WhatsApp Would Not Remove End-To-End Encryption For UK Law, Says Chief (theguardian.com) 47
An anonymous reader quotes a report from The Guardian: WhatsApp would refuse to comply with requirements in the online safety bill that attempted to outlaw end-to-end encryption, the chat app's boss has said, casting the future of the service in the UK in doubt. Speaking during a UK visit in which he will meet legislators to discuss the government's flagship internet regulation, Will Cathcart, Meta's head of WhatsApp, described the bill as the most concerning piece of legislation currently being discussed in the western world.
He said: "It's a remarkable thing to think about. There isn't a way to change it in just one part of the world. Some countries have chosen to block it: that's the reality of shipping a secure product. We've recently been blocked in Iran, for example. But we've never seen a liberal democracy do that. "The reality is, our users all around the world want security," said Cathcart. "Ninety-eight per cent of our users are outside the UK. They do not want us to lower the security of the product, and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect those 98% of users."
The UK government already has the power to demand the removal of encryption thanks to the 2016 investigatory powers act, but WhatsApp has never received a legal demand to do so, Cathcart said. The online safety bill is a concerning expansion of that power, because of the "grey area" in the legislation. Under the bill, the government or Ofcom could require WhatsApp to apply content moderation policies that would be impossible to comply with without removing end-to-end encryption. If the company refused to do, it could face fines of up to 4% of its parent company Meta's annual turnover -- unless it pulled out of the UK market entirely.
He said: "It's a remarkable thing to think about. There isn't a way to change it in just one part of the world. Some countries have chosen to block it: that's the reality of shipping a secure product. We've recently been blocked in Iran, for example. But we've never seen a liberal democracy do that. "The reality is, our users all around the world want security," said Cathcart. "Ninety-eight per cent of our users are outside the UK. They do not want us to lower the security of the product, and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect those 98% of users."
The UK government already has the power to demand the removal of encryption thanks to the 2016 investigatory powers act, but WhatsApp has never received a legal demand to do so, Cathcart said. The online safety bill is a concerning expansion of that power, because of the "grey area" in the legislation. Under the bill, the government or Ofcom could require WhatsApp to apply content moderation policies that would be impossible to comply with without removing end-to-end encryption. If the company refused to do, it could face fines of up to 4% of its parent company Meta's annual turnover -- unless it pulled out of the UK market entirely.
Comment removed (Score:5, Insightful)
Re:OK, but it's Facebook right? (Score:5, Insightful)
This is all political theatre. If the UK police had a legitimate reason to read someone's WhatsApp chats they could get a warrant. And Facebook would immediately trip over themselves trying to fulfil it as fast as they could without resistance.
This is only an issue for unjustified snooping.
Re:OK, but it's Facebook right? (Score:5, Interesting)
I do wonder if that's even possible since they claim it is end-to-end encrypted. Lying about this would be a huge business risk as if it were shown to be false their marketshare would quickly plummet. Believing there is a backdoor there is getting into conspiracy theory territory, although conspiracy is much more viable when government agencies are involved.
There are two ways I know of that currently give Meta unencrypted WhatsApp chats
On the second point there is no released information as to how this filter works or how it is updated, but I'd assume the app retrieves filter updates periodically or on each startup without requiring the app itself to be updated. Were they presented a warrant to snoop on a particular phone number it would be trivial to add this number to the filter.
Re: (Score:3)
Lying about [E2E encryption] would be a huge business risk as if it were shown to be false their marketshare would quickly plummet.
Maybe I'm cynical but I really don't think it would. The people for whom E2E encryption is the deciding factor in their choice of messaging app are nerds that have probably already switched over to Signal. The vast majority of the customer base is using it for convenience and wouldn't bat an eye at the headline of "government gets warrant to read terrorist's WhatsApp messages".
Re: (Score:2)
There's no reason to believe that there aren't other back doors. That is, there could very well be a control signal that is sent to indicate that there is a search warrant for your messages and the app could respond by sending the cleartext version to Meta. There could be a similar feature where there is
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
And how would the company comply if the encryption keys only exist at the 'ends' . Since the app supplies end-to-end encryption, wouldn't that imply that only end-users have keys? How else do end-to-end encryption? If the middle-man (Meta in this case) has the keys, how is it really end-to-end encryption?
Re: (Score:2)
I mean, I'd be convinced that they're actually caring for our privacy if it wasn't for the inconvenient fact that Whatsapp is a Facebook company.
I don't believe Facebook cares about the message contents. 99.99999999% of it will be inane drivel.
They do care about who your contacts are, how often you message them, etc., and they have that info without decryption.
Back to the UK: If the UK wants to make Whatsapp illegal and prosecute everybody who uses it then they're free to do so. I don't understand the problem...
Re: (Score:2)
That's called "traffic analysis", and it was something that Walsingham's code analysis and breaking team paid attention to in the late 1500s, even if their corpus of messages was relatively small.
Re: (Score:2)
Indeed. Who the fuck cares?
Re: (Score:2)
When Farcebook bought the company practically the last thing they did before the acquisition was complete was turn on end-to-end encryption. It reportedly pissed off Zuckerberg to no end, since without the ability to snoop on users conversations the advertising value dropped to close to nil.
Re: (Score:2)
It reportedly pissed off Zuckerberg to no end
Is that why Facebook introduced end-to-end encryption on their Messenger platform shortly after?
I mean it's a good story and quite believable given we're talking about Facebook and Zuckerberg, but I'd want to hear that from the horses mouth given the actions which followed.
Re: (Score:1)
In the modern world as it is emerging, big multinational companies become more and more viable as rivals to states, with regards to who controls the life of the goyi^H^H^H^H citizens. The reason they have not taken over more of the functions of municipalities and national governments (yet) is that it suits them; one of the more obvious benefits is that the taxpaye
Re: (Score:3)
I find it interesting that the government wants this, since the government itself makes extensive use of WhatsApp for communication. A journalist recently leaked hundreds of thousands of messages from the pandemic era, all from WhatsApp, showing that policy was discussed and decided on that app.
If its encryption was weakened, presumably the government would be banned from using it.
I'd like to know what GCHQ knew about this. If they knew it was happening then that signals that they thing WhatsApp is secure e
Re: (Score:2)
GCHQ is not that competent (Score:2)
Basic details: North American and UK meters use implicit certificates
Re: (Score:2)
Re: (Score:2)
True - but they can't weaken it, because otherwise everyone switches to Signal/Telegram etc.
In truth, Whatsapp is between a rock and a hard place here. Because they're Facebook, they have to play along, or else will have too forgo their Facebook business in the UK (which I'm sure isn't life changing, but they sure don't want anyone else muscling in on it). They can't play along, because to do so means less Whatsapp users, and possibly less Facebook too - with those users moving to the competition. If enough
Why would the UK need to do this?? (Score:2)
This is exactly what 5 eyes are for.
As a US company, Whatsapp (Meta) is domiciled in a 5 eyes country and we can be pretty sure they are thoroughly infiltrated and spied on. Heck, theres probably a back door in their code right now just in case.
Sure, the NSA might not be 'allowed' to spy on them directly, but they can just let the Aussies, Canadians, Brits or heck even Kiwis spy on them and then they'll share the data all around!
Re: (Score:3)
This is less of an issue than it may appear, they will want to keep such a backdoor secret and use it only against the most serious threats to national security. So unless you're a terrorist of extremely significant threat to the nation, they won't bother you.
I don't think they are so fussy and would use any information they can get to cement the regimes power. Same as China, really. And all the fuss about TikTok is because China is trying to do the same thing they are.
Pot and kettle? I can't tell which is which, theres so much soot on the both of them.
Re: (Score:2)
The 5 eyes are high-cost. The UK wants to spy _cheaply_ on all its citizens, like any good proto-Fascism does.
Civil disobedience (Score:5, Funny)
national considerations will be paramount here (Score:3)
The British are aware as well as anyone that World War II was won in part because the allies were able to defeat German codes. WhatsApp may not get much traction from the British government. This will be an interesting fight.
Re: (Score:2)
The British are aware as well as anyone that World War II was won in part because the allies were able to defeat German codes. WhatsApp may not get much traction from the British government. This will be an interesting fight.
Are you suggesting that the UK served a warrant on the German government, demanding that they install a back door in their military encryption systems so that the UK government could read all their traffic, in the name of national security? I don't think that is what happened.
Re: (Score:2)
He's suggested nothing of the sort, and I don't know what leap of logic you made to get there. Honestly I'm not even sure you're replying to the correct post, or that you know how to read a sentence.
Re: (Score:2)
He's suggested nothing of the sort, and I don't know what leap of logic you made to get there. Honestly I'm not even sure you're replying to the correct post, or that you know how to read a sentence.
The point I was trying to make is that the anology with code breaking in World War II is incorrect. The code breaking in World War II was not based on having a backdoor in the encryption service, so it does not support adding one to WhatsApp.
Re: (Score:2)
Re: (Score:2)
Facebook should preempt (Score:2)
Find all of the FB, whatsapp and instagram accounts of UK agencies, leaders and their family members. Shut those accounts down with a banner like the FBI uses on seized domain names.
Prince Harry and Meghan too.
But itâ(TM)s for the children! (Score:4, Funny)
Why do you hate kids, WhatsApp?
Shut it down during discussions (Score:2)
If Meta has been threathened by the UK government for that, they should just stop whatsapp for UK while there are in discussion with the government. This will probably speed up the process.
Re: (Score:2)
If Meta has been threathened by the UK government for that, they should just stop whatsapp for UK while there are in discussion with the government. This will probably speed up the process.
I'm in the UK and would gladly support this measure.
The current government is probably too stupid to realise the effect of whatsapp going down overnight. So many people rely upon it that there would be public outcry. Easy win for the opposition at the next election...
Re: (Score:2)
This is classic "think of the children!" pearl-clutching bullshit.
Re: (Score:2)
Britain isn't an important enough country for them to worry about.
Re: (Score:2)
Because that's what the article was about?
Re: (Score:2)
I wonder when the "Mouse that Roared [wikipedia.org]" is next going to go out on Auntie. It must make uncomfortable viewing for some of our political idiots-in-chief.
UK Government will lose ... (Score:2)
... Meta can simply ignore them, or move any offices out of the UK can just carry on outside UK jurisdiction ...
National laws make no sense when a company is international - it's why Amazon pays almost no tax in the UK ...
Re: (Score:2)
They still want to sell adds from UK companies to UK customers, the UK can quite easily get in between that regardless of where Meta has its office.
If Meta simply stops offering Whatsapp to UK customers, the UK is probably not going to use that weapon though. Would not look good.
the wants of the society vs individual (Score:4, Interesting)
We want our government to be able to dig into others' privacy, in the name of security and safety, but on the other hand we don't want the government to be able to dig into OUR privacy. That's pretty much the entire story here.
In the USA we have the 4th Amendment, which tries to strike a balance, basically saying citizens can have privacy EXCEPT when we have proof you're up to no good. Basically you can't go snooping on people LOOKING for illegal activity, but only as a means of gathering additional EVIDENCE once you know someone's breaking the law. This seems like a good compromise.
A lot of policies currently on the books are already somewhat contrary to this principle, but the problem the governments are having with encryption is that it basically is forcing them to follow the principle. They can't just cast wide nets, scooping up data to sift through. In almost all cases, they have the means to defeat the encryption, or have other routes to gather the evidence, but it's not convenient AT SCALE due to encryption. But they're not SUPPOSED to be doing this at scale. They're using the individual cases that aren't actually serious problems to try to justify unlocking the entire system, to make their fishing expeditions easier.
Or at least that's the way it looks to me. This whole notion of "we need to be allowed to violate your rights because it makes our job easier to do" is NOT a good enough reason in my book. A hundred years ago if I passed a paper to you with a written coded message, and you accidentally dropped it on the ground and was picked up by a policeman, they didn't look at that and say "OMG we need to know what was written on that paper, we have to ban writing in code on paper!" And yet that's basically where we are today.
The only real difference between then and now is that we have groups with city-size data farms where 100% of the internet traffic is routed through for sifting and searching. It's like every scrap of paper in the city is passing through a bobby's hands. And they've been enjoying the convenience of being able to read every slip of that paper, and are upset at losing that convenience.
I say, "too bad. go back to doing your job the way you did it before you got the idea to hoover up all the paper." The whole idea of them having their hands on every scrap of paper in the city is already sketchy enough as it is.
Re: (Score:2)