WhatsApp Reportedly Rejected UK Government Demand For Encryption Backdoor
from the under-pressure dept
The UK government has apparently already asked WhatsApp to provide it with an encryption backdoor, according to Sky News. The app developers were told they needed to come up with a way to give law enforcement access to message content but WhatsApp politely declined the probably not-all-that-polite "request."
That doesn't mean WhatsApp doesn't have anything it can give the government when it comes asking.
Sky News understands that WhatsApp co-operates with law enforcement to provide the metadata it does hold - the name of an account, when it was created, the last seen date, the IP address and associated email address.
WhatsApp says it "appreciates the work that law enforcement agencies do to keep people safe around the world. We are prepared to carefully review, validate and respond to law enforcement requests based on applicable law and policy".
But it does point out it can't give law enforcement what it doesn't actually have.
[T]he company argues that it can't provide data that WhatsApp itself does not collect in the first place, including the contents of a message.
Encryption didn't seem to be much of an issue in many recent terrorist attacks, but its use is undoubtedly on the rise. It's unclear what the government showed or told Sky News, but this assertion seems dubious at best.
Sky News understands that 80% of investigations into terrorism and serious crime are now impacted by encryption.
As is the case over here, law enforcement officials are arguing WhatsApp and other encrypted message services should sacrifice user security for the good of the government. While cybersecurity experts continue to point out the nonexistence of backdoored-but-secure unicorns, intelligence officials continue to assert it can be done. All that needs to happen is for messaging services to make their products a little bit less safe.
UK intelligence officials believe a compromise could be possible - pointing out that cybersecurity isn't binary and that services offer different levels of cybersecurity to deal with different levels of threats.
WhatsApp is unlikely to budge on its backdoor rejection, leaving it with the real possibility of exiting the UK market if the government turns its requests into encryption-targeting law. And, as the UK goes, so goes Australia. The Australian government has been echoing the anti-encryption rumbling of Theresa May and other officials, indicating it too would like encrypted services to not be quite so encrypted.
It's not as though UK law enforcement/intelligence services don't have lawful options if WhatsApp refuses to budge. As cryptography expert Riana Pfefferkorn points out, there's more that can be done, even if it won't be as easy as firing off a warrant.
Riana Pfefferkorn, a cryptography policy fellow at Stanford University, said she sees a legal battle coming if the UK continues to force the issue, but she doesn't necessarily think the UK wants that fight.
If courts determine that the Investigatory Powers Act is too broad, the public defeat in their fight against encryption would be a lot for the UK to overcome. Instead, Pfefferkorn said the government might just try hacking for the information they want, a power that the IP Act also allows.
"There are other avenues they can take to try to achieve the same end," she said.
For now, WhatsApp message content is still out of reach of everyone but users engaged in conversation. Metadata and lawful hacking are still in play, even though most officials prefer an easier route. If pressure continues to mount, WhatsApp may exit markets rather than compromise its users. As much as intelligence officials may believe cybersecurity to be something other than "binary," the companies they're applying pressure to really only have two choices: give in to the government or exit market left. Neither are palatable options.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, communications, encryption, uk
Companies: whatsapp
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Instead of traditional impacts like fire and sound wave dissipation.
[ link to this | view in chronology ]
The US Securities and Exchange Commission (SEC) already requires every person in the financial industry to make every e-mail, cellphone text and financial record available to the SEC in order to enforce insider trading and other financial rules.
Thousands of bankers involved in fraud set off the 2008/2009 financial crisis, costing the U.S. taxpayer trillions of dollars. All that surveillance produced zero convictions. Adding encryption would not have had any impact.
Sky News should explain that before "understanding" the impact of encryption.
[ link to this | view in chronology ]
Lies and Statistics
This statistic is obviously false.
The answer is 117%. Because they bring it up every. single. time. there is a terrorist attack and also times when there is not, just for good measure.
[ link to this | view in chronology ]
Re: Lies and Statistics
[ link to this | view in chronology ]
Re: Lies and Statistics
[ link to this | view in chronology ]
The "good of the government"
The good of the government is not the same as, and often runs contradictory to the good of the public.
WhatsApp says it appreciates the work that law enforcement agencies do to keep people safe around the world
Hopefully this is also to say WhatsApp appreciates the work that law enforcement agencies do to secure their own positions of power, often at the expense of the liberty and welfare of the public.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
"We need to destroy your safety and security in order to protect your safety and security."
Sky News understands that 80% of investigations into terrorism and serious crime are now impacted by encryption.
Meanwhile 100% of investigations into terrorism are impacted by how much work the agencies are willing to put into them, such that if they can't be bothered to do their jobs and instead want everything handed to them on a silver platter they're not going to get much done.
They have never, and will never have access to every bit of data they might want to have access to, so they need to stop tying to undermine public safety and security at large and focus on doing what they can with what they can get without causing massive problems for public safety and security.
[ link to this | view in chronology ]
Considering that the GSM cell phone standard includes encryption from the handset to the base-station, but no further, it would not be a surprise to learn that 80% are impacted by encryption - because if it involves a mobile phone it should be encrypted as per the standard.
However, the GSM standard only requires handset to base station encryption, therefore if the intelligence services have access to telco feeds (either from a co-operating telco or surreptitiously), they can collect the data once it's de-crypted at the base station (i.e. the cell tower) and enters into the telco's backhaul network.
Even then, most of the mobile network encryption ciphers have been cracked and are subject to real-time cryptanalyst if the eaves-dropper can't get the unencrypted data from the telco's network directly.
[ link to this | view in chronology ]
Indeed that would probably be easier.
But that would have to be targeted. What they want is a backdoor into all 'encrypted' messages so they can go fishing.
[ link to this | view in chronology ]
No... please... no...
Oh wait... of course they will.
[ link to this | view in chronology ]
[ link to this | view in chronology ]