Facebook Tells US Attorney General It's Not Prepared To Get Rid Of Encryption On WhatsApp And Messenger

Facebook said it would not weaken end-to-end encryption across its messaging apps, despite pressure from world governments, in a letter to US Attorney General Bill Barr and UK and Australian leaders. From a report: The letter, sent Monday, came in response to an October open letter from Barr, UK Home Secretary Priti Patel, Australian Minister for Home Affairs Peter Dutton, and then-acting US homeland security secretary Kevin McAleenan, which raised concerns that Facebook's continued implementation of end-to-end encryption on its WhatsApp and Messenger apps would prevent law enforcement agencies from finding illegal activity such as child sexual exploitation, terrorism, and election meddling. The US, UK, and Australian governments asked the social networking company to design a backdoor in its encryption protocols, or a separate way for law enforcement to gain access to user content. "It is simply impossible to create such a backdoor for one purpose and not expect others to try and open it," wrote WhatsApp head Will Cathcart and Messenger head Stan Chudnovsky in Facebook's response. "People's private messages would be less secure and the real winners would be anyone seeking to take advantage of that weakened security. That is not something we are prepared to do."

Encryption Backdoors are Stupid

[DarkRookie2]

https://en.wikipedia.org/wiki/... [wikipedia.org]
This is pretty much why it won't work.

Re:

[tsqr]

What is with your creimer obsession? No one else cares. Maybe it's you who should buy a clue and get a life.

Re:

[Aighearach]

What is with your creimer obsession? No one else cares.

Actually, many longtime slashdotters do care, and like Chris.

I'm not sure why these people think they need some sort of "alliance" to pick on somebody who is Special to us. I reminds me of a news story I saw this week about a guy who got arrested for stealing a wheelchair.

The funny part about it is that Chris is the bigger man by far, and actually treats his trolls almost like fans. His simple, good nature cannot be easily defeated, the way you might with a more complicated personality. Chris knows right an

Re:

[cusco]

Worst of all, it's boring.

Re:Encryption Backdoors are Stupid

[TheDarkMaster]

Backdoors can and will be abused by any asshole with some technical knowledge and time. The real bad guys will use other communication means anyway, what the agencies trully wants is the old absolute power over the average person.

Re:

[LazarusQLong]

somebody with mod points please mod this one UP!

Re:

[AutodidactLabrat]

Old news.
Been going on since My Lai

Re:

[Joce640k]

The 1980s called and wants it's crypto debate back.

Remember Skipjack?

https://en.wikipedia.org/wiki/... [wikipedia.org]

The real winners

[Errol backfiring]

and the real winners would be anyone seeking to take advantage of that weakened security.

That's why they ask. Even though a lot of agencies around the world have "keeping digital communication safe" as their prime objective, they are actively endangering it

Re:

[garyisabusyguy]

It is almost as if Facebook is giving the Trump admin the "all clear" to keep using whatsapp...

Re:

[cayenne8]

I'm not a fan of FB nor do I really trust them.

These days, what's the best way to send encrypted? Anonymous?

Back in the day there were the anonymous emailers, the ones you'd set up with multiple "hops" with layers of encryption to each remailer, and if you wanted to be really anon....you could have the end point be on a USENET group someone would know to look for.

I thought I heard years ago that there weren't many of these left and that what was there had been compromised.

What's the best way to send ema

Re:

[garyisabusyguy]

Considering that all encryption is likely broken...

1. Fall back to one-time pads and use a physical means for pad exchange to create encoded message
2. Use stegongraphy and conceal your original message in an image on some massively available medium (USENET or 4chan/Archive), as a virtual dead-drop

Anything else is easier, but will likely tie your identity directly to the encrypted message, which we must all concede will no remain encrypted for lon

Re:

[cayenne8]

Considering that all encryption is likely broken...

Is this something that is largely believed to be true?

If so, why would governments be trying to get FB and others to put backdoors in?

Or are you thinking this is a smoke show for the government entities to entice bad guys to use these systems?

Re:

[garyisabusyguy]

The first rule in breaking all encryption is letting people think that encryption still works.

Re:

[Aighearach]

The first rule in being a complete idiot is to think in circles without being able to falsify anything.

Once you have that part down, everything else is just a question of style.

Re:

[LazarusQLong]

the truth is that the government security apparatus will never let you know what they have or have not broken. The FBI, famously, when trying to force Apple to build in backdoors for them, had already broken Apple's encryption, they were just trying to force the issue to pretend to the world that they couldn't get into Apple products and to force Apple to do their (illegal) bidding.

Re:

[Joce640k]

Weirdly enough, those same governments use the same algorithms as us for classified data...

Re:

[garyisabusyguy]

Hilarious, at a certain level they don't even use an operating system that you would recognize

Re:

[Mattcelt]

No, they don't. [wikipedia.org]

Re:

[Aighearach]

You say "famously," but what you describe has slightly different details than anything that has been widely reported.

Are you sure it was the FBI that cracked something?

And are sure it was Apple's encryption that somebody broke, and not some other aspect of the device?

Re:

[Zero__Kelvin]

"Considering that all encryption is likely broken..."

I gather you don't have any understanding of how encryption works.

Re:

[garyisabusyguy]

And you do... hilarious

Re:

[Zero__Kelvin]

It's possible you don't know what the word likely means as well I suppose.

Re:

[garyisabusyguy]

Sure, bro

likely /lkl/
adjective
1.such as well might happen or be true; probable.

Re:

[Zero__Kelvin]

So now that you have learned the meaning of that word you can clearly see why you would have to be a moron with no understanding of encryption to make your original statement. See? Easy peasy.

Re:

[garyisabusyguy]

Nope, you are still faaaaar to enigmatic to be understandable, well played sir

Re:

[ctilsie242]

I doubt that all encryption is broken. If worried, use VeraCrypt's triple cascade, which will ensure that if AES is broken, SERPENT will definitely hold up. If still worried, find another algorithm that one can use either "below" or above. AES is getting all the attention, but if I were to use an encryption algorithm that would have the best chance at being secure 30-50 years from now, I'd go with Serpent.

Re:

[ctilsie242]

Ultimately, I wonder if the best answer would be going back to NNTP, perhaps a subset of NNTP servers that are not for warez or IP content, but something along the line of alt.anonymous.messages, where one doesn't know where the message really came from, other than the server that injected it into the NNTP pool, and only the person with the key could decrypt it. With forward secrecy, a key can be used for a communication session, then tossed.

That might be the way to do things if an anonymous protocol has t

Re:

[AmiMoJo]

Nobody wants anonymous communication because it will instantly be overwhelmed by spam, phishing and trolls.

That's why most of the free email providers have gone away and the ones left want a phone number.

Signal works for semi anonymous encrypted chat but people using it in China have been disappearing so just be aware that it doesn't obfuscate the fact that you are using it.

Do some work ya lazy bastards

[SuperKendall]

For once here I am talking to law enforcement, not Facebook.

It doesn't matter if communications are encrypted if you are doing the work required to find people doing bad things.

It may be somewhat easier to scan for what you think is bad, but also a lot of fans positives and "catching" people not really guilty.

So do the real work of finding and monitoring criminals instead of relying on some hub to open every single private comm channel for you, so that you can also vicariously snoop on your ex GF or whatever.

Re:Do some work ya lazy bastards

[jodido]

This would be useful if "law enforcement"'s purpose was solving crimes. It's not. It's convicting people. So they don't actually care if it's a false positive. As far as they're concerned, there's no such thing. Throwing you in jail is just as good as throwing whoever actually did it in jail.

Re:

[Darinbob]

True, the end goal is very rarely "justice", instead the end goal is getting reelected, moving up the legal ladder, impressing the boss, and so forth. I am no longer surprised when someone is freed from prison because of new incontrovertible evidence and the original DA still pouts and cries that someone dangerous is being let go.

Re:

[DarkRookie2]

It would be impossible for anything to remain private.
You think the black hats wouldn't put major effort to finding this? It would a gold mine for them.

Re:

[SuperKendall]

Do you know what this encryption blocks?

Nothing, because they can seize devices or simply monitor communication at device endpoints instead of the middle.

The feds are well within their rights to start telling Facebook this is unacceptable and there will be consequences.

LOL to consequences FB cares about.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Zak3056]

Such a ban (you'll note that the original federal laws regarding cryptography were export laws and not laws on use) would likely run afoul of the 1st and/or 4th amendments, along with the nebulous right to privacy the Supreme Court waved into existence with Roe v. Wade.

Re:

[fafalone]

So what? Something being clearly against the constitution isn't really an impediment, because all you need is a majority vote on SCOTUS to declare yet another exemption to those rights to go with the dozens already there.

Re:

[sjames]

They didn't wave it into existence, they acknowledged it's existence. The Bill of Rights is not intended to be a comprehensive list, just a list of a few rights that governments of the day were in a habit of trampling.

Re:

[Afell001]

...and continue to enjoy trampling to this day. The only way around this is the long legislative process of amending the constitution. And one day we may finally get around to adding the Digital Privacy Bill Of Rights.

Re:

[Zak3056]

They didn't wave it into existence, they acknowledged it's existence. The Bill of Rights is not intended to be a comprehensive list, just a list of a few rights that governments of the day were in a habit of trampling.

I don't disagree that there is a right to privacy (the 4th amendment's guarantee that the people should be secure in their persons, houses, papers, and effects seems pretty clear in that regard) nor do I disagree that the bill of rights is not an exhaustive list (indeed, some of the founders absolutely opposed a bill of rights because they believed (correctly, as it turns out) that it would be seen as a comprehensive list rather than a list of examples, and would become a tool to limit rights rather than gu

Re:

[ewibble]

The feds can pass sweeping legislation outlawing end to end crytpography and making its use per se a felony.

Enjoy banking, with no encryption what could go wrong there?

Re:

[Impy the Impiuos Imp]

There may also be a sc decision you have the right to speak encrypted, not sire.

Re:

[AHuxley]

Re 'Enjoy banking"... the bank already reports everything to the USA gov in real time. Anything the bank feels is criminal is also reported...

Re:

[Travelsonic]

The feds can pass sweeping legislation outlawing end to end crytpography and making its use per se a felony

But, just because they have that power doesn't mean they should use it like that, nor does it mean it would be logical. Banking, for instance, REQUIRES encryption like that to remain safe, for instance.

Re:

[fafalone]

One would imagine that cases like banking where the government already has limitless access to the data from the endpoint would be excepted.

Re:

[chuckugly]

I don't see how cases where an institution under the jurisdiction of the investigating agency is one of the parties in the communication would be made more easily investigated by this.

Re:

[Afell001]

Banking doesn't require encryption as much as it requires verity of both the sender and receiver, as well as a transparent ledger that keeps track of who sent how much and when. There are tools and mechanisms other than encryption that can accomplish this, just that encryption is a low-hanging fruit when it comes to this solution.

Re:

[LazarusQLong]

yes, they could but to date they have not. They could also declare that the moon is made of green cheese. Don't tell me what they could do as if it had already been done.

Re:

[cusco]

Yeah, bans work so well in the real world. That's why you can't buy drugs or kiddie porn any more. /s

A lot of us on this board are old enough to remember what a joke the ban on encryption exports was in the 90s. Even Microsoft corporate offices generally ignored the ban with complete impunity. Your attempt at Prohibition will probably work just as well as all the rest of them.

Re:

[fuzznutz]

The feds are well within their rights to start telling Facebook this is unacceptable and there will be consequences.

And Facebook is well within its rights to start telling the feds to suck its balls. Freedom of speech works for everyone. The FBI/DoJ doesn't write laws and Congress doesn't get to decide what's Constitutional.

Re:

[ewibble]

50 years ago do you think they could record every conversation, scan and identify bad words, no of course not but that is exactly what the try to do now. Did phone companies keep recordings of all phone calls, so police could get a warrant later, of course not. That was what Snowden exposed keeping records of mass phone calls not just a few targeted ones.

I am sure that it would make their jobs easier if they could review every communication a person ever had, but for me the cost is far too high. If that inf

Re:

[sjames]

That reminds me of an interesting point. The export controls hinged on equating encryption to munitions. If we accept that equivalence, then the 2nd Amendment allows us to keep and bear encryption.

Re:

[LazarusQLong]

so, you work for Law Enforcement? Or you are a lawyer? I doubt that you are a lawyer but from your attitude, you sound like a cop. No, they are not 'well within their rights' or they would take Facebook to court over this and win. the Bill of Rights protects me from illegal searches and doing a backdoor into all my messaging without ALREADY HAVING PROBABLE CAUSE is what this is about. They want to do random fishing expeditions. That's already been ruled illegal.

Re:

[ahodgson]

Except ... what the feds actually do is trawl everyone's communications 24x7 so that they have dirt on anyone they need to.

If anyone trusted them to only read comms with a warrant we wouldn't be having this fight.

Re:

[DigitAl56K]

Exactly. Many of the threats that are called out are happening in plain sight. Worse, *our elected officials are engaging in some them with impunity*. The same people who are publicly denying this stuff is happening want to weaken encryption to try to prosecute the rest of us.

Are we living inside a bad joke?

Telling Bill Barr to eat a dick

[mmdurrant]

... should be SOP. Our nation's top cop is a corrupt fucking scum bag.

Re:Telling Bill Barr to eat a dick

[Rick Schumann]

Why do you think I refer to it at the moment as the 'Department of Injustice'? He's a Trump sycophant; he puts his loyalty to Trump ahead of his loyalty to the Constitution and Law. Allegedly. We won't know that for certain, see actual hard evidence of it, for years to come, unfortunately. But even I have to point out that whether Barr is or is not corrupt has nothing to do with the subject at hand, which is that having so-called 'backdoors' in encryption technology is monumentally stupid. You may as well just outlaw encryption entirely and send all communications 'in the clear' instead, at least it's less processing overhead, and then no one suffers from any illiusions of security or privacy and would act accordingly.

Re:

[Smonster]

You know who else did what they were told. The Nazis.

Re:

[Anonymous Coward]

He is acting like Trump's personal lawyer which is not his job.

Doesn't matter. He only has the job because he is a despicable coward acting like Trump's personal lawyer. Until you vote Trump out, this is the class of people you will see in the administration.

There is no Private Back door.

[jellomizer]

Computers are a Human Made Devices and they are people (A lot of people) who know how these things work and communicate.
A back door for the "Good Guys" will be used by the "Bad Guys" because these "Bad Guys" know how these computers work just as much as the "Good Guys" do. These "Bad Guys" can be anywhere, including inside the company. So End to End encryption is very useful, Because the developers and network engineers who are in the company cannot access the flowing data.

Now I am not keen of Law Enforcement looking at my family pictures and trying use that data to profile me. But I am more afraid of a rouge engineer at Facebook, sending this information to someone else who may use it to blackmail me, or use me as someone to be blackmailed for.

Re:

[garyisabusyguy]

I am frequently reminded of a quote from a a long-ago DefCon conference, "Never underestimate the effectiveness of a brute force attack"

All Your Rainbows are Belong to Us!

Just a suspicion

[AVryhof]

But I wonder if this is more about making the Government(s) pay for the data, rather than to protect people's privacy.

Re:

[swillden]

But I wonder if this is more about making the Government(s) pay for the data, rather than to protect people's privacy.

Not likely. The PR is worth more than whatever the governments might pay, particularly when you factor in the massive negative PR they'd get when info about the sale inevitably leaked.

Re:

[thegarbz]

Not a suspicion, just a stupid conspiracy theory.

Funny how FB plays both sides...

[ctilsie242]

Funny how Facebook plays both sides of this. On one hand, they want strong encryption, on the other hand, they want to slurp any data that touches their apps.

My recommendation: Just use Signal for short messages, and for longer stuff, break out your PGP/gpg keys, and use Firefox Send for 2.5 gig stuff of smaller, or use a box or AWS bucket and send/receive using GPG or VeraCrypt (with a keyfile encrypted via PGP/gpg) for larger items.

You first

[Tokolosh]

If the government is serious about this, they should provide a backdoor into themselves, so that we can catch any wrongdoing on their part. If they can demonstrate good faith by doing this, I am willing to have a backdoor into my Whatsapp.

Re:

[balbeir]

Um. Given that we just entered the Caligula era of american politics, I would rather keep that away from them.

Arggh...

[MitchDev]

.... god damn shitty government, how DARE you make me side with Facebook on something....

Re:

[Kjella]

.... god damn shitty government, how DARE you make me side with Facebook on something....

Even a broken clock is right twice a day. Though in Facebook's case I wouldn't wait for the second time.

Re:

[jbengt]

Even a broken clock is right twice a day.

A broken clock is never right, because you can't know when the actual time matches the broken clock time by looking at the broken clock.

Re:

[ImprovOmega]

.... god damn shitty government, how DARE you make me side with Facebook on something....

Even a broken clock is right twice a day. Though in Facebook's case I wouldn't wait for the second time.

You're good. Facebook runs on military time. Its broken clock is only right once a day, vigil over.

Just outwait the problem

[sdinfoserv]

Just wait a month or two. Whom ever is Lord Trumpkins top Justice Department's lackey will more than likely be fired via twitter or quit in disgust. Leaving nobody in the US to follow through with anything. MAGA at it's finest.

Facebook just needs some "China treatment"...

[bogaboga]

This is what I mean:

Some entity should create enough headache to its products that opting for the non encrypted messaging platform becomes an obvious choice.

Once the potential for a revenue hit becomes apparent, Facebook will relent.

Hate having to agree wtih Facebook, however:

[Rick Schumann]

..however: at least they've got the technical reasons correct and are sticking to it. Ostensibly. While I'm willing to golf-clap for them for ostensibly sticking to their guns on this, I have to say I'm not convinced that they don't already have their own 'backdoor' into everyones' allegedly private, secure conversations. This is Facebook we're talking about, after all, sticking their nose into everything everyone does and says is at the core of their entire business model.

Just said this elsewhere in thi

Re:

[CrimsonAvenger]

I'd sooner see all encryption banned across the board than see any encryption compromised, and have everyone communicate and conduct their business 'in the clear' instead. At least that way no one would suffer from any illusion of 'privacy' or 'security', and (hopefully) act accordingly.

That's nice. Of course it won't work. You might give up your encryption, but that won't stop other people from using their own in any way. Yes, you can tell a message is encrypted by the gibberish, but that won't stop so

Re:

[cusco]

I wrote a short story in which the bad guys coordinated their attacks by waiting for a picture of coordinator's daughter to show up on his MySpace page with a clock in the background and a calendar with one day marked "Birthday".

Re:

[Rick Schumann]

Yes, and as you, I, and many others have pointed out in past iterations of this same discussion, bad guys will use 'unbroken' encryption, or other methods of obfuscation to hide their real messages, meanwhile everyone stuck with 'backdoored' encryption will GET 'backdoored' by criminals and any nosy people who have figured out what the 'backdoor' is. This has all been covered ad nauseum; now, if everyone will just bury the DoJ with letters explaining it to them, then when we drag them out into the street to

Re:

[Rick Schumann]

but that won't stop other people from using their own in any way.
Yes yes yes we all already know this, have covered it extensively, to the point where it shouldn't even have to be mentioned, common knowledge, etc.

Unfortunately

[jwymanm]

Since this is a legal operating company in the USA it will have to go by the rules. If we don't stand up against the rule makers on their decisions we should not be surprised when they go against us since obviously that is what always eventually happens. They need to be fought against in the court of opinion or if that does not work voted out. This will not go well for Facebook since it needs everyone to agree and unfortunately I don't see that right now. The only people that will have end to end encryption

Finally some sense over at FB headquarters

[t4eXanadu]

First time in forever Facebook made a decision I agree with. Now, don't give in under pressure, because they will ramp up the pressure, it's what they do when they don't get what they want.

Re:

[supremebob]

You're assuming that the NSA didn't already crack Facebook's encryption years ago, and that this is all for show.

Hell... I wouldn't be surprised if Facebook already KNOWS that their encryption has been cracked, and both sides are just doing this for security/privacy theater.

So, keep posting those drug deals in FB Messenger, criminals... nothing to worry about there ;)

Re:

[LazarusQLong]

just as an FYI, if the NSA cracked it, they probably wouldn't tell the FBI... these differing agencies each have their own agenda's and their own views of the world... For example, during WWII when the Germans codes were broken, the GCHQ allowed allied ships to be sunk by German U-Boats because they did not want the Germans to know their codes were cracked.

reference: https://www.theguardian.com/sc... [theguardian.com]

Re:

[AHuxley]

Re 'Germans to know their codes were cracked"... Germany actually did try and add some extra quality to their codes until the end of the war..
Re "GCHQ" and keeping secrets... Ireland and Irish supporters in the USA was their best work. Nobody worked out that nation wide tracking ..

The tension between the GCHQ, NSA and FBI now.
The GCHQ/NSA wants no news on collection ever. Collect everything as in past decades and act as needed eg. the SAS did something.

The FBI needs good news often, so it needs the

Re:

[Zero__Kelvin]

"You're assuming that the NSA didn't already crack Facebook's encryption years ago, and that this is all for show."

True, but only because he isn't a moron.

Re:

[AHuxley]

and the PRISM years was?

Yes publicly they say this but....

[Hillie]

Every person I've ever talked to who is connected with the alphabet agencies says that the NSA can already pretty much read anything you have no matter whether it's encrypted or not, and that articles like this are just well... public relations.

Depends how bad they want it

[raymorris]

They could read Osama bin Laden's messages, because it was worth however much effort they had to put into it. They could get Facebook to send a backdoored app update to one user, with a court order.

If you make a reasonable effort to be secure, you can make it not worth their time as part of routinely monitoring everyone. Facebook is fighting backdooring everyone.

Re:

[Hillie]

I suppose this is true. Though my friends who are in the industry or know people who are imply that they can do it easily at will.

Re:

[cordovaCon83]

They're capable of intercepting and decoding just about any message, given time and effort. That adds up to serious dollars though.

No questions over

[AHuxley]

what the NSA got with PRISM?

WTFA

[fluffynuts]

where's the freaking article?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[LazarusQLong]

unfortunately lawyers have argued that hose words mean nothing too many times. If you are stopped on the street, they can and will search everything outside your skull, without regard for the one Right in the Bill of Rights. Then they will try to search inside your skull as well via 'enhanced' interrogation techniques. They will break into your home and ransack it if they choose. They will steal, er, uh, I mean impound and confiscate your car and search it as well. When they find NOTHING they will then eith

Re:

[LazarusQLong]

once the police apparatus have decided you are guilty, they will stop at nothing to prove it. regardless of whether or not it is true.

Re:

[jbengt]

How the hell did this get modded down?

Re:

[Travelsonic]

(So, IMHO, any encryption method is OK but only as long as government law enforcement still have full access (decryption key(s))!!!)

So basically, a backdoor that completely defeats the purpose of encryption/ makes a scheme "not really/truly encryption," puts data at risk, and only an idiot would think should be applied/forced? Good-bye secure web shopping, and banking, for instance.