Edward Snowden: 'Without Encryption, We Will Lose All Privacy. This is Our New Battleground' (theguardian.com) 135
Edward Snowden: In the midst of the greatest computer security crisis in history, the US government, along with the governments of the UK and Australia, is attempting to undermine the only method that currently exists for reliably protecting the world's information: encryption. Should they succeed in their quest to undermine encryption, our public infrastructure and private lives will be rendered permanently unsafe. [...] Earlier this month the US, alongside the UK and Australia, called on Facebook to create a "backdoor," or fatal flaw, into its encrypted messaging apps, which would allow anyone with the key to that backdoor unlimited access to private communications. So far, Facebook has resisted this.
Donald Trump's attorney general, William Barr, who authorised one of the earliest mass surveillance programmes without reviewing whether it was legal, is now signalling an intention to halt -- or even roll back -- the progress of the last six years. WhatsApp, the messaging service owned by Facebook, already uses end-to-end encryption (E2EE): in March the company announced its intention to incorporate E2EE into its other messaging apps -- Facebook Messenger and Instagram -- as well. Now Barr is launching a public campaign to prevent Facebook from climbing this next rung on the ladder of digital security. This began with an open letter co-signed by Barr, UK home secretary Priti Patel, Australia's minister for home affairs and the US secretary of homeland security, demanding Facebook abandon its encryption proposals.
If Barr's campaign is successful, the communications of billions will remain frozen in a state of permanent insecurity: users will be vulnerable by design. And those communications will be vulnerable not only to investigators in the US, UK and Australia, but also to the intelligence agencies of China, Russia and Saudi Arabia -- not to mention hackers around the world. End-to-end encrypted communication systems are designed so that messages can be read only by the sender and their intended recipients, even if the encrypted -- meaning locked -- messages themselves are stored by an untrusted third party, for example, a social media company such as Facebook.
Donald Trump's attorney general, William Barr, who authorised one of the earliest mass surveillance programmes without reviewing whether it was legal, is now signalling an intention to halt -- or even roll back -- the progress of the last six years. WhatsApp, the messaging service owned by Facebook, already uses end-to-end encryption (E2EE): in March the company announced its intention to incorporate E2EE into its other messaging apps -- Facebook Messenger and Instagram -- as well. Now Barr is launching a public campaign to prevent Facebook from climbing this next rung on the ladder of digital security. This began with an open letter co-signed by Barr, UK home secretary Priti Patel, Australia's minister for home affairs and the US secretary of homeland security, demanding Facebook abandon its encryption proposals.
If Barr's campaign is successful, the communications of billions will remain frozen in a state of permanent insecurity: users will be vulnerable by design. And those communications will be vulnerable not only to investigators in the US, UK and Australia, but also to the intelligence agencies of China, Russia and Saudi Arabia -- not to mention hackers around the world. End-to-end encrypted communication systems are designed so that messages can be read only by the sender and their intended recipients, even if the encrypted -- meaning locked -- messages themselves are stored by an untrusted third party, for example, a social media company such as Facebook.
Just wait till... (Score:5, Insightful)
These governments discover that the terrorists can just run an old time guestbook CGI on a VPS hosted web server using a self signed SSL certificate on TLS1.2/1.3 behind simple Basic authentication with htpasswd for all their cell co-ordination needs...
Re: (Score:2, Insightful)
These governments know very well that a self-hosted service is linked to a payment, and they know how to hit that. Remember how everyone suddenly (and withoug legal reason) stopped processing donations for Wikileaks in 2010, after the US government told them to?
Re: (Score:3)
Re: (Score:2)
Compared to sitting at an internet cafe and chatting with P2P encryption with someone in another, this is practically like running a legal enterprise.
Re: Just wait till... (Score:2)
Criminals have IT departments too
https://www.theregister.co.uk/... [theregister.co.uk]
In the case above, the sysadmin was actually the weak link - as people always are
Re: (Score:2)
Yes, they do, and like I said already above, it is a lot easier to track those than to catch people chatting over the whatever p2p messenger everyone else is using. Which is the point of the desire to break the end-to-end encryption of massive social networking services.
Re: Just wait till... (Score:2)
Problems:
Due to the vast number of providers and consumers of said VPS services across the world, it's practically impossible to enforce any background checks at point of purchase with any consistency. So you're going to need to wait till the site itself is mentioned/linked/implicated during an existing investigation before its even in your radar.
Credit card fraud - need I say more?
Bitcoin bullet proof hosting - a little effort up front makes tracing the bitcoin much harder, plus those bullet proof provider
Re: Just wait till... (Score:5, Interesting)
I'll put it like this. Encryption is math. It's awfully hard to legislate against math in any meaningful way.
If the backdoors applied only to consumer and business services, ejabberd could well be a good replacement. Again, self signed certs would keep the contents of communications private.
Even if all public (open+closed source) encryption libraries were backdoored at the source level, a dedicated criminal organisation is perfectly capable of funding a clean room implementation of any given encryption and communication standard.
In fact, they would probably drive significant innovation in the field. Good for business if you don't get caught after all.
The cat's out of the bag. Running around with fingers in our ears screaming lalalala and wishing for the good old days is not going to achieve a damn thing
Re: (Score:3)
This is not a technological problem, this is a legal problem. Once the governments mandate that keys are put in an escrow or disclosed upon request and introduce penalties for withholding them, and you only have the choice of surrendering your communications or ruining your life, they'll get what they want.
Or, in one sentence, once encryption is outlawed, only outlaws will have digital privacy.
Re: Just wait till... (Score:5, Interesting)
They don't care about the outlaws. They love outlaws because they can use the subterfuge of combating outlaws to require citizens to give up rights.
There is a reason why the following words are important to live by when politics and government is concerned.
Those willing to give up "essential liberty" for a little temporary safety deserve neither liberty or safety!
Rights to privacy are essential to liberty! The governments desire or demand to sacrifice these in the pursuit of the public good is an anathema to any decent form of government regardless of it being a republic, socialist, communist, democratic, or whatever form of government you can think of. All governments eventually become totalitarian, but certain ones are better at increasing the speed at which you arrive there.
Re: (Score:2)
You misunderstand the meaning of that sentence. Try again.
Re: (Score:2)
''Once the governments mandate that keys are put in an escrow or disclosed upon request and introduce penalties for withholding them, and you only have the choice of surrendering your communications or ruining your life, they'll get what they want.''
NSA/Clinton had tried to mandate a similar system with what the called 'Clipper chip' in 1994;
https://en.wikipedia.org/wiki/... [wikipedia.org]
If there's a court order from an elected jurist, I would see it as valid. But it's quite hard to prove someone is in contempt if they '
Re: Just wait till... (Score:4, Informative)
No way can anyone trust an escrowed key, never ever. ... especially when courts have seen it fit to allow information gained without warrant when the ''parallel construction'' excuse seems to be an excepted legal use of a warrantless search.
Re: (Score:2)
Then you just hope the country you live in agrees in practice that freedom of speech is still a right.
Re: (Score:2)
Running around with fingers in our ears screaming lalalala and wishing for the good old days is not going to achieve a damn thing
Make Encryption Great Again
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
These governments discover that the terrorists can just run an old time guestbook CGI on a VPS hosted web server using a self signed SSL certificate on TLS1.2/1.3 behind simple Basic authentication with htpasswd for all their cell co-ordination needs...
Hell, the bad guys can just pick a popular MMO or any other game with a large playerbase and a global chat system. For even harder detection pick one with multiple servers (so you'd have to find the right game and server to eavesdrop) and use coded phrasing while chatting in game. You could even make a code specific to the game and no one reading the chat would be the wiser.
Re: (Score:2)
Heck, some of the bad guys are so well-heeled, they could make a MMO or some app that is low tech, but would be popular (A Meitu clone, perhaps.) Some type of low hanging fruit. From there, it wouldn't be hard to use the game client as a way of doing communications, as well as cryptocurrency validation. This wouldn't be so far-fetched. The only real tough OS to make this happen on would be iOS, but for that, it could pop up a Web browser and do HTML5 objects from that.
Re: (Score:2)
Or they go to a public library and read how cryptography works, then implement something themselves. You can prohibit encryption but bad guys aren't exactly known for abiding the law.
Re: (Score:2)
Aka "if you outlaw encryption, only outlaws will have it".
Fgneg rapelcgvat rirelguvat (Score:2)
Re: Fgneg rapelcgvat rirelguvat (Score:4, Funny)
Cthulhu got your tongue?
Re: (Score:2)
You need his encryption key to read it
Re: (Score:2)
The big brand OS will be happy to help the gov too.
Re: Fgneg rapelcgvat rirelguvat (Score:2)
(I recognised the rot13)
Re: (Score:2)
Hah! I jused quad-rot13 on this text, you'll never decipher this!
Re: (Score:2)
Wrong (Score:2)
The problem is that the systems are closed (source/hardware). Lots of closed source applications claim to be end-to-end encrypted, but who really knows? And the behavior can change on every update. The biggest threat is closed systems. Unfortunately it looks like that battle has been lost and Open Source has been relegated to be building blocks of closed systems.
Re: (Score:3)
That nice closed system by a big US brand will always help the NSA, Communist China, the GCHQ, New Zealand, some social media EU "law" from a nation like Austria, Germany, Spain.
Re: (Score:2)
Thats why the NSA likes peering to the USA and nations with a US mil base, camp, port..
The NSA never wants another nation to track back its own split networks.
Other nations might sell the big US corporations hardware and software that detects the NSA...
That once sacrosanct "ask" from the NSA to a trusted big US brand might not go unnoticed everyday.
Too many people with split loya
Re: (Score:2)
Re: (Score:2)
USA Freedom Act https://en.wikipedia.org/wiki/... [wikipedia.org] makes domestic collection nice and legal...
Re: (Score:2)
Modern data collection is much larger in scope than PRISM ever was. You will need some more tinfoil.
Re: (Score:2)
Exactly. People are worried about the NSA when they should be worried about Experian/Google/Microsoft/etc. They have direct influence over your daily life. The NSA doesn't likely care about you.
Privacy is dead... (Score:4, Interesting)
... the average person on the planet is too computer illiterate to not reward privacy invading software and technology.
The last 20 years of games and now the last 10 years of software has been slowly splitting software into two pieces and not giving a complete application to the end user. This began with mmo's in the late 90's when CEO's and game devs conspired to undermine game ownership on the PC, the four horses of the game ownership apocalypse - ultima online, everquest, guild wars and World of warcraft. Which ultimately lead to steam in 2004, once steam hit the rest was inevitable once smart phones hit and microsoft started getting in on what the game industry and the smartphone industry had pioneered.
Everyone has seen the profits from smart phone industry with locked down apps and software, so there is the big push with windows 10 to finally remove software ownership. Pandora is not going back in the box since the moms and dad's of the world are computer illiterate. Windows 10 now has everything the nerds of the 90's feared in it and it's going to get worse. Office is now in subscription and every company is trying to get rid of accessable files and exe's as abstractions, we're seeing the big push towards encrypted computing and VM's via Microsofts UWP... drowning the baby slowly as it were.
Encryption isn't going to help us, the US government is corrupt as fuck and all of these privacy violating ways of making software would have never gotten off the groudn if we had gotten the rights to own software and our devices to begin with. Lobbyists made sure to get rid of any rights of the public to own its own software which is the root cause of all this mass privacy invasion and "software as a service" nonsense, where even Nvidia wants you to login to use certain functions of your videocard software.
It's way too late and out of control because flaws in software law + internet has allowed companies to steal software and take over their machines without firing a shot.
The internet is one giant world sized computer and software companies write the rules and laws that govern the machines, they are de-facto parallel governments who can determine whether you have any rights or not from the point of production since we wired them up with internet. Before internet they were forced to give you all the files and a complete application, after the internet they have the "option" of not doing that and that's what most of them did. So they've been stealing software for 20 years since the advent of the internet. Get used to it kids.
Re: (Score:2)
Exactly. And they used Open Source/Free Software to build a lot of it.
Re: (Score:2)
It's even worse than that, with a billion or even trillion dollar "underground" data selling market running under the hood, infecting everything with megacorporations no one know the name.
They created an absolutely terrifying concept of "free" that will blow back in the face of everyone.
At this point, i think only some massive scandal, like several famous people getting absolutely wrecked with data bought on those markets would start to save us.
Re: (Score:2)
Bravo!
Re: (Score:2)
It is completely stupid, in fact it is the stupidest thing I have read in a long time.
You do not have to do any of those things. You are totally free NOT to do them. You are totally free to own your own computer. You are totally free not to sign in to nVidia (of anywhere else).
Some people may CHOOSE to do those things despite the obviously intended and obtained result thereof. Some people may choose NOT to do those things because they do not want the result thereof.
There is no conspiracy, it is just a b
Tell you what... (Score:4, Interesting)
Government,
Un-encrypt/Unhide ALL your communications first, then we'll talk about giving up our privacy...
Re: Tell you what... (Score:2)
+1
Re:Tell you what... (Score:5, Interesting)
Clearly *some* government communications need to be secured, for the same reason some of mine do.
And, so, please, government, permit me to have some of mine secured against even your wants. Bring a warrant. Play by the rules.
And, if you're already judging this post as naive, consider that *we* ought to, need, to, must, and will make the rules. Even if it means rough play.
Re: (Score:2)
"And, so, please, government, permit me to have some of mine secured against even your wants."
You are already a slave... why even bother asking?
We either "demand" our privacy or we do not get it. That is just how it fucking works and no other way!
Re: (Score:2)
I don't demand it. I just take it. If you want it, come get it.
Re: (Score:2)
You miss the point. The whole point is to avoid the requirement to "bring a warrant".
Re: (Score:2)
Sooner or later the government will want something that is encrypted. They will either take it, if we permit that, or demand (ask being a synonym for governmental requests) it be given.
With encryption we say yes or no. A warrant places us under judicial demand, which we then deal with. Without encryption, we may not even know it was taken.
And if we know, we can question, require explanation or justification, and ultimately exercise whatever control we have and change future behavior by the government
Whether
Re: (Score:2)
TLS (Score:2)
Re: (Score:3)
TLS means nothing because it gets unencrypted at the endpoint. Monitoring is done at the endpoints by simply transferring database contents or a backdoor Kafka stream or whatever. No need to break encryption.
Re: (Score:2)
If one endpoint is under my control and the other one under the control of a trusted partner, where exactly is the data leak?
Re: (Score:2)
There isn't. I am not saying that encryption is useless (it is very useful). But just because you have a TLS connection between yourself and some endpoint doesn't mean anything. Data collection is done mostly at the unencrypted endpoints.
End-to-end encrypted communication systems (Score:3)
Use a one time pad once well away from any "computer"
Network the resulting code and never keep the workings.
Never be tempted to reuse the code due to the amount of data.
When the code is decoded, never keep the method and results on a computer.
Dont buy a consumer computer, consumer OS to do crypto on.
Expect every word, image, voice print and data set to be kept by the NSA and GCHQ for decades.
Collection is cheaper than sorting for the NSA.
Re: (Score:2)
Even the NSA can't store everything. There aren't enough storage to save everything. Basically they just ask the companies to give them access to their databases that contains the email/messages/whatever. You guys are overthinking everything.
Re: (Score:2)
Hops to friends, family, all other people that person knows and other places that voice print is then detected globally.
Not a huge file per person. Not the rows of audio tapes Communist nations had to keep
A voice detected in a war zone, talking about supporting a banned group? The NSA/GCHQ gets interested.
What the NSA never wants to wonder is who is the other voice they dont have on file....
So they collect it all.
Re: (Score:2)
They aren't storing everything. They don't need to. The corporations already store all your stuff in databases. Your websearches. Your messages. What you just posted. They just ask for it, and take a copy.
"Re "databases that contains the email/messages/whatever" are not kept for decades."
Um, yes they are. Either way, they just take a copy. I don't think you guys get it.
Re: (Score:2)
Re: (Score:2)
So they take a copy. But the corporations do keep it. Just go download your data from Google. Go run a credit check on yourself. It will all be there.
Re: (Score:2)
The NSA can no longer trust US brands to keep the making of the copy safe from the EU, China.
Re: (Score:2)
Um, the corporations sell your data to anyone. I don't think you get it. What are they keeping "safe"?
Re: (Score:2)
Their work with the NSA... ie what was PRISM.
Company staff did not talk, the US gov kept that secret, the NSA never got detected in any protected system, on any network... by experts.
That was the PRSIM secret to keep safe. The link between US brands domestically and the NSA...
Considering the Church Committee and the role of the NSA/CIA domestically...
Re: (Score:2)
You are stuck in 2005. Forget about PRISM. That is irrelevant and the least of the problem.
Re: (Score:2)
Even the NSA can't store everything.
Their problem isn't storage, it is how to query and analyze the data they get everyday.
Re: (Score:2)
Even the NSA can't store everything.
Their problem isn't storage, it is how to query and analyze the data they get everyday.
Both storage and analysis are problems. The fact that analysis is such a large problem makes the storage problem less acute, because why bother storing stuff that you'll never get around to analyzing?
It's not a battleground! There is no battle! (Score:2)
Proper encryption cannot be distinguished from random data. That is kinda the point.
So nobody can ban it, since nobody can tell what is encrypted and what not.
Even banning random data does not help, as there is steganography, and every real world data contains a certain amount of random noise.
So for the totalitarianists, this is already a lost cause. Not even a battle lost. But no way to even start one.
The only way they can gain any control, is by going to the source, before it is even encrypted. Like in th
Re: (Score:2)
Proper encryption cannot be distinguished from random data... So nobody can ban it, since nobody can tell what is encrypted and what not..
When the vast majority of 'net traffic is either not encrypted, or encrypted with backdoors, then the stuff that's really encrypted will stick out like a sore thumb.
Besides... what is the point? It is much much easier, to just program a human via its senses, so it thinks like you want from the start.
Yes, and the vast majority of humans have already been thus programmed. That's why effective encryption is in jeopardy; most people don't know enough / don't care enough to bring their governments and corporate overlords to heel by sharply jerking the leashes they've forgotten they're holding.
Re: (Score:2)
"They simply won't know unless they try to peek. And if they find out you're being naughty and tunneling, then they either have to be quiet about it and accept it, or they have to tip their hand and confront you. Once they do that, you win. The $5 wrench is a victory for the little guy, because you just immediately give up all your secrets, let them do whatever they were committed to doing anyway, and then you call your lawyer and utterly destroy them. They have to murder you and completely disappear your c
What's next? (Score:2)
Are we going to require that all databases start storing user passwords as plain text now?
Re: (Score:2)
I fooled them by making my password look like a hash.
Re: (Score:3)
You (insert bad word here), I spent over a week running John against it! :)
How does your friend Vladimir feel about it Eddie? (Score:2, Interesting)
Why not ask him next time they have a "chat" with you. I doubt Russia is keeping you fed and watered for free.
i would call the bank (Score:2)
Re: (Score:2)
Uhhhhh...what? I don't think you understand how this works.
Re: (Score:2)
all these places where people do business with like paying bills online at Amazon, AT&T, Home Depot, Office Depot, Staples, Walmart, etc... they all have the credit card info on their servers and whenever you buy something or pay a bill they use that info so you are not typing it in every time (some browsers hold that for you too),
have the bank change your card numbers and all those places now cant charge your account
Re: (Score:2)
Except they still have all your historical data, and will continue collecting it going forward as if nothing happened.
Re: (Score:2)
Re: (Score:2)
Ya you keep right on believing that.
Re: (Score:2)
Re: (Score:3)
The founders didn't include term limits for the President, either. It was just tradition until the 23rd Amendment (post FDR).
Technically there IS a guarantee of privacy (see the 9th Amendment). Since ALL men are endowed with their innate rights, the 9th makes this explicit.
Re: (Score:2)
Dammit. It was the 22nd Amendment. Should have checked instead of working from memory.
Re: (Score:2)
As to privacy, that was protected in some sense in the 4th amendment, prohibiting unreasonable searches and seizures, and enshrining "The right of the people to be secure in their persons, houses, papers, and effe
Re: (Score:2)
Dreaming is fine (Score:2)
As long as you sleep.
Then you suddenly wake up and find that you rely on something you don't really control nor can.
Cryptography is an illusion, privacy double so.
Privacy isen't dead, were just lazy! (Score:2)
Privacy is as far from dead, people just choose convenience over their own privacy. I run a communications hubs for groups of friends, there are ways to ensure security.
1 ) Instant messaging: Don't use any official clients, use one that has a OTR plugin (Off the Record), I use an IRC gateway with a bouncer for all my accounts, that not only requires a password but also a PGP key so the server knowns it's the actual person logging in. So all my communications is going through OTR on top of IRC a well documen
Certs needed (Score:2)
Encryption isn't just for privacy (Score:3)
It's also for authentication - the fact that the message decrypts with your public key is proof that you created it with your private key.
Systems with escrowed keys don't have that guarantee any more - the escrow key holder can fake anything from anyone.
THAT'S what businesses should be up in arms about here.
Re:Well yes, but is that the biggest issue? (Score:5, Insightful)
This isn't about hackers, it's about knowing everything about everyone, and then using this "ability" as leverage to point the terrorist-finger or the traitor-finger or the whatever-the-hell-they-want-finger and then passing laws accordingly.
Aka the Cardinal Richelieu problem. (Score:4, Insightful)
"Finding" someting on *everyone*.
The problem is the state's mindset. Of presuming there is something, and then "finding" it. Instead of innocent until not only proven guilty, but first of all having legitimate grounds to accuse somebody in the first place.
Not bullshit rules that make *anyone* "guilty", like the derogatory-car-industry-propaganda-slur-turned-law called "jaywalking".
Besides, we already know the logical conclusion of that game. The churches already found it, millennia ago: Making sexuality illegal! (Aka a "sin".)
And you get eugenics to breed only followers for nearly free, by allowing only approved ("baptized") sheep to reproduce. Aka no sex before "marriage".
Re: (Score:2)
At some point, though, people found out that the pope has no clothes, said "screw you" and decided that instead they prefer to screw each other.
It's kinda easier to break divine laws than real ones. Mostly because by not believing in god, you can easily give his rules the middle finger. It's kinda hard to disbelieve the police away.
Re: (Score:3)
They have no intentions of actually having all data on everyone, but they want The People to believe that they do. I remember back in the days shortly after 9/11, Rumsfeld announced that they knew who was responsible for ...some tragedy in the middle East... and he said basically, "We know who it was. I can't tell you how we know, but we know." And like that, in court one day, many innocent people will stand trail for things that they didn't do, as the prosecutor explains to the jury how the defendant is
Re: (Score:2)
Hmm... Seems to be a reasonable place to add a reference to Fall by Neal Stephenson. Much of the focus is on these issues, and his projection of the future seems rather bleak to me.
From a historical perspective, it sort of looks like they saw the threats coming 200 years ago, but that didn't help us evade them. The solution approaches also seem obvious enough, but there's no way to get there from here. Per Stephenson's book. (But I still wish he'd publish them in smaller pieces, notwithstanding how well h
Re: DATA ENCRYPTION PROBLEM (Score:3)
Consider privately sold safes, safe locks. Governments have no intrinsic rights to skeleton keys, etc to open my safe - even if I could be storing evidence of crimes in it.
What's any different about this? I could have my "crime safe" out in the open and give my criminal buddies codes and we could pass notes... It's only limited based on the expected time for compromise - granted likely to be shorter for breaking into a physical safe vs. AES256, but my safe can be fitted with thermite, TNT and/or EMP tamper
He's the "IMHO" troll. Don't feed him. (Score:3)
It's quite obivous, once you know he's a troll. He's quite shitty and predictable. :)
Re: (Score:2)
If the force being applied is insufficient, then apply more force, ninny.
Re: (Score:2)
Re: (Score:2)
This is "on a computer" and "on the internet". We all know that's a COMPLETELY different thing.
Re: (Score:2)
Re: (Score:2)
It used to be left-wing when being gay, commie or in a mixed race relationship was still something that could have a serious impact on your life.
Privacy is always an issue of the group with the unpopular opinions, political views or pastimes.
Re: Another edict. (Score:2)
> Only YOU can decode and read it. FINE.
Yes, because you know that the software you haven't written and haven't audited yourself does exactly that without any backdoor.
Of course anyone can audit the source code and compile it. How many of us do that?
C'mon, it's time to wake up!
Re: (Score:2)
If Barr is successful, just stop using WhatsApp or any other Facebook product and use something else with working encryption. It will be safe until the ISPs start universal deep packet inspection, then we will have a problem until we find a way to connect without an ISP. We need mobile service providers that can run away when the cops show up.
I'm not sure why people think anything Facebook has any semblance of privacy. WhatsApp is no different. Keep the encryption part, ditch the Facebook part.
We can’t include a backdoor in Signal, but that isn’t a new dynamic either.
By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars. The end-to-end encrypted contents of every message and voice/video call are protecte