More on Backdooring (or Not) WhatsApp

Yesterday, I blogged about a Facebook plan to backdoor WhatsApp by adding client-side scanning and filtering. It seems that I was wrong, and there are no such plans.

The only source for that post was a Forbes essay by Kalev Leetaru, which links to a previous Forbes essay by him, which links to a video presentation from a Facebook developers conference.

Leetaru extrapolated a lot out of very little. I watched the video (the relevant section is at the 23:00 mark), and it doesn't talk about client-side scanning of messages. It doesn't talk about messaging apps at all. It discusses using AI techniques to find bad content on Facebook, and the difficulties that arise from dynamic content:

So far, we have been keeping this fight [against bad actors and harmful content] on familiar grounds. And that is, we have been training our AI models on the server and making inferences on the server when all the data are flooding into our data centers.

While this works for most scenarios, it is not the ideal setup for some unique integrity challenges. URL masking is one such problem which is very hard to do. We have the traditional way of server-side inference. What is URL masking? Let us imagine that a user sees a link on the app and decides to click on it. When they click on it, Facebook actually logs the URL to crawl it at a later date. But...the publisher can dynamically change the content of the webpage to make it look more legitimate [to Facebook]. But then our users click on the same link, they see something completely different -- oftentimes it is disturbing; oftentimes it violates our policy standards. Of course, this creates a bad experience for our community that we would like to avoid. This and similar integrity problems are best solved with AI on the device.

That might be true, but it also would hand whatever secret-AI sauce Facebook has to every one of its users to reverse engineer -- which means it's probably not going to happen. And it is a dumb idea, for reasons Steve Bellovin has pointed out.

Facebook's first published response was a comment on the Hacker News website from a user named "wcathcart," which Cardozo assures me is Will Cathcart, the vice president of WhatsApp. (I have no reason to doubt his identity, but surely there is a more official news channel that Facebook could have chosen to use if they wanted to.) Cathcart wrote:

We haven't added a backdoor to WhatsApp. The Forbes contributor referred to a technical talk about client side AI in general to conclude that we might do client side scanning of content on WhatsApp for anti-abuse purposes.

To be crystal clear, we have not done this, have zero plans to do so, and if we ever did it would be quite obvious and detectable that we had done it. We understand the serious concerns this type of approach would raise which is why we are opposed to it.

Facebook's second published response was a comment on my original blog post, which has been confirmed to me by the WhatsApp people as authentic. It's more of the same.

So, this was a false alarm. And, to be fair, Alec Muffet called foul on the first Forbes piece:

So, here's my pre-emptive finger wag: Civil Society's pack mentality can make us our own worst enemies. If we go around repeating one man's Germanic conspiracy theory, we may doom ourselves to precisely what we fear. Instead, we should ­ we must ­ take steps to constructively demand what we actually want: End to End Encryption which is worthy of the name.

Blame accepted. But in general, this is the sort of thing we need to watch for. End-to-end encryption only secures data in transit. The data has to be in the clear on the device where it is created, and it has to be in the clear on the device where it is consumed. Those are the obvious places for an eavesdropper to get a copy.

This has been a long process. Facebook desperately wanted to convince me to correct the record, while at the same time not wanting to write something on their own letterhead (just a couple of comments, so far). I spoke at length with Privacy Policy Manager Nate Cardozo, whom Facebook hired last December from EFF. (Back then, I remember thinking of him -- and the two other new privacy hires -- as basically human warrant canaries. If they ever leave Facebook under non-obvious circumstances, we know that things are bad.) He basically leveraged his historical reputation to assure me that WhatsApp, and Facebook in general, would never do something like this. I am trusting him, while also reminding everyone that Facebook has broken so many privacy promises that they really can't be trusted.

Final note: If they want to be trusted, Adam Shostack and I gave them a road map.

Hacker News thread.

EDITED TO ADD (8/4): Slashdot covered my retraction.

Posted on August 2, 2019 at 2:18 PM • 52 Comments

Comments

Bob McJobAugust 2, 2019 5:33 PM

I've never used WhatsApp, and I doubt I ever will. Not because of the BS story about them screwing with their end-to-end encryption, but because of FB's fast and loose attitude to privacy, that was apparent even before this tale. I don't trust FB and could see no reason why this story might not be true.

AlejandroAugust 2, 2019 6:49 PM

I would think Forbes would screen contributors and their stories better.

I still don't understand how FB will merge the three apps, FB/WhatsApp/Instagram (Z's vision) using E2E encryption and then moderate content to rather stringent conditions.

Sounds impossible to me. What am I missing?

Harmless DrudgeAugust 2, 2019 7:03 PM

I never regretted deleting WhatsApp the day Facebook bought it. It's a completely untrustworthy company. My wife uses FB, and WhatsApp, even after having watched "The Great Hack". She's not the only one seemingly unable to give it up.

Facebook's references to "the community" make me sick. Zuckerberg's earlier term "suckers" is more apt. It needs to be broken up, but it won't be as long as it's useful to the intelligence services.

lurkerAugust 2, 2019 7:06 PM

@ Bruce

This has been a long process.

About 16 years, it started on day one, facts:
Z published to the internet photos of students without their explicit written permission;
traffic to Z's server caused overload of a network router and DOS for other network users;
then we move into he-said-she-said territory: was Z's server configured without authority to appear to the Harvard network as if it was authorised for internet access, or did he take advantage of a misconfigured router?
was Z "invited" to leave Harvard, or did he walk voluntarily?
Within days came allegations of theft of IP, followed by the harvesting of incorrect login passwords to use in accessing other email accounts.

and it just hasn't gotten any better since...

Nick P.August 2, 2019 7:20 PM

Bruce, I can't remember if I told you what my ultimate compromise was on these things. I know they won't turn down ad revenue. If you can reach them, suggest that they do the following to give privacy a *paid* chance:

1. Every service that's ad-driven is offered in a paid model at whatever they're making per user in ads. That or with a small premium to cover privacy-oriented deployment.

2. The ad-driven and privacy-oriented users are on separate VM's, instances of the apps, etc. The platform is modified so those paying for privacy are directed to sites and services that simply don't collect data. Brick wall but reuses 99+% of core code/infrastructure.

3. They can tell the regulators they're doing this. Maybe they'll be nice reforming the ad-driven versions. If not, they can at least fall back on, "We offered a private version of everything. Most people aren't using it. We're doing our part." It makes them look good while giving whatever percentage of people wanting something safer a chance to get that something.

Facebook and Google doing this would be huge. Especially if there were per-user penalties for violations in the contract. Basically, a contract with teeth that they'd follow for real. We'd have search, mail, maps, messaging, and social networks with a minimum of privacy invasion for maybe $100-200 a year. That would be an epic gain.

I don't have a better plan. Especially if Republicans are in charge given they're anti-regulation on most stuff. I suggest everyone who can reach executives of these companies try this one. Might work given it's designed to keep their money up and make them look better to regulators.

JoshAugust 3, 2019 1:50 AM

"It seems that I was wrong, and there are no such plans."

I would not be surprised if such filter had already been built into clients and in-use for quite some time.

These types of "stealth" introduction of features is quite common among internet applications that get updates often. The service provider is under no obligation (or have already exempted themselves from it in the EULA) to specify every detail of application re-programming.

It's safe to assume it already has.

Clive RobinsonAugust 3, 2019 1:59 AM

@ Nick P.,

Long time no hear, I trust you are well?

With regards,

Every service that's ad-driven is offered in a paid model at whatever they're making per user in ads. That or with a small premium to cover privacy-oriented deployment.

What do you call a "small premium"?

They would need to set up a quite different infrastructure to that which they currently have. Thus they would be looking to recoup that "at a profit". With banks claiming to regulators a 6-20USD / month cost of running accounts you can see how high the price aimed for could be.

But also you will see another trend. If Google / Facebook etc are making 130USD/person as some have claimed that is likely to be an inflated average. Even so some are going to be worth a lot more than others. Those that are worth more are more likely to use a privacy option if one existed, which means that they are going to have a disproportionate effect on the pricing model. As I was once told "It's hard to sell a plum pudding if it's known not to have plums in it". Therefor the Silicon Valley Big-Corps are going to claim that those customers are going to be worth more than the inflated average, a lot more. Thus the asking price for such a service will be quite high, probably too high to be viable.

But with the changes to FCC regulation under this current administration comes more issues. It's clear from the likes of previous "traffic tagging" experiments that large ISPs want in on a slice of the marketing pie that the Silicon Valley big corps have. Thus they are going to look long and hard to find ways to do the same. Thus any differentiation in customer type going into the Big-Corp systems will be used as a way to raise more revenue one way or another.

The big problem is that an artificial market has been created in user data, and it's fairly clear it's corrupt. That is when you look at the disparity in price on what enters the market from those buying advertising space to the sums payed out to those who run the sites users visit it's clear that it's virtually all going to "middle men".

The problem with such artificial markets, is once made they don't just go away again, they will fight to protect their revenue in what ever way they can. Which brings us around not just to the visable money used for lobbying but the so calked "black money". Such artificial and corupt markets will buy votes to protect their markets. The Telco's, Cable and Power companies are particularly adept at getting the legislation they want that makes them "rent seekers extraordinaire"...

JoshAugust 3, 2019 2:11 AM

"That might be true, but it also would hand whatever secret-AI sauce Facebook has to every one of its users to reverse engineer -- which means it's probably not going to happen."

This may be true to a certain extent but the "secret-AI sauce" does not have to be included on the client side. Note that the report mentioned the use of a "cloud service" which means distributed processing. The client simply had to pick up keywords as tokens and sent to central. The actual sauce exists on the cloud side.

Having that said, I'm not convince such "algo" sauce is a top priority trade secret because they are constantly modified and updated. Additionally, there is currently no service provider at the scale of Facebook to make use of these algos and the click-thru or buy-thru rate which ad buyers really care about is a pretty dibious figure.

Most people pay for ads, because it is a trend to do so and they just happen to have the budget, IMHO.

CelosAugust 3, 2019 2:17 AM

Well, this tells us at least one thing: They believe that backdooring their app would be very bad for their business. And that is a good thing.

I also do not believe that they have any stealth backdoors already in place. That would open them up to a legal nightmare at least in the EU and the same business risk. The risk of being found out is far too great and large corporations are infested with cowardice.

ALejandroAugust 3, 2019 6:11 AM

@Nick P.

Cable TV was supposed to be ad free paid content. Didn't last long.

Mahesh Paolini-SubramanyaAugust 3, 2019 7:43 AM

I remember thinking of him -- and the two other new privacy hires -- as basically human warrant canaries. If they ever leave Facebook under non-obvious circumstances, we know that things are bad

And there's the rub.
I've had friends/acquaintances go through this iver the last dozen tears or more, and it's always the same.

1. "Things are different now"
2. "Sorry about that, it takes a while to get things in place. We're improving the process"
3. "Oh *that*? It was an error. Dunno how it made it through the system"
4. Radio silence.
5.Exit.

HumdeeAugust 3, 2019 9:16 AM

Facebook desperately wanted to convince me to correct the record, while at the same time not wanting to write something on their own letterhead (just a couple of comments, so far).

I first learned of this propaganda technique by watching Greg Street and other former developers of the World of Warcraft interact with their community. What is going on here is a false reassurance. The way it works is to say (a) we are not doing X now (b) we have no plans to do X now (3) but what we are not saying is that we will never do X. Which in my experience with WoW means that they are going to do X sooner or later.

I'm sorry but taking FB word on this is like taking the word of the heroin addict who says that they are not shooting up right now and they have no plans to shoot up later. The addict isn't lying, they may even want it to be true, but the underlying problem is that is not how addiction works. FB is addicted to power. They are addicted to manipulating others for profit. If you believe FB on this score you are the sap who thinks the drunk just wants $10 to buy flowers for his girlfriend's birthday.

Peter S. ShenkinAugust 3, 2019 10:30 AM

@Harmless Drudge

Sorry, but it's not about being "unable to give it up." It's about getting far more benefit from it than personal risk. Put another way, the risk is miniscule compared to the benefit.

For me, anyway.

-P.

Clive RobinsonAugust 3, 2019 11:08 AM

@ gordo,

Looks like this article got pulled, but the point remains.

The point is a bit broader than the "don't trust closed source" the articles implied.

Even FOSS can have issues with the implementation of algorithms, protocols and standards.

I said long ago on this blog if I were the NSA, GCHQ, et al, I would not want to backdoor implementations but algorithms, protocols and standards. With standards being the most preferable because they would normally be not just around the logest but have to be certified in some way for compliance.

We then found out from the Dual Eliptic Curve DRNG issue that indeed that is what the NSA did. And I've always strongly suspected the NSA of rigging the AES contest such that the freely available code designed for speed and efficiency but not security would get put in the majority of implementations. So it turned out and the code was effectively riddled with time based covert channels leaking either key information, plain text or both.

Others have pointed the finger at IPSec with regards protocols but as far as I'm aware no real smoking gun has yet been found.

The point is though we have to look at Crypto in terms of "Asymetric Warfare", the SigInt agencies whilst large are these days smaller than the academic community, but they have been at it for a lot longer. Also unlike an academic who has to publish papers preferably in new areas, SigInt researchers can spend a lot lot longer on a given problem thus go into it in more depth than current academics do.

Thus whilst the SigInt agencies are for various mundane reasons falling behind in many areas, they are still ahead in others and unlike academics do have large budjets to throw at problems.

Thus in some respects they have the upper hand because they can backdoor algorithms, protocols and standards in ways that few even in their own organisations would know about let alone recognise.

Thus you or I could look at a piece of Open Source code and claim it was compliant with all algorithms and protocols and there was no known flaws in it, and we would be wrong. Because they would have added something known only to them and not to the rest of the world.

Currently I know no way of reliably detecting such things, like all side channels there are more than you could find sticks to shake at the problem.

But there is a worse problem, as I've noted the "Smart Device" entire model is incapable of being made secure. There are some known and verified to work soloutions by which you can build secure systems over the top of them. But they are "Not Convenient" and "take effort" therefore the only people who will take those precautions are the very few who feel they have need to. By and large those who feel they have need to are those who society in general would consider undesirable.

Thus the bulk of people will aleays be insecure because they want "No effort convenience".

This state is obviously highly desirable to certain "Police State" types who will take advantage of it to the maximum. Worse as the Facebook / Cambridge Analytica debacal showed, so will others to generate highly focused propaganda to ensure elections are more likely go the desired way of corporate sponsors etc.

Non of which is good for society or easy to catch or stop.

gordoAugust 3, 2019 11:34 AM

@ Clive Robinson,

The implication seems to be that, with few exceptions, the military industrial complex has a "lock" on security, regardless its source. When the NSA said recently that they no longer needed to "collect it all", that metadata and traffic analysis were enough, it made me wonder just how easy is it for them, in general, to access interesting encrypted content?

Alyer Babtu August 3, 2019 12:17 PM

The claim is made that everyone would object to moves by FB, but I wonder what can prevent the big techology mediated dystopia parodied in the modernized “1984” of Dave Eggers “The Circle” ?

https://en.m.wikipedia.org/wiki/The_Circle_(Eggers_novel)

As a practical matter, in online activity, individuality and privacy is already treated as of niggling consequence by many. The propaganda of the Big Tech in the novel is to argue “think of the childen” reasons to convince it is anti-social, and so evil, to not share literally everything. What is going to prevent this shift in the understanding of the person ?

As the wise man said, tyrannies are never imposed, they are invited.

Clive RobinsonAugust 3, 2019 1:42 PM

@ James Joyce,

"The Guardian" news article on recent calls for backdoor access to WhatsApp

As Frenchman and satarist Jean-Baptiste Alphonse Karr, editor of and contributor to "Le Figaro" observed in "Les Guêpes" July 1848,

    Plus ça change, plus c'est la même chose"[1]

https://www.theguardian.com/commentisfree/2017/jun/20/theresa-may-crackdown-snoopers-charter-encryption-terror-backdoor

There had been a trend with the current political encumbrants in the UK that their leader as Prime Minister will put a person more stupid than themselves in the UK Home Office.

But with the latest PM I had real thought that it would not be possible, as nobody realy could be more stupid than he, but I was wrong... The moronic madness continues to descend unabated into a pit of such iniquity the like of which I can not remember this century. I suspect even Dante would be challenged to find a circle low enough to match as we are now so far past the ninth[2].

[1] literally "The more things change, the more they continue to be the same thing" is more usually translated into English as "The more things change, the more they stay the same".

[2] In Dante's Inferno there are nine circles of hell. The first Circle is "Limbo", with in descending order, "Lust", "Gluttony", "Greed", "Anger", "Heresy", "Violence", " Fraud", and the ninth Circle "Treachery". Which observers of UK politics will note we have been through with the current encumberants. Though I did think that even they would not stoop to strangling with their bare hands a female protester of diminuative stature.

Another MouseAugust 3, 2019 4:11 PM

The German government is constantly after "Quellen TKÜ" which means source telecoms surveillance. Their approach is getting malware onto the endpoint snooping at the plaintext pre encryption/post decryption. So this is just new in so far, as the Trojan is baked into the app by its original, legitimate author/publisher...

tzAugust 3, 2019 6:14 PM

There have been several posts on "Backdoors", or escrow, but I think this is the key to Huawei problem.

How do you KNOW your Huawei hardware (with their software) do not contain Chinese (government, but businesses are so deeply linked) backdoors that would allow massive surveillence well beyond the NSA.

It is one thing for Snowden to expose a major AT&T Hub where there were taps, but another where every router (both home, mid, business, or backbone) has a few oopsie bugs - like Cisco (!?) that would allow anyone to invade and redirect things, or maybe shut down everything. When LA has lots of 5G dependent self driving cars, what happens to the traffic gridlock?

I don't trust Google at all, and generally don't trust Tim Cook. Am I going to trust a Huawei phone or even one with chips made by them?

Clive RobinsonAugust 3, 2019 7:23 PM

@ tz,

How do you KNOW your Huawei hardware (with their software) do not contain Chinese (government, but businesses are so deeply linked) backdoors that would allow massive surveillence well beyond the NSA.

It is extreamly unlikely that China is even remotely close to the known level of international surveillance / espionage carried out by the NSA on it's own let alone with the help of the extended Five-Eyes.

Historically from public information the attacks against Huawei and ZTE started after China told the US that enough was enough with NSA making attacks against China. The US ignored the warning and the Chinese produced laws stopping businesses importing or using equipment and software known to have been modified by the NSA for surveillance purposes.

As for 5G, it's becoming clear that the US Gov is determined for the parts most likely to be used for spying, to be made by US Corps some of which are so close to the US SigInt and IC agencies and Government that any one outside the US should have considerable cause for concern.

Especially when you look at the real infrastructure of the Internet. China is off to one side as is Russia, but the US is at the center and the extended Five-Eyes straddle all the "choke points" where any kind of international traffic flows. Thus whilst the signals arising from China spying via 5G would be obvious as they went through the choke points, none of the traffic arising from the US or Extended Five-Eyes would be visable, except to other members of the Five-Eyes Club and they are unlikely to talk.

As for who you trust or don't trust that is upto you, personally I'd rather examine the information we have, and currently that says the NSA is very very bad news and almost without any doubt the major spying agency in the world by a very very long way.

It's why Russia, China, France and many other countries want the UN ITU to not just take control of the Internet away from the US and put it in international hands, but also to put in place considerable measures to remove the US and Exyrnded Five-Eyes from Internet dominance.

The side effect of the current ham fisted US Gov policy is that the rest of the world is going to start thinking in terms of not using US equipment or designs. Not just because of the espionage risk, but primarily in terms of National Security within their own boarders. History shows how much damage a "Water Rights War" can achive, the only way to prevent it is by 'diversification of supply'. You can be sure that a lot of people in a lot of countries will now be focussing on this rather more than before.

But at the end of the day the consumer does not need 5G, 4G-LTE is what they need, which is what they will probably get for the next decade anyway as 5G will fall back to it in all but a very few very tiny areas. Also the way things currentky are "roaming" and "international use" is not going to happen with 5G thus 3G/4G will be carrying that for quite some time to come. But there is also another issue which is legacy 2G there is a very large amount of infrastructure related equipment that uses 2G and won't get teplaced for 20-30years... The mobile phone service suppliers will be held to supporting it for that period if not longer, even the latest equipment being installed is barely 4G most is earlier thus 3G/4G is going to be hanging around for some time as well...

TedAugust 4, 2019 4:54 AM

@tz wrote, "How do you KNOW your Huawei hardware (with their software) do not contain Chinese (government, but businesses are so deeply linked) backdoors that would allow massive surveillence well beyond the NSA."

I think this is an easy question to answer becaues mass surveillance is not a "per device" undertaking.

When you run surveillance at the device level you are going for specific targets, not en masse, because at the device layer there's going no control over traffic en route.

If each chinese made device in the US of A keeps a backport to the motherland (servers in China), it would generate an enormous amount of inter continental traffic that won't go un-noticed. Not to say that it would be a tremendous waste of chinese resources to handle such an enormous amount of data.

In order for mass surveillance to work, it has to be passive and out of sight.

DodoAugust 4, 2019 5:03 AM

Schneier, what exactly are you doing to compensate the victim of ypur lies? You just saying "oops, my bad" is a joke.

name.withheld.for.obvious.reasonsAugust 4, 2019 6:38 AM

Can anyone pronounce CALEA, seems to ring a bell (Ma Bell). Seems telco, carrier grade, hardware has a requirement--at least within the United States, this may have changed due to 2008 FAA or some such nonsense.

Invariably to comply with federal communications standards, telephone/network/comm services are required by law to be CALEA compliant--in other words--trap and trace.

Bruce SchneierAugust 4, 2019 10:30 AM

@Dodo

"Schneier, what exactly are you doing to compensate the victim of ypur lies? You just saying 'oops, my bad' is a joke."

I didn't mean it as a joke -- I was serious.

Ignoring your "lies" characterization, the notion of compensation is an interesting one. I think my audience is my readers, and the retraction is for them. I suppose I could offer Facebook compensation by opening an account, but that seems a bit much.

I think the retraction and explanation is sufficient.

James JoyceAugust 4, 2019 11:33 AM

@Bruce

you shouldn't have retracted anything in the first place, because it's pretty immaterial what Facebook has to say on this (and they didn't even make an official statement).

SpaceLifeFormAugust 4, 2019 12:44 PM

@gordo

I believe that any interesting SemiPrime and its two prime factors are just a lookup away at Bumblehive.

I have zero reason to believe that the alleged reasons for the existence of the datacentre are true.


gordoAugust 4, 2019 2:28 PM

@SpaceLifeForm,

James Bamford might agree, as well.

8 Utah Data Center, Bluffdale, Utah At a million square feet, this $2 billion digital storage facility outside Salt Lake City will be the centerpiece of the NSA's cloud-based data strategy and essential in its plans for decrypting previously uncrackable documents.

https://www.wired.com/2012/03/ff-nsadatacenter/

Which brings to mind @Clive Robinson's great "time machine" . . .

Clive RobinsonAugust 4, 2019 5:29 PM

@ Bruce,

the notion of compensation is an interesting one

You still have a right of free speech, and for any kind of compensation to be due, they would have to show that they suffered harm at your hands.

The fact thst Facebook have not done anything in their official capacity, suggests that they do not beleive that there has been any harm, or if there has been harm it is very minor or inconsequential.

Further it could be argued thst in fact you have done the opposite of harm to Facebook. It's the reason there is the old saw of PR/Marketing of "There is no bad publicity only publicity".

But lets take a step or two back, you mentioned a story published in what is regarded by sufficient people as a "reputable" magazine. The story was based on another story that had also been published without question. Likewise it was based on reporting from a conference, which again when published had not drawn any critizism.

I'm not sure how far back you are supposed to personally go to verify a story that you are not actually publishing or particularly taking a position on but are discussing issues (content moderation as a backdoor) brought up by the story as issues rather than the alleged player (Facebook).

The simple fact is the idea of "content moderation" is one getting pushed by all sorts of people who have realy not thought it out and I realy mean thst they have not thought about it. Their reasoning is at best "knee jerk" based on dubious edge cases and quite a bit of faux "fake news" whipped up into an emotionaly driven echo chamber.

Any argument that says that people should lose basic freedoms such as the right to disagree because of what is a fake fear, should realy be resisted. Not just because it's wrong but it's actually deeply insulting, and signs of disengagment from reality by those making it. In essence they are saying that every one is stupid because they don't agree with their emotive and unfound argument. That is they are taking the view point that almost an entire nation is to infantile to be alowed responsability to think and reason, whilst they the self appointed should be "guardians"...

Now I can not say how these people came to their view point but it's clear it was not by rational examination of the effects on society.

Personaly I do not want my life to be dictated by irrational and ill informed people. Especially when I've been warning about the downsides of the current implementation of technology that makes such ill advised policy possible.

We actually have previous experience of just how easy such "end run" attacks are on this ill designed technology before. The CarrierIQ debacle should still be within the majority of this blogs readers minds, after all it was back in early Nov 2011 that Trevor Eckhart published his report that pointed out the capavilities were effectively spy-ware (AT&T bought CarrierIQ up in 2015 which might help answer your earlier question). But the same sort of thing has happened with RIM Blackberry phones and unsavoury / oppressive governments getting master key access. Then there is the compulsory telemetery put in not just by phone manufacturers (many not in China) but US OS suppliers.

My view based on history and it appears to be agreed with by increasing numbers who care to think about it, is that "A lack of privacy and free association is very harmfull for society". Just one symptom of which is it encorages extreamist groups to florish that in turn pull in what would be normally considered social misfits and those lacking a moral compass. This almost always leads to polarisation, violence, significant social break down and often a tail spin downwards into Marital Law or civil war, which I suspect the majority would consider harmfull to a free and equitable society.

Thus I personally think any reasoned discussion about the likes of unrestricted "plain text access" is long over due. As is a discussion about why we alowed technology that has been designed to enable such "plain text access" for unrestricted access not just under lawfull oversight but wihout restriction and hidden from sight by corporate agenda.

Thus even though the story might be currently wrong (and Facebook have done nothing to say it is not wrong) the conversation needs to be had and those bringing knee jerk edge cases such as many current politicians should be outed and shown for what they are, such that people in general can make rational choices based on reasoned and informed discussion.

Sancho_PAugust 4, 2019 6:13 PM

@name.withheld re backdooring or “lawful” access

I think with the CALEA requirement and access to messenger content there is a huge difference:
CALEA is, as the tape recorder was, is meant as access from now on into the future.
Never backwards.
But messenger content access is also going back in time.
AFAIK it was never thought or spoken of limiting “lawful” access to future communication only. Think of the children!

Whatever was said and to whom could be taken (out of context) and used, now or years later, hidden or in the open, from LE to anyone who had access to the dataset, be it paid (business, corruption) or stolen from servers, locally or worldwide, known or unknown, for any purpose.

The tapes were to big to be kept endlessly, digital data is not.

Clive RobinsonAugust 4, 2019 7:24 PM

@ Sancho_P, Name.Witheld...,

CALEA is, as the tape recorder was, is meant as access from now on into the future.

You need to go back long before even then.

English legal theory was based on the notion of "Equity in arms" or if you prefere the old "Trial by combat". Nothing was ment to be hidden and no dishonest behaviour allowed by either party.

The idea behind "warrants" is a little more subtle than most realise.

Firstly they gave oversight to the process ensuring some kind of probable cause existed such that no honest man be impuned or his good name sullied without just cause.

Secondly and more importantly they had to be served on the named individual, and describe the items sort. Which importantly gave the accused due notice not only were they under investigation, but also that they could challenge the "probable cause" thus stop the invasion of their privacy. Likewise they could challenge the scope to stop illegal "fishing expiditions".

Thirdly those who had obtained a warrant were then put on a clock, they had to produce a case to court in a sensible time frame or be challenged and have to withdraw their investigation.

Forthly was the notion of equiry in arms, that is the resources investigators had available were not just finite but highly limited such that investigations would be kept in check.

The problem with the ability to record communications is at best only the "probable cause" was left as a protection and gone was your ability to challenge it.

Thus "endless investigation" or just plain endless surveillance came in with recording phone calls. Which was inpart, why originally, there was only the chart recorder "pen and trace" of pulse dialed numbers recorded not "audio". This was based on the notion of letters, where the address on an envelope was not private knowledge but the contents of a sealed envelop most definately were.

There never was the intended idea that a third party "fly on the wall" evesdropper would exist on personal communications in criminal investigations (treason and other high crimes of state were treated entirely differently originally under the monarch's prerogative).

Thus not only does "collect it all" in effect give the authorities a "time machine" the very small cost per person of doing so means the "equity in arms" is gone and the hidden nature of "collect it all" gives the authorities as much time as they wish to build a case whilst robbing the defendant of equivalent time to defend themselves.

All in all the use of technology in this way is very dishonest behaviour and most certainly not envisaged in an equitable justice system.

name.withheld.for.obvious.reasonsAugust 5, 2019 12:38 AM

@Sancho_P and @Clive (my old chums)

Oh, but to suffer the swings of great folly--to the ramparts, or to Camelot? My carriage doth await--though on fire.

As before, since the Telecommunications Reform Act and 1996 and various barfings held at justice and the FCC, we can expect this pony to die a horrible death...

And, to the contrary my monastic friends. FBI and DOJ officials back in the late 1990's pushed very hard to make changes to the structure and nature of CALEA since its original "forced" feeding to telcos in 1994. The telcos were pretty mute about the whole thing whilst carrier equipment manufacturers, for the most part, begrudgingly acquiesced and even dragged out implementation deadlines for years. It was in 2007 that the final nail was put in the coffin of communications for the commoner; content and clam were the cankerous communications regulators with their canards.

The DOJ's hubris (or is it huge ass) is well tallied at the Stanford Law School, Center for Internet and Societyhttp://cyberlaw.stanford.edu/blog/2016/03/doj-misleads-court-calea-apple-case

I remember early on, say about the Clipper chip catastrophe, the extension and modification to CALEA and the telecommunications reform act of 96 were instruments of our modern destruction. I remember debates with Bruce at the time (we'd met briefly in Berkeley for the Von Nuemann presentation recognizing Zimmerman). My how time flies when you are not having fun.

Gerard van VoorenAugust 5, 2019 1:30 AM

@ Alyer Babtu,

The claim is made that everyone would object to moves by FB, but I wonder what can prevent the big techology mediated dystopia parodied in the modernized “1984” of Dave Eggers “The Circle” ?

You have asked THE question!

My answer is nothing can be done against the US politicians and they are the ones that create this mess. This would have been okay if they didn't have such a massive power over the rest of the world.

Which means that the only thing what you can do is to not use FB, Whatsapp or any other GAFAM cr*p. Don't trust your government to do anything against this. The best thing is to get rid of your smartphone!

Just ask yourself the question of why did all these mass killings appear in the US? What is the root cause of this? Is it the "lunatic" individual or the unwillingness of gov (for decades)?

As the wise man said, tyrannies are never imposed, they are invited.

The problem is that the tyrannies cause so much harm to civilians.

Clive RobinsonAugust 5, 2019 4:58 AM

@ Gerard van Vooren, Alyer Babtu,

Just ask yourself the question of why did all these mass killings appear in the US?

History shows that society becomes sick when people are denied the rights of privacy and free association.

More than one historian has noted that it was not the "Tea or other Tax" but the "general warrants" and "forced accommodating" of soldiers in peoples homes that were the underlying cause.

A thought certain people should hang on to is what is said "refreshes the tree of liberty"...

According to

https://www.gunviolencearchive.org/reports/mass-shooting

There have been 255 mass shootings this year sofar in the US...

Clive RobinsonAugust 5, 2019 6:34 AM

@ Name.witheld, @Sancho_P,

As before, since the Telecommunications Reform Act and 1996 and various barfings held at justice and the FCC, we can expect this pony to die a horrible death...

It's not just that pony that's "en flambé"...

As some of us know the Plain Old Telephone Service (POTS) or "land line" was analog, which ment you could use the 300hz-3.5KHz bandwidth as you pleased. Which is why we ended up with some eye wateringly fast analog modems towards the end of the "dialup era" at the turn of the century.

Not so the the cellular networks that use speech compression which effectively alienates any other usage of the available bandwidth for anything other than speech.

Back in the old "dialup days" of the 1990's when 486's running at 50MHz where the hight of computing power for the home user. I and some associates developed our own "private speech" software, that used the line in on the PC to digitize the audio (with LCP10), then encrypt that (with Modified DES) and then send the data down to the modem.

Whilst it worked it had delay and other problems that made "ordinary speech" harder than most would like (much like the old long distance calls via satellite). But it was fine for anyone who was used to using "radio comms".

As others have found trying to make external "voice encryption" for mobile phones is very difficult at best. So far it's proved well neigh impossible for "consumer" pricing[1] and the major stumbling block when people have tried is due to the speech compression used[2].

Likewise you would not want to do speech encryption on a vanilla mobile phone for various reasons not least because of the expense of getting type approval (I know of people who tried to do this but the market was not there at the time in the mid 2000's).

But doing it on smart phones is also very unwise, not just because the security end points are in the wrong place but for another perhaps more shocking reason.

With most mobile phones the sending and receiving of data carries on even when you are placing a phone call. But people forget that due to "Health and Safety" arguments the "operator" can place a "silent break in" call to a phone at any time. The consequence of this is, as there is only one microphone in a phone, what you are saying into the microphone to go into your voice encryption app and thence onwards as data also can be sent down the ordinary "Operator assist" silent break in... Thus an audio based end run attack is fairly trivial[3] in smart phones.

But that silent break in issue also works if you are using an extetnal voice encryption device that generates say USB data, and will pick up any audio in the room...

There are ways around this issue with a soldering iron but only the geekiest of geeks are going to do that, and the resulting "cludge" they are unlikely to want to use in public or try crossing a border with due to the attention such a cludge would bring the user...

So the pony of "secure speech for the masses" has gone beyond en flambé and has been well and truly barbequed.

[1] Something potential "crowd source" funders should remember. Anyone else remember "jackpair" from 2014? They still have a web site quoting @Bruce but as for product...

[2] It's interesting to note that the voice compression used in mobile phones (CELP) was originally developed by the NSA. Who very supprisingly at the time made it available for use around the world,

https://www.nsa.gov/Portals/70/documents/about/cryptologic-heritage/historical-figures-publications/publications/wwii/sigsaly_history.pdf

[3] As far as attacks go, "End Run Attacks"[4] are realy the biggest enemy of privacy and security especially audio end run attacks. They are fairly trivial to set up and the physical constants in the likes of keyboards means even key strokes can be worked out. With signal processing each individual mechanical key click can be identified, then it is the equivalent of breaking a simple substitution cipher to recover what is being typed. Whilst it would be harder with "virtual keyboards" using touch screens you have to remember the basic process by which touch screens work to see there are interesting possabilities for the curious to investigate be they a student or spook.

[4] For those outside the US "End Run" is a sporting term, where an attacker outflanks the defensive line,

https://www.lexico.com/en/definition/end_run

SpaceLifeFormAugust 5, 2019 4:22 PM

@Clive, @gordo

I've told folks for a long time: Keep your copper dry.

So, as I was typing that (on older device, older chromium), my browser crashed. Imagine that!

On browser restart, and trying to immediately reach this site again, I get:

This server could not prove that is www.schneier.com; its security certicate is not trusted by your device's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.

NET_ERR_CERT_AUTHORITY_INVALID


[Since it was working moments prior, no reboot, I think I can strongly conclude that all TLS traffic is being MITM-ed]

[And post reboot, same results]

Did this site change certs or upgrade ciphers today?

[Posting from a diff device, diff net]

EvilKiruAugust 5, 2019 5:56 PM

@SpaceLifeForm: I'm still getting a lock icon in Chrome Version 75.0.3770.142 (Official Build) (64-bit), but it's currently being updated according to Help > About, so I'll post an update after I restart it.

EvilKiruAugust 5, 2019 5:57 PM

A relaunch reports Version 76.0.3809.87 (Official Build) (64-bit) and I still have a lock icon on this site.

Clive RobinsonAugust 5, 2019 6:06 PM

@ SpaceLifeForm, Moderator,

Did this site change certs or upgrade ciphers today?

That's a question best answered by the moderator.

The problem I've been having in the UK is with Vodafone who are one of the world's larget Mobile ISPs and has had issues for the past week or so... Not that their tech support staff know "jack" (or will admit it).

Chasing other sources of information indicates apparently they are telling certain people it's an upgrade as part of 5G preperations... The reality is that there is no real reason to touch the systems (DNS, Nanny Wall, etc) that have been visably effected...

What it appears they have been doing is adjusting their "nanny wall"[1] tables that are used to block sites (you can tell by the response time you get). Many security sites and electronics and physics sites have as a result "been disappeared" for no real reason (thus most likely an automatic system running into the "Scunthorp" problem[2] with technical terms and the like that AI just totaly SNAFU's).

[1] The "nanny wall" is the idea of ex UK Prime Minister Theresa May. Like her moronic "snoopers charter" it was a political publicity stunt. Essentially she demanded that all ISPs filter content to customers and "think of the children". A totaly pointless idea because the main damage is the big Silicon Valley corps creating addiction, depression and suicide in vulnerable people in order to supposadly sell more advertising (the real reason is way more dark and is stalkerish profiling). Likewise the big corps provide avenues for cyber bullying, gaslighting and a lot worse none of which content filters can catch. Likewise even children know or can easily find out how to use free VPN's to get around it. Oh and it's cristened "nanny" because the usual mantra from Theresa May's party is their opponents (plural) want to expand the "nanny state".

[2] Scunthorp is a busy town and local council in the UK. The story is that they fitted a new "profanity filter" which then stopped all incoming mail (see 2nd to 5th charecters in their name). Other words often get caught in other filters such as those dealing with imprisonment (penal servitude), for astronomy (black holes, and older terms such as heavenly bodies and libido). Engineering especially older mechanical engineering is full of them... As anyone who has ever read the small adds and been told the alternative meanings of "French Polishing" and similar, can see that even humans miss a good deal of the "naughty" that such "think of the children" idiots demand be stopped. It's actually a task of Sisyphus as humans are more diverse than AI will ever be thus will out evolve it in such word games.

SpaceLifeFormAugust 5, 2019 8:25 PM

@EvilKiru

(and @Clive, Moderator)

Thank you for the report. As I expected, it would still be ok for you.

So, I did some more testing. Back to the original device, original net, rebooted, but a diff route.

Same results.

But, a different browser worked.

Something changed (for me) today.

Fingerprinting? Only MITM sometimes?

It's just wierd that it suddenly failed after years. And was working until I tried to mention copper.

And as Clive noted, wierd stuff happening.

[Posted from diff device, diff net again. Cause, you know, security]

SpaceLifeFormAugust 6, 2019 4:46 PM

@EvilKiru

(and @Clive, Moderator)

So, lets see what happens aprox 24 hours later, same device, same net.


It's now working. No reboot since last report.

Sure smells like RSA is dead.

SpaceLifeFormAugust 6, 2019 6:03 PM

@EvilKiru, @Clive, Moderator, @Gordo

Left out important info.

Not only same device, same net,
but also same route and same browser that the problem originally appeared.

Which then also points to fingerprinting and TOD to do a TLS MITM.

Basically, subjects and targets may only be TLS MITM-ed at certain times of day based upon what earlier metadata points to.

Example: nah, too many.

SpaceLifeFormAugust 6, 2019 7:36 PM

@A90210

NRA, Blackmail. Connect your own dots.

Note that MM did not make the trip to moscow on 2018-07-04.

You did not read between the dots and my intel reason for making the point.

Are you Guccifer2 in reality?

Cause your zip says you are.

Bong-Smoking Primitive Monkey-Brained SpookAugust 7, 2019 8:49 AM

Crap! Another tweet. We lost 50% of our wealth!
Lesson learned! Next president is likely going to be a "Snapchat" or a "WhatsApp" president. Backdoor them!

C U AnonAugust 7, 2019 10:25 AM

@ BS PM BS,

Lesson learned! Next president is likely going to be a "Snapchat" or a "WhatsApp" president. Backdoor them!

Hey ev'bdy has to unload some times. The larger the sack of cr4p the more 5h1t they have to unload.

Maybe we should get them a proper cat to kick, mind you sometimes the feline bites back,

https://m.youtube.com/watch?v=oaw-savyK0s

Bong-Smoking Primitive Monkey-Brained SpookAugust 7, 2019 12:30 PM

@C U Anon:

mind you sometimes the feline bites back,

What a nasty mishap. Not :)

berberAugust 9, 2019 11:08 AM

Facebook should be broken up.

Also we need a Bill of Rights to protect us from corporate abuse, esp by tech companies. Corporations should not be allowed to abridge free speech on their platforms for any reason.

The 1st amendment is irrelevant when nearly all public speech is carried out on corporate-owned platforms.

Corporations should be excluded from 14th amendment protections. If you don't like it, don't incorporate your business. Run it as a proprietorship and accept the risk. The liability protection offered by a corporation is a privilege granted by law, not some natural right.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.