[jackgavigan]

I would argue that there's a fourth kind of ‘no’, when tech decides that enough is enough, and says "No, fuck you."

We've reached that point in the UK, where the government has proposed draconian legislation[1] that would allow the government to force companies to create backdoors into encrypted messaging services.

As a result, Whatsapp[2] and Signal[3] have said that they will pull out of the UK, and Apple[4] has said it will remove Facetime and iMessage from the UK if the legislation passes.

1: https://www.eff.org/deeplinks/2023/07/uk-government-very-clo...

2: https://www.theguardian.com/technology/2023/mar/09/whatsapp-...

3: https://www.bbc.co.uk/news/technology-64584001

4: https://www.bbc.co.uk/news/technology-66256081

[Doches]

This is explicitly the point of the article, really: the author’s third type of ‘no’ is “we literally can’t do this” — and that’s the situation in the UK. It’s not that Meta, Apple, and Signal are saying “fuck you” to the UK; it’s that they’re saying “there is literally no way for us to comply with this legislation, so our only legal option is to leave your market.”

I agree that there’s a sort of implied, under-the-breath muttering of “…you morons”, but if there were a way for the messaging companies to comply they’d just…comply. Angrily and noisily, perhaps, but even in its current pathetic state the UK is too big a market to ignore.

[soraminazuki]

The author's third type of "no" refers to the technical feasibility of compliance. OP, on the other hand, is referring to the refusal of the idea itself. In the case of encryption, the technical side of things is insignificant compared to the Orwellian nightmare these sort of laws intend to create. It would still be a terrible idea even if technical drawbacks were absent, and one doesn't even have to be a nerd to see that.

[peoplefromibiza]

> “there is literally no way for us to comply with this legislation, so our only legal option is to leave your market.”

as much as I love my encrypted chats, both those sentences are not true.

Devil's advocate would say:

1: Tech companies can obviously share the keys with the government, like they do in a group chat, it would simply mean "GVT has joined the chat" [1] and it could also work the same way wiretaps have always worked, under a very strict legal framework and behind a colossal amount of bureaucracy to authorize their use.

2: tech companies are not leaving those markets, they are simply buying time, they don't want to do the work, because it's work they will not profit from, but there's nothing preventing them on the technical side from doing it.

[1] have you ever seen this on an Android device? https://i.imgur.com/XUxiUUr.jpeg

[atoav]

No. The problem is that as a messenger company you have to comply with different markets at the same time. If the biggest market (the EU) would punish you for breaching privacy and a small market (the UK) wants to punish you for the polar opposite you can either:

- develope a seperate app for that small market and break that promise (and have the headache of figuring out just how to treat communications that cross the border of those two markets)

- choose the bigger market, retreat from the smaller one and let the small market decide if they really want their special deviating regulation if it now means: "Those politicians took your messenger away" and there is no EU-buerocrat that you can blame for it.

Notice how this doesn't even require any particularly strong political stance by the messenger organisation? The latter just makes more sense from the standpoint of an organization that cares about it's use of resources.

[nonethewiser]

> No. The problem is that as a messenger company you have to comply with different markets at the same time.

Well then you could technically say they can't keep the keys private then, since some places force them to share. It's definitely a "can but wont" scenario.

[ethbr1]

> (and have the headache of figuring out just how to treat communications that cross the border of those two markets)

You could also ban the ability for UK citizens to have chats with EU citizens, which I imagine some of the kookier UK conservatives would love.

[atoav]

You could do that, but then you cut a whole mode of interaction between e.g. UK parents and their kids who study or live on the continent.

Either way this is a measure that (like many conservative talking points) sounds good on paper ("law and order"), but once it becomes reality it won't win you any prices, except negative ones.

[pavel_lishin]

The response to your devil's advocate argument is: giving you the keys is not actually a solution, because now every foreign government is racing to break, steal or buy those keys, and not only can we not guarantee that it won't happen, but we can't even discover if it happens, or when. We can build a secret entrance, but we cannot guard it!

[EGreg]

Why can’t they know when someone uses the secret keys?

Perhaps the messages would be individually encrypted and the keys would need to be used in order to retrieve the message encryption keys. And to do this, they would need to provide an explicit reason and only get the limited info that the warrants etc. would support and the reasons would be stated in every case.

[DexesTTP]

The point is that today, the key isn't in Google's or Amazon's or Meta's servers, but on the phones of people. That means that you literally don't have the key if you don't have the phone. And governments don't want that, they want the keys in order to eavesdrop but without being noticed (and stealing the phone would get you noticed).

So your only option to comply with this is to remove the phone-only key storage option and move all of the key into your servers, which is what we talk about when we mean "breaking end-to-end encryption".

The issue is that to comply with the rules, you have to secure that server so only the good guys can get in, and only if the warrant is legit, but also to allow fast access for time-sensitive cases such as terrorism and secret cases such as NSA investigations. You also have to make sure that there's absolutely no way for people to access that server if they don't have the approval.

Oh, and also that server / these servers contain the keys to read every message from every citizen of your country (including politicians), which is probably worth as much of your GDP.

So you need to build the equivalent of a safe containing one trillion dollars that can't be accessed for any reason except all of the reasons mentioned abov3. Except that this theoretical trillion of dollars are special dollars where if you mess up and let people in without anyone noticing they got in, they can "steal" the trillion dollars and start spending them and nobody would notice that they're being spent. And there's just about every country on earth that would love to "borrow" your two trillion dollars, especially if you can't ever realistically prove they did it.

Easy, right?

[ethbr1]

Has there ever been a public key sign-countersign encrypted tap method?

I.e. Authorized tap requestors have keys (law enforcement, intelligence) and sign a request (including timestamp), storing a copy for audit.

The approval system (courts, FISA) validates that request, countersigns if they approve (including timestamp), storing a copy for audit.

The system owners (messaging services, etc.) then validate both signatures and provide the requested tap information, creating a tap record (including content scope and timestamp), storing a copy for audit.

Ideally, then all audit logs get publicly published, albeit redacted as needed for case purposes.

Part of the central issue is deciding "Who should be responsible for security?" Imho, if governments want to mandate a scheme like this, it sure as shit shouldn't be the tech companies. The government should have to manage its own keys, or deal with consequences of leaking them (while allowing the tech companies to retain independent records of individual requests).

As much as it pains me to say this... this wouldn't be the worst use case for a blockchain...

[pavel_lishin]

> And to do this, they would need to provide an explicit reason and only get the limited info that the warrants etc. would support and the reasons would be stated in every case.

The scenario I'm talking about isn't overly-broad warrants, etc. Technology can't prevent that. I'm talking about just the tech implementation.

Fine, we have a private keypair for every message, and every message is additionally encrypted with the public key of the government-per-message-keypair.

How are these per-message keypairs generated? If from a central server, then that becomes a massive weakpoint in the system for multiple reasons: it could be attacked to prevent new keypairs from being generated, it could be hacked to extract private keys, it could be modified to generate keypairs that an adversary can easily break, it could be modified to also send private keys to adversaries, etc., etc.

If they're generated on-client, and the secret key is sent to some central repository, then the client or the device the client is running on could be compromised; the private keypairs could be intercepted en-route; the central repository could _still_ be compromised since it can't be airgapped to receive these keypairs.

In the case of a warrant, how is each key actually fetched? I don't mean the legal process, I mean at some point someone has to push a button and decrypt a message. How do we protect that process? Besides the fact that even air-gapped systems can be vulnerable to a sufficiently motivated and well-funded adversary, at some point some human being has to have access to this system, and that human being probably has family members. How vulnerable are they to being beaten with rubber hoses, or receiving their spouse's fingers in the mail?

If you're going to build a system that can expose everyone's private communications, it better be incredibly close to fool-proof, or it better not be built at all.

[peoplefromibiza]

> because now every foreign government is racing to break, steal or buy those keys

it's much easier and much cheaper to simply steal the phone (maybe phones?) containing the keys. Or hack it (them?).

And then calmly search through the phone's backup.

That's what I would try first if I was in charge of such a task.

[nonethewiser]

Yeah but he's not saying it's OK. Just that they could do it.

[Tangurena2]

The tech companies design the system so that there exists no central key that could be used to decrypt every conversation. Each conversation generates their own unique key. If some back door existed, it could never be limited to "law enforcement" any hacker could unlock every conversation. Politicians are incapable of learning this.

[peoplefromibiza]

> The tech companies design the system so that there exists no central key that could be used to decrypt every conversation

And in fact nobody claimed that, at least not in this thread.

It's still not impossible to provide the keys for a conversation, it's not a technical limitation by any means.

Perhaps the good guys at Mullvad can provide that level of privacy, but certainly not WhatsApp, their interest align with those of the users practically never.

[didntcheck]

> under a very strict legal framework and behind a colossal amount of bureaucracy to authorize their use.

In other words we'll provide some comedy material for our "trusted agencies" to amuse themselves with, between writing their latest summary snooping system and sharing stolen nudes round the office

[peoplefromibiza]

First of all, the justice system revolves around the rule of the law, homicides are forbidden, doesn't mean that it is hard to kill someone, it's simply prohibited by the law and people tend not to do it.

Wiretaps use the same pattern, potentially it is very easy to listen to other people's conversation, but it is unlawful unless authorized, so people usually don't do it.

Imagine this scenario: a man only contacts the phone number of some woman when the phone of his wife is out of town, plus the man's phone can be located at the woman's house only at night when the wife is away.

What can that mean? Who knows...

That kind of data, which is equally revealing and privacy breaking, is completely legal. Why is that? Because tech corporations don't really care about what you say, but about your habits, to exploit them.

The justice system OTOH doesn't work in aggregates and patterns, it decides case by case, because every person is responsible of their actions and only theirs.

So the two use cases are vastly different and the tension towards complete and unbreakable secrecy is not 100% aligned with the interests of a society at large. Only a very tiny minority benefits from that.

Agencies snooping is illegal too, but they are out of the law anyway. "Licence to Kill" is the title of a Bond movie precisely for that reason.

[rhaway84773]

Not only is it not true, it’s very likely they’re already doing it.

For example, WhatsApp sells itself as fully encrypted, etc. but if you’re in a group chat thars not true anymore. That information is available to WhatsApp and they almost certainly make it available to several governments (hopefully in a judicially protected way but we can’t know that).

Further, if you backup your WhatsApp chats, that’s game over for any privacy.

The UK legislation is stupid because the UK has been run by a bunch of stupid people for at least the past decade.

Nothing about this legislation is dumber than Brexit, for example, which was a referendum that was proposed to the public in such a ridiculous manner that the next half decade was spent in divining what the referendum actually meant.

[FabHK]

> For example, WhatsApp sells itself as fully encrypted, etc. but if you’re in a group chat thars not true anymore. That information is available to WhatsApp and they almost certainly make it available to several governments (hopefully in a judicially protected way but we can’t know that).

Source? It could well be that the sender e2ee it to each of the recipients, no? (Trivial to add the government or WhatsApp itself to the recipients, then, but that is a different claim.)

[bostik]

OP reads like something I have played devil's advocate for. In an earlier discussion about WA vulnerabilities, one of the reported bugs was that as implemented, Facebook could have added themselves silently to any group chat, thus receiving with plaintext copies of all messages sent in the group from that point onwards. I then extrapolated that if they so chose, they could change their plumbing enough to make all chats group chats - even when they were between two people.

To be absolutely clear, there was not - neither back then, nor since - evidence of this being the case. But the technical capability and potential for such subversion was there at the time. I have not followed the domain news enough to know whether this is still the case.

What is available to WA and thus to governments, is the traffic pattern part. Who communicates with whom, when, how large the messages approximately are, and so on. The stuff our industry and journalists at large have chosen to call metadata[tm].

I stubbornly call the whole thing for what it is: traffic analysis. Old-school style.

[barrysteve]

I don't understand. In the case of a national security incident, the US gov/military would have popular apps cracked open ASAP.

We live under a global survelliance network and somehow the gentlemen's agreement on keeping end-to-end encryption in place, is the only thing keeping our chat apps private?

One would hope for a concrete privacy that doesn't depend on multi-national corps and nation-states to agree that it should be kept private.

Something else has to be going on here, because nobody could commit to keeping dangerous secrets on whatsapp, after assange and snowden.. right?

[red-iron-pine]

> I don't understand. In the case of a national security incident, the US gov/military would have popular apps cracked open ASAP.

Except that didn't happen. For example, there was a terrorisim-related mass shooting in San Bernardino, California, and they got the shooters phone.

Apple refused to decrypt it.

The Feds later bought a 0-day off of a foreign firm, thought to be Israeli or maybe Australian, and got into that way, but Apple stood their ground.

https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d...

[mikrl]

>In the case of a national security incident, the US gov/military would have popular apps cracked open ASAP

But it just doesn’t work like many people think: the policeman says ‘open it’ and it gets opened by the company.

Imagine a bank vault containing something security critical. If the US government needs it but the key isn’t available, it will move heaven and earth to get the best vault breachers and experts of circumventing bank security, regardless of the cost.

You can think of it as a one-off job, at a high price tag, without the guarantee of success. But phones are easier to breach (more points of failure) than a bank vault.

[dreamcompiler]

Whatsapp can be assumed insecure because it's owned by Meta. Signal and the Apple apps are another story.

In the case of a national security incident, these companies don't cooperate with the government because they have no ability to do so. On occasions where the government has broken Apple encryption, they've done so by buying the software or services of companies who collect zero-day exploits, which Apple then fixes when they become known.

Governments hate basing a policing policy on the hope that a zero-day will exist when they need one. They much prefer a dependable backdoor that they can access which nobody else can, and that's the magic unicorn that cannot be built.

[klooney]

None of them are secure against the global surveillance apparatus. In the event of 9/11 2, the NSA will send goons to sit with the devs, make a special build that forwards data to a special data center if you're on a list, and then they'll go to Apple and Google to secretly force push the special build.

[rf15]

> We live under a global survelliance network

But we don't, right? Neither every word nor every move you make is recorded. Not to mention not globally shared, of all things.

[barrysteve]

Uhh.. London has a CCTV network that doesn't prevent theft.

My parking lots used to be tech-free and all now have poles with cameras and government signs on them.

Face camera tech in all retail outlets. Every second or third home is plastered in cameras, some beaming their data back to some US corp.

Phone tracks everything you do, to hundreds of app providers, who then sell it on to data aggregators.

Refuse covid vax? No access to public services.

My IT friends have admitted the whole point since the 80s was the spying.

Watergate and Cyberdyne (nixon) started the end of secret keeping.

It is no different to Oceangate and Teledyne (sub imploding) starting the end of physical freedom.

Snowden, Assange, basic facts about GCHQ and google offshoring domestic data in the UK so they can classify it as 'foreign spying' and legally dissect it all, when they re-import it.

Deanonymizing online activity is statisically trivial.

All the 9/11 stuff destroying liberty and adding excessive security at airport gates and body scanners that were never needed before. ect.

Euthanisia has been legalized.

Some of us, do in fact, pay attention.

Writing's on the (digital) wall. Every man will be a 'slave' to tech run by harvard-types, by the end of the 2030s.

While we're "working from home", the gov and tech companies destroyed the physical infrastructure that allowed freedom and replaced it with tyranny.

People are fleeing cities to live in the countryside. I. Wonder. Why.

Here I am remembering and telling the truth. As if that mattered.

I'm watching this in real time without the means to change my living circumnstances, and it's a big old brain melter.

I'm supposedly responsible for my actions as a person, yet the gov and tech companies, really are indicating it doesn't think I should be allowed to exercise free will.

....

[CapitalistCartr]

Every word sent across the Internet is; every move accompanied by a mobile is; every move in an automobile with a tag is; every purchase made with a credit or debit card is.

[permo-w]

that's a pretty low bar

[ekanes]

While it's probably not your point, I find it greatly heartening that these companies are sending such a strong message by leaving a big and valuable market. It doesn't really matter what their reason is... it could be:

a) They value privacy and don't want to comply.

b) They can't access the messages, and thus can't comply.

Either reason is fine. Am I missing something?

[pbmonster]

c) They don't want to deal with the clusterfuck of dealing with communication between parties in the UK and parties in the EU. Because then, UK law would require them to remove the privacy tech in place, while EU law would require them to protect that privacy. And they'll have parties changing jurisdiction frequently, possibly mid-call.

[MerelyMortal]

d) It's more worthwhile to give up a small valuable market to appear like they're doing the right thing for a larger valuable market in order to keep those users.

[genmon]

I guess the distinction comes from the type of underlying 'no'.

These cases in the UK are a decided response to no-type-3: "we actually can’t do that".

Whereas Meta disallowing news links in Canada (another enough-is-enough response) is because of a no-type-2: "that’s a really bad idea".

Useful to have Evans' typology to distinguish those two cases.

(As a counterfactual in the UK, the decided response _could_ have been, "we actually can't do that technically, but ok we'll change the architecture, destroy our brand promise and increase the attack surface, and put the back doors in anyway.")

[marcosdumay]

> but ok we'll change the architecture

That's why no-type-2 and no-type-3 don't have an strict line separating them. This is an example of both, because it's probably not being done because a lot of other countries would deem their service illegal if they did it, and not really for technical reasons.

[jnsaff2]

This is BATNA: https://en.wikipedia.org/wiki/Best_alternative_to_a_negotiat...