'Police Tracked a Terror Suspect on WhatsApp -- Until His Phone Went Dark After a Warning From Facebook' (morningstar.com) 113
"A team of European law-enforcement officials was hot on the trail of a potential terror plot in October, fearing an attack during Christmas season, when their keyhole into a suspect's phone went dark," reports the Wall Street Journal:
WhatsApp, Facebook Inc.'s popular messaging tool, had just notified about 1,400 users -- among them the suspected terrorist -- that their phones had been hacked by an "advanced cyber actor."
An elite surveillance team was using spyware from NSO Group, an Israeli company, to track the suspect, according to a law-enforcement official overseeing the investigation. A judge in the Western European country had authorized investigators to deploy all means available to get into the suspect's phone, for which the team used its government's existing contract with NSO. The country's use of NSO's spyware wasn't known to Facebook... WhatsApp's Oct. 29 message to users warned journalists, activists and government officials that their phones had been compromised, Facebook said. But it also had the unintended consequence of potentially jeopardizing multiple national-security investigations in Western Europe about which Facebook hadn't been alerted -- and about which government agencies can't formally complain, given their secret nature...
NSO has faced criticism for selling its products to government agencies in the Middle East, Mexico and India, which Facebook and human-rights research group Citizen Lab, among others, allege used them to spy on dissidents, religious leaders, journalists and political opponents. Among the 1,400 WhatsApp users notified in October, more than 100 fell into these categories, Citizen Lab said. The group, which is based at the University of Toronto's Munk School of Global Affairs and Public Policy, worked with Facebook on identifying these people... Citizen Lab has issued reports for several years linking NSO's spyware to governments with a history of human-rights abuses, and said that record should put NSO out of the running for government contracts from Western agencies, said Ronald Deibert, Citizen Lab's director. "What we have been trying to do with our research is to raise alarm bells...."
On the day WhatsApp sent its alert, the official overseeing the terror investigation in Western Europe said, he was stuck in traffic on his way to work when a call came in from Israel. "Have you seen the news? We've got a problem," he said he was told. WhatsApp was notifying suspects whom his team was tracking that their phones had been hacked. "No, that can't be right. Why would they do that?" the official said he asked his contact, thinking it a joke. The most immediate concern was a suspected terrorist investigators linked to Islamic State. They had received a tip he was part of a group plotting an attack around Christmas. Once they saw the suspect's phone receive WhatsApp's alert, the phone went dark, the official said. The sleuths soon lost access to the suspect's messages, the official said, indicating he had discarded or disabled the phone. "We only had that one phone," the official said.
Though that suspect was still under traditional surveillance, "He's not the only suspect we have to follow..." the official complained to the Wall Street Journal, adding that their counterparts in other Western European countries told him more than 10 other investigations "may have been" compromised by WhatsApp's alert.
The Journal also notes that tech companies "have come under growing pressure in the U.S. and Europe to give law enforcement a back door into encrypted messages. But they are also under fire for not doing enough to protect the privacy of their users and, in some jurisdictions, they have legal obligations to disclose security breaches."
An elite surveillance team was using spyware from NSO Group, an Israeli company, to track the suspect, according to a law-enforcement official overseeing the investigation. A judge in the Western European country had authorized investigators to deploy all means available to get into the suspect's phone, for which the team used its government's existing contract with NSO. The country's use of NSO's spyware wasn't known to Facebook... WhatsApp's Oct. 29 message to users warned journalists, activists and government officials that their phones had been compromised, Facebook said. But it also had the unintended consequence of potentially jeopardizing multiple national-security investigations in Western Europe about which Facebook hadn't been alerted -- and about which government agencies can't formally complain, given their secret nature...
NSO has faced criticism for selling its products to government agencies in the Middle East, Mexico and India, which Facebook and human-rights research group Citizen Lab, among others, allege used them to spy on dissidents, religious leaders, journalists and political opponents. Among the 1,400 WhatsApp users notified in October, more than 100 fell into these categories, Citizen Lab said. The group, which is based at the University of Toronto's Munk School of Global Affairs and Public Policy, worked with Facebook on identifying these people... Citizen Lab has issued reports for several years linking NSO's spyware to governments with a history of human-rights abuses, and said that record should put NSO out of the running for government contracts from Western agencies, said Ronald Deibert, Citizen Lab's director. "What we have been trying to do with our research is to raise alarm bells...."
On the day WhatsApp sent its alert, the official overseeing the terror investigation in Western Europe said, he was stuck in traffic on his way to work when a call came in from Israel. "Have you seen the news? We've got a problem," he said he was told. WhatsApp was notifying suspects whom his team was tracking that their phones had been hacked. "No, that can't be right. Why would they do that?" the official said he asked his contact, thinking it a joke. The most immediate concern was a suspected terrorist investigators linked to Islamic State. They had received a tip he was part of a group plotting an attack around Christmas. Once they saw the suspect's phone receive WhatsApp's alert, the phone went dark, the official said. The sleuths soon lost access to the suspect's messages, the official said, indicating he had discarded or disabled the phone. "We only had that one phone," the official said.
Though that suspect was still under traditional surveillance, "He's not the only suspect we have to follow..." the official complained to the Wall Street Journal, adding that their counterparts in other Western European countries told him more than 10 other investigations "may have been" compromised by WhatsApp's alert.
The Journal also notes that tech companies "have come under growing pressure in the U.S. and Europe to give law enforcement a back door into encrypted messages. But they are also under fire for not doing enough to protect the privacy of their users and, in some jurisdictions, they have legal obligations to disclose security breaches."
Really? (Score:5, Insightful)
Police officers tracking people illegally without a warrant and without notifying the company or the ISP can't be differentiated from a hacker doing the same thing because BOTH are criminals?
Who would have thought?
Re:Really? (Score:5, Informative)
"A judge in the Western European country had authorized investigators to deploy all means available to get into the suspect's phone" - so it was with a warrant. FB was justy not notified about it and why should they if they have no means to help execute it? It would just increase a risk of leak.
Re: Really? (Score:5, Insightful)
Well I think this article presents a pretty good reason why FB should be notified.
Re: (Score:2)
Re: (Score:2)
proves that this was NOT been approved by a U.S. judge. Who had jurisdiction?
This isn't RT where you can spread your fud. The U.S. has zero jurisdiction in this case. The Western European judge does and, based on the story, granted approval for the warrant. Unlike in your country where there is no due process when Putin has people shot in front of the Kremlin and the evidence literally washed away [euro2day.gr].
Re: (Score:2)
The Western European judge does and, based on the story, granted approval for the warrant.
Fine. But where did the warning come from? If it came from the U.S., then the jurisdiction of the European court is a major issue.
Re: (Score:2)
Why?
Re: Really? (Score:1)
Haha - you said "due process". You mean how in America we put on a brief, insincere juridical theatre show - before coercing the accused to confess, then tossing him into the world's largest gulag?
Re: (Score:2)
This article is a crock a propagandist plant for more surveillance because all you filthy nobodies can not be trusted.
I have seen the way criminals use mobile phones. The use the cheapest phones money can buy and regularly swap sims and phones, different phones with different sims, all the time. They buy and use anonymous prepaid, they use they like they are being listened too and minimise communication on the devices, to mostly establishing meets and turn off their phones then.
This story is not about sur
Re: (Score:3)
Can you anonymously easily buy a phone in Europe? And not all criminals are smart.
You do have a point about the expanding surveillance, even the summary mentions using the Israeli software to spy on people for political purposes
Re: Really? (Score:2)
Yes, plenty of small shops ran by certain types of people will sell you anonymous phones and SIM cards. And the true criminals are smart and use encrypted methods to communicate (eg WhatsApp), recently a drug gang (I believe Netherlands) was rolled up that had an entire PGP infrastructure for calls and messages.
Re: (Score:2)
OK, thanks, wasn't really sure as numerous countries are making it hard to be anonymous. And yes, if I was doing anything that seriously required privacy, I'd be looking at pgp.
Re: (Score:2)
Yep, you can get pay-as-you-go SIM cards from most supermarkets, buy a SIM for equivalent of 10 USD, you can also buy a budget mobile phone from a supermarket for around 20-25 USD with no questions asked. Use them for a couple of days and throw them away.
Re: (Score:1)
Keep on buying new again and the mil level collection resumes with the first use
Re: (Score:2)
Yet despite this capturing and analysing phone metadata is how senior figures in violent extremist organisations are discovered and tracked.
A calls B, C and D. C calls E, F and then calls a new number which it turns out is B's new number. From that number B calls A on another new number, D and F.
F's a fucking idiot and isn't keeping his operational security in mind so keeps his phone on when meeting A, B and the hellfire missile that just left a nearby drone.
Sure, you _can_ keep switching phones and account
Re: (Score:1)
The US police and FBI used to try and give phone numbers to log to the US telco networks.br> Suspects escaped the USA.
Slowly the FBI and US police worked out the way court and police support requests worked in global telco systems.
The FBI and US police are now much more aware of who they tell about who is under investigation.
The UK mil, Royal Ulster Constabulary and GCHQ did not see mission data lost as they never talked to random police/telco/c
Re: (Score:2)
> Well I think this article presents a pretty good reason why FB should be notified.
That "pretty good reason" is only "pretty good" from law enforcement's point of view.
Re: (Score:2)
Re: (Score:3)
Re:Really? (Score:4, Insightful)
Re: (Score:2)
Most countries have some version of a 'Constitution', it's just named different things. In my country its name translates to Ground/Base Law. It doesn't have the exact same provisions, allowances, stipulations etc. as the US Constitution, but the basic idea of it is the same thing - a foundation on which to build the rest of the legal framework of a nation.
Re: (Score:3)
Just curious - does what your country use for a Constitution provide any limits on what your government does? Or does it just discuss how it must go abo
Re: Really? (Score:2)
Typically not, although currently mostly ceremonial, most kingdoms have a monarchy that to this day can do no crime and owns everything and everyone.
In those cases, the law is mostly a description about what the government has permitted itself to do.
Re: (Score:3)
There's precedent for handling this type of situation. If that were a traditional telephone line, then they'd coordinate with a special office inside the carrier (CALEA, in the U.S.) so this sort of thing wouldn't happen.
That is, they *would* notify the carrier and while Facebook isn't a traditional telcom, the popularity of their messaging platforms suggests it would be best treated like one to avoid situations like this.
Re: (Score:3)
Facebook has them. Not just automated feeds for the big government groups, but direct contact phone numbers for smaller police organizations around the globe. Two seconds on Google will find the contact phone numbers, both for the urgent immediate access phone numbers for things like missing children or life-critical events, and for less urgent government/police records requests.
It isn't a difficult thing, and police nearly always get gag orders as part of pen/trap orders or wiretap orders. In this case the
Re: (Score:1)
Facebook has them. Not just automated feeds for the big government groups, but direct contact phone numbers for smaller police organizations around the globe. Two seconds on Google will find the contact phone numbers, both for the urgent immediate access phone numbers for things like missing children or life-critical events, and for less urgent government/police records requests.
It isn't a difficult thing, and police nearly always get gag orders as part of pen/trap orders or wiretap orders. In this case the cops screwed up by not notifying Facebook. It was a trivial matter for them to get the gag order with the warrant, and to serve it against FB so they wouldn't have told that account about it.
If that's true this sounds more like incompetent law enforcemnet trying to shift the blame to Facebook for their (the po-po's) fuck up.
Re: (Score:2)
That's exactly what this is.
Re: (Score:3)
Facebook has them. Not just automated feeds for the big government groups, but direct contact phone numbers for smaller police organizations around the globe. Two seconds on Google will find the contact phone numbers, both for the urgent immediate access phone numbers for things like missing children or life-critical events, and for less urgent government/police records requests.
It isn't a difficult thing, and police nearly always get gag orders as part of pen/trap orders or wiretap orders. In this case the cops screwed up by not notifying Facebook. It was a trivial matter for them to get the gag order with the warrant, and to serve it against FB so they wouldn't have told that account about it.
If that's true this sounds more like incompetent law enforcemnet trying to shift the blame to Facebook for their (the po-po's) fuck up.
Sounds to me more like they found their poster child for a push for increased surveillance powers.
Re: (Score:1)
Faith and politics, cults... one nations police cannot be sure who they are requesting support from in any random global company anymore.
Re "gag orders" dont work when a person under investigation is of the same faith/cult/a different nation to the police making the request.
Re "screwed up by not notifying" why would any advanced nation allow it police/courts to call a global company/telco/random "securit
Re: Really? (Score:2)
"gag orders"
An action so upright, virtuous, and obviously just that it can only be done secretly in the dark of night...
Re: (Score:2)
That is exactly how most gag orders work with pen/trap or wiretaps.
The phone company, network operators, or whoever, are forbidden from telling the subjects "the police are now tracking your calls",, and from telling the media and other organizations, but the order is short term. They typically last until the tap is complete or the investigation is complete, typically just a few months as you proposed.
Re: (Score:1)
Few nations like that anymore as court/police/telco staff like to talk/sell data to criminals...
Nation level police slowly found their request to "coordinate" with any telco got sold direct to the criminals under investigation.
Few police/mil risk that giving of log request data to random court/police/telco staff anymore.
Why risk telling a computer/OS/social media company with random global 24/7 staff who is under inve
Re: (Score:3)
Then again I don't think it was a Dutch judge. Here, a judge does not need to sign off on a wiretap... Too much hassle.
Re: (Score:3)
Because it would increase the risk of the attack being mistaken as a hacker attack and the supsect receiving a warning?
Re: (Score:2)
A warrant does nothing but protect the officer from damages when he conducts an otherwise criminal act.
Anybody can warn the suspect if they don't know about the warrant.
Re: (Score:2)
it was with a warrant. FB was justy not notified about it and why should they if they have no means to help execute it?
Actually the reverse of that. FB absolutely should have been notified. They should be told exactly because of the reasons specified in the article. It's also standard procedure for most investigations requiring them.
Simply, the police screwed up. It was a trivial thing to mention it to the judge, then inform Facebook: "We have a warrant to monitor this account. We are also serving you with a gag order to not inform them of the monitoring."
It's a simple task, and that type of order happens all the time. F
Re: (Score:2)
FB was justy not notified about it and why should they if they have no means to help execute it?
So FB wouldn't notify the suspect of the hacking? And not notifying the suspect would seem to count as helping to execute too. How can FB keep the secrets of government hackers if those hackers don't tell FB who they are? Or don't you think FB should notify people who are being hacked, irrespective of who's doing the hacking?
Re: (Score:2)
Or, in this case, increase the risk that they could distinguish it from a criminal hacking attack on one of their users, and choose not to alert them.
Re: (Score:2)
"A judge in the Western European country had authorized investigators to deploy all means available to get into the suspect's phone" - so it was with a warrant. FB was justy not notified about it and why should they if they have no means to help execute it? It would just increase a risk of leak.
Even if it was legal they installed malware on a bunch of phones and now they are pissed because it got detected by a 3rd party who did not know about the surveillance or that this particular malware was legal. All they knew is that they found malware and notified their customers. From TFA:
A judge in the Western European country had authorized investigators to deploy all means available to get into the suspect's phone, for which the team used its government's existing contract with NSO. The country's use of NSO's spyware wasn't known to Facebook. NSO licenses its spyware to government clients, who use it to hack targets.
...
On Oct. 29, Facebook filed suit against NSO -- which has been enmeshed in controversy after governments used its technology to spy on dissidents -- in federal court in California, seeking unspecified financial penalties over NSO's alleged hacking of WhatsApp software. It also sought an injunction prohibiting NSO from accessing Facebook and WhatsApp's computer systems.
NSO said it is vigorously defending itself against the lawsuit, without elaborating.
NSO has faced criticism for selling its products to government agencies in the Middle East, Mexico and India, which Facebook and human-rights research group Citizen Lab, among others, allege used them to spy on dissidents, religious leaders, journalists and political opponents. Among the 1,400 WhatsApp users notified in October, more than 100 fell into these categories, Citizen Lab said.
If they want their legal malware to escape detection they should get their shady Israeli friends to write better malware, or, better yet, why not just contact Facebook/WhatsApp directly and present them with a search warr
Re: (Score:2)
I imagine jurisdictional issues. Police in an unnamed European country serving a warrant to Facebook which, at best, would have to be processed by a facebook division elsewhere in the EU, at worst by Facebook in the US. Probably have to go through Europol - and if the data does happen to be in the US, Facebook will have to at least make a token effort to challenge the warrant. Yes, the legal approach would work - but how long would it take to go through the full procedure of a cross-border warrant? Probably
Re: (Score:2)
Except that they do have means to help execute it, as the original article clearly demonstrates. Without their help, the surveillance failed.
Re: (Score:3)
Police officers tracking people illegally...?
According to the *summary*, the police had authorization from a judge. But they were using a dodgy company that uses black hat methods and sells its services to repressive regimes.
Information security is a good thing, but like other good things, bad guys can use it for bad purposes. So what do we do? Leave everybody open to bad guys to police can catch a few more bad guys?
No, this where the old way of doing things is actually better. You get a court order that enforces the cooperation of the carrier, rat
Re: (Score:2)
The "old way" is exactly what law enforcement has been requesting from tech companies, but they have been refusing. And rightly so, because the only way to enable that is to design the system so the company can intercept and/or decrypt all communications, which weakens the system for everyone, as this taping mechanism can be abused by insiders or hackers for illegitimate purposes, not just warranted wiretaps.
Re: (Score:2)
From the fucking first paragraph:
A judge in the Western European country had authorized investigators to deploy all means available to get into the suspect's phone, for which the team used its government's existing contract with NSO.
Is reading too difficult?
Re: (Score:2)
Police officers tracking people illegally without a warrant
Couldn't make it into the second paragraph of the quoted text now could you.
Re: (Score:2)
Police officers tracking people illegally without a warrant and without notifying the company or the ISP can't be differentiated from a hacker doing the same thing because BOTH are criminals?
Who would have thought?
From the article:
"A judge in the Western European country had authorized investigators to deploy all means available to get into the suspect's phone, for which the team used its government's existing contract with NSO. "
So you're half-right. Facebook should have been notified.
Re: (Score:1)
Re: (Score:2)
Police officers tracking people illegally without a warrant
What makes you think it was illegal and without a warrant?
Re: Really? (Score:5, Informative)
Not Really... (Score:3)
You apparently haven't experienced the "judicial system." Did you know you cannot typically actually sue police or prosecutors, regardless of what they've done? Oh, in theory, yeah. In practice, no. They have protections based on their intent, orders, etc.
Police are only criminals, meaning only face sanctions, when they break the social code. i.e. if they're enforcing the law, but it looks bad.
Re: Not Really... (Score:2, Interesting)
Really? Police get sued for just about anything in the US and lose their jobs while tax payers pay out millions to criminals.
It's become so bad many police officers won't even go in many neighborhoods or arrest certain groups of people. It's one of the reasons why LA and SF get overrun with homeless, the police can't touch them without getting sued about something.
Re: Really? (Score:4, Insightful)
At least in the US, spying on someone without a warrant is squarely illegal
Really? Can you point to us the sentences received by the people responsible for the warrant-less massive NSA wiretaps that became a minor scandal in the early 20s? This one: https://en.wikipedia.org/wiki/... [wikipedia.org]
If spying were indeed "illegal", there must have been some criminal repercussions for the involved, what were those? I don't recall any action from a government prosecutor, just a few civil lawsuits.
Re: (Score:2)
If you w
Re: (Score:2)
In other words, the government found that spying (because "collecting metadata" is nothing different than spying) without a warrant is okay as long as the government is doing.
That is, your opinion that at least in the US, spying on someone without a warrant is squarely illegal is squarely wrong.
Re: Really? (Score:2)
I have held all along that the direct violation of the 4th amendment is/was against the telecoms themselves in the case of obtaining transaction records. The violation against customers is the interference by the government in a legal contract. Customers have a right to be able to specify privacy against sharing data in a contract, an NDA, in all cases except a legal and constitutionally valid warrant.
Completely different when the government hacks a phone and physically places software on that phone in so
Re: (Score:2)
4th Amendment does not typical apply to public spaces (everything on FB is public regardless of your security settings). I suspect they could of done this without a warrant legally.
Good ol' policework (Score:5, Insightful)
If police really want to "track" a person, they can still be present physically, and do the actual tracking. They can even use "fancy" tools like "laser microphones" to listen on them, which is very easy to get:
https://lifehacker.com/build-a... [lifehacker.com]
However once you start tracking the population "en masse", you are starting to infringe on basic liberties. It does not matter you have a "warrant" from a rubber-stamp court. If you start tracking all people, that means you are part of the problem.
Remember: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety".
Re: (Score:2)
If police really want to "track" a person, they can still be present physically, and do the actual tracking.
As per TFS
Though that suspect was still under traditional surveillance
Re:Good ol' policework (Score:5, Insightful)
Indeed. The police wants to do this as cheap as possible, so they can do it to as many people as possible. That leads straight into a police-state. Police work has to take significant effort, or it becomes just a tool for oppression, nothing else.
Re: (Score:2)
And it's also why it's imperative that both the police and military have civilian oversight and civilian bosses.
It is a conflict of interest to ask (or allow) either group to make decisions regarding the rightness or wrongness of their procedures. And, really, it would be unfair to task them with it. They should be tasked with doing their own work within the law, not in deciding what those laws should be. If either group feels the law should be changed, they need to make their case to the people overseeing
Re: (Score:2)
Indeed. The main problem is that tunnel-vision. It is not really an accusation either, the work they do, they necessarily get a badly skewed picture of society and that makes them dangerous. Hence (since we cannot do without either at this time), they need to be carefully watched and controlled and when they screw up, they need to be held accountable, just the same as anybody else.
Re: Good ol' policework (Score:2)
"Remember: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety"."
That is a quote, not a rule or law.
Re: (Score:2)
No one implied it was a rule or a law. Would you like to list any other things it also is not? Let me get you started: it's not a vehicle, a type of fruitfly, or a mathmatical formula either.
As fun as it can be pointing out what things aren't, it's not very useful in an intellectual discussion. Good job though. We're all very proud of you.
Re: (Score:1)
Holidays for staff after weeks and months of work...thats more teams ready...
Security clearances for all staff.
Add in the complexity of EU wide travel, No-go areas in parts of EU cities..
9 random police with expert skills trying to
Consider this... (Score:1)
Re: (Score:2)
A phone without removable battery is defective by design. Why would anybody sane buy such a piece of trash?
Re: (Score:2)
Cos that new building in Cupertino ain't going to pay for itself to be built!
Re: (Score:2)
Well, probably. I could not care less about them though. My current phone has a removable battery and my next one will too.
Sadly ... (Score:5, Insightful)
A “warrant” doesn’t protect you from abuse as many judges have 95%+ approval rates with zero penalty should the warrant turn up nothing. They’ll get criticized the 1 time they don’t authorize and something happens, though. Which side do you think they’ll err on?
Because of this, warrants have lost their original purpose, and mean nothing to the average citizen.
Re: (Score:3)
A “warrant” doesn’t protect you from abuse as many judges have 95%+ approval rates with zero penalty should the warrant turn up nothing.
Why would it surprise you that judges have 95% approval rates for warrant requests? It's not like police just throw every random person at a judge and see what happens to be target du jour today based on which unlucky random member of the public's piece of paper gets approved.
My boss is a pushover clearly. He's approved 100% of my project proposals. I mean let's ignore the fact that I don't bring him proposals which don't make sense, haven't been vetted or fail cost benefit analysis. Clearly he's just a pus
Let me just run through the steps here (Score:5, Insightful)
1. A cop in Europe was legally pursuing a terrorist suspect.
2. He received notification that the terrorist suspect has been informed that his phone was hacked. (It wasn't, his WhatsApp account was monitored.)
3. Terrorist then goes dark.
4. Cop then goes straight to press and tells them all about it, ensuring that the terrorist suspect, one of 1,400 informed of his being monitored, was in fact the target of a criminal investigation.
So, why did the cop go straight to the press to tell them all about it? Is this just more complete rubbish designed to reassure us that the police, government and private bodies spying on us is just for our own protection and something we should accept?
-
Re: (Score:1, Insightful)
Re:Let me just run through the steps here (Score:5, Informative)
There are a few more steps, but basically, yeah, cops screwed up a few times.
1A should have been that the cops notified Facebook that they needed to monitor an account.
1B should have been that the cops worked with Facebook instead of an outside hacking tool
2A could have been that (because of 1A) Facebook wouldn't have notified the account, because they would have known about the court order.
Those proper steps DO happen all the time. Cops screwed up once by using a 3rd party hacking tool, screwed up again by not telling FB. When they work with each other, the companies are great about keeping the spying target in the dark.
There are proper channels. Cops didn't use them for whatever reason, and were burned because of it.
Re: (Score:2)
Um... law enforcement clauses are part of most website account privacy policies. Here's the one from Facebook's page [facebook.com]:
Re: (Score:2)
"If Facebook works with law enforcement then they will lose users and certain countries will want to ban use of the site"
Ha ha ha ha ha!!!! Ha ha!!! Seriously?
The only reason FB would ever, ever lose users would be if Govs made it illegale to either post cat videos or people to post boring shit about their pathetic lives on the internet. 90% of the people using FB are morons OR companies advertsing in an attempt to fleece aforementioned morons. OK I'll concede that there's been a generational shift away fro
Re:Let me just run through the steps here (Score:5, Insightful)
The cops went to the press because the cops, in a bunch of countries, are running a coordinated PR campaign to put pressure on Facebook and others to destroy their security (and/or to get laws to force them to destroy their security). So every time the cops don't get access to something encrypted, they make a point of whining as loudly as possible. This time they're trying to ramp up the pressure by spinning it as Facebook being irresponsible and blowing their investigation.
Note, by the way, that although they claim this kept them from investigating a "potential attack", there was not, in fact, any attack. The cops will say "potential" about something that might conceivably have happened if the stars aligned... but they know that the journalists and readers will take the meaning as closer to "was definitely going to happen". They really hope that nobody will quite notice that there was not, in fact, any attack, even though they lost this supposedly critical capability. ... and WhatsApp can't be monitored centrally (or if it can, it's a bug Facebook doesn't know about and would fix if it did know). They were watching his WhatsApp messages by hacking his phone, using malware provided to them by the crooks at the NSO Group.
Re: (Score:2)
2. He received notification that the terrorist suspect has been informed that his phone was hacked. (It wasn't, his WhatsApp account was monitored.)
Can we be sure that his phone didn't have to be hacked in order to enable the monitoring? This might not just be passive surveillance.
"Went dark"? Seriously? (Score:4, Insightful)
The guy switched off his phone. That is not "went dark". That is just a propaganda lie.
Also, state-sponsored attackers with a court order (and any other attackers) are still attackers to the owner of the system, until and unless that court order is presented to him. Hence they have to be kept out and need to be treated just the same as any common and not so common criminals trying to get in because there is no way to distinguish between them. And, incidentally, there are state-sponsored attackers that doing something perfectly legal in their country, but highly criminal in the country of the target.
Re: (Score:2)
"Went dark" is a standard idiom when phrasing it from the perspective of the data collection effort.
Learn you some English, Ivan.
Re: (Score:2)
When your investigation consists entirely of sitting in an office and hacking someones phone, then when they turn that phone off they have essentially "gone dark." Which most would consider to be an argument for real police work. However the police consider this an argument for less privacy. Weird, huh?
Re: (Score:2)
The guy switched off his phone. That is not "went dark".
Err the definition of "going dark" is literally a sudden termination of communication. Turning your phone off is a damn sure fire way of "going dark".
wah wah wah wah (Score:5, Insightful)
Wah wah wah wah wah. Poor little policemen.
How many Iranian lives have been saved by encrypted telecommunications that their state could not break? How many Chinese? How many Eritrean? How many Saudi? How many Egyptian? How many others living in oppressive regimes with arbitrary detention and killing?
Facebook did the right thing. Encryption and data security saves lives.
Re: (Score:2)
Are we allowed to dislike both the police and Facebook? Facebook is rather awful. It's pretty rare for them to protect anyone's privacy.
When good guys and bad guys do the same things (Score:4, Insightful)
It makes me wonder why you're calling either of them good
Re: (Score:2)
You mean like when terrorists shoot people bad, but when cops shoot terrorists good. A burglar breaking and entering bad, a SWAT team "breaking and entering" with a warrant good. About 1400 people worldwide is not some massive dragnet operation, I'm going to assume that at least this one case had a warrant issued for valid reasons. But when you use undercover police officers you can't really complain when a suspect gets notified by third parties who think they're seeing a crime in progress.
If I saw somebody
Always good for a laugh. (Score:1)
vulnerabilities (Score:1)
Anti-encryption propaganda... (Score:5, Insightful)
I'm just waiting for the "why won't someone think of the children" to be rolled out.
Backdoor (Score:2)
If ANYONE has a backdoor, then EVERYONE has a backdoor!
Backdoors are the antithesis of security.
back to burner phones (Score:1)
Too bad (Score:2)
>"The Journal also notes that tech companies "have come under growing pressure in the U.S. and Europe to give law enforcement a back door into encrypted messages."
Well too bad. It isn't "encrypted communication" if there are back doors (or it is not end-to-end). Period. Yes, that makes it more difficult for law enforcement, but, like I said, TOO BAD. They have plenty of other tools. Mass spying on the public is not compatible with privacy and freedom. Neither is broken encryption. Freedom-loving c
No Christmas Attack? (Score:2)
Maybe the guy was innocent. Kim Jong Un didn't even do anything for Christmas except eat too many cookies.
Traditional methods (Score:1)
"Though that suspect was still under traditional surveillance,"
Time for the "law enforcement officials" (wait, "officials" not "officers"???) to start doing their jobs instead of sitting around waiting for telco data dumps and hacked phones to tell them things. Real criminals who do really bad things like Islamic terrorists aren't having text message chats about it.
LEOs - do your job. You found terrorists long before cellphones. You'll do it again.
That "traditional surveillance" seems to me to indicate t
Sneaky Article (Score:2)
LEOs must "learn to decode"... (Score:2)
...to break the encrypted communications.
Facebook saves 1399 good people from hackers (Score:2)
The main point here should be that Facebook protected, apparently, 1399 good people from evil hackers and 1 guy that is suspected to not be such a great person.
If preventing a terror attack by alerting the suspect that he is being monitored is the collateral damage we have to pay to protect "journalists, activists and government officials", I think that's a pretty good deal. Law enforcement can do their job and keep an eye on the guy later.
Spyware is spyware (Score:3)
Even if it is real spies using it. That is no more Facebook's problem than anti-malware vendors, security auditors, or anyone else interested in keeping systems secure.
So NSO are crap (Score:2)
Will teach them (Score:2)
I'm sure facebook would cooperate with law enforcement, if they are aware!
This would have been easy to prevent from happening.
Re: LAW ENFORCEMENT MUST HAVE FULL ACCESS!!! (Score:2)
That sounds good... until all the wifi routers and security cameras get hacked. Oh wait, this has already happened. The problem with impossible to shut backdoors is that eventually someone else will gain access to them as well.
Your opinion is critically disconnected from historical observations. This is again demonstrated by a lack of understanding of blackmarkets as economic pressure release valves. This is an important mechanism that prevents revolutions.