back to article UK Home Sec: Give us a snoop-around for WhatApp encryption. Don't worry, we won't go into the cloud

The UK government is once again suggesting encryption has no place in citizens' hands, in the wake of revelations that Westminster attacker Khalid Masood was using WhatsApp shortly before murdering pedestrians with his car, and stabbing a police officer to death. While she stopped short of threatening a Brazilian-style …

Page:

  1. DJO Silver badge

    Colour me surprised

    A government minister exhibits a fundamental lack of understanding about how encryption works and the inherent problems with backdoors - I'm shocked.

    1. Voyna i Mor Silver badge

      Re: Colour me surprised

      "A government minister"

      It's not really a government minister, it's just Amber Rudd.

      But seeing what real government ministers can come out with these days, I'm beginning to wonder what they're putting in the Westminster tea.

      1. Tinslave_the_Barelegged Silver badge

        Re: Colour me surprised

        Saw a rather good description - I think David Mitchell - talking about how few Home Secretaries are in any way sane. He described his view of them as home-ophobia

        1. Anonymous Coward
          Anonymous Coward

          Re: Colour me surprised

          "[...] talking about how few Home Secretaries are in any way sane. "

          IMHO the last sane Home Secretary was Roy Jenkins in the 1960s. His reforms gave hope of a bright new dawn - that definitely turned out to be a false one when Margaret Thatcher came in. No Home Secretary since then has seemed sane - no matter from which party.

          1. Toni the terrible
            Meh

            Re: Colour me surprised

            Being HomeSec used to be the job they gave the person who wanted to be PM and had a lot of influence but was too much of a nut job to be PM. Things went wrong...

      2. Anonymous Coward
        Anonymous Coward

        Re: Colour me surprised

        It's not really a government minister, it's just Amber Rudd.

        And if you look really, really carefully you can see the wires where she's being operated by Theresa May.

        1. Anonymous Coward
          Anonymous Coward

          Re: Colour me surprised

          >And if you look really, really carefully you can see the wires where she's being operated by Theresa May.

          You really think Theresa May has the IQ to operate a puppet *and* breathe at the same time?

          1. Toni the terrible

            Re: Colour me surprised

            Yes, being loopy doesn't necessarily negate puppetmaster skills

    2. JohnMurray

      Re: Colour me surprised

      It's Amber Rudd.

      Not the brightest spark in the fire.

      She probably needed speech tuition to pronounce "encryption"

    3. Mark 85 Silver badge
      Devil

      Re: Colour me surprised

      Ok... her first. Once she has all her comms unencrypted and open to world + dog.... then after a 1 month consultation and wait to see what happens... maybe everyone else will follow suit. </snark>

      1. Anonymous Coward
        Anonymous Coward

        Re: Colour me surprised

        You are assuming that the rules will extend to alt.gov.

        I doubt that very much....

    4. Dan 55 Silver badge
      Facepalm

      Re: Colour me surprised

      "The best people who understand the necessary hashtags to stop this stuff even being put up" is quite impressive, even for a Tory minister.

      I assume this was "file hashes" starting in Cheltenham and going through too many civil servants before getting to Amber Rudd.

      1. hplasm Silver badge
        WTF?

        Re: Colour me surprised

        I understand 'the hastags'! Give me huge amounts of cash. Don't expect results though- just look on me as a mini-capita or something.

        A couple of million a month should do it.

        1. Roger Kynaston

          EU tender rules

          I'll put a tender in to manage the hashtags and because of inherent efficiencies of my organisation which commercial confidentiality precludes me from disclosing here I can offer to manage the hashtags for £1.5m a month.

          1. 2+2=5 Silver badge

            Re: EU tender rules

            > I'll put a tender in to manage the hashtags and because of inherent efficiencies of my organisation which commercial confidentiality precludes me from disclosing here I can offer to manage the hashtags for £1.5m a month.

            I'll counter-bid with £15m per month, with a promise to reduce costs in a year's time to just £10m per month.

            My bid will win because, in a year's time, a minister will be able to say that he's 'saved' £5m a month.

      2. 's water music Silver badge

        Re: Colour me surprised

        >> "The best people who understand the necessary hashtags to stop this stuff even being put up" is quite impressive, even for a Tory minister.

        I assume this was "file hashes" starting in Cheltenham and going through too many civil servants before getting to Amber Rudd.

        I lolled to myself and thought that too but then I started wondering which was more likely, that a tech briefing would get slightly garbled somewhere between page and mouth or that minister would want us to think that the solution to terrorism was as simple as Twitter blocking the hashtags #isis and #deathtowesterndemocracy and that because Twitter wouldn't do it was fair game for the gov to wade in and demand en end to encryption. Now I'm off to have a little cry.

        1. TRT Silver badge

          Re: Colour me surprised

          Well, as the private key is presumably held within the WhatsApp application within Bob's phone, then WhatsApp have the power to have that key copied to them given some order from a judge or court or something. I'm not saying it's an acceptable way to behave, it's just all this talk of over-egging the pudding with multiple encryption etc etc when all they need to do is send a command message to the client app to shove the private key back up the pipe, no? I've never trusted any end-to-end encryption to be secure and I wouldn't ever expect it to be for exactly that reason.You need to decrypt it somewhere, and there's absolutely nothing to stop the app writer copying the key used to decrypt it to somewhere else, or to copy the decrypted message somewhere. Now, if it dumped the message into a file on the local storage in a sandboxed directory and I had a second app which held the keys... But even then I'm relying on the integrity of the author of the second app.

      3. Smooth Newt Silver badge
        Happy

        Re: understand the necessary hashtags to stop this stuff

        "The best people who understand the necessary hashtags to stop this stuff even being put up" is quite impressive, even for a Tory minister.

        I assume this was "file hashes" starting in Cheltenham and going through too many civil servants before getting to Amber Rudd.

        Perhaps the Internet being something to do with "hashtags" is a simplification for those who cannot grasp the complex technical intricacy of "a series of tubes". After all, Twitter wouldn't work properly without them, so they must be pretty damned critical to the operation of the Internet.

    5. Blank-Reg
      Paris Hilton

      Re: Colour me surprised

      Same load of old guff as the last bunch and the lot before and before etc etc.

      I swear, it seems as though the home office is stuffed with wormtongues who whisper into the ministers ears and they dutifully plod out and spout forth this nonsense and rightly get mocked for it. Far better to find out who keeps telling these hapless ministers that encryption needs weakening and then drum them out of the place before someone actually tries to push it through

      1. Anonymous Coward
        Anonymous Coward

        Re: Colour me surprised

        "find out who keeps telling these hapless ministers that encryption needs weakening"

        That would be Charles Farr, IIRC.

        1. Toni the terrible
          Joke

          Re: Colour me surprised

          Farr Out! at least hopefully

      2. Anonymous Coward
        Anonymous Coward

        Re: Colour me surprised

        "Far better to find out who keeps telling these hapless ministers that encryption needs weakening and then drum them out of the place before someone actually tries to push it through"

        Like Theresa May wanting a carte blanche to make changes to the EU laws that have to be changed into UK law after BREXIT.

        Nothing drastic you understand - just a free hand to bypass Parliament and rewrite the bits she doesn't like - say some of the privacy and human rights ones she says are EU impositions on our sovereignty.

      3. Captain Badmouth
        Happy

        Re: Colour me surprised

        "it seems as though the home office is stuffed with wormtongues who whisper into the ministers ears and they dutifully plod out and spout forth this nonsense..."

        Anyone across the pond care to remind me of the blind city cop who keeps getting sent into awkward stuations by "the commies on the police board".

        You need to have been around in the late 60's.

    6. Androgynous Cupboard Silver badge

      Re: Colour me surprised

      While I think Rudd is, in general, an idiot, what she is describing is technically possible without introducing any technical weakness.

      Communication is normally encrypted with a symmetric cipher like AES256, and the key exchange is done with public keys: device A generates a session key, encrypts it with device B's public key. Only device B can decrypt it, and, therefore the session.

      However it's possible to encrypt the session key again with a second public key. The corresponding private key could be held by WhatsApp, perhaps itself encrypted with a key known only to law enforcement. WhatsApp (or whoever) stores the encrypted chatter between devices, and can decrypt it with that private key as required.

      This is different to the "decrypt the iphone" debate, which is done with a symmetric cipher. Introducing a weakness there introduces it for everyone, not just law enforcement. But where the encryption involves a key exchange between two devices, then allowing a third-party to decrypt communications can be done and, from a purely technical point-of-view, introduces no weakness in security.

      Obviously there are other issues, not least for the company that is likely to see people abandoning any platform that does this for one that doesn't. But that's a different problem.

      (edit: I should add this mechanism is not something I've just dreamt up, it's used by PGP, Acrobat and probably any system that facilitates the encryption of a document or message for multiple parties)

      1. streaky Silver badge

        Re: Colour me surprised

        However it's possible to encrypt the session key again with a second public key. The corresponding private key could be held by WhatsApp, perhaps itself encrypted with a key known only to law enforcement. WhatsApp (or whoever) stores the encrypted chatter between devices, and can decrypt it with that private key as required.

        The fact you don't understand this is the introduction of a technical weakness is a problem.

        For starters you double the chances of the [a] key leaking - that's a technical weakness that you've introduced. Secondly it's no longer end to end encrypted it's "end to end and we copied your shit and have the key" - at that point the service is *useless* for privacy and people will go elsewhere.

        These services exist because governments and security services can't keep their nose out people's shit - doubling down on that is not going to make it easier for security services it'll make it harder.

        1. Androgynous Cupboard Silver badge

          Re: Colour me surprised

          No. Not a technical weakness. The symmetric key remains encrypted, buy you now have a choice of two public keys to decrypt it. Brute forcing either is impractical, so no technical weakness is created.

          It is clearly still "end-to-end" encrypted, as the message it encrypted on device A and not decrypted until it's read on device B.

          There is clearly an ability for a third-party to decrypt - that's the point - but it's not a technical weakness. Let's be clear, I'm not advocating this system and I am not keen to allow Amber Rudd to read my messages, but criticising he on the grounds of "it can't be done, technically" is incorrect.

          But if you know better, please explain in detail why this is the case - as I just aded to my post, this method is used by PGP amongst others, so I'm sure they would be delighted to hear your analysis.

          1. streaky Silver badge

            Re: Colour me surprised

            But if you know better, please explain in detail why this is the case - as I just aded to my post, this method is used by PGP amongst others, so I'm sure they would be delighted to hear your analysis.

            What are you talking about. That's not a thing.

            There is clearly an ability for a third-party to decrypt - that's the point - but it's not a technical weakness

            It's a weakness that's been intentionally added by technical means. It's literally the definition of a technical weakness. It's not even a back door; it's a front door. We copy your data and use it as we see fit is not a private communications service any longer. People leave whatsapp and use stuff with even stronger privacy and crypto strength guarantees so they can't break it when applying massive computation to it. Better for the security services? Nope, I don't think so.

      2. Anonymous Coward
        Anonymous Coward

        Re: Colour me surprised

        "However it's possible to encrypt the session key again with a second public key"

        Thanks for pointing out the obvious.

        Now I'll point out the obvious consequence of that, what happens when someone steals the private key held by wahtsfap, or any number of Govt agencies? Don't forget, the UK food standards agency will require a copy too.

        1. Roland6 Silver badge

          Re: Colour me surprised

          Don't forget, the UK food standards agency will require a copy too.

          And all the other organisations listed in the appendices to the Investigatory Powers Act 2016...

          1. Smooth Newt Silver badge
            Meh

            Re: Colour me surprised

            Don't forget, the UK food standards agency will require a copy too.

            And all the other organizations listed in the appendices to the Investigatory Powers Act 2016...

            That will be all UK police forces, MI5, MI6, GCHQ, Ministry of Defence, Department of Health, Home Office, Ministry of Justice, National Crime Agency, Her Majesty's Revenue and Customs, Department for Transport, Department of Work and Pensions, all ambulance trusts in the UK, the Common Services Agency of the Scottish Health Service, the Competition and Markets Authority, Criminal Cases Review Comission, Department for Communities in Northern Ireland, Department of Justice in Northern Ireland, the Financial Conduct Agency, all fire and rescue authorities in the UK, Food Standards Agency, Food Standards Scotland, Gambling Commission, Gangmasters and Labour Abuse Authority, Health and Safety Executive, Independent Police Complaints Commission, NHS Business Services Authority, the Office of Communications, Office of the Police Ombudsman for Northern Ireland, Serious Fraud Office.

        2. Mike Richards Silver badge

          Re: Colour me surprised

          The FSB, Chinese State Security, CIA and any number of other organisations where people wear cheap suits and dark glasses will pour all their efforts into compromising the key holder organisation. Not to mention every hacker in the world.

          The consequences of any breach would be to destroy or fatally undermine confidence in every transaction made by Britons. We could say goodbye to the City and much of our economy.

          1. Androgynous Cupboard Silver badge

            Re: Colour me surprised

            @Dan 55 - may I call you Dan? No need for surnames here.

            My hypothetical example is really just about key management, specifically that you can design a system where it would be impractical for NSA & law enforcement to electronically hack in to read messages without compliance from WhatsApp. You're asking what happens after they have the key, the answer is - of course - security is potentially compromised.

            @John Robson, @Mike Richards and pretty much everyone else.

            Gents, this is a lot of fun but once you get into bribing this guy or rooting that, frankly we're in the world none of us are experts in. There are easier ways to do this, as TRT points out above. I'm simply describing a process where this could be done technically, through legal, if not necessarily moral, channels, without introducing a weakness exploitable by a third party.

            Signing off now, have to iron out bugs in my OCSP verification code. That's the trouble with crypto, it's all in the f*ing details.

            1. Dan 55 Silver badge

              Re: Colour me surprised

              You're asking what happens after they have the key, the answer is - of course - security is potentially compromised.

              Why, then, are we even having a debate if we all know three-way encryption exists but the point is we all know it can be compromised?

              1. Anonymous Coward
                Anonymous Coward

                Re: Colour me surprised @Dan55

                Compromising encryption once you have the key is traditionally called "decryption".

                1. Dan 55 Silver badge

                  Re: Colour me surprised @Dan55

                  You are making a distinction where there is none. Building a system which allows a third party access to messages means that it can be compromised.

                  The fact that a wonderful cryptographic module only decrypted the messages when it was told to by the rest of the (compromised) system and the encryption on the messages was not brute forced is not important.

              2. Tom Paine Silver badge

                Re: Colour me surprised

                No, no, no. [Good] encryption (by definition) cannot be compromised. The security of the system, through, can be easily compromised by circumventing the crypto.

                I've had reason in the last few days to memorise this: it's Shamir's Third Law of crypto.

          2. Anonymous Coward
            Anonymous Coward

            Re: Colour me surprised

            Hey, the suit aint cheap and neither are our aviator style glasses

        3. Anonymous Coward
          Anonymous Coward

          Re: Colour me surprised

          @AC

          I think you made a typo

          wahtsfap should be "Wait,Fap" for when Watsapp images leak out

      3. F0rdPrefect
        FAIL

        Re: perhaps itself encrypted with a key known only to law enforcement

        Wonder how long that would remain the case?

        1. Androgynous Cupboard Silver badge

          Re: perhaps itself encrypted with a key known only to law enforcement

          My dear Streaky, PGP is very much a thing, You should google it.

          I think we're at cross purposes here. "A weakness added by technical means" is wordplay and not helpful to this discussion.

          Clearly you are upset at the concept of law enforcement having access to comms that you feel should be encrypted for ever until the end of time. That's not unreasonable, but I'm not interested in legislative or emotional arguments. Yes, people will leave a messaging platform that does this. I already made that point in my first post.

          I'll restate my point for clarity. Encrypted communication between two devices could be "backdoored" for law-enforcement without making it easier for a third-party who snoops on the traffic to decrypt. The argument levelled against "backdooring" is that it opens the door for everyone, not just law enforcement, and I am saying that is simply not the case here.

          As I'm clearly playing devils advocate, here's how I would construct the system.

          Law enforcement generate a keypair and send the public key to Whatsapp, and keep the private key in safe. WhatsApp generate a keypair, and use the public key as I've described. They encrypt the private key with law-enforcement's public key, print it out and put it in a safe, then delete the "plaintext" private key. Or, if you prefer, store parts of the printout in multiple safes in multiple jurisdictions, including bank vaults.

          Now to decrypt any communications you need the private key of law enforcement (in their safe), the encrypted comms (on WhatsApps servers) and access to the safes in WhatsApp's offices, which they're only going to open with a court order. It's safe from NSA hacking, it's safe from NSA and Law enforcement acting together, it's safe from WhatsApp acting on their own.

          Of course no system is impenetrable, but if you think this system (if implemented as described) is vulnerable then please tell me how you would do it, either as an over-zealous government, a corrupt law-enforcement official or a third party. Facts please, not hyperbole.

          1. Zippy's Sausage Factory

            Re: perhaps itself encrypted with a key known only to law enforcement

            @Androgynous Cupboard

            You're assuming that the generated "plaintext" private key is always held securely, and I'm not sure that's the case. The insertion of malware onto the generator platform would be the obvious attack surface, and once this was done the automatic "slurping" of all private keys becomes a trivial matter. (Got any "kompromat" on any WhatsApp employees? Just send them a USB stick...)

            Naturally, while domestic law enforcement might play by the rules, I very much doubt foreign intelligence agencies, hacker collectives or criminal enterprises would have much incentive to do the same.

            1. Androgynous Cupboard Silver badge

              Re: perhaps itself encrypted with a key known only to law enforcement

              @Zippy

              In my example system the generated plaintext private key doesn't have to be stored, it can be deleted. But yes, you're right - there's an assumption that this is done properly, and that the NSA weren't running a side-channel attacks on the computer generating the key, or bribing the WhatsApp employee who generated it, or that Facebook are just a front for the CIA/Alien overlords, and so on. But if any of these are the case, we have bigger problems.

              Designing a system to minimize this risk is complex, and it's also quite good fun as a thought exercise, but it's straying from the (really very simple) technical point I am trying to make: a properly implemented backdoor for law enforcement is technically possible without opening that backdoor to everyone. Sorry. I don't like it much either, for what it's worth.

              1. John H Woods Silver badge

                Re: perhaps itself encrypted with a key known only to law enforcement

                "but it's straying from the (really very simple) technical point I am trying to make"

                I think it is more likely that you are being downvoted for trying to teach your grandmother to suck eggs than that anybody here doubts a form of key escrow is technologically feasible.

          2. streaky Silver badge

            Re: perhaps itself encrypted with a key known only to law enforcement

            My dear Streaky, PGP is very much a thing, You should google it.

            Nono don't misunderstand, I know it's a thing, I'm telling you it doesn't work like you think it does.

            1. Androgynous Cupboard Silver badge

              Re: perhaps itself encrypted with a key known only to law enforcement

              Christ. Go read (and implement, as I have) RFC2315, in particular section 10 (enveloped data), then come back to me. The key words from that section begin with "For each recipient".

          3. John Robson Silver badge

            Re: perhaps itself encrypted with a key known only to law enforcement

            "The argument levelled against "backdooring" is that it opens the door for everyone, not just law enforcement, and I am saying that is simply not the case here.

            "

            I'm sorry - any key with access to that much data will leak.

            You might be better off suggesting that a messaging provider sets up proper encryption, but that by default it copies all messages directly to GCHQ. At least there would be a shred of honesty in there.

          4. Dan 55 Silver badge

            Re: perhaps itself encrypted with a key known only to law enforcement

            Mr/Ms cupboard,

            It's not really safe. How would messages (now stored on WhatsApp's servers instead of deleted upon reception) be read by law enforcement?

            a) The certificate is kept by WhatsApp and law enforcement log into a special server which means the messages are only protected by a username and password or b) the certificate is given to law enforcement and they are in control of it.

            Both methods can be compromised by malware or leaks.

          5. Anonymous Coward
            Anonymous Coward

            Re: perhaps itself encrypted with a key known only to law enforcement

            @Androgynous Cupboard: it's a shame you've had nothing but downvotes, because your idea seems entirely valid, technically if not morally or commercially.

            PGP has always had a feature to allow you to encrypt a message with multiple public keys. If I want to send a message to Alice and Bob, the message is encryptyed with a message key, and the message key is encrypted twice, with Alice's and Bob's public keys. I can then send the same encrypted message to both of them, and they can both recover the message key and decrypt it. You're talking about exactly the same, except you replace Bob with GCHQ.

            My message to Alice and GCHQ is technically no weaker than the message to Alice and Bob, at least in theory. The big assumption of course is that GCHQ have to be at least as good at keeping their private key secret as Alice and Bob are. Now if GCHQ can't manage to steal Alice's private key (that's why they want a back door), then you might assume it should be equally hard for the Chinese or the Russians to steal GCHQ's private key. But more people will have access to GCHQ's private key, and it's a vastly more valuable target than Bob's.

            1. VanguardG

              Re: perhaps itself encrypted with a key known only to law enforcement

              If the history of spies teaches us anything, its that people will spy for foreign powers for ANY reason, and sometimes just for no real reason besides trying to get something over on the government.

              Has anyone stopped to think that maybe these terrorists use these phones and apps specifically to divert attention from other things? "He used Whatsapp! It must've been for terrorist purposes, we need to be able to view everything anyone shares!" Meanwhile, the rest of his terroristic cell, none of whom have used Whatsapp before, are arranging the next attacker to use Facebook right before attacking. The next one will use Snapchat...then LinkedIn. Causing governments to demand more and more erosion of privacy, increasing distrust of government among the governed. That's the real tactic the terrorists are using here - drive a wedge between the people and the government, and the government will have all it can handle with its own people, letting the terrorists have free rein anywhere else they choose to operate.

              And the government is dutifully following the script.

            2. Vic

              Re: perhaps itself encrypted with a key known only to law enforcement

              The big assumption of course is that GCHQ have to be at least as good at keeping their private key secret as Alice and Bob are

              No - you've made two assumptions :-

              • The one you mention
              • That the message sent to GCHQ is indeed the same as the one you sent to Alice

              The first of these we know to be false straight off the bat - look at the CIA and NSA leaks to show how they actually aren't all that good at keeping secrets. And it gets worse once you need international cooperation - because that means giving all the keys to the Russians, the Syrians, the Iranians, the North Koreans, etc. Failure to do so would mean you don't get their cooperation - and guess where all the traffic goes instead.

              The second is a fundamental flaw in that it requires the bad guys to play by the rules in order to catch them - so Bob sends a message to Alice that says "Attack at Dawn", whereas GCHQ gets one that says "Mary had a little lamb". Bob *swears* both messages have the same content.

              So what we're left with is a system that is fundamentally less secure for everyone and no use whatsoever for catching bad guys.

              Vic.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019