door that the KGB, Iran, China, North Korea won’t also demand one?
But yes a backdoor is a huge attack vector, and to be honest if we want to offshore our tech business by forcing back doors in (talking as us as the western world UK) we will do so by forcing fundamental security flaws into products.
It happened in the 90s when encryption was considered a munitions, and we used CIA suggestions with back doors. Most of the good encryption efforts moved out of the US.
What the UK/NSA and other organizations are saying is that they would rather put the world economy at risk due to fears about violence and crimes that are pretty rare in a per capita model.
Cite for one backdoor that weakened thing so badly.
Note that even systems without back doors like WiFI can be cracked for as little as $10 with just raw packet captures.
And state actors have many many tools to target individuals, many procured from commercial sources.
Also, the 90s crypto regulations created weaknesses throughout the Internet infrastructure that continue to plague us in the 10s – the standards had to be designed to be compatible with the weak crypto that could be exported from the US, and that created a vulnerability (trick the connection into using the old weak crypto, which nowadays can be cracked by a “400 pound guy living in Mom’s basement in Joisey” attacker) exploited by the FREAK and Logjam bugs.
This serves as an example of the problems raised by trying to design a “the government can get in, but random crooks can’t” (that being the status of the weaker export-level keys at the 90s state of the art) system.
A mid-way stop isn’t a backdoor.
Let’s take for example an online purchase.
You open up a secure connection to a server (e.g., Amazon).
You forward your credit card details to the server.
Amazon opens up a different secure connection to the credit card processor.
Amazon forwards your credit card details to the processor.
The processor sends back the OK.
Amazon closes the connection with the processor.
Amazon sends you back an OK.
You close the connection with Amazon.
Unless you refuse to purchase things online, I’m not feeling like you’ve got any room to make the argument that two-hop security is a giant gaping backdoor that can and will be abused by everyone and their grandmother. Is there not a financial motive for Russian mafia to sit in the middle of your two-hop communication with your credit processor? Why have your details not been stolen yet?
Amazon does not tell you that they are the credit card clearing company, and that is the big problem that applications like WhatsApp are intended to fix.
There is a huge risk of man-in-the-middle attacks and thus the reason for end to end encryption.
Note it doesn’t have to be the Russian mafia, it could be the crappy wifi router at the coffee shop that the owner hasn’t updated the firmware on in years. With a transparent proxy it is not hard to get users to click past the warning signs even without verification.
Go ahead and look at this list of whitelisted CAs in IOS 10, note how many are owned by state actors. Without cert pinning which is rare and has user experience issues a breach or malicious action by any of those organizations could intercept all traffic without you knowing unless you make sure it is encrypted outside of a HTTPs session etc…
But lets go back to your idea there.
- you care that you are talking to the real Amazon servers
- Amazon cares that they are talking to the real CC processing agency
There is no mechanism nor real reason for you to be involved with #2 and it just doesn’t happen (actually until very recently all transactions were typically sent in plain text over leased phone lines)
You do have a very very serious issue if Amazon keeps your credit card number in clear text or if their encryption is compromised.
Remember Target? Target Missed Warnings in Epic Hack of Credit Card Data - Bloomberg
Your post dismisses these types of risks like they are a non-issue but they are a huge problem.
That is a far harder target than just implementing a man in the middle attack would require.
While it has serious faults the web of trust created by SSL verifying that you are talking to the party you think you are is a huge portion of the online economy, if you intentionally destroy that trust which would happen with an intentional main in the middle structure it will cause far more problems than it solves.
But lets look at how “small” this problem is, if it does rise to $35B in the next three years it would rank as #97 out of the 190 largest countries by GDP.
Also realize that in a consolidated sample of 383 companies, it was estimated that it took a mean time to identify a breach of 201 days with a range of 20 to 569 days. The mean time to contain was 70 days with a range of 11 to 126 days.
You personally should be very interested in end to end encryption.
Those are two separate communications – “me to Amazon” and “Amazon to CC processor” – each of which is separately verified, with neither party attempting an impersonation.
It is irrelevant to the issue of man-in-the-middle attacks, which require denial or subversion of the sender’s ability to verify the recipient’s identity (more precisely, the sender’s ability to confirm that the recipient’s retrieved public key actually belongs to the recipient). If such verification cannot be reliably performed, then any connection (e.g. “me to Amazon”) could be “me to 400-pound basement dweller to Amazon”. Obviously, such a situation would represent an unacceptable burden on the e-commerce economy – look at the amount of damage done by crooks even with end-to-end verification available.