DARPA Wants To Make a Better, More Secure Version of WhatsApp

The Defense and Advanced Research Projects Agency (DARPA) appears to be in the process of developing its own ultra secure communication platform. The program is called "Resilient Anonymous Communication for Everyone," or RACE, and it will be similar to WhatsApp in that it will be for everyone to use. Trusted Reviews reports: The objectives of the program are to create a distributed messaging system that can do three things: Exist completely within a network; Provide confidentiality, integrity and availability of messaging; and Preserve privacy to any participant in the system.

DARPA seem to be putting security front and center, and the description of the project claims that "compromised system data and associated networked communications should not be helpful for comprising any additional parts of the system," meaning that DARPA are keen that one breach shouldn't also give them a leg up on access to other parts of the system. So, will we soon be using a U.S government branded DARPA? Probably not, but the chances are that RACE will go some way to creating a messaging app that's resilient to attacks, with the protocol and security they find no doubt dripping through to consumer tech and features in the coming years.

No thanks

[Anonymous Coward]

Are you seriously suggesting I should trust a communications app made by the government?

Re: No thanks

[Cmdln Daco]

You badly misspelled "Hillary" there.

Re:

[Anonymous Coward]

> You badly misspelled "Hillary" there.

Sorry...

"Save it for Hillary, Donald."

Re:

[Cmdln Daco]

Indeed. The chickens in Washington are close to the chopping block.

Re:No thanks

[BringsApples]

So many people are probably thinking this same thing right now...

...as they post the story to facebook, twitter and whatsapp.

Re:

[Anonymous Coward]

If you use facebook or google services, you basically already do! The frog boils slowly, and they're turning up the heat a little. Most people *don't* notice.

Re:

[Highdude702]

Incidentally, anybody with a router, can still monitor ALL traffic going THROUGH it... Crazy right?
Seriously what was your point? Was it meant as 'Works As Expected' or do you think that if you own a router and someone sends traffic through it that you can't see what they are communicating with? And if its not encrypted you can read every byte...

Re:

[Highdude702]

And there is a whole shitload of the internet that don't use those standards yet. So, my point still stands. Also not everything is encrypted while using those standards. See 'Metadata'.

Re:

[Highdude702]

Maybe you cant because you don't know how. But I can. And google goes a long way for someone in your position.

Re:

[Highdude702]

So you didnt even read what i said. This is probably why people dont respond to AC's. Not only too lazy to register, too dumb to read.

Re: No thanks

[illiac_1962]

You mean like the internet? The one we are using right now to bitch about things anonymously and do our banking?

Re:

[ceoyoyo]

I love the juxtaposition of those two applications.

Re:

[Actually, I do RTFA]

Are you seriously suggesting I should trust a communications app made by the government?

I mean we're on the Internet (by DARPA), using HTTPS (built on crypto standards from the NIST), using ASCII (what Unicode?) which took off when it was mandated by LBJ.

Re:No thanks

[Oceanplexian]

On one hand, no, but on another, isn't that the point of the government? They exist to serve the people. Assuming the code is open source, audited, and done in a way that's completely open and transparent? yeah I think I would trust it.

Re:

[Highdude702]

Only because of partisan people like you. That is how they get away with it, the 'go team go!' mentality allows them to shit all over us and do what they want and still get re-elected.

Re:

[Highdude702]

Sorry, used to the underhanded "My team good, your team bad" types around here. And it was early as fuck so I probably wasn't thinking strait.

Re:

[Anonymous Coward]

I cannot see how it can't be any more insecure than one made by a private company. In fact, at least I'd be doing with FISMA and FedRAMP controls on the app, so there is some innate security.

one head says this, another head says that

[sanf780]

FBI tells us that encryption is for terrorists, DARPA tells us that encryption is for everyone. Are we all terrorists now?

Re:

[Pseudonym]

This is how you can be certain that there's no grand government conspiracy. It's left hand doesn't know who it's right hand is doing.

Conspiracy theories appeal to humans because we are pattern-seeking machines that find connections in randomness. But few stop to ask why there is randomness.

Re:

[luis_a_espinal]

Conspiracy theories appeal to humans because we are pattern-seeking machines that find connections in randomness. But few stop to ask why there is randomness.

Totally (I must steal this quote.)

With that said, the other explanation is that DARPA by itself does not work so embedded in the machinations of government. It has one mandate: foster and fund R&D, explore interesting problems and develop cool shit (specially cool shit no one else can because of production costs) independently of political climates (to the extend possible.)

DARPA is one thing I deeply respect.

Signal?

[Anonymous Coward]

You mean Signal?

Re:

[ctilsie242]

The Facebook Messenger app on iOS and Android has the option to use the Signal protocol as well.

First stupid question:

[Anonymous Coward]

Will users be referred to as "racists"?

DARPA wants encryption for SPYS

[fish_in_the_c]

is this not just obvious. what use case would a spy organization have for software that:
Untraceable unreadable distributed long distance communication ubiquitously.
Isn't that basically the holy grail of military encryption.

Re:

[skovnymfe]

Well it needs to be decryptable too. By the US military only.

Re:

[bill_mcgonigle]

What's good for the goose is good for the gander.

Getting everybody to use it helps the spies' traffic not stand out.

But Signal and Wire already exist, so they should fork of those (Signal probably).

Could this be a wonderful change?

[charlie merritt]

Wouldn't it be wonderful if the US Government, after much detailed study, concluded that private communications would actually be GOOD for the country?

OR is there a chance that valid court order will be a valid decryption key for this new Whatsapp - like Clipper, anyone remember Clipper?

Re:Could this be a wonderful change?

[Gavagai80]

DARPA developed the Onion routing the Tor project uses, too -- way back in the 1990s. The US military is always keen to enable private communications between dissidents and demonstrators in disliked nations, and also for Americans organizing activities in said nations. That such tools also happen to be able to protect Americans from the US government is not sufficient reason to kill the projects, apparently. We can only hope the ability of foreign hackers to acquire decryption keys will prevent their use.

Re:

[RockDoctor]

In the allegedly techy readership of Slashdot, it seems nobody but you and I (from Europe) does remember Clipper.

I think the TLAs have won, at least in America.

A name for that project

[zm]

Signal.

Re:

[UnknownSoldier]

ItsAtrap.

Re: A name for that project

[bursch-X]

Or just Akbar


But not as in "Allah hu" ;-)

Re:

[Aqualung812]

Signal doesn't have the ability to exist entirely within a network. It depends on Signal's servers.

Editing FTW

[Etcetera]

DARPA seem to be putting security front and center, and the description of the project claims that "compromised system data and associated networked communications should not be helpful for comprising any additional parts of the system," meaning that DARPA are keen that one breach shouldn't also give them a leg up on access to other parts of the system. So, will we soon be using a U.S government branded DARPA?

What?

Trust

[markdavis]

I am not sure I could ever trust a government-endorsed and/or supplied communication system as being actually "private" for the public. To me, private means that NOBODY can ever intercept, decrypt, or obtain the information contained in the messages except for those intended by the end users.

Perhaps if the entire design was open, all the code was open source and openly reviewed, and all the management of it were distributed and open. Otherwise, there is far, far, far too much incentive for the government'

Re: Trust

[illiac_1962]

They are talking about an open protocol. Implementation is up to you/us.

Re:

[markdavis]

>"They are talking about an open protocol. Implementation is up to you/us."

In the past, DARPA has produced good stuff, so as long as the science behind it is sound, an open implementation of it could be a good thing. I just have a feeling they are going to get slapped down hard for even thinking such thoughts, much less spending money/resources on developing such a protocol. Or some law will go through in the name of "safety" and "crime" that makes using such protocols illegal. Federal spy/security/la

Re:

[markdavis]

>"You mean like DES or perhaps AES?"

I should have added "developed now" or "recently". Those two were developed a long time ago, before things got really heated.

Re:

[WillAffleckUW]

Thank you for not using GPS.

Re:

[markdavis]

>"Thank you for not using GPS."

GPS is not two-way communications...

Re:

[WillAffleckUW]

You said communication system.

Re: Darpa? More like, Dorka.

[illiac_1962]

Is signal distributed, existing solely within the network? Cause I see the word "server" used a lot. You guys can't even read the fucking summary any more.

Go for it!!!

[sentiblue]

Yeah sure... the kind that encrypts everything end to end.. nobody can decrypt it except the sender/receiver. For a bonus... the government will be able to decrypt anybody's msg with a single click/command.

What's that? It's a trap!

[UnknownSoldier]

Gee, government wanting to dig its fingers into chat?
It's a trap, that's what.

Signal?

[ilsaloving]

Why isn't DARPA looking at Signal? I thought they were the benchmark by which all other secure communications are compared. Most other services actually use their protocol behind the scenes, including WhatsApp.

AFAIK the problems with WhatsApp are mismanagement of the backend, not the protocol, and I'm not aware of Signal having these problems.

Re:

[q4Fry]

France went with a Matrix/Riot.im [matrix.org] public fork/derivative [github.com] as their government encrypted messenger app. Why reinvent the wheel, when this is something that works at scale?

Un-AC bump with links.

Communication App

[Clariti2018]

Check out this communication app called Clariti https://clariti.app/ [clariti.app]