Something that has been in the news recently is the case where the authorities are 99% certain that there is some relevant information regarding the London Terrorist incident to be found on his WhatsApp account, but due to the encryption protocol are unable to access it, and WhatsApp are refusing to allow them access to this.
Therein lies the ethical question. What price the cost of Privacy?
Personally, I am all in favour of encrypted privacy, as it is the best defence against Spammers, Scammers & Identity Theft & all sorts of Cyber Security. However, I believe that when it comes to National / International Security & other levels of Criminal Investigation, then the relevant authorities should be allowed access to this. I have always been a believer of the "If you have nothing to hide, you have nothing to worry about" principle. However, I am also aware of the strong leaning from others towards it being the "Thin end of the wedge towards Big Brother". Remember, this isn't merely restricted to acts of Terrorism, but a plethora of other criminal activities as well. After all, the security of WhatsApp encryption is a Godsend for Paedophiles to share their images, for example. Is this a valid argument or is it just Scaremongering?
Opinions?
Encrypted Messaging
Encrypted Messaging
FourPart;1507901 wrote: due to the encryption protocol are unable to access it, and WhatsApp are refusing to allow them access to this.
That's not true at all.
The WhatsApp encryption protocol isn't a secret. Anyone can see the protocol. What's secret is the one-time keys protecting a single message. Nobody, including WhatsApp the company, knows the secret keys - they're made when needed and thrown away immediately afterwards.
The WhatsApp code encrypts the content from the sending phone all the way to the receiving phone. It can't be decrypted by anyone along the route. It can't be decrypted by WhatsApp the company. It can only be decrypted by WhatsApp the app, at the one handset to which it was sent.
The government can - and does - plant monitoring patches onto any Apple or Android phone used by someone they consider suspicious, and that patch will copy all the WhatsApp messages in cleartext to the government agency who's monitoring it.
If the government doesn't have a patch on a specific handset then they don't get to see the content. They can't go back and check what was sent unless they had a monitoring patch in place at the time. They weren't, they say, monitoring the chap in Westminster's phone though I can think of several good reasons why they might be lying when they claim that.
The government could, if it chooses to, put the patch on every phone in England and see the plaintext of any WhatsApp messages after an event. That's their option, it's easy to do, and it would work.
As for putting a backdoor into WhatsApp itself, on the other hand, it is absolutely impossible to do that and prevent crooks from using the backdoor too. That's a process called reverse engineering. No code can contain a secret. If code has a backdoor then reverse engineering will tell any skilled coder how to use the backdoor. The backdoor might consist of a weakened protocol instead of an override login but again, reverse engineering would show a criminal how to take advantage of that weakness and read encrypted messages too.
What crooks do at the moment is they put patches onto phones when they can. They get permission from the phone owner by social engineering - that's what we used to call lying. Then they steal bank account logins and steal money. Stealing money on a phone has nothing to do with encryption, it's to do with some daft prat giving consent to a bogus app to watch his keystrokes.
Perhaps the government could settle for every phone in the country carrying the government patch from the moment of manufacture, with the code of the patch guaranteeing that the only destination it could send its intercepts to is a government server. That would work, that would be legal and it wouldn't help criminals.
Putting a backdoor into WhatsApp would let any aware criminal, not just the government, see what people were writing to each other.
There are a hundred apps like WhatsApp. Putting a government-access backdoor into each of those, one app company at a time, seems a major undertaking. A hundred new WhatsApp-like apps with no backdoor would spring into existence the following week. Putting one keystroke monitor patch onto each phone for the government, to watch the traffic on any of those hundred WhatsApp-like apps, seems more of a possibility.
Spammers, Scammers & Identity Thefters never ever break any encryption on a phone, they invariably fool people into giving permission for the criminal to be told what's being typed or stored on the phone. The time when they might break encryption is if they steal millions of weakly-encrypted login passwords and usernames from an online company, if the encryption they're breaking at that level is badly constructed which it very often is.
That's not true at all.
The WhatsApp encryption protocol isn't a secret. Anyone can see the protocol. What's secret is the one-time keys protecting a single message. Nobody, including WhatsApp the company, knows the secret keys - they're made when needed and thrown away immediately afterwards.
The WhatsApp code encrypts the content from the sending phone all the way to the receiving phone. It can't be decrypted by anyone along the route. It can't be decrypted by WhatsApp the company. It can only be decrypted by WhatsApp the app, at the one handset to which it was sent.
The government can - and does - plant monitoring patches onto any Apple or Android phone used by someone they consider suspicious, and that patch will copy all the WhatsApp messages in cleartext to the government agency who's monitoring it.
If the government doesn't have a patch on a specific handset then they don't get to see the content. They can't go back and check what was sent unless they had a monitoring patch in place at the time. They weren't, they say, monitoring the chap in Westminster's phone though I can think of several good reasons why they might be lying when they claim that.
The government could, if it chooses to, put the patch on every phone in England and see the plaintext of any WhatsApp messages after an event. That's their option, it's easy to do, and it would work.
As for putting a backdoor into WhatsApp itself, on the other hand, it is absolutely impossible to do that and prevent crooks from using the backdoor too. That's a process called reverse engineering. No code can contain a secret. If code has a backdoor then reverse engineering will tell any skilled coder how to use the backdoor. The backdoor might consist of a weakened protocol instead of an override login but again, reverse engineering would show a criminal how to take advantage of that weakness and read encrypted messages too.
What crooks do at the moment is they put patches onto phones when they can. They get permission from the phone owner by social engineering - that's what we used to call lying. Then they steal bank account logins and steal money. Stealing money on a phone has nothing to do with encryption, it's to do with some daft prat giving consent to a bogus app to watch his keystrokes.
Perhaps the government could settle for every phone in the country carrying the government patch from the moment of manufacture, with the code of the patch guaranteeing that the only destination it could send its intercepts to is a government server. That would work, that would be legal and it wouldn't help criminals.
Putting a backdoor into WhatsApp would let any aware criminal, not just the government, see what people were writing to each other.
There are a hundred apps like WhatsApp. Putting a government-access backdoor into each of those, one app company at a time, seems a major undertaking. A hundred new WhatsApp-like apps with no backdoor would spring into existence the following week. Putting one keystroke monitor patch onto each phone for the government, to watch the traffic on any of those hundred WhatsApp-like apps, seems more of a possibility.
Spammers, Scammers & Identity Thefters never ever break any encryption on a phone, they invariably fool people into giving permission for the criminal to be told what's being typed or stored on the phone. The time when they might break encryption is if they steal millions of weakly-encrypted login passwords and usernames from an online company, if the encryption they're breaking at that level is badly constructed which it very often is.
Nullius in verba ... ☎||||||||||| ... To Fate I sue, of other means bereft, the only refuge for the wretched left.
When flower power came along I stood for Human Rights, marched around for peace and freedom, had some nooky every night - we took it serious.
Who has a spare two minutes to play in this month's FG Trivia game! ... My other OS is Slackware.
When flower power came along I stood for Human Rights, marched around for peace and freedom, had some nooky every night - we took it serious.
Who has a spare two minutes to play in this month's FG Trivia game! ... My other OS is Slackware.
Encrypted Messaging
Last time this happened the (US) government went to the Israelis and they decrypted it for them - secure is a relative term.
Mind you, I think they were only following form and they had a back door all the time - just couldn't be seen to be using it.
Mind you, I think they were only following form and they had a back door all the time - just couldn't be seen to be using it.
Encrypted Messaging
That wasn't a messaging protocol, it was the unlock key to make the storage content visible.
Apple had coded a memory-wipe lockout after ten tries, and had taken steps to prevent the memory being copied elsewhere and a million tries being performed for all possible six-digit access codes.
The agents hadn't made ten tries so the memory was intact. The bypass was in successfully taking the memory copy despite the attempted barrier Apple had put in place.
WhatsApp wipes memory securely after the message exchange, the message content would have been gone by then if it had been deleted or not stored.
Apple had coded a memory-wipe lockout after ten tries, and had taken steps to prevent the memory being copied elsewhere and a million tries being performed for all possible six-digit access codes.
The agents hadn't made ten tries so the memory was intact. The bypass was in successfully taking the memory copy despite the attempted barrier Apple had put in place.
WhatsApp wipes memory securely after the message exchange, the message content would have been gone by then if it had been deleted or not stored.
Nullius in verba ... ☎||||||||||| ... To Fate I sue, of other means bereft, the only refuge for the wretched left.
When flower power came along I stood for Human Rights, marched around for peace and freedom, had some nooky every night - we took it serious.
Who has a spare two minutes to play in this month's FG Trivia game! ... My other OS is Slackware.
When flower power came along I stood for Human Rights, marched around for peace and freedom, had some nooky every night - we took it serious.
Who has a spare two minutes to play in this month's FG Trivia game! ... My other OS is Slackware.
Encrypted Messaging
If you are involved in any kind of criminal activity you should be investigated, and exposed, right down the label on your underwear.
You committed a crime, you loose your rights.
Truly this world has lost sight of consequences. Maybe if there were harsher consequences there would be a few less crimes.
You committed a crime, you loose your rights.
Truly this world has lost sight of consequences. Maybe if there were harsher consequences there would be a few less crimes.
�You only live once, but if you do it right, once is enough.�
― Mae West
― Mae West
Encrypted Messaging
minks;1507916 wrote: If you are involved in any kind of criminal activity you should be investigated, and exposed, right down the label on your underwear.
You committed a crime, you loose your rights.
Truly this world has lost sight of consequences. Maybe if there were harsher consequences there would be a few less crimes.
Perhaps you could give your opinion on whether you should lose your rights - if indeed you actually have any right to privacy at all - before you commit a crime. Everything discussed in this context, by Amber Rudd (our Police Politician) or the Prime Minister, is about whether someone suspected of potentially becoming a criminal should be bugged. Do you insist (you seem to, if I'm reading your post right) on there being evidence that they're involved in any kind of criminal activity? Or is suspicion sufficient.
You committed a crime, you loose your rights.
Truly this world has lost sight of consequences. Maybe if there were harsher consequences there would be a few less crimes.
Perhaps you could give your opinion on whether you should lose your rights - if indeed you actually have any right to privacy at all - before you commit a crime. Everything discussed in this context, by Amber Rudd (our Police Politician) or the Prime Minister, is about whether someone suspected of potentially becoming a criminal should be bugged. Do you insist (you seem to, if I'm reading your post right) on there being evidence that they're involved in any kind of criminal activity? Or is suspicion sufficient.
Nullius in verba ... ☎||||||||||| ... To Fate I sue, of other means bereft, the only refuge for the wretched left.
When flower power came along I stood for Human Rights, marched around for peace and freedom, had some nooky every night - we took it serious.
Who has a spare two minutes to play in this month's FG Trivia game! ... My other OS is Slackware.
When flower power came along I stood for Human Rights, marched around for peace and freedom, had some nooky every night - we took it serious.
Who has a spare two minutes to play in this month's FG Trivia game! ... My other OS is Slackware.
Encrypted Messaging
you committed a crime you loose your rights.
Perhaps my wording is incorrect, you are convicted of a crime, you loose your rights. Authorities can look further into your activities and dig deeper.
Not suspected of doing a crime. Gosh then we will all be bugged.
Perhaps my wording is incorrect, you are convicted of a crime, you loose your rights. Authorities can look further into your activities and dig deeper.
Not suspected of doing a crime. Gosh then we will all be bugged.
�You only live once, but if you do it right, once is enough.�
― Mae West
― Mae West
Encrypted Messaging
minks;1507920 wrote: you committed a crime you loose your rights.
Perhaps my wording is incorrect, you are convicted of a crime, you loose your rights. Authorities can look further into your activities and dig deeper.
Not suspected of doing a crime. Gosh then we will all be bugged.
So what's wrong with the current law, then? The chap in the background of this thread committed a crime and he was shot dead by government authority within two minutes of doing it. I've not seen anything saying that was the wrong outcome. Who do you want to bug?
Perhaps my wording is incorrect, you are convicted of a crime, you loose your rights. Authorities can look further into your activities and dig deeper.
Not suspected of doing a crime. Gosh then we will all be bugged.
So what's wrong with the current law, then? The chap in the background of this thread committed a crime and he was shot dead by government authority within two minutes of doing it. I've not seen anything saying that was the wrong outcome. Who do you want to bug?
Nullius in verba ... ☎||||||||||| ... To Fate I sue, of other means bereft, the only refuge for the wretched left.
When flower power came along I stood for Human Rights, marched around for peace and freedom, had some nooky every night - we took it serious.
Who has a spare two minutes to play in this month's FG Trivia game! ... My other OS is Slackware.
When flower power came along I stood for Human Rights, marched around for peace and freedom, had some nooky every night - we took it serious.
Who has a spare two minutes to play in this month's FG Trivia game! ... My other OS is Slackware.
Encrypted Messaging
Meh I don't follow the current laws on this anywhere, I am just of the belief that once convicted, your rights to privacy should be revoked because you may be a part of a much larger ring of crime.
�You only live once, but if you do it right, once is enough.�
― Mae West
― Mae West
Encrypted Messaging
If the bugger was still alive and in custody, they'd be able to read the missing message. The only reason the secret no longer exists is that he can no longer recall it for the authorities.
The same applies to that rather bigger fish Osama Bin Laden too, of course.
The same applies to that rather bigger fish Osama Bin Laden too, of course.
Nullius in verba ... ☎||||||||||| ... To Fate I sue, of other means bereft, the only refuge for the wretched left.
When flower power came along I stood for Human Rights, marched around for peace and freedom, had some nooky every night - we took it serious.
Who has a spare two minutes to play in this month's FG Trivia game! ... My other OS is Slackware.
When flower power came along I stood for Human Rights, marched around for peace and freedom, had some nooky every night - we took it serious.
Who has a spare two minutes to play in this month's FG Trivia game! ... My other OS is Slackware.
Encrypted Messaging
FourPart;1507901 wrote: Is this a valid argument or is it just Scaremongering?
Opinions?
I'm ambivalent. Governments have always spied on their own citizens, and always will...till the end of time. The thing I worry about and what worries most men of good will is the amount of spying. You want to take pictures of me driving around town at the streetlights. Fine. You want to listen in to my living room conversations through my TV? Go to Hell.
Like most people who have nothing to hide, I operate under the general rule, "If you don't want to be spied on, don't be a criminal." That's incredibly naive, I know, but oh well.
Interestingly, I had a conversation the other day with the Verizon guy:
Dumb Verizon guy: "Your PIN number matches your last four digits of your SS number. You should change that. It isn't secure.
Me: "Why isn't that secure?"
Guy: "Someone could get it use it and set up other lines."
Me: "Did you just tell me that Verizon can be hacked?"
Guy: "No."
Me: "How is the hacker going to know my PIN if he doesn't get it from you?"
Guy: "Um. He could get it somewhere else."
Me: "Put a note in my file not to call me until after 3:00 pm anymore."
Guy: "I can't do that."
Me: "You have a computer and my file, right? Are you looking at it on the screen?"
Guy: "Yes."
Me: "Well just put a message on the file for the next guy not to call until after 3."
Guy: " I can't do that, you can tell them next time to call you back later."
Me: "Did you just tell me that you are going to continue to bother me at school, whether I want you to or not?"
Guy: "No."
Me: "Are you recording this conversation?
Guy: "Yes."
Me: "Then would you please forward this to your supervisor and inform him that your marketing strategy is PISSING ME OFF!"
*CLICK*
Opinions?
I'm ambivalent. Governments have always spied on their own citizens, and always will...till the end of time. The thing I worry about and what worries most men of good will is the amount of spying. You want to take pictures of me driving around town at the streetlights. Fine. You want to listen in to my living room conversations through my TV? Go to Hell.
Like most people who have nothing to hide, I operate under the general rule, "If you don't want to be spied on, don't be a criminal." That's incredibly naive, I know, but oh well.
Interestingly, I had a conversation the other day with the Verizon guy:
Dumb Verizon guy: "Your PIN number matches your last four digits of your SS number. You should change that. It isn't secure.
Me: "Why isn't that secure?"
Guy: "Someone could get it use it and set up other lines."
Me: "Did you just tell me that Verizon can be hacked?"
Guy: "No."
Me: "How is the hacker going to know my PIN if he doesn't get it from you?"
Guy: "Um. He could get it somewhere else."
Me: "Put a note in my file not to call me until after 3:00 pm anymore."
Guy: "I can't do that."
Me: "You have a computer and my file, right? Are you looking at it on the screen?"
Guy: "Yes."
Me: "Well just put a message on the file for the next guy not to call until after 3."
Guy: " I can't do that, you can tell them next time to call you back later."
Me: "Did you just tell me that you are going to continue to bother me at school, whether I want you to or not?"
Guy: "No."
Me: "Are you recording this conversation?
Guy: "Yes."
Me: "Then would you please forward this to your supervisor and inform him that your marketing strategy is PISSING ME OFF!"
*CLICK*
Encrypted Messaging
Saint_;1507947 wrote: I'm ambivalent. Governments have always spied on their own citizens, and always will...till the end of time. The thing I worry about and what worries most men of good will is the amount of spying. You want to take pictures of me driving around town at the streetlights. Fine. You want to listen in to my living room conversations through my TV? Go to Hell.
Like most people who have nothing to hide, I operate under the general rule, "If you don't want to be spied on, don't be a criminal." That's incredibly naive, I know, but oh well.
Interestingly, I had a conversation the other day with the Verizon guy:
Dumb Verizon guy: "Your PIN number matches your last four digits of your SS number. You should change that. It isn't secure.
What legitimate reason could Verizon possibly have to know your SS number?
Like most people who have nothing to hide, I operate under the general rule, "If you don't want to be spied on, don't be a criminal." That's incredibly naive, I know, but oh well.
Interestingly, I had a conversation the other day with the Verizon guy:
Dumb Verizon guy: "Your PIN number matches your last four digits of your SS number. You should change that. It isn't secure.
What legitimate reason could Verizon possibly have to know your SS number?
-
Clodhopper
- Posts: 5115
- Joined: Mon Feb 25, 2008 5:11 pm
Encrypted Messaging
In theory I might be in favour of the right to privacy being revoked while an investigation is going on but I think it should be returned when the conviction happens or the sentence is completed (not sure).
But I don't go with this,"If you have nothing to hide you have nothing to fear" thing. It's just not true. Sadly, there are corrupt police and government officials in all countries except possibly Antarctica and with a partner from Chile who grew up under Pinochet I'm very aware that the innocent suffer most in corrupt states.
But I don't go with this,"If you have nothing to hide you have nothing to fear" thing. It's just not true. Sadly, there are corrupt police and government officials in all countries except possibly Antarctica and with a partner from Chile who grew up under Pinochet I'm very aware that the innocent suffer most in corrupt states.
The crowd: "Yes! We are all individuals!"
Lone voice: "I'm not."
Lone voice: "I'm not."
Encrypted Messaging
minks;1507920 wrote: you committed a crime you loose your rights.
Perhaps my wording is incorrect, you are convicted of a crime, you loose your rights. Authorities can look further into your activities and dig deeper.
Not suspected of doing a crime. Gosh then we will all be bugged.
It's a Catch 22 situation then. You lose your rights to privacy once convicted of committing a crime. However, in order to convict you of committing that crime you first need to have those supposed rights to privacy breached. Innocent until proven guilty, remember.
In my opinion authorites should have full access to encrypted files - after following due procedure to obtain legitimate warrants, of course, and in order to attain those warrants should have to demonstrate reasonable cause for suspicion.
Perhaps my wording is incorrect, you are convicted of a crime, you loose your rights. Authorities can look further into your activities and dig deeper.
Not suspected of doing a crime. Gosh then we will all be bugged.
It's a Catch 22 situation then. You lose your rights to privacy once convicted of committing a crime. However, in order to convict you of committing that crime you first need to have those supposed rights to privacy breached. Innocent until proven guilty, remember.
In my opinion authorites should have full access to encrypted files - after following due procedure to obtain legitimate warrants, of course, and in order to attain those warrants should have to demonstrate reasonable cause for suspicion.
Encrypted Messaging
FourPart;1508103 wrote: In my opinion authorites should have full access to encrypted files - after following due procedure to obtain legitimate warrants
The person we're discussing was shot dead before he could be questioned.
How would you like the authorities to have full access to encrypted files in this instance?
The person we're discussing was shot dead before he could be questioned.
How would you like the authorities to have full access to encrypted files in this instance?
Nullius in verba ... ☎||||||||||| ... To Fate I sue, of other means bereft, the only refuge for the wretched left.
When flower power came along I stood for Human Rights, marched around for peace and freedom, had some nooky every night - we took it serious.
Who has a spare two minutes to play in this month's FG Trivia game! ... My other OS is Slackware.
When flower power came along I stood for Human Rights, marched around for peace and freedom, had some nooky every night - we took it serious.
Who has a spare two minutes to play in this month's FG Trivia game! ... My other OS is Slackware.
Encrypted Messaging
spot;1508104 wrote: The person we're discussing was shot dead before he could be questioned.
How would you like the authorities to have full access to encrypted files in this instance?
I would consider his actions to be classed as "Reasonable Cause".
How would you like the authorities to have full access to encrypted files in this instance?
I would consider his actions to be classed as "Reasonable Cause".
Encrypted Messaging
FourPart;1508106 wrote: I would consider his actions to be classed as "Reasonable Cause".
Okay - so they have "Reasonable Cause" because he mounted the pavement on Westminster Bridge?
Two minutes later he's dead. And you can't ask a dead guy what the password is. He's dead already.
You couldn't plant a keystroke logger on his phone earlier, because he wasn't a suspect until he reached Westminster Bridge?
Are you happy with the intelligence services putting keystroke loggers on every phone in every Carphone Warehouse in the country, just in case, for next time? What's the "Reasonable Cause"? Or is that a reasonable response - to put a keystroke logger on every phone. If you do, the bad guys will just disable it before they use the phone because they'll know it's there on every phone on sale, and how to disable it. And if you don't bug every phone in creation, even if he'd become a suspect last Christmas and you'd bugged him back then, he'd just step into a Carphone Warehouse and pick up a handset the day before reaching Westminster Bridge and do his secret texting or phone calling on that unbugged phone instead.
I've seen no practical answer so far.
I can offer a practical answer, if anybody would like one - disable the rampaging knife-wielding terrorist non-lethally instead of shooting him in the chest, because then you can ask him for the password to his phone. Killing terrorists is extremely counter-productive because then you can't expose what he knows to public examination. And we're back to the Bin Laden puzzle - why on earth was bin Laden deliberately executed instead of arrested for questioning.
Stop killing terrorists. They're criminals. They're supposed to be arrested with the bare minimum of necessary force. We do not live in a video game.
Okay - so they have "Reasonable Cause" because he mounted the pavement on Westminster Bridge?
Two minutes later he's dead. And you can't ask a dead guy what the password is. He's dead already.
You couldn't plant a keystroke logger on his phone earlier, because he wasn't a suspect until he reached Westminster Bridge?
Are you happy with the intelligence services putting keystroke loggers on every phone in every Carphone Warehouse in the country, just in case, for next time? What's the "Reasonable Cause"? Or is that a reasonable response - to put a keystroke logger on every phone. If you do, the bad guys will just disable it before they use the phone because they'll know it's there on every phone on sale, and how to disable it. And if you don't bug every phone in creation, even if he'd become a suspect last Christmas and you'd bugged him back then, he'd just step into a Carphone Warehouse and pick up a handset the day before reaching Westminster Bridge and do his secret texting or phone calling on that unbugged phone instead.
I've seen no practical answer so far.
I can offer a practical answer, if anybody would like one - disable the rampaging knife-wielding terrorist non-lethally instead of shooting him in the chest, because then you can ask him for the password to his phone. Killing terrorists is extremely counter-productive because then you can't expose what he knows to public examination. And we're back to the Bin Laden puzzle - why on earth was bin Laden deliberately executed instead of arrested for questioning.
Stop killing terrorists. They're criminals. They're supposed to be arrested with the bare minimum of necessary force. We do not live in a video game.
Nullius in verba ... ☎||||||||||| ... To Fate I sue, of other means bereft, the only refuge for the wretched left.
When flower power came along I stood for Human Rights, marched around for peace and freedom, had some nooky every night - we took it serious.
Who has a spare two minutes to play in this month's FG Trivia game! ... My other OS is Slackware.
When flower power came along I stood for Human Rights, marched around for peace and freedom, had some nooky every night - we took it serious.
Who has a spare two minutes to play in this month's FG Trivia game! ... My other OS is Slackware.