Support NeoGAF

[JP]

It does sound like she doesn't really know what she's talking about.

If people really want to be sending secure messages to each other, removing the current encryption from things like WhatsApp is not going to stop that happening. Even if you forget about the more common methods, we live in a world of open-source code and everybody making their own apps so it's not even going to slow people down if they do this.

It's really likely to affect the average person on the street who just want privacy to chat to other people like them. It's certainly not going to affect the privacy of the sort of people they claim to want to snoop on.

They also seem to be assuming that the authorities are the leading edge in terms of accessing other people's data, if this did come to pass then the authorities would not be the first people to get access to that previously encrypted data.

I'm really hoping that outcome of her idiotic suggestions is that somebody is going to access her private communications and post them publicly online.

 

[Morrigan Stark]

British interior minister Amber Rudd said on Sunday end-to-end encryption of messages offered by services like Whatsapp are "completely unacceptable" and there should be no "secret place for terrorists to communicate".
[...]
"That is my view - it is completely unacceptable, there should be no place for terrorists to hide."

What a fucking moron. Don't they realize, terrorists could just send each other texts saying "hey meet u at the park/my place bro", and then they'd go in a park/at someone's apartment/etc. and whisper their evil plots and... NO ONE WILL KNOW! No one to intercept their conversation, and no trace of the conversation. *GASPS* How will we ever cope?

By this logic, he might as well say that any private conversation is unacceptable.

Yup

Increasingly, the contents of a person's phone are *not* meaningless. They are of great interest to harassers, identity thieves, big business and malicious government actors. There is no secure way to grant only the 'goodies' access to this data on demand but not anyone else. It simply cannot be done. I don't consider the risks that this kind of scheme would open up to every single person on the planet that uses technology worth it, even for the sake of maybe (but probably not) preventing attacks like this one, which represent an utterly minuscule proportion of the death and suffering experienced even within wealthy western societies.

samn
yuuuuup.
(Today, 11:39 AM)

I understand, so maybe there are other ways to address this particular issue, like banning encrypted messaging apps from app stores.

That would be particularly idiotic and not remotely productive.

It is just not acceptable for the world to move onto communications that cannot be accessed by authorities where needed, and on this, probably just this, I agree with Amber / Theresa.

Like... private spoken conversation? How is this any different than encrypted chat messages?

It is about more than that, Amber is complaining about it's use in messaging services specifically, which I am discussing from my moral viewpoint. You attempts to repurpose my position, claim I need to backup things I never mentioned, and now define the subject of the topic for your own needs is embarrassing.

Honestly the only one embarrassing himself here is you. You are far too ignorant about encryption, how it works, and what it means, to even have an informed viewpoint on the subject, and that you persist in arguing despite that is just silly.

Only as much as I have, that limiting it's use and uptake, by providing barriers to it is better than nothing at all.

That is not how it works! Everyone's been painfully trying to explain this to you, I'm a little astonished that you refuse to understand.

 

[Slackbladder]

Never ceases to amaze me how politicians (usually right wing conservative types) just have no idea what freedom and rights entail. Yes you can have a more "secure" society but you will have to take away rights to achieve it. They seem oblivious to the basic fact that with freedom there is always a consequence, a trade off, a price. Ultimately they say what they say to get support from the general public who'll end up voting for these fucks because far too many members of the public are pig ignorant fuckers too.

 

[Ambient80]

Isn't iMessage also end to end encrypted? I know it's not AS popular in the UK, but good luck getting Apple to change that. The entirety of Parliament would be long gone due to old age before that legal battle was over.

 

[LoveCake]

Nothing ever changes.

 

[CadetMahoney]

Terrorists have won, privacy erosion bit by bit, place is shitter than before.

The real reason for brexit.

We were warned about this before Brexit. Cameron and co stated openly they wanted to do away with the Human Rights EU thing and create their own.

The Human rights act has clauses that mentions privacy. The EU says such government surveillance infringes on human rights, with Brexit all UK will be for the worse.

http://www.neogaf.com/forum/showpost.php?p=214680807&postcount=77

 

[KingV]

Never ceases to amaze me how politicians (usually right wing conservative types) just have no idea what freedom and rights entail. Yes you can have a more "secure" society but you will have to take away rights to achieve it. They seem oblivious to the basic fact that with freedom there is always a consequence, a trade off, a price. Ultimately they say what they say to get support from the general public who'll end up voting for these fucks because far too many members of the public are pig ignorant fuckers too.

In America it's basically both parties. Obama and Hillary basically agree with Republicans on whether or not the government should be able to snoop our shit.

 

[Hippolnareff]

It does sound like she doesn't really know what she's talking about.

To be qualified for a Tory cabinet position, you can't be qualified for the position you're applying for.

 

[D4Danger]

Terrorists have won, privacy erosion bit by bit, place is shitter than before.

Terrorists haven't won shit and privacy tools are only getting better and more accessible as people understand how intrusive governments are. This genie doesn't go back in the bottle.

 

[Kthulhu]

In America it's basically both parties. Obama and Hillary basically agree with Republicans on whether or not the government should be able to snoop our shit.

There are a few that are opposed to it.

The government succeeded in making the average citizen see surveillance as a necessary evil.

The other 5 eyes nations will do the same.

 

[Liu Kang Baking A Pie]

Whatsapp was reported to have a backdoor at the beginning of the year. The Guardian removed it as a recommend method to contact them because of it.

Whatsapp is fine. There are two stories revolving around the Guardian reveal and Whatsapp in the CIA hacking documents:

1) The CIA leak revealed that if they have physical access to a device, they can compromise it. Nothing you do in Whatsapp or anything else that's encrypted matters at that point.

2) Whatsapp doesn't ask you to reconfirm your knowledge of who you're talking to when they change devices like Signal does. This concerned people, but Moxie Marlinspike clarified it's a feature, not a bug or exploit:

https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/

The most relevant part:

The WhatsApp clients have been carefully designed so that they will not re-encrypt messages that have already been delivered. Once the sending client displays a "double check mark," it can no longer be asked to re-send that message. This prevents anyone who compromises the server from being able to selectively target previously delivered messages for re-encryption.

The fact that WhatsApp handles key changes is not a "backdoor," it is how cryptography works. Any attempt to intercept messages in transmit by the server is detectable by the sender, just like with Signal, PGP, or any other end-to-end encrypted communication system.

The only question it might be reasonable to ask is whether these safety number change notifications should be "blocking" or "non-blocking." In other words, when a contact's key changes, should WhatsApp require the user to manually verify the new key before continuing, or should WhatsApp display an advisory notification and continue without blocking the user.

Given the size and scope of WhatsApp's user base, we feel that their choice to display a non-blocking notification is appropriate. It provides transparent and cryptographically guaranteed confidence in the privacy of a user's communication, along with a simple user experience. The choice to make these notifications "blocking" would in some ways make things worse. That would leak information to the server about who has enabled safety number change notifications and who hasn't, effectively telling the server who it could MITM transparently and who it couldn't; something that WhatsApp considered very carefully.

Even if others disagree about the details of the UX, under no circumstances is it reasonable to call this a "backdoor," as key changes are immediately detected by the sender and can be verified.

 

[Liu Kang Baking A Pie]

Isn't iMessage also end to end encrypted? I know it's not AS popular in the UK, but good luck getting Apple to change that. The entirety of Parliament would be long gone due to old age before that legal battle was over.

Yep. Apple stores your messages on their servers for 7 days so that the encrypted messages make it to your devices when they're on. If they don't get turned on in 7 days, the messages are deleted.

https://techcrunch.com/2014/02/27/apple-explains-exactly-how-secure-imessage-really-is/

 

[BibiMaghoo]

That would be particularly idiotic and not remotely productive.


Like... private spoken conversation? How is this any different than encrypted chat messages?


Honestly the only one embarrassing himself here is you. You are far too ignorant about encryption, how it works, and what it means, to even have an informed viewpoint on the subject, and that you persist in arguing despite that is just silly.


That is not how it works! Everyone's been painfully trying to explain this to you, I'm a little astonished that you refuse to understand.

I've said why I think it could be productive already. Private spoken conversation is different from encrypted chat in many ways, for example proximity of the people having a conversation. Unless I misunderstood, I don't know why you would think they are the same.

And I have no need to feel that way. The basis of my position is not the technical knowledge of how encryption works, as I have stated several times. I could be a professor on the subject, and it wouldn't remotely change my position of what needs to be done, only how it could be. I said better minds than mine need to solve the problem, but that it is one.

And yes, many people have explained it to me. It doesn't change the problem one little bit, nor the side of it I sit on.

 

[Liu Kang Baking A Pie]

You haven't actually identified any problem to solve, because you haven't sourced any evidence of there being one. You've just suggested that your viewpoint on this subject of which you have zero knowledge (crypto joke!) is the right path because you heard someone in charge ramble ignorantly about it so now it's also your view, I guess. Have you looked up anything in the last couple of hours, or do you just post hoping to wear everyone down with trivial speculation and stubbornness rather than accepting what you don't know and learning more on your own?

 

[Morrigan Stark]

I've said why I think it could be productive already. Private spoken conversation is different from encrypted chat in many ways, for example proximity of the people having a conversation. Unless I misunderstood, I don't know why you would think they are the same.

Why does/should proximity matter? A private conversation is a private conversation.

And I have no need to feel that way. The basis of my position is not the technical knowledge of how encryption works, as I have stated several times.

Your position is untenable because of your ignorance of how encryption works. A basic understanding is required to even have the conversation to begin with.

 

[JP]

I think that people suggesting that an end to end encryption shouldn't be allowed should also think about the authorities accessing their home.

Let's say that instead of locking the doors to our homes we should not only leave them unlocked but we should constantly leave our doors open because that's what the law tells us to do, just in case the authorities may need to access our homes. Of course, that would also allow everybody else to access our homes but it wouldn't really matter as long as it wasn't stopping the accessing our property and all of out belongings whenever they wanted.

Because we're talking about online information not only would everybody be able ti enter our homes and access our credit cards, bank details, passport, etc but they'd also have free access to all our log in details for every site that we've ever accessed, however secure it used to be.

On the bright side, though. At least the authorities would be able to freely access my property without the need for a warrant, probable cause and they could be out before I return and I may never know that it ever happened.

 

[Irminsul]

And I have no need to feel that way. The basis of my position is not the technical knowledge of how encryption works, as I have stated several times. I could be a professor on the subject, and it wouldn't remotely change my position of what needs to be done, only how it could be. I said better minds than mine need to solve the problem, but that it is one.

Okay, let me put it this way: you're currently arguing that you definitely should be able to pull yourself up by your own bootstraps, but as you're no professor of physics, you don't exactly know how.

John Oliver made a pretty good video on the subject, also why just asking WhatsApp to cease encryption doesn't work.

 

[Nokterian]

These ignorant blatend idiots saying there must be a middle way..there is no middle way. Encryption is everything we do on the internet, without encryption our bank accounts,our medical records,our lives on what we do will be destroyed. We need even stronger encryption to protect our selves. Fuck even terrorist and thieves will have more privacy than us..what the flying fuck.

Because she thinks it is ok that we can't have private conversations anymore. Like our human rights are fucking nothing.

The UK passed all ready the most terrible surveillance law in democratic western land. And the netherlands is next on the list. All these idiots want mass surveillance because 'terrorists' a fake excuse a fake safety net, you can't stop a terrorist attack by spying on every innocent civilian, with mass surveillance everyone is a suspect even if you never did anything.

 

[Easy_D]

These ignorant blatend idiots saying there must be a middle way..there is no middle way. Encryption is everything we do on the internet, without encryption our bank accounts,our medical records,our lives on what we do will be destroyed. We need even stronger encryption to protect our selves. Fuck even terrorist and thieves will have more privacy than us..what the flying fuck.

Because she thinks it is ok that we can't have private conversations anymore. Like our human rights are fucking nothing.

The UK passed all ready the most terrible surveillance law in democratic western land. And the netherlands is next on the list. All these idiots want mass surveillance because 'terrorists' a fake excuse a fake safety net, you can't stop a terrorist attack by spying on every innocent civilian, with mass surveillance everyone is a suspect even if you never did anything.

Yeah. It's pretty much the Piracy VS DRM question. Pirates will have a better game without fucked DRM and people doing illegal shit will find ways around the decryption

 

[opricnik]

Fuck off

 

[Dabanton]

Despite all the pontificating and fake tears, this week. May has always been a authoritarian which is why her becoming prime minister was always so fucking scary.

Rudd is just as scary so her being Home Secretary makes sense. This event has provided her with a nice easy argument for this sort of stuff.

 

[Acorn]

Whatsapp is fine. There are two stories revolving around the Guardian reveal and Whatsapp in the CIA hacking documents:

1) The CIA leak revealed that if they have physical access to a device, they can compromise it. Nothing you do in Whatsapp or anything else that's encrypted matters at that point.

2) Whatsapp doesn't ask you to reconfirm your knowledge of who you're talking to when they change devices like Signal does. This concerned people, but Moxie Marlinspike clarified it's a feature, not a bug or exploit:

https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/

The most relevant part:

Ah I see. Thanks for the info, hadn't kept up with the story since it broke.

 

[John Kowalski]

Like.... peeps could just encrypt the content of their messages anyway yo.

 

[Easy_D]

Like.... peeps could just encrypt the content of their messages anyway yo.

Not if said keys are in hand of government officials. All public (legal) alternatives won't matter at that point

 

[iMax]

Not if said keys are in hand of government officials. All public (legal) alternatives won't matter at that point

People can just hold local keys though. Sophisticated criminals will hide their communications if they need to. It achieves nothing.

 

[Irminsul]

Not if said keys are in hand of government officials. All public (legal) alternatives won't matter at that point

What keys are you talking about? You can just use Public-Key cryptography to establish a secured connection over which shared keys could be distributed, i.e., the same way TLS does it. Sure, with public keys, you need to make sure the key you're getting really belongs to the person you want to talk to, but there are methods for this that rely on more than just a single trusted instance.

 

[Xun]

No, it became law.

I know it became law, but I could've sworn I read something earlier this year saying it hit a roadblock.

 

[SteveWD40]

Despite all the pontificating and fake tears, this week. May has always been a authoritarian which is why her becoming prime minister was always so fucking scary.

Rudd is just as scary so her being Home Secretary makes sense. This event has provided her with a nice easy argument for this sort of stuff.

Exactly, she was a nightmare as Home Secretary but held back by the EU and the arguably less mental Cameron. May is like a headmistress who thinks of us all as ill behaved children.

 

[Xun]

Exactly, she was a nightmare as Home Secretary but held back by the EU and the arguably less mental Cameron. May is like a headmistress who thinks of us all as ill behaved children.

Pretty much.

 

[Dreams-Visions]

lol. there are always going to be end to end encryption services on the market. they are the standard in the healthcare industry secondary to US HIPAA laws. I assume banking/finance industries use them too, never mind government.

 

[panzone]

Not if said keys are in hand of government officials. All public (legal) alternatives won't matter at that point

The government doesn't have (probably) my private GPG key.

 

[Newline]

It has also been mentioned that he acted alone. So this whatsapp message was more than likely completely unrelated to the attack, offering no help to the intelligence services about his attack. Therefore I cant work out how this can be anything other than an encroachment on our personal privacy.

 

[nelsonroyale]

As usual they are trying to use the actions of vanishing few to restrict the actions of the majority. I primarily support encryption to protect information from vested interests that the those such as the Tories are swamped in. I have got nothing to hide, but I don't trust them to do whats right with a lot of personal information.

Theresa May on thursday

You are already cowed you cow.

 

[Kayant]

"unacceptable" - Only when it's not in our situation.

Have to say thanks to the people in this thread for more in-depth info on encryption.

Criminals have not needed easily available encryption messaging platform like WhatsApp for years to carry out their crimes and will continue to not need it because they will always have their ways of communicating in private when they wish.

As others have said it would be nice if one day these politicians bothered to learn about things they want to campaign against.

 

[Easy_D]

What keys are you talking about? You can just use Public-Key cryptography to establish a secured connection over which shared keys could be distributed, i.e., the same way TLS does it. Sure, with public keys, you need to make sure the key you're getting really belongs to the person you want to talk to, but there are methods for this that rely on more than just a single trusted instance.

Thanks for taking the time to explain, I clearly was speaking from ignorance. Granted, I still feel government infringing on privacy for "security" reasons is bad.

 

[JonnyDBrit]

"unacceptable" - Only when it's not in our situation.

Have to say thanks to the people in this thread for more in-depth info on encryption.

Criminals have not needed easily available encryption messaging platform like WhatsApp for years to carry out their crimes and will continue to not need it because they will always have their ways of communicating in private when they wish.

As others have said it would be nice if one day these politicians bothered to learn about things they want to campaign against.

Meanwhile, the criminals who would like to exploit your communications would have an easier time of it because the government would ensure there exists a weakness to be exploited.

 

[Vanguard]

I know it became law, but I could've sworn I read something earlier this year saying it hit a roadblock.

Only part of it did, mostly the part about retaining everyones web history etc due to the ruling of the EU courts saying that indiscriminate collection and retention of data is unlawful. That part about collecting "internet connection records" is as far as I'm aware omitted from the law (at least the latest paper/version of it?) due to that ruling and no one is collecting anything... yet.
The EU court also wasn't happy that the police and public bodies were allowed to authorise their own access to the data and want an independent court or similar bodies to handle requests for authorised access to the data.

The latest I can find about how all that is going down is here: https://www.theregister.co.uk/2017/...reparing_to_accept_eu_ruling_on_surveillance/

 

[iMax]

Pretty much.

Oh my god, hide your puppies, everyone.

 

[Alpha_eX]

I worry too many people fear their conversations will be read and picked apart by humans, which is possible, but I doubt there is enough resource for that actually to have a high chance of happening.

I'm not against machines scanning conversations for potential threats if it keeps me safer, I'm sure there are going to be some idiots that plan these types of things over WhatsApp.

But to be honest, banning this will just spawn a new private channel somewhere and people will become aware and stop using their current channels.

To be clear, I'm not really on either side, at the end of the day I'll still use WhatsApp.

 

[Dead Man]

So they'll be banning algorithms then?

 

[iMax]

I worry too many people fear their conversations will be read and picked apart by humans, which is possible, but I doubt there is enough resource for that actually to have a high chance of happening.

I'm not against machines scanning conversations for potential threats if it keeps me safer, I'm sure there are going to be some idiots that plan these types of things over WhatsApp.

But to be honest, banning this will just spawn a new private channel somewhere and people will become aware and stop using their current channels.

To be clear, I'm not really on either side, at the end of the day I'll still use WhatsApp.

They use machine learning to analyse communications at a bulk level—but communications are allegedly indexed and searchable too. And this is prone to abuse and security compromises, as has been demonstrated in the past.

 

[Alpha_eX]

They use machine learning to analyse communications at a bulk level—but communications are allegedly indexed and searchable too. And this is prone to abuse and security compromises, as has been demonstrated in the past.

Are communications made public or kept in an unsecure location? I can see that being an issue if someone is able to get into the system and filter for say, records attached to my phone number or name.

 

[NewGame]

No more locks on doors, there could be terrorists behind then.

 

[Calabi]

I worry too many people fear their conversations will be read and picked apart by humans, which is possible, but I doubt there is enough resource for that actually to have a high chance of happening.

I'm not against machines scanning conversations for potential threats if it keeps me safer, I'm sure there are going to be some idiots that plan these types of things over WhatsApp.

But to be honest, banning this will just spawn a new private channel somewhere and people will become aware and stop using their current channels.

To be clear, I'm not really on either side, at the end of the day I'll still use WhatsApp.

Its not just the government you have to fear, if there is no encryption or its really weak then you are a victim to anyone. Criminals, foreign powers anyone, a guy sitting in an internet cafe, or in his car in the street. How can I figure out how rich these people are and what they own, I'll just let them tell me.

Even information you think is completely innocent and useless could possibly be used against you. To catfish you, to guess your bank details, blackmail, all kinds nefarious things we cant even guess at the moment.

A foreign power could possibly even use aggregated data from something like whatsapp to extrapolate a countries political opinions and then create a targeted add campaign which causes them to vote for a political party that it wants. Realistically though, you wouldn't need to use whatsapp, you would just use Twitter.

It just boggles my mind how people dont realise how precious their data is and how dangerous it is for people to get their hands on it(even people with good intentions).

 

[Irminsul]

So they'll be banning algorithms then?

I mean, the US government actually tried to do so (and lost). That T-shirt on the Wiki page really shows how silly that idea is.

 

[iMax]

Are communications made public or kept in an unsecure location? I can see that being an issue if someone is able to get into the system and filter for say, records attached to my phone number or name.

Remember this is the British government who are notorious for losing secret and confidential information.

 

[Alpha_eX]

Some really good points raised here, obviously security is an issue if there's a single source someone can tap in to gather it all.

I'm not sure how dangerous the one guy at the cafe next to you can be, will your entire WhatsApp history be transmitted in data-packets or just the current messages?

 

[JP]

Pretty much.

 

[Kerensky]

I thought with Android, Intel ME, SELinux, Cisco IOS and Windows backdoored the intelligence community already had access of all communications by monitoring the endpoints.

Also, lots of disapproval for this development, i thought the consensus was that we should support the intelligence services, especially to prevent terror!

Or is the shoe on the wrong foot this time?

 

[JP]

I thought with Android, Intel ME, SELinux, Cisco IOS and Windows backdoored the intelligence community already had access of all communications by monitoring the endpoints.

Also, lots of disapproval for this development, i thought the consensus was that we should support the intelligence services, especially to prevent terror!

Or is the shoe on the wrong foot this time?

I'm not sure that anybody is not suggesting that they want to interfere with preventing terrorism, but that really isn't what Amber Rudd is talking about here even though she may well think that she is.

At the moment, people using something like WhatsApp to enable attacks like the one she refers to are probably using it with the mentality of "It's there, let's use it". Doing what she suggests isn't going to make them think "It's gone, let's go to the beach and drink beer instead". They response that you're going to get is going to be no more than them not using WhatsApp but there are immeasurable ways of communicating securely without these apps and it's not complicated.

We live in a world of open-source coding and building your own apps, this will do no more than halt progress for a few minutes and that's when you do it the hard way by using apps, they aren't even needed as it's incredibly simple to set up a secure and anonymous network just using email.

What she's suggesting isn't going to harm terrorists at all, they only people it's going tp harm are innocent people who are using things like WhatsApp to communicate privately and probably have no interest in moving the beyond the "press a button for it to work" app that they are currently using.

I have no issues in reducing crime at all but if the authorities methodology in reducing was that they were going to enforce a policy that people are only allowed out of their homes when they aren't working then I would suggest that although it would reduce crime that nobody should be paying and that it shows a lack of understanding.

I think the real issue here is simply that Amber Rudd doesn't really have an understand of what she's talking about. It sounds like she's either read or heard talking about end to end encryption and reacted without speaking to experts who actually understand the damage that it would do.

What she's suggesting won't happen though because at some point the government would have to speak to experts before it goes anywhere near parliment.