Only terrorists benefit from WhatsApp Encryption
This utterly ludicrous headline was written today and posted on twitter.
First of all, the article is behind a paywall and I don't have access to the rest of it so I can't comment too much on what else it has to say. I'll just comment on the bits I have seen online.
"Amber Rudd, who is meeting representatives of WhatsApp in California today, says “real people” do not need such high levels of security"
As opposed to whom? Fake people? We are all real people so this is a very strange thing to say and why only Whatsapp? What about Skype, Signal and so on?
Writing in The Daily Telegraph, Ms Rudd said that this year’s spate of terrorist attacks had shown once again how terrorists use online platforms to “inspire and plan their acts of violence”.
This utterly baffles me. I won't deny that there is a chance that terrorists may well use online platforms to co-ordinate an attack but, to date there has only been one case of a terrorist using whatsapp and he was a loan wolf. In fact, the vast majority of attacks are lone wolf attacks these days, those people heeding the call of IS to go out and commit a terrorist act. No whatsapp necessary.
A classic example is the San bernardino case where the FBI was sure that there was more evidence on an iPhone, if only they could break in to it?
Well, when the FBI did crack it they got exactly zero new information from it.
Let's also consider how the IRA managed to wage a decades long series of terrorists attacks against the mainland UK without using whatsapp or any other encrypted messaging tool because they didn't exist then.
Sadly, terrorism is a way of life for now, putting the encryption genie back into the bottle isn't an option and even if the Government come down heavy over this and ban all encrypted messaging in the UK overnight there are still methods for sending covert information. I can think of dozens but I'll list five here:
-
Steganography. An age old favourite and very easy to do today.
-
Code words in a plain text message - As long as both parties know what the code words mean, this would work well and it sail right over the security services heads.
-
Dead Drop. Another age old trick of the espionage industry.
-
Electronic dead drops. Spin a server up in AWS or Azure or where ever, leave a message on it for someone else to read. Use a code to make it more secure. Adverts in newspapers were used like this for some years during the 60's
-
Talk to people. Unless the government wants to ban people meeting up and socialising, a group of people meeting up and talking is all that is required to plan a terrorist attack. This how the July 7th Bombers planned their attack and even did a dry run.
Of course, this sort of thing is nothing new, I covered this back in January 2015 as well and it's unlikely to go away anytime soon even though there is no clear evidence of any sort of benefit of removing encryption from messaging apps, there are lots of downsides however, not least of which is the ability for messages to be intercepted by a third party because if the Government demands weak encryption so that they can easily crack all encryption it's only a matter of time before someone else breaks it as well.
Subscribe to Ramblings of a Sysadmin
Get the latest posts delivered right to your inbox