Attention: Please take a moment to consider our terms and conditions before posting.

Encryption and "backdoor access" (WhatsApp, Apple etc)

Just been a piece about it on the One Show and didn't see any discussion about it here. Is the idea of backdoor access to encryped services a good thing or a bad thing?

Think there's a generational split on this issue since the Government have called for backdoor access into WhatsApp in the last couple of days.

Comments

  • WSSWSS
    edited March 2017
    If they could see some of my WhatsApp groups then I'd definitely be in prison.

    All banter though...
  • I once got penetrated through the back door by a trojan. It was very unpleasant. Had to reformat my hard-drive. As for whatsApp - its either got to stay encrypted for all or unlocked for all. No special treatment for anyone (IMO).
  • edited March 2017
    It's encrypted, doesn't mean that anyone powerful enough can't read it. If your device is compromised, encryption does nothing. I wouldn't worry about it though.
  • It's ridiculously easy to put together your own encrypted messaging software if you look around GitHub so all this will do is mean the rest of us will have our information open to hackers and terrorists will have encrypted messaging apps themselves.

    Plus can we just agree how absurd it is the government has been trying to outlaw MATHS which is basically all the process of encryption is.

    The actual technical and legal hoolahooping to put together a law against it in itself means this is impossible. Regardless of any "nothing to hide" arguement.
  • Can't they just hack the phones so they can record what is being typed on the screen?

  • I also saw a piece the other day about how pretty much 99% of technology is open to hackers now, including fridges and baby monitors.

    If you allow services like this to be 'open' as well then it opens up a whole ton of problems for everyday people.
  • Can't they just hack the phones so they can record what is being typed on the screen?

    I think the idea is that in situations like the Westminster attack, they want to access to messages AFTER they were aware of the culprit rather than catching him in the act of sending stuff
  • Sponsored links:


  • If you're right, @cafctom, and it's purely a case of going back through, then I've got no immediate issue with that. But I highly doubt that's where the requirement will stop.

    Giving up civil liberty in the name of terrorism is instant defeat. I'm sure there are plenty in the security services who do only have good intentions, but can such organisations be trusted? We've seen plenty go wrong in this regard. Let's just turn to the Home Secretary Amber Rudd for a moment, who said she wants to consult...

    “The best people who understand the technology, who understand the necessary hashtags to stop this stuff ever being put up, not just taken down, but ever being put up in the first place are going to be them.”

    Hashtags. Fucking terrorist hashtags. If the Home Secretary is talking in these terms, how much trust could anyone possibly have in their privacy being secure?
  • Ah, then unfortunately @The_President nailed it earlier. It's either encrypted or it's not.

    If a way is left for end to end encryption to be broken, every crim will be able to use it almost from the start. All this 'we will only access it under court order' doesn't seem feasible.

  • For a whole generation, IE: the vacants that I get to teach, this will be a non issue. They would never understand the repercussions of anything being "out there" that could damage "anyone", let alone their 1)reputations, 2)moral standing or 3)safeguarding. It really is a generational thing, anyone born before 2000 lived in an age where privacy was something to be guarded. This lot now live in a world that is open season on anything and anyone, encrypted or not, they do not give a shit. Not sure where it takes us as a society, but it there is no going back.
  • cafctom said:

    Can't they just hack the phones so they can record what is being typed on the screen?

    I think the idea is that in situations like the Westminster attack, they want to access to messages AFTER they were aware of the culprit rather than catching him in the act of sending stuff
    They can access the messages. Read the Edward snowden leaks. It's just a really inefficient process (a couple of days for a computer to do) which is a pretty inefficient way on snooping if the message is just an emoji. Encryption doesn't garuntee security but because of the sheer size of data it's pointless for gchq to decrypt every message.
  • It's amazing these ministers going on TV demanding that WhatsApp and other message services go unencrypted. All it will mean is that those with something to hide just switch to another service. More or less any electronic message sent will be encrypted somehow - it'd be hilariously easy for a hacker to steal your information if it wasn't.

    Even if WhatsApp was unencrypted the end users could just encrypt messages themselves if they were concerned about security.

    The problem with being governed by these out of touch loonies is that for them the fax machine is the pinnacle of human achievement in the field of telecommunications they think everything they don't understand is evil and should be banned. Don't these berks have scientific advisors to advise them before they go on national media and produce such verbal diarrhea.
  • cafctom said:

    Can't they just hack the phones so they can record what is being typed on the screen?

    I think the idea is that in situations like the Westminster attack, they want to access to messages AFTER they were aware of the culprit rather than catching him in the act of sending stuff
    They can access the messages. Read the Edward snowden leaks. It's just a really inefficient process (a couple of days for a computer to do) which is a pretty inefficient way on snooping if the message is just an emoji. Encryption doesn't garuntee security but because of the sheer size of data it's pointless for gchq to decrypt every message.
    WhatsApp started work on encryption eighteen months *after* Snowden leaked his documents.
  • edited March 2017
    Theoretically: decent encryption will gaurantee privacy of (a) a message, (b) whilst it's in-transit.

    In practice: where access to data is required, you attack it when it's not in-transit - i.e on the device. (If I was the conspiracy theorist type, I'd suggest this is why security updates to phones can take so long to get sent by carriers.. but I'm not, and conveniently most carriers are lazy and QA is hard.)

    Honestly? I quite like that. It gives people privacy, prevents Orwellian mass-surveillance, and still allows targeted data gathering.

    Not to mention, GCHQ and the NSA are just as interested in the information pertaining to a communication - or the metadata - as they are the contents of the communication. Guess what? They already get this from WhatsApp et al. (After all, it would be barmy for Facebook, a company whose product is literally your data, to buy WhatsApp and not store your data in a readable way!)

    It's a completely and utterly misleading suggestion to say that encryption is directly enabling terrorist attacks. One of - if not the most - bloody attacks in Western Europe of recent years, The Bataclan, was coordinated via SMS. The Westminster attacker may well have had WhatsApp installed on his phone, but even if it didn't encrypt his communications: he was no longer being monitored anyway!

    On the other hand, it's not possible to backdoor encryption itself - these are ridiculously painful mathematical ideas that simply don't work that way. To have a realistic chance at breaking encryption you have to rely upon the idiocy of a developer deciding to write their own implementation of a given algorithm. ("dont roll your own crypto")

    So if we can't backdoor it then someone is bound to argue for banning it.. but without it everything is broken. Who even defines what encryption is? Do we include browsing SSL enabled websites like Amazon or Barclays with the green padlock? Do we include network operations staff remotely logging in to a hospital for maintenance? What about your home WiFi network? These are all encrypted communications channels after all.

    I'll give Amber Rudd some benefit of the doubt regarding her stupid "hashtag" comment though, she may have meant "people that understand hashing", which indeed would mean cryptographers.

    Theresa May has also regularly attacked online privacy measures and encryption.

    It's almost as though these MPs are either woefully ill-informed and not briefed properly on subjects, or their advisors are completely stupid.


    Even the Government's own National Cyber Security Center acknowledge the need to keep data secure in-transit.

    Basically we're talking about something as utterly moronic as crippling our national security (by which I include espionage and critical infrastructure attacks) and banning a form of mathematics.. It's not going to happen.
Sign In or Register to comment.

Roland Out!