Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption United Kingdom

WhatsApp Would Not Remove End-To-End Encryption For UK Law, Says Chief (theguardian.com) 47

An anonymous reader quotes a report from The Guardian: WhatsApp would refuse to comply with requirements in the online safety bill that attempted to outlaw end-to-end encryption, the chat app's boss has said, casting the future of the service in the UK in doubt. Speaking during a UK visit in which he will meet legislators to discuss the government's flagship internet regulation, Will Cathcart, Meta's head of WhatsApp, described the bill as the most concerning piece of legislation currently being discussed in the western world.

He said: "It's a remarkable thing to think about. There isn't a way to change it in just one part of the world. Some countries have chosen to block it: that's the reality of shipping a secure product. We've recently been blocked in Iran, for example. But we've never seen a liberal democracy do that. "The reality is, our users all around the world want security," said Cathcart. "Ninety-eight per cent of our users are outside the UK. They do not want us to lower the security of the product, and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect those 98% of users."

The UK government already has the power to demand the removal of encryption thanks to the 2016 investigatory powers act, but WhatsApp has never received a legal demand to do so, Cathcart said. The online safety bill is a concerning expansion of that power, because of the "grey area" in the legislation. Under the bill, the government or Ofcom could require WhatsApp to apply content moderation policies that would be impossible to comply with without removing end-to-end encryption. If the company refused to do, it could face fines of up to 4% of its parent company Meta's annual turnover -- unless it pulled out of the UK market entirely.

This discussion has been archived. No new comments can be posted.

WhatsApp Would Not Remove End-To-End Encryption For UK Law, Says Chief

Comments Filter:
  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Thursday March 09, 2023 @07:16PM (#63357263)
    Comment removed based on user account deletion
    • by NFN_NLN ( 633283 ) on Thursday March 09, 2023 @07:37PM (#63357299)

      This is all political theatre. If the UK police had a legitimate reason to read someone's WhatsApp chats they could get a warrant. And Facebook would immediately trip over themselves trying to fulfil it as fast as they could without resistance.

      This is only an issue for unjustified snooping.

      • by TranquilVoid ( 2444228 ) on Thursday March 09, 2023 @09:57PM (#63357537)

        I do wonder if that's even possible since they claim it is end-to-end encrypted. Lying about this would be a huge business risk as if it were shown to be false their marketshare would quickly plummet. Believing there is a backdoor there is getting into conspiracy theory territory, although conspiracy is much more viable when government agencies are involved.

        There are two ways I know of that currently give Meta unencrypted WhatsApp chats

        • 1. When a recipient reports a received chat the past 5 or so messages are sent for review.
        • 2. The app has a built-in filter of some sort that checks messages as they are typed. If triggered (supposedly by child porn/terrorism phrases) then the messages are sent for review.

        On the second point there is no released information as to how this filter works or how it is updated, but I'd assume the app retrieves filter updates periodically or on each startup without requiring the app itself to be updated. Were they presented a warrant to snoop on a particular phone number it would be trivial to add this number to the filter.

        • Lying about [E2E encryption] would be a huge business risk as if it were shown to be false their marketshare would quickly plummet.

          Maybe I'm cynical but I really don't think it would. The people for whom E2E encryption is the deciding factor in their choice of messaging app are nerds that have probably already switched over to Signal. The vast majority of the customer base is using it for convenience and wouldn't bat an eye at the headline of "government gets warrant to read terrorist's WhatsApp messages".

        • You are certainly correct that nobody other than the holder of the key will be able to decrypt E2E messages. However, as you have also pointed out, there are at least some back doors in the application.

          There's no reason to believe that there aren't other back doors. That is, there could very well be a control signal that is sent to indicate that there is a search warrant for your messages and the app could respond by sending the cleartext version to Meta. There could be a similar feature where there is

          • Don't they ask for your phone number? Your best protection is going to be if they don't know who you are, and that's already out the window.
            • That's also true. They know who you are so even if they can't turn over the *content* of messages, they certainly know who you are messaging and how frequently.
      • by lpq ( 583377 )

        And how would the company comply if the encryption keys only exist at the 'ends' . Since the app supplies end-to-end encryption, wouldn't that imply that only end-users have keys? How else do end-to-end encryption? If the middle-man (Meta in this case) has the keys, how is it really end-to-end encryption?

    • I mean, I'd be convinced that they're actually caring for our privacy if it wasn't for the inconvenient fact that Whatsapp is a Facebook company.

      I don't believe Facebook cares about the message contents. 99.99999999% of it will be inane drivel.

      They do care about who your contacts are, how often you message them, etc., and they have that info without decryption.

      Back to the UK: If the UK wants to make Whatsapp illegal and prosecute everybody who uses it then they're free to do so. I don't understand the problem...

      • They do care about who your contacts are, how often you message them, etc., and they have that info without decryption.

        That's called "traffic analysis", and it was something that Walsingham's code analysis and breaking team paid attention to in the late 1500s, even if their corpus of messages was relatively small.

    • Indeed. Who the fuck cares?

    • by cusco ( 717999 )

      When Farcebook bought the company practically the last thing they did before the acquisition was complete was turn on end-to-end encryption. It reportedly pissed off Zuckerberg to no end, since without the ability to snoop on users conversations the advertising value dropped to close to nil.

      • It reportedly pissed off Zuckerberg to no end

        Is that why Facebook introduced end-to-end encryption on their Messenger platform shortly after?

        I mean it's a good story and quite believable given we're talking about Facebook and Zuckerberg, but I'd want to hear that from the horses mouth given the actions which followed.

    • by Anonymous Coward

      I mean, I'd be convinced that they're actually caring for our privacy if it wasn't for the inconvenient fact that Whatsapp is a Facebook company.

      In the modern world as it is emerging, big multinational companies become more and more viable as rivals to states, with regards to who controls the life of the goyi^H^H^H^H citizens. The reason they have not taken over more of the functions of municipalities and national governments (yet) is that it suits them; one of the more obvious benefits is that the taxpaye

    • by AmiMoJo ( 196126 )

      I find it interesting that the government wants this, since the government itself makes extensive use of WhatsApp for communication. A journalist recently leaked hundreds of thousands of messages from the pandemic era, all from WhatsApp, showing that policy was discussed and decided on that app.

      If its encryption was weakened, presumably the government would be banned from using it.

      I'd like to know what GCHQ knew about this. If they knew it was happening then that signals that they thing WhatsApp is secure e

      • Comment removed based on user account deletion
      • I argued with GCHQ about the digital certificates in the UK electric meters. They had a basic math flaw that reduced the security from 128 bits to 64 bits. It took 3 months of meetings before they admitted the mistake. Instead of fixing the mistake they added another "feature" to give them 32 bits more security. Except they lied about implementing the feature. The UK meter certificates are still protected with only 64 bit security.

        Basic details: North American and UK meters use implicit certificates
    • The UK govt aren't thinking about that, they're thinking about keeping a watchful eye on the population that they're squeezing further into poverty & despair. MI5 want to be able to send regular reports to Downing Street on "the mood of the people" & who's naively organising Bolshevic resistance & uprisings via social media platforms.
    • True - but they can't weaken it, because otherwise everyone switches to Signal/Telegram etc.

      In truth, Whatsapp is between a rock and a hard place here. Because they're Facebook, they have to play along, or else will have too forgo their Facebook business in the UK (which I'm sure isn't life changing, but they sure don't want anyone else muscling in on it). They can't play along, because to do so means less Whatsapp users, and possibly less Facebook too - with those users moving to the competition. If enough

  • This is exactly what 5 eyes are for.

    As a US company, Whatsapp (Meta) is domiciled in a 5 eyes country and we can be pretty sure they are thoroughly infiltrated and spied on. Heck, theres probably a back door in their code right now just in case.

    Sure, the NSA might not be 'allowed' to spy on them directly, but they can just let the Aussies, Canadians, Brits or heck even Kiwis spy on them and then they'll share the data all around!

    • by gweihir ( 88907 )

      The 5 eyes are high-cost. The UK wants to spy _cheaply_ on all its citizens, like any good proto-Fascism does.

  • by rcb1974 ( 654474 ) on Thursday March 09, 2023 @07:24PM (#63357273) Homepage
    in fact, while they're at it, the should double the length of the encryption keys just for UK users.
  • by caviare ( 830421 ) on Thursday March 09, 2023 @08:15PM (#63357391)

    The British are aware as well as anyone that World War II was won in part because the allies were able to defeat German codes. WhatsApp may not get much traction from the British government. This will be an interesting fight.

    • The British are aware as well as anyone that World War II was won in part because the allies were able to defeat German codes. WhatsApp may not get much traction from the British government. This will be an interesting fight.

      Are you suggesting that the UK served a warrant on the German government, demanding that they install a back door in their military encryption systems so that the UK government could read all their traffic, in the name of national security? I don't think that is what happened.

      • He's suggested nothing of the sort, and I don't know what leap of logic you made to get there. Honestly I'm not even sure you're replying to the correct post, or that you know how to read a sentence.

        • He's suggested nothing of the sort, and I don't know what leap of logic you made to get there. Honestly I'm not even sure you're replying to the correct post, or that you know how to read a sentence.

          The point I was trying to make is that the anology with code breaking in World War II is incorrect. The code breaking in World War II was not based on having a backdoor in the encryption service, so it does not support adding one to WhatsApp.

    • Comment removed based on user account deletion
  • Find all of the FB, whatsapp and instagram accounts of UK agencies, leaders and their family members. Shut those accounts down with a banner like the FBI uses on seized domain names.

    Prince Harry and Meghan too.

  • by Asynchronously ( 7341348 ) on Thursday March 09, 2023 @11:06PM (#63357641)

    Why do you hate kids, WhatsApp?

  • If Meta has been threathened by the UK government for that, they should just stop whatsapp for UK while there are in discussion with the government. This will probably speed up the process.

    • If Meta has been threathened by the UK government for that, they should just stop whatsapp for UK while there are in discussion with the government. This will probably speed up the process.

      I'm in the UK and would gladly support this measure.

      The current government is probably too stupid to realise the effect of whatsapp going down overnight. So many people rely upon it that there would be public outcry. Easy win for the opposition at the next election...

      • by mccalli ( 323026 )
        The opposition are saying the measures are too soft...

        This is classic "think of the children!" pearl-clutching bullshit.
    • Why would Meta waste the resources necessary to get "in discussion" with a government who only represent about 60 million (potential) users? They've got much bigger markets to manage (America, about 300 million users ; Europe about 450 million ; China about 1100 million ; India also about 1100 million).

      Britain isn't an important enough country for them to worry about.

      • Because that's what the article was about?

        • So, the implication is - and what I was suggesting - that the Guardian's article is based on a wholly irrelevant idea about the UK's importance to Meta (substitute almost any global corporation if you want).

          I wonder when the "Mouse that Roared [wikipedia.org]" is next going to go out on Auntie. It must make uncomfortable viewing for some of our political idiots-in-chief.

  • ... Meta can simply ignore them, or move any offices out of the UK can just carry on outside UK jurisdiction ...

    National laws make no sense when a company is international - it's why Amazon pays almost no tax in the UK ...

    • They still want to sell adds from UK companies to UK customers, the UK can quite easily get in between that regardless of where Meta has its office.

      If Meta simply stops offering Whatsapp to UK customers, the UK is probably not going to use that weapon though. Would not look good.

  • by v1 ( 525388 ) on Friday March 10, 2023 @08:08AM (#63358307) Homepage Journal

    We want our government to be able to dig into others' privacy, in the name of security and safety, but on the other hand we don't want the government to be able to dig into OUR privacy. That's pretty much the entire story here.

    In the USA we have the 4th Amendment, which tries to strike a balance, basically saying citizens can have privacy EXCEPT when we have proof you're up to no good. Basically you can't go snooping on people LOOKING for illegal activity, but only as a means of gathering additional EVIDENCE once you know someone's breaking the law. This seems like a good compromise.

    A lot of policies currently on the books are already somewhat contrary to this principle, but the problem the governments are having with encryption is that it basically is forcing them to follow the principle. They can't just cast wide nets, scooping up data to sift through. In almost all cases, they have the means to defeat the encryption, or have other routes to gather the evidence, but it's not convenient AT SCALE due to encryption. But they're not SUPPOSED to be doing this at scale. They're using the individual cases that aren't actually serious problems to try to justify unlocking the entire system, to make their fishing expeditions easier.

    Or at least that's the way it looks to me. This whole notion of "we need to be allowed to violate your rights because it makes our job easier to do" is NOT a good enough reason in my book. A hundred years ago if I passed a paper to you with a written coded message, and you accidentally dropped it on the ground and was picked up by a policeman, they didn't look at that and say "OMG we need to know what was written on that paper, we have to ban writing in code on paper!" And yet that's basically where we are today.

    The only real difference between then and now is that we have groups with city-size data farms where 100% of the internet traffic is routed through for sifting and searching. It's like every scrap of paper in the city is passing through a bobby's hands. And they've been enjoying the convenience of being able to read every slip of that paper, and are upset at losing that convenience.

    I say, "too bad. go back to doing your job the way you did it before you got the idea to hoover up all the paper." The whole idea of them having their hands on every scrap of paper in the city is already sketchy enough as it is.

    • This argument works well because there is some validity to it. I'm not supporting such policies on a large scale. But on a small scale it's quite true. If there is a crime in a particular neighborhood, most residents and business are willing to voluntarily share their surveillance footage. No warrants are needed. Sure you might give up a little privacy but it's well worth it to help solving a crime. The difference here is one is being asked to blanket give up privacy rather than on a case-by-case basis

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...