[peoplefromibiza]

> “there is literally no way for us to comply with this legislation, so our only legal option is to leave your market.”

as much as I love my encrypted chats, both those sentences are not true.

Devil's advocate would say:

1: Tech companies can obviously share the keys with the government, like they do in a group chat, it would simply mean "GVT has joined the chat" [1] and it could also work the same way wiretaps have always worked, under a very strict legal framework and behind a colossal amount of bureaucracy to authorize their use.

2: tech companies are not leaving those markets, they are simply buying time, they don't want to do the work, because it's work they will not profit from, but there's nothing preventing them on the technical side from doing it.

[1] have you ever seen this on an Android device? https://i.imgur.com/XUxiUUr.jpeg

[atoav]

No. The problem is that as a messenger company you have to comply with different markets at the same time. If the biggest market (the EU) would punish you for breaching privacy and a small market (the UK) wants to punish you for the polar opposite you can either:

- develope a seperate app for that small market and break that promise (and have the headache of figuring out just how to treat communications that cross the border of those two markets)

- choose the bigger market, retreat from the smaller one and let the small market decide if they really want their special deviating regulation if it now means: "Those politicians took your messenger away" and there is no EU-buerocrat that you can blame for it.

Notice how this doesn't even require any particularly strong political stance by the messenger organisation? The latter just makes more sense from the standpoint of an organization that cares about it's use of resources.

[nonethewiser]

> No. The problem is that as a messenger company you have to comply with different markets at the same time.

Well then you could technically say they can't keep the keys private then, since some places force them to share. It's definitely a "can but wont" scenario.

[ethbr1]

> (and have the headache of figuring out just how to treat communications that cross the border of those two markets)

You could also ban the ability for UK citizens to have chats with EU citizens, which I imagine some of the kookier UK conservatives would love.

[atoav]

You could do that, but then you cut a whole mode of interaction between e.g. UK parents and their kids who study or live on the continent.

Either way this is a measure that (like many conservative talking points) sounds good on paper ("law and order"), but once it becomes reality it won't win you any prices, except negative ones.

[pavel_lishin]

The response to your devil's advocate argument is: giving you the keys is not actually a solution, because now every foreign government is racing to break, steal or buy those keys, and not only can we not guarantee that it won't happen, but we can't even discover if it happens, or when. We can build a secret entrance, but we cannot guard it!

[EGreg]

Why can’t they know when someone uses the secret keys?

Perhaps the messages would be individually encrypted and the keys would need to be used in order to retrieve the message encryption keys. And to do this, they would need to provide an explicit reason and only get the limited info that the warrants etc. would support and the reasons would be stated in every case.

[DexesTTP]

The point is that today, the key isn't in Google's or Amazon's or Meta's servers, but on the phones of people. That means that you literally don't have the key if you don't have the phone. And governments don't want that, they want the keys in order to eavesdrop but without being noticed (and stealing the phone would get you noticed).

So your only option to comply with this is to remove the phone-only key storage option and move all of the key into your servers, which is what we talk about when we mean "breaking end-to-end encryption".

The issue is that to comply with the rules, you have to secure that server so only the good guys can get in, and only if the warrant is legit, but also to allow fast access for time-sensitive cases such as terrorism and secret cases such as NSA investigations. You also have to make sure that there's absolutely no way for people to access that server if they don't have the approval.

Oh, and also that server / these servers contain the keys to read every message from every citizen of your country (including politicians), which is probably worth as much of your GDP.

So you need to build the equivalent of a safe containing one trillion dollars that can't be accessed for any reason except all of the reasons mentioned abov3. Except that this theoretical trillion of dollars are special dollars where if you mess up and let people in without anyone noticing they got in, they can "steal" the trillion dollars and start spending them and nobody would notice that they're being spent. And there's just about every country on earth that would love to "borrow" your two trillion dollars, especially if you can't ever realistically prove they did it.

Easy, right?

[ethbr1]

Has there ever been a public key sign-countersign encrypted tap method?

I.e. Authorized tap requestors have keys (law enforcement, intelligence) and sign a request (including timestamp), storing a copy for audit.

The approval system (courts, FISA) validates that request, countersigns if they approve (including timestamp), storing a copy for audit.

The system owners (messaging services, etc.) then validate both signatures and provide the requested tap information, creating a tap record (including content scope and timestamp), storing a copy for audit.

Ideally, then all audit logs get publicly published, albeit redacted as needed for case purposes.

Part of the central issue is deciding "Who should be responsible for security?" Imho, if governments want to mandate a scheme like this, it sure as shit shouldn't be the tech companies. The government should have to manage its own keys, or deal with consequences of leaking them (while allowing the tech companies to retain independent records of individual requests).

As much as it pains me to say this... this wouldn't be the worst use case for a blockchain...

[EGreg]

Something like this?

https://community.qbix.com/t/balancing-privacy-and-accountab...

[ethbr1]

Yes! Exactly like what you've apparently thought about and worked on for a long time. Neat!

>> To decrypt it, multiple parties need to come together and combine their keys, all the while creating an audit log of why they are accessing this or that portion.

To me, this is the technical solution that best mirrors the ideals of the pre-technical reality.

And I consider myself an encryption absolutist! But I think the powers arrayed against it are too strong (and in some areas, too morally correct) to fully resist.

Which devolves to creating a compromise, and hopefully one better than "Government has no keys, any of the time" or "Government has all keys, all the time."

[pavel_lishin]

And what happens when the NSA or the FSB or some other equivalent just breaks into where the keys are stored, or beats it out of an employee, and bypasses the entire logging mechanism?

Your security guard having a clipboard where everyone signs in at the gate doesn't matter if someone dug a hole under the fence.

[ethbr1]

You mean when the {other nation's foreign intelligence agency} penetrates {nation's intelligence agency} and {nation's court system}?

And still creates a logging trail because the log system is intrinsically linked to fulfilling a request?

[DexesTTP]

The issue is that whatever "audit" or "protection" method you create, whatever technology you use to ensure only the "good guys" get the information and the "bad guys" can't, it's only layers added on top of the real issue:

The final key is always going to be a single number. Once the key is out, it's out. There's nothing you can do about it being out, and no way to know it's out unless your audit system somehow caught it beforehand.

And that key (or these keys, which doesn't change much between "one number" and "two billion numbers" in terms of difficulty of stealing or storing them) is going to be worth trillions of dollars.

Again, the bank vault thing is an apt analogy (up to a point): You can add all of the security "around" the vault, guard rounds, advanced infrared sensors, reinforced concrete with weaved kevlar in it, etc... But if someone ever gets the dollar bills in their hands, then they got the bills. And if they somehow manage to bypass the security systems and not get noticed as they go in for the steal, you have no way to know who they are or that they did it.

Now, that is completely fine for a standard bank vault: after all, you need to physically send someone in, it's pretty rare for people to actually want in the vault so security can be pretty slow and involved, it doesn't have that much "money" inside (I'm pretty sure no bank vault in the world contains more than a handful of millions at any given time), and above all it's "physical" stuff inside: you'd immediately see if it's gone, it's not like someone who got in the vault can "magically" copy the bank notes and leave with the money while leaving the vault seemingly intact.

It's less fine for a "server" vault, where not only do you store everything so it's worth trillions, but people need to access it all the time because "investigations" and "warrants", and in a fast way because "terrorism", and if there's a breach or a mole or anything like that then people can copy all of the data inside and leave the server seemingly intact.

I think thinking that there's a technical solution is misunderstanding the problem, and that anyone pretending they "solved" it are always going to minimize one risk or the other. The governments and regulators don't get that yet, because it looks like it's just a technological issue to build "the vault". But the real issue, the fact that "the vault" doesn't matter when the consequences of stealing the contents of the vault are risk-free for bad guys but so immensely impactful for citizens, is the reason why technical solutions won't ever be enough.

[ethbr1]

I understand the analogies.

What I don't understand is, in the absence of some sort of scheme, how a justice system functions.

How would you compel production of evidence when duly authorized?

[pavel_lishin]

> And to do this, they would need to provide an explicit reason and only get the limited info that the warrants etc. would support and the reasons would be stated in every case.

The scenario I'm talking about isn't overly-broad warrants, etc. Technology can't prevent that. I'm talking about just the tech implementation.

Fine, we have a private keypair for every message, and every message is additionally encrypted with the public key of the government-per-message-keypair.

How are these per-message keypairs generated? If from a central server, then that becomes a massive weakpoint in the system for multiple reasons: it could be attacked to prevent new keypairs from being generated, it could be hacked to extract private keys, it could be modified to generate keypairs that an adversary can easily break, it could be modified to also send private keys to adversaries, etc., etc.

If they're generated on-client, and the secret key is sent to some central repository, then the client or the device the client is running on could be compromised; the private keypairs could be intercepted en-route; the central repository could _still_ be compromised since it can't be airgapped to receive these keypairs.

In the case of a warrant, how is each key actually fetched? I don't mean the legal process, I mean at some point someone has to push a button and decrypt a message. How do we protect that process? Besides the fact that even air-gapped systems can be vulnerable to a sufficiently motivated and well-funded adversary, at some point some human being has to have access to this system, and that human being probably has family members. How vulnerable are they to being beaten with rubber hoses, or receiving their spouse's fingers in the mail?

If you're going to build a system that can expose everyone's private communications, it better be incredibly close to fool-proof, or it better not be built at all.

[peoplefromibiza]

> because now every foreign government is racing to break, steal or buy those keys

it's much easier and much cheaper to simply steal the phone (maybe phones?) containing the keys. Or hack it (them?).

And then calmly search through the phone's backup.

That's what I would try first if I was in charge of such a task.

[nonethewiser]

Yeah but he's not saying it's OK. Just that they could do it.

[Tangurena2]

The tech companies design the system so that there exists no central key that could be used to decrypt every conversation. Each conversation generates their own unique key. If some back door existed, it could never be limited to "law enforcement" any hacker could unlock every conversation. Politicians are incapable of learning this.

[peoplefromibiza]

> The tech companies design the system so that there exists no central key that could be used to decrypt every conversation

And in fact nobody claimed that, at least not in this thread.

It's still not impossible to provide the keys for a conversation, it's not a technical limitation by any means.

Perhaps the good guys at Mullvad can provide that level of privacy, but certainly not WhatsApp, their interest align with those of the users practically never.

[didntcheck]

> under a very strict legal framework and behind a colossal amount of bureaucracy to authorize their use.

In other words we'll provide some comedy material for our "trusted agencies" to amuse themselves with, between writing their latest summary snooping system and sharing stolen nudes round the office

[peoplefromibiza]

First of all, the justice system revolves around the rule of the law, homicides are forbidden, doesn't mean that it is hard to kill someone, it's simply prohibited by the law and people tend not to do it.

Wiretaps use the same pattern, potentially it is very easy to listen to other people's conversation, but it is unlawful unless authorized, so people usually don't do it.

Imagine this scenario: a man only contacts the phone number of some woman when the phone of his wife is out of town, plus the man's phone can be located at the woman's house only at night when the wife is away.

What can that mean? Who knows...

That kind of data, which is equally revealing and privacy breaking, is completely legal. Why is that? Because tech corporations don't really care about what you say, but about your habits, to exploit them.

The justice system OTOH doesn't work in aggregates and patterns, it decides case by case, because every person is responsible of their actions and only theirs.

So the two use cases are vastly different and the tension towards complete and unbreakable secrecy is not 100% aligned with the interests of a society at large. Only a very tiny minority benefits from that.

Agencies snooping is illegal too, but they are out of the law anyway. "Licence to Kill" is the title of a Bond movie precisely for that reason.

[rhaway84773]

Not only is it not true, it’s very likely they’re already doing it.

For example, WhatsApp sells itself as fully encrypted, etc. but if you’re in a group chat thars not true anymore. That information is available to WhatsApp and they almost certainly make it available to several governments (hopefully in a judicially protected way but we can’t know that).

Further, if you backup your WhatsApp chats, that’s game over for any privacy.

The UK legislation is stupid because the UK has been run by a bunch of stupid people for at least the past decade.

Nothing about this legislation is dumber than Brexit, for example, which was a referendum that was proposed to the public in such a ridiculous manner that the next half decade was spent in divining what the referendum actually meant.

[FabHK]

> For example, WhatsApp sells itself as fully encrypted, etc. but if you’re in a group chat thars not true anymore. That information is available to WhatsApp and they almost certainly make it available to several governments (hopefully in a judicially protected way but we can’t know that).

Source? It could well be that the sender e2ee it to each of the recipients, no? (Trivial to add the government or WhatsApp itself to the recipients, then, but that is a different claim.)

[bostik]

OP reads like something I have played devil's advocate for. In an earlier discussion about WA vulnerabilities, one of the reported bugs was that as implemented, Facebook could have added themselves silently to any group chat, thus receiving with plaintext copies of all messages sent in the group from that point onwards. I then extrapolated that if they so chose, they could change their plumbing enough to make all chats group chats - even when they were between two people.

To be absolutely clear, there was not - neither back then, nor since - evidence of this being the case. But the technical capability and potential for such subversion was there at the time. I have not followed the domain news enough to know whether this is still the case.

What is available to WA and thus to governments, is the traffic pattern part. Who communicates with whom, when, how large the messages approximately are, and so on. The stuff our industry and journalists at large have chosen to call metadata[tm].

I stubbornly call the whole thing for what it is: traffic analysis. Old-school style.