Why The Government Shouldn’t Break WhatsApp

Why The Government Shouldn’t Break WhatsApp


There’s been a lot of talk about whether
the British government will force companies like WhatsApp to introduce
a backdoor into their encryption, so that the police and government can read
your messages if they need to. As I record this, they haven’t done it yet, but the laws that could let them do so in
the future are already in place. And here’s something you
might not expect me to say: that sounds like a reasonable idea. After all, backdoors have been allowed for
old-school phone conversations for decades. They’re called wiretaps. And if a criminal investigation has enough
evidence that they can get a legal warrant, then they can look inside your postal mail, they can listen to your phone calls, and they can intercept your text messages. And it’s called a wiretap because, many years
ago, the police would literally be attaching a
device to a physical phone wire. So for anyone who grew up knowing that, anyone who grew up with computers like this, like pretty much every politician in government, well, it seems reasonable that that should
also extend to, for example, WhatsApp. So why not? Well, first, let’s look at the technical detail. It all depends on who is holding the keys. Modern encryption uses complicated math that is easy for a computer
to calculate one way, but almost impossible to work out in reverse. A really simple example: if I ask you to multiply two prime numbers
together, like 13×17, you can do that by just hitting a few keys
on your calculator. And because those were prime numbers, we know that’s the only way to make 221 by
multiplying two whole numbers together. Other than 221 times 1,
and that’s not really helpful. But if I ask you: what two prime numbers were
multiplied together to make 161? There is no way to work that out quickly. There are a few shortcuts that you can take, but it’s still basically a brute-force method. Now imagine that you’re
not trying to work out 161, but instead something like this… and you start to see the scale of the problem. And that’s just a simple example, modern cryptography uses way more complicated
one-way operations. The important part is that you can have a
computer do math that’s simple one way, but could take longer than the lifetime of
the universe to brute-force back. The result is that you can have two keys:
two massive numbers. One public, one private. You send your public key out to the world. Anyone can encrypt a message with it: the message gets converted to
what looks like random noise. Even that same public key
can’t convert it back. But you can take that noise
and use your private key — and only your private key — to decrypt it. When you want to send a message back, you
use their public key, and they use their private key
to decrypt it. And the beautiful part of this:
there’s no need to exchange keys in advance, you don’t have to work out old-school
one-time pads, or anything like that. You can post your public key
out on the internet for all to see. As long as you keep that private key secret, no-one else can read your messages. This is a system that has been tested under
incredibly harsh conditions for decades. It works. The catch is, it’s really unfriendly to use. It’s difficult enough to get someone to join
a new messaging service as it is, let alone bring their friends along. Now you have to generate
these weird key things as well? And if you lose your phone
or somehow forget that key, or your hard drive crashes
and you haven’t got a backup, all your messages are gone,
lost as random noise forever. Email that works this way
has been around for decades but it’s too complicated and it’s too unfriendly
for most people. The security wasn’t worth the effort. So instead, web mail services, along with Facebook, Twitter,
and everyone else, didn’t worry about that. Early on, they were mostly unencrypted, but rapidly realised that was a bad idea — so now, they use regular web encryption, that padlock in your browser, to make sure that no-one
on your network can see your password or your messages
when they’re in transit. And that’s the threat that most people
have to worry about. But they do have
the content of those messages in plain text, or something close to it, and those companies can give that back to you
whenever you want. Which means that when a government comes along
with a legal warrant, the companies can also
give the messages to them. And this was fine, right? This was reasonable. This was an acceptable compromise between
security and usability. Or at least it was, until it was revealed
that — in short — every major government was keeping a copy
of pretty much everything everyone ever wrote, at which point a few companies decided, that,
actually, they didn’t want to take the risk of anyone
— not even their own employees — being able to even theoretically access the
messages that people were sending. The result is WhatsApp, and iMessage, and
the many smaller apps like them. They have “end-to-end encryption”. Your phone generates a public and private
key for you, automatically. It exchanges public keys behind-the-scenes, while you’re writing your first message to
someone, and everything after that is encrypted. And it’s all automatic! And so WhatsApp and iMessage
aren’t open source, in theory they could steal your private key
as well or quietly issue a fake one to someone and
sit in the middle listening, but in practice people would notice. Sure, there are small loopholes that could
work in particular circumstances, but the odds are remote, and security researchers
are already decompiling and tearing apart every version
of every messenger program just to see if someone’s
put a backdoor into it. The short version is: if any of these apps get served
with a government warrant right now, the most they could do is say how much two
people have been talking, and maybe roughly where they were: but never what they were talking about. More than that is
literally, mathematically impossible. But it’s impossible only because of the way
they’ve designed their systems. And that is the vulnerability. A government could make it a legal requirement
for Apple and Facebook to quietly add a backdoor in all their encryption if they want to sell anything in their country. I’ve heard this phrased as “outlawing maths”, but that’s a bit like saying that making punching a stranger in the face illegal
is “outlawing hands”. And if Apple and Facebook refuse to add a backdoor,
a government could… well, theoretically they could ban their phones
or ban their apps from sale, or prosecute the people in charge, or block Facebook, who own WhatsApp, or they could tell internet providers to block
their services, or they could… Look, in practice they’re going to fine the
company. Apple and Facebook have local addresses, they pay… some tax. Sitting on the sidelines, I would love to see
the British government go up against Apple and see who blinked first. But companies have bowed to foreign countries
loads of times in the past. BlackBerry let the Indian government have full access to users’ chats
and web history back in 2013. The only reason WhatsApp can’t read your messages is because they have deliberately chosen to
design their systems that way. They were just as popular without encryption: it was an afterthought, they’d been going for years before they switched
encryption on. This was a human decision, not an inevitable fact of technology. So why is an encryption backdoor
such a bad idea? Well, if there’s a backdoor, it can and will
be abused. Local British authorities already used our
surveillance laws, the ones that were brought in to stop terrorism, to monitor loud dogs barking, crack down on illegal feeding of pigeons, and to spy on some parents to see if they
actually lived near enough to a particular school they wanted to get
their kids into. Now, is this useful for preventing crime? Sure. And there’s the argument that “if you have nothing to hide,
you have nothing to fear”: maybe they shouldn’t have
illegally fed those pigeons. And yes, you, watching this, you probably
have nothing to hide and nothing to fear from the current government in your country. But laws and governments change,
and besides that: the internet, and the apps that we use on
our phones, are global. If you allow a backdoor here, you’re also allowing it for another country’s
government to spy on its opponents, and another to spy on people they suspect
might be gay, or who use marijuana, or who are Christian, or whichever thing is illegal in that country. In fifty years, maybe you’ll be part of a country where eating
meat has been outlawed, and the government will want to come after
you for tracking down the illegal bacon-trading ring that
your friends are part of. “Nothing to hide” only works
if the folks in power share the values of you and everyone you know
entirely and always will. To make it worse, on the surface this seems
like it’s equivalent to a regular, old-school wiretap,
but it’s not: depending on how the backdoor’s set up, a government might not just be able to get
what someone’s sending now. They could get the whole message history. Perhaps years of messages, back and forth with hundreds or thousands of other people. It’s not just a look into what a person’s
saying: it’s an overreaching look into the thoughts
of many, many people. it’s that long-forgotten naked picture that
someone sent five years ago. It’s that angry essay they wrote in school
and which they completely disagree with now. It’s not just “what are they saying”, it’s “what have they ever said”. That’s all assuming the backdoor doesn’t get
abused by folks with more personal grievances. All it takes is one rogue employee, in the government or at a messaging app, and we’ve got a huge amount of personal information
being leaked. Either of the public at large or of specific people that someone would like
to take revenge on. It fails the “bitter ex test”: can someone with an agenda use this to ruin a life? An AP investigation found hundreds of cases where police officers and civilian staff in
the US looked up private information
for personal reasons. And let’s not start on what would happen
if a hacker, or even some other government’s
intelligence service, got access to the backdoor. Or how it’d make it much more risky to report abuses of government power,
on any scale. There is an argument that
it would all be worth it, that all those drawbacks
would be a small price to pay for stopping very rare Bad Things. I disagree,
but that’s an opinion, not a fact. But an encryption backdoor wouldn’t stop
bad things happening. The problem with stopping terrorism right
now is not a lack of information. The Manchester bomber was reported to the
authorities five times, including by his own friends and family. One anonymous source inside
the UK security services told Reuters that at any time there are
500 people being investigated, and about 3,000 people “of interest”. For scale, just to reassure you, that’s only about .005% of the UK population. But the way to solve this is not more data, it’s having enough police officers
and security staff with enough time to do their jobs and investigate. And let’s be clear: anyone who wanted
secure communication for evil purposes would just use something else, any of thousands of smaller services that
the government hasn’t noticed yet or that they couldn’t possibly
have jurisdiction over. Or if even that is not an option, they can come up with a code themselves, even just in-jokes and references
that no-one else understands. So when I say that an encryption backdoor
sounds like a reasonable idea, I mean it. It sounds reasonable. Like a lot of ideas sound reasonable when
you express them in one or two sentences. But the devil is in the detail. If we could replicate the way
wiretaps used to work, limited in scope and time, requiring a warrant and some physical effort, not including the history of everything that
someone’s ever said, and not open to repressive governments
elsewhere in the world, then sure, I would absolutely
be in favour of it. Building an encryption backdoor isn’t impossible: but building a reasonable one is. Thank you to everyone who helped
proofread my script, and to everyone here at the
Cambridge Centre for Computing History, who let me film with this wonderful old equipment.

Author:

100 thoughts on “Why The Government Shouldn’t Break WhatsApp”

  • This is the first video from "The Basics", a series of three pilot computer-science videos I'm putting out in the next couple of months. This one's opinionated; one's explanatory; and one demonstrates coding. It's been a while since I've done this sort of thing — thanks to the folks who helped proofread my scripts!

  • Just remember the Apple iPhone that Apple would not decrypt, but was decrypted by an independent company .. had nothing useful on it …

    Simply because a known terrorist used it does not make it bad… or even that they used it for terrorism …

  • Deplorable Raven says:

    I use Telegram. Not because I have something to hide but because I don't want people snooping into my personal life. This whole "if you have nothing to hide", how about we give authorities the right to force people to go nude in public? I mean, if you're not strapping a bomb under those clothes, what are you trying to hide? STRIP!

  • "You probably have nothing to hide and nothing to dear in your country."
    Me: Nervously smiles in Iranian

    This video is great

  • Gavin Craddock says:

    1:56 – math, singular? Come on Tom, I was about to recommend this for all of my students but you've let me down…

  • i'm all for it, i don't care if the police have access to my whatsapp,
    the police won't care about my whatsapp.
    i CARE about the police being able to thwart terrorism and crime,
    the police would have way more power to prevent terrorism and crime.

    it does need to be visibility only for police use though,
    i don't need greedy companies like google analysing everything i'm saying.
    (more than they already are right now.)

  • K1naku5ana3R1ka says:

    Maybe if you want to avoid clickbait and the backfire effect (look it up), when you said that it sounds like a reasonable idea, you could have added “…keyword being ‘sounds’.”

  • Given that police in the UK have been known to arrest people over Facebook posts, I'd say you have more immediate concerns over "repressive governments elsewhere in the world." Freedom in the Western world is an illusion, you are free to say what you want so long as it falls within the agenda of international finance capitalism.

  • The NSA has had it's hands in the creation of just about every encryption scheme, if you think they cannot decrypt your information already you aren't informed..

  • TyrannyTerminator says:

    Benjamin Franklin once said: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

  • We absolutely should not have backdoors, It would be better to give up encryption altogether than having backdoored encryption, at least you know everything is being transmitted in clear text for all to see.

  • Graham Elliott says:

    The government's ordering ISPs to assist them in making copies of the data that flows about the internet, is the biggest glaring hole in public VPN security. A state or legal entity need only subpoena the business entity for the keys to your data, and they already have a copy.

    So it means little if those actors are of concern to you, that ___ 'trusted' VPN service 'does not save your data'. Someone else does. The only VPN I feel you can really trust is one you build yourself (can do this for 50 bucks by using OpenWRT routers, its not a perfect solution but its much better than trusting a business entity that definitely won't put themselves at risk of going out of business to protect your data).

    But if you must use those business entities for your 'proxy roulette' VPN service, use them to connect to a ToR node.

  • Andrew Stalker says:

    “And you watching this probably have nothing to hide and nothing to fear from your government.”

    Me watching it, having things to hide: well, I maybe wouldn’t go that far.

  • We need to be able to spy on the CIA, NSA, FBI, etc. They have decades of ugly ugly criminality to keep dark. Who has been responsible for the ruthless, pointless, but profitable, slaughter of millions since WW2? (Not your average student pilot with a boxcutter, lolz.)

  • 10:00 I think the idea is more about emotionally unstable people or individuals who just don't think things through enough. The one problem is they people say things all the time that don't mean anything

  • excellent video Tom! Really appreciate having this kind of PSA that I can share around with folk who don't seem to understand why this is a problem. The whole argument against "nothing to hide, nothing to fear" is especially helpful.

  • No government can be trusted…period! A large number of the real world "bad things" that occur are conducted by the organs of power.

  • Xano Trevisan Kothe says:

    A few years ago it was common in Brazil for some shitty local judge to request Whatsapp messages and Fb say "It is not possible" and then the judge would simply force the ISPs to block whatsapp ¬¬

  • No broad backdoors should be used. However, I've worked with encryption and here is an easy solution.
    There are various derivations with public keys and or AES.
    Phones are powerful enough to do these encryptions easily.

    1. do the normal end-to-end encryption SAME as today
    2. separately take each message and
    a. encrypt with a public key of What'sApp company ( or whoever)
    b. encrypt with a public key assigned to the user account sending the message
    c. generate a public key daily for a user and encrypt with that. This limits scope of the user data and key.
    d. lastly encrypt with a public key of a firm who's job is meant for auditing, certificate or key management "Audit Firm X". But not What'sApp in this case.
    send the message to the server with the account id/date in plain view but the data encrypted with a.-d.

    The message encrypted with the a.-d. method cannot be seen by one organization. You need a warrant from the govt. to be sent to
    What'sApp and "Audit Firm X" to even get to the message and the warrant can limit the daily key scope.

    You could add encryption of the daily keys themselves as well using "Audit Firm X" or another firm Y so it keeps those locked down again without a warrant.

    Anyway, some variation of this will make the data available to the govt when needed assuming they have the WARRANT and prevents one organize from exposing information.

  • I'm personally very concerned about security and privacy on internet, but at the same time I think limiting anonymity is not necessarily bad thing. Both ideas ofc conflict a bit, but as more of out lives move to internet and things we do on internet have more real consequences, there should also be more accountability.

  • My experience is the FBI usually wiretaps innocent people who are threats to organized crime. It then uses these wiretaps to create entrapment scenarios to take the innocent people out.

  • Conceptual Conspiracy says:

    Very grateful you're brave enough to post a video like this. I see a lot of channels getting completely shadow banned, if not entirely deleted because they talk about something similar. Keep up the amazing work.

  • Please on these videos can you remove the high pitch noise from it. It's all I can hear when I'm watching. Probably because of the crts I'm assuming

  • This is probably the best I’ve ever heard this put, I’ve always felt like it was wrong on so many levels but couldn’t express it in words until now

  • This is just like the 9/11 theory. The twin towers attacks were staged to give the US a reason to go to war in the Middle East. They probably didn’t state the attack, but maybe the government are using this tragedy to get more access into our lives through security theatre.

  • Am I the only one that thought having a back door at all was UNreasonable, even before the explanations? You can just see where the abuse would come from!

  • My country can't seem to balance a deficit, and won't admit to many issues regarding torture and illegal warfare. Overall, they do a good enough job and certainly protect my life from many foreign interests, but to say I trust their competence and integrity would be going overboard. Giving them skeleton keys to my private information is not something I would consider reasonable, though maybe us colonials are in a different state…

  • "Encryption Back Doors"

    I saw this in the thumbnail and thought this was how to convince a partner that isn't into anal sex into doing it – and liking it!

  • It’s not that I have nothing to hide it’s that the government doesn’t need to know that I don’t have anything to hide. In reality your government grabs as much possible information as they can about you. Whatsapp is a block that they hate

  • The 9/11 hijackers in the United States were reported to the FBI several times in the months leading up to those attacks, and were dismissed by the FBI as "not worth their time". (They were taking flying lessons at a flight school in Florida, but ONLY wanted to know how to fly straight and level, which is the easiest and most mind-numbing aspect of flying, and the LAST thing that anyone who takes flying lessons actually wants to learn).

    "Those who sacrifice liberty in the name of security deserve neither liberty nor security".

  • they shoud also include backdoors in DRM content too, seeing as someone could use it to hide malicious communications to eacth other maybe

  • The book without a name Dreams or a wise to grow. says:

    One bad person.
    Makes the world look bad.

    We all have ideas. As

    People steal our ideas.

    To app ideas.

    To personal writing.

    To many ideas. I wanna build.

    Is it amazing how Instagram.

    Shows you ads you just looked at shopping.

    Tom I got ideas. Just need a team.

  • How ironic in 2017 only. INDIA banned beef in major states. So. @7:45 'quite literally' government tacks 'illegal meat rackets' to death

  • AgeingBoyPsychic says:

    People who want to break the law, and know what they're doing, will use linux and send pre-PGP encrypted messages. Hell, I could post a PGP-encrypted message on a billboard at Time Square for a year, and it would still be indecipherable to anyone but the intended target. It's not difficult, there are phone apps that encrypt text with PGP, but encrypting your message on linux and pasting the encrypted text into any chat app, and you have true end-to-end encryption. Make WhatsApp weak, and I'll make a tutorial on manual PGP encryption.

  • If ever I get in to a conversation where the term "if they weren't doing anything wrong there isn't anything to hide" I'll point them at this. It explains it beautifully!

  • Russian Bot 441 says:

    And now in 2019, just posting some fact or snarky comment in any point in your usage history the far left doesn't like being shared with the public will get you removed from these services.

  • This assumes that someone other than the owner of the phone actually has the key for the backdoor. Apple already has a machine that has a back-door key to all the iCloud backups that can't be accessed by a human.

Leave a Reply

Your email address will not be published. Required fields are marked *