WhatsApp Encryption Said To Stymie Wiretap Order

bsharma writes from an article on the New York Times: WhatsApp, which is owned by Facebook, allows customers to send messages and make phone calls over the Internet. In the last year, the company has been adding encryption to those conversations, making it impossible for the Justice Department to read or eavesdrop, even with a judge's wiretap order. [As recently as this past week, officials said,] the Justice Department was discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp's encryption. (WhatsApp uses Signal software developed by Open Whisper Systems.) "WhatsApp cannot provide information we do not have," the company said this month when Brazilian police arrested a Facebook executive after the company failed to turn over information about a customer who was the subject of a drug trafficking investigation. "The F.B.I. and the Justice Department are just choosing the exact circumstance to pick the fight that looks the best for them," said Peter Eckersley, the chief computer scientist at the Electronic Frontier Foundation, a nonprofit group that focuses on digital rights. "They're waiting for the case that makes the demand look reasonable."

If they push too hard...

[bogaboga]

I mean, if the legal system pushes too hard at FB, they should just move off shore. That will be interesting to watch. In fact, FB could easily move [all] their infrastructure offshore, but still remain relevant to its US users.

That way, they can claim not to be an American company and still be able to reap the benefits of being one. How about that?

Re:If they push too hard...

[JaredOfEuropa]

In the UK apparently there are certain notable people pushing for a ban on encrypted services with no back door or centrally stored keys. And they can find plenty of support for such a ban in Europe. Now Obama tells us that crypto without back doors is doubleplus ungood. If these services get banned, it hardly matters if they get moved offshore. Perhaps they will start blocking encrypted traffic or simply monitor traffic and fine anyone using unsanctioned crypto.

Still, if it'll get rid of FB...

Re:

[Anonymous Coward]

There is no need to ban encryption. If you have a court order for a wiretap, you go to whoever has the keys. For end-to-end encryption, that would be the endpoints - i.e. the phone owner. Now, you usually don't want them to know about the wiretap - but that is simple enough: Snarf his phone and install a backdoored version of the communication app. The install would only take a minute or so - certainly doable by some agent.

Re:

[Anonymous Coward]

The trump card to this problem may be Switzerland, a country that is not in the EU, has direct democracy, and has citizens who are educated enough to know how to use it effectively. Interesting that both Protonmail and Wire are based there. There are possibilities beyond Europe too.

(I share your feelings about getting rid of Facebook, btw.)

Re:If they push too hard...

[jbolden]

How can the legal system push on this. Facebook can't comply with the order. A refusal in USA law (and I think virtually all other law) requires that you be able to do something. This isn't a question of law it is a question of fact. Enforcement agencies and much of the legal profession simply disbelieve that encryption is based upon mathematical principles that technology companies have no way of breaking. They will lose because the math of encryption is well known and well understood.

Re:

[fustakrakich]

How can the legal system push on this[?]

Easy. Create propaganda on the 'evils' of encryption and the public itself will demand the back doors to let the authorities in. Old trick, still works. It's a Pavlov thing.

Re:

[jbolden]

That's the political system not the legal system. The legal system would be responsible for enforcing a law requiring backdoors.

I have serious question whether such a thing is possible. There are literally millions of people in the world who understand the math of encryption and tens of thousands who know good algorithms (not that texting requires good algorithms, bad will do fine). We have systems that can run sandboxed code everywhere and their use is expanding.

How does the legal system do anything?

Re:

[fustakrakich]

That's the political system not the legal system.

Um, what do you think drives the legal system? The law is pure politics. It doesn't matter. The cat and mouse will just have to run its course until people get tired of the war.

Re:

[Anonymous Coward]

There is something they can do: They can develop and push out a new version of WhatsApp that doesn't do encryption at all, or does it in a way that is more easily defeated. Our current mobile platforms make it trivial to ship new versions of applications to most devices, since auto-updates are generally enabled by default.

Now of course Facebook does not want to do this, but it seems like the government is keen on applying increasing pressure to do it. It will be interesting to see if companies cave and do w

Re:

[jbolden]

What's app stops encrypting but then other apps offer this. Creating a messaging app is something a bright middle school kid can do. That same kid can read how to do basic encryption or compile in a short encryption function. You don't even need companies at this point to do it, just to tolerate it.

Now of course if they can get apple, facebook, google, microsoft... not to tolerate it and foreign companies to feel the same way... then yes you could stop it.

Re:

[sociocapitalist]

How can the legal system push on this. Facebook can't comply with the order. A refusal in USA law (and I think virtually all other law) requires that you be able to do something. This isn't a question of law it is a question of fact. Enforcement agencies and much of the legal profession simply disbelieve that encryption is based upon mathematical principles that technology companies have no way of breaking. They will lose because the math of encryption is well known and well understood.

The legal system can force FB (et. al.) to introduce a mechanism for intercepting traffic in the same way that telcos are required to have 'lawful intercept' capabilities and forbid them from providing services without such a mechanism in place.

Re:

[flink]

The app maker can intercept things all day, but if the messages are encrypted on the client, and the keys are not stored on the app maker's servers, then you will have no way of decrypting them. It's the same thing as if I used an encrypting handset over a POTS line: the phone company may be required to intercept it, but they won't be able to do anything with the results without the keys off the handset.

Re:

[sociocapitalist]

The app maker can intercept things all day, but if the messages are encrypted on the client, and the keys are not stored on the app maker's servers, then you will have no way of decrypting them. It's the same thing as if I used an encrypting handset over a POTS line: the phone company may be required to intercept it, but they won't be able to do anything with the results without the keys off the handset.

You're missing the point which is that the legislation can move up that layer to the provider of the encrypted handset (physical or virtual) being required to enable lawful intercept.

Re:

[jbolden]

First off telcos remember are utilities and make heavy use of government they are thus much more regulated. How would you write a law given the keys are for the client. The clients are the ones encrypting. Facebook is just letting them know how to get in touch. You are basically arguing for a system that would require Facebook to ensure that no encrypted traffic exists that references their system. That's a pretty high bar. Moreover that connection service can easily migrate off Facebook.

Re:

[sociocapitalist]

First off telcos remember are utilities and make heavy use of government they are thus much more regulated. How would you write a law given the keys are for the client. The clients are the ones encrypting. Facebook is just letting them know how to get in touch. You are basically arguing for a system that would require Facebook to ensure that no encrypted traffic exists that references their system. That's a pretty high bar. Moreover that connection service can easily migrate off Facebook.

There are greatly shrinking differences between telcos and internet providers today and most of the regulation is to protect companies against each other, not to protect people from companies (which is sadly very weak in the US).

In communication, you have a the following layers (simplified):
User
Application
Network
Transport

Legacy:
Application POTS - now almost completely converted to VoIP where the client is perhaps a fixed line phone into a dsl model
Network IPoX
Transport Copper/Fiber/4G/etc

New:
Application 'so

Re:

[jbolden]

In this case: the legal system's interests it isn't terrorism so much as routine criminal investigation. Strong encryption does in fact break something that law enforcement has had for a long time.

Now take the rest of your argument. Software is math. Software is information. It isn't a product. In today's world software is increasingly not sold but given away. How do you make software into contraband effectually?

Re:

[sociocapitalist]

I mean, if the legal system pushes too hard at FB, they should just move off shore. That will be interesting to watch. In fact, FB could easily move [all] their infrastructure offshore, but still remain relevant to its US users.

That way, they can claim not to be an American company and still be able to reap the benefits of being one. How about that?

You mean like they already do in order to avoid paying their taxes?
https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:If they push too hard...(You mean this?)

[bogaboga]

You mean like they already do in order to avoid paying their taxes?

You mean like they already legally do in order to avoid paying their taxes?

Funny strange not funny ha-ha

[rmdingler]

Remember the outrage, even from the common folk, when the Snowden revelations hit the news cycle?

Not only are they now not hiding the fact that your everyday electronic conversation is subject to surveillance, the governors are openly attempting to quash any resistance.

Re:

[jbolden]

This is with a warrant. The government was always free to listen in to communications with a warrant. What changed under Bush and expanded greatly under Obama until Snowden was the use of general warrants to at least partially monitor all communications.

Re:

[spire3661]

The long and short of it is the government needs to learn that even warrants have limits. It doesnt matter how politely or legitimately they ask, some things are simply not available to them and no amount of strong-arming is going to change it.

Re:

[l0n3s0m3phr34k]

The feds are still free to listen all they want. They just can't understand what their listening to due to encryption lol.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[spire3661]

Just parsing the word 'Minitrue' gave me chills....we are DEEP into a doublespeak era....

Bull excrement

[Anonymous Coward]

adding encryption to those conversations, making it impossible for the Justice Department to read or eavesdrop, even with a judge's wiretap order.

Bullshit - nothing prevents them from reading / listening in. Encryption might however prevent them from understanding the content, no different from exercising a search warrant and finding papers with incomprehensible text which they might believe be for instance a ledger of drug sales.

Drug trafficking?

[fustakrakich]

Cops won't get any sympathy from me on that one. Ah well, the good thing is when the big chat companies fall down on privacy, any developer can fill in with their own. I don't see a problem in that regard. Of course that only means anything if the encryption is truly effective.

How to proceed?

[mrclevesque]

"the Justice Department was discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp's encryption"

Sounds like a team on a stakeout discussing the frosted glass in one of the suspect's windows.

Re:

[account_deleted]

Comment removed based on user account deletion

What are you going to do?

[kheldan]

We apparently are rapidly approaching living in a world where normal, law-abiding citizens of the United States will be treated like criminals, or animals in a zoo, or small children that never grow up: surveilled all day, every day of their lives. Some of you say we're already there and it's too late, but I beg to differ for the simple reason that I can be posting these words in relative anonymity (i.e. under a pseudonym) on the public Internet, without any fear of having my door kicked in when I'm asleep, being beated, black-bagged, and dragged off to some enprisonment somewhere, with no due process, legal representation, etc, because I dared to criticize the government (unlike some countries). But if you take a step or two back from everything and take a good hard look at it, that's the direction things seem to be going, now isn't it? We have politicians all throughout our government who want to destroy the efficacy of encryption, ostensibly for reasons of national security ('we have to keep America safe!') and law enforcement ('how will we catch pedophiles?') -- except for two points: one, how did we manage to catch criminals and terrorists before, and two, how can so many politicians, including out current POTUS, manage to have such terrible technology advisers, that they all don't understand that what they're asking for is more or less equivalent to outlawing encryption entirely? I really didn't want to believe it, but the answer is simple: They know damned well that what they're asking destroys encryption, they've all been advised that it destroys encryption, and they've all said 'I don't give a damn, and you won't say otherwise to anyone or you're fired!'. They don't care about anyone's privacy, they don't care if people get their data and/or identity stolen, they want control of everyone all the time, the ability to poke around into anyone's life, regardless of the lack of evidence of criminal or terrorist activity, regardless of their Constitutional rights, regardless of their Human rights, and regardless of how anyone else feels about it. My last, best hope is that the politicians, political activists, and citizens who are paying attention and understand what's going on, are enough to at least hold off the coming of the dystopian future dictatorship until I'm long dead so I don't have to deal with it; at best, there might still be a slim hope that there is enough power for the people left in the Constitution and the people in D.C. who are defending it, to pull us back from the no-return point, and get these anal-retentitive, power-hungry types out of positions of authority, and return control of the country to The People. Otherwise, look to the Middle East, to countries like Syria and the Assad regime, for how, in the dystopian future, U.S. citizens will be treated by it's government. I'm talking about a world where people in the U.S. will be fleeing it's government to even places like mainland China, because even there it'll be better than living here.

Re:

[TheGratefulNet]

you have valid points.

but - wall-o-text is hard to read. some line breaks might help...

Re:

[kheldan]

I've lived long enough to experience with my own senses that the course of human events and society is cyclic, and therefore I am cognizant that much of what I'm seeing is one end of that great cycle -- but that does not mean I am comforted by that fact, either. I am neither a masochist (although some who know me might argue that point) nor am I a sadist; I do not wish to see people suffer to no good purpose (and yes, there might be a 'good point' to someone suffering, but that is another subject entirely a

Re:

[kheldan]

Try becoming an inconvenience to the government and see how fast they utilize the panopticon surveillance machine to find you and destroy your life in extra-legal ways.

Oh, I am well aware of that. The joke is on them, though; I have little enough of a life to 'destroy'. There is a certain power in having nothing to lose. Even if I were killed for daring to speak out, my last words would be of defiance, and I'd spit in their faces if I could. You can kill me, but you'll never defeat me. XD

Re:

[kheldan]

Okay.. listen, buddy: I'm now not sure what the hell your point is. Is this some sort of trolling attempt, trying to make me all scared and shit? Whatever it is, you can stop now unless you have something else to discuss. Death is an inescapable fact of life for any given organism. Being 'afraid' of it is silly.

Re:

[SuricouRaven]

There is no such thing as a law-abiding citizen. Everyone has committed criminal acts, without exception. The only distinction is between those who have been caught and those that law enforcement does not consider sufficiently serious to pursue.

Phone scrambler

[AnotherBlackHat]

Are phone scramblers illegal now?
They've been selling those for, what, 50 years?

Absolutely Fake.

[Anonymous Coward]

So fake it's not even funny.

Iphones are busted wide open, so is whatsapp and any other major service that people think is secure.

This is basically cops pretending they can't hear you on your walkie-talkie bought from Walmart as you read off coordinates for drug meetups.

They are literally all over these systems and simply telling you via some well crafted media stories that it's secure using reverse psychology.

They are steering you towards the broken services rather than complaining about true security. It's

How to proceed is easy

[penguinoid]

the Justice Department was discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp's encryption

Easy, issue a statement saying "This is what you assholes get for all the illegal wiretaps, what did you expect would happen?" It's not like people are using encryption for the fun of it.

Why would one need Whatsup messages for this?

[Max_W]

I a city where I live one can go to the city center or a park and meet pushers in person.