Re: [liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]
On 2017-01-14 13:41, Thomas Delrue wrote: > On 01/14/2017 08:17 AM, FL wrote: > >> I'm not sure that every American company, by law, must implement a backdoor, >> as you imply. The last time I checked, iMessage was a very secure platform >> with no known vulnerabilities -- which in fact has made Apple struggle with >> US agencies more than a few times. > > CALEA > (https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act) > is no longer in effect? Or am I thinking of the wrong thing? It's unclear whether CALEA applies to Apple on not. If it doesn't, then we're done. If it does, CALEA provides an exemption that prevents the government from forcing decryption to which it doesn't have the key (i.e. requisite information). See https://www.techdirt.com/articles/20160223/23441033692/how-existing-wiretapping-laws-could-save-apple-fbis-broad-demands.shtml for a lengthier write up on the issue. -- R. Jason Cronk, JD IAPP Fellow of Information Privacy CIPM, CIPT, CIPP/US, PbD Ambassador PRIVACY AND TRUST CONSULTANT ENTERPRIVACY CONSULTING GROUP www.enterprivacy.com -_--> Our next open Privacy by Design Worksho_p [Feb 1, 2017 Indianapolis, IN [1] Links: -- [1] https://www.eventbrite.com/e/privacy-by-design-workshop-indianapolis-feb-2017-tickets-30695924336-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]
On 01/14/2017 08:17 AM, FL wrote: > I'm not sure that every American company, by law, must implement a backdoor, > as you imply. The last time I checked, iMessage was a very secure platform > with no known vulnerabilities — which in fact has made Apple struggle with US > agencies more than a few times. CALEA (https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act) is no longer in effect? Or am I thinking of the wrong thing? >> On 14-01-2017, at 10:02, carlo von lynXwrote: >> >>> On Fri, Jan 13, 2017 at 07:26:29PM -0500, Sebastian Benthall wrote: >>> https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/ > https://www.theguardian.com/technology/2017/jan/13/ >> >> I've also read >> http://www.golem.de/news/schluesselaustausch-aufregung-um-angebliche-whatsapp-backdoor-1701-125571.html >> and https://tobi.rocks/pdf/whatsappslides.pdf >> and to me it seems like all of the articles are >> technically describing the same procedure. >> The difference is only in the framing. >> >> For Facebook it is a necessity that people not be >> bothered by key changes, for anyone in the libtech >> business it is an alarming signal that MITM is >> technicaly possible by default and users must be >> specifically aware of the issue to avoid it. >> >> But why is anyone even expecting any true privacy >> from an American proprietary product? Have the >> PRISM and MUSCULAR programs suddenly been discontinued? >> Has Freedom Act amended NSLs also for non-Americans? >> How could Facebook afford not to pump everything they >> can get into XKEYSCORE as before? Why did the European >> Supreme Court rule that the US is not a safe harbor >> for EU citizen data? Did I miss any recent developments? >> >> Is it the general strategy to have people debate whether >> there is a backdoor when by law Whatsapp MUST have some >> backdoor? -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]
blockquote, div.yahoo_quoted { margin-left: 0 !important; border-left:1px #715FFA solid !important; padding-left:1ex !important; background-color:white !important; } Last time I heard the us govt failed to force Apple to break an iPhone. They had to reform to independent contractor mercenaries, I.e. "Evil Hackers!" Ergo i infer us law has not yet gotten to the point of requiring backdoors in code. Sent from Yahoo Mail for iPhone On Saturday, January 14, 2017, 9:04 AM, carlo von lynXwrote: On Sat, Jan 14, 2017 at 10:48:48AM -0300, FL wrote: > Sadly I'm not a hacker — I'm a lawyer, so I haven't checked their code nor > any other company's for that matter. We have plenty of hackers but not enough lawyers, so your view on what the laws currently actually imply is very welcome. > However, my main point remains unaddressed — I'm not sure that American > companies are 'required by law' to implement backdoors. Alright, didn't percieve that as your main point. Well, here's what I know last time I checked: - PRISM is a reality - NSLs have been used to oblige such companies to + hand over access to their data centers + expect no legal harm when denying any existence of NSLs + expect general public to never become aware Leaks have broken the latter promise, so those companies had good reasons to be upset. Freedom Act has changed NSLs in such a way that American citizen must no longer be bulk collected, NSA must only be allowed to run "selectors" which in the case of Whatsapp means that some backdoor must be provided to execute surveillance on such selectors. Also, I have to look up Casper Bowden's posts again, somewhere the laws explicitly give zero rights to non-US citizen - all of humanity is backdoorable and bulk collectible. And then we have programs like https://en.wikipedia.org/wiki/Muscular_%28surveillance_program%29 which explicitly bypass US law. Isn't Patriot Act essentially obliging the NSA to collect all it can? If the NSA must do that, then any company impeding the NSA from doing so is breaching that law, no? -- E-mail is public! Talk to me in private using encryption: http://loupsycedyglgamf.onion/LynX/ irc://loupsycedyglgamf.onion:67/lynX https://psyced.org:34443/LynX/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]
On Sat, Jan 14, 2017 at 10:48:48AM -0300, FL wrote: > Sadly I'm not a hacker — I'm a lawyer, so I haven't checked their code nor > any other company's for that matter. We have plenty of hackers but not enough lawyers, so your view on what the laws currently actually imply is very welcome. > However, my main point remains unaddressed — I'm not sure that American > companies are 'required by law' to implement backdoors. Alright, didn't percieve that as your main point. Well, here's what I know last time I checked: - PRISM is a reality - NSLs have been used to oblige such companies to + hand over access to their data centers + expect no legal harm when denying any existence of NSLs + expect general public to never become aware Leaks have broken the latter promise, so those companies had good reasons to be upset. Freedom Act has changed NSLs in such a way that American citizen must no longer be bulk collected, NSA must only be allowed to run "selectors" which in the case of Whatsapp means that some backdoor must be provided to execute surveillance on such selectors. Also, I have to look up Casper Bowden's posts again, somewhere the laws explicitly give zero rights to non-US citizen - all of humanity is backdoorable and bulk collectible. And then we have programs like https://en.wikipedia.org/wiki/Muscular_%28surveillance_program%29 which explicitly bypass US law. Isn't Patriot Act essentially obliging the NSA to collect all it can? If the NSA must do that, then any company impeding the NSA from doing so is breaching that law, no? -- E-mail is public! Talk to me in private using encryption: http://loupsycedyglgamf.onion/LynX/ irc://loupsycedyglgamf.onion:67/lynX https://psyced.org:34443/LynX/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]
Sadly I'm not a hacker — I'm a lawyer, so I haven't checked their code nor any other company's for that matter. However, my main point remains unaddressed — I'm not sure that American companies are 'required by law' to implement backdoors. And the fact that I check the news instead of a proprietary piece of code doesn't mean that someone must have a secret and mandatory backdoor. I might be wrong though, but I haven't seen any evidence to make me think otherwise. Best regards, FL > On 14-01-2017, at 10:38, carlo von lynXwrote: > > Thx, efecto > >> On Sat, Jan 14, 2017 at 10:17:07AM -0300, FL wrote: >> I'm not sure that every American company, by law, must implement a backdoor, >> as you imply. The last time I checked, iMessage was a very secure platform >> with no known vulnerabilities — which in fact has made Apple struggle with >> US agencies more than a few times. > > Has there been any litigation with the NSA? I only > saw interaction with the FBI - and the FBI has a > less prioritary job: law enforcement. Nothing that > is worth questioning national security for, so I > would assume FBI doesn't get the same clearances > as NSA. You can't monitor an entire population if > strategically unimportant offences like child abuse > would blow your cover - thus it is mathematical that > FBI cannot have the access privileges of NSA. > > By "last time I checked" you don't mean the code > that is actually deployed into those devices but > merely "checked the news", right? > > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > compa...@stanford.edu. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]
Thx, efecto On Sat, Jan 14, 2017 at 10:17:07AM -0300, FL wrote: > I'm not sure that every American company, by law, must implement a backdoor, > as you imply. The last time I checked, iMessage was a very secure platform > with no known vulnerabilities — which in fact has made Apple struggle with US > agencies more than a few times. Has there been any litigation with the NSA? I only saw interaction with the FBI - and the FBI has a less prioritary job: law enforcement. Nothing that is worth questioning national security for, so I would assume FBI doesn't get the same clearances as NSA. You can't monitor an entire population if strategically unimportant offences like child abuse would blow your cover - thus it is mathematical that FBI cannot have the access privileges of NSA. By "last time I checked" you don't mean the code that is actually deployed into those devices but merely "checked the news", right? -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]
On 14/01/17 10:02, carlo von lynX wrote: > On Fri, Jan 13, 2017 at 07:26:29PM -0500, Sebastian Benthall wrote: >> https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/ https://www.theguardian.com/technology/2017/jan/13/ > I've also read > http://www.golem.de/news/schluesselaustausch-aufregung-um-angebliche-whatsapp-backdoor-1701-125571.html > and https://tobi.rocks/pdf/whatsappslides.pdf > and to me it seems like all of the articles are > technically describing the same procedure. > The difference is only in the framing. > > For Facebook it is a necessity that people not be > bothered by key changes, for anyone in the libtech > business it is an alarming signal that MITM is > technicaly possible by default and users must be > specifically aware of the issue to avoid it. > > But why is anyone even expecting any true privacy > from an American proprietary product? Have the > PRISM and MUSCULAR programs suddenly been discontinued? > Has Freedom Act amended NSLs also for non-Americans? > How could Facebook afford not to pump everything they > can get into XKEYSCORE as before? Why did the European > Supreme Court rule that the US is not a safe harbor > for EU citizen data? Did I miss any recent developments? > > Is it the general strategy to have people debate whether > there is a backdoor when by law Whatsapp MUST have some > backdoor? > this just can be answer with a : <3 thanks Carlo! amnesic seems to be the sign of our society, thanks to the ones that remains coherent. Cristina (99) -- Esta comunicación puede ser legal y/o ilegalmente recogida, almacenada y utilizada por distintos actores. Si duda sobre el contenido a compartir, evite enviarlo sin cifrar. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]
I'm not sure that every American company, by law, must implement a backdoor, as you imply. The last time I checked, iMessage was a very secure platform with no known vulnerabilities — which in fact has made Apple struggle with US agencies more than a few times. FL > On 14-01-2017, at 10:02, carlo von lynXwrote: > >> On Fri, Jan 13, 2017 at 07:26:29PM -0500, Sebastian Benthall wrote: >> https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/ https://www.theguardian.com/technology/2017/jan/13/ > > I've also read > http://www.golem.de/news/schluesselaustausch-aufregung-um-angebliche-whatsapp-backdoor-1701-125571.html > and https://tobi.rocks/pdf/whatsappslides.pdf > and to me it seems like all of the articles are > technically describing the same procedure. > The difference is only in the framing. > > For Facebook it is a necessity that people not be > bothered by key changes, for anyone in the libtech > business it is an alarming signal that MITM is > technicaly possible by default and users must be > specifically aware of the issue to avoid it. > > But why is anyone even expecting any true privacy > from an American proprietary product? Have the > PRISM and MUSCULAR programs suddenly been discontinued? > Has Freedom Act amended NSLs also for non-Americans? > How could Facebook afford not to pump everything they > can get into XKEYSCORE as before? Why did the European > Supreme Court rule that the US is not a safe harbor > for EU citizen data? Did I miss any recent developments? > > Is it the general strategy to have people debate whether > there is a backdoor when by law Whatsapp MUST have some > backdoor? > > -- > E-mail is public! Talk to me in private using encryption: > http://loupsycedyglgamf.onion/LynX/ > irc://loupsycedyglgamf.onion:67/lynX > https://psyced.org:34443/LynX/ > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > compa...@stanford.edu. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]
On Fri, Jan 13, 2017 at 07:26:29PM -0500, Sebastian Benthall wrote: > https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/ > > > https://www.theguardian.com/technology/2017/jan/13/ I've also read http://www.golem.de/news/schluesselaustausch-aufregung-um-angebliche-whatsapp-backdoor-1701-125571.html and https://tobi.rocks/pdf/whatsappslides.pdf and to me it seems like all of the articles are technically describing the same procedure. The difference is only in the framing. For Facebook it is a necessity that people not be bothered by key changes, for anyone in the libtech business it is an alarming signal that MITM is technicaly possible by default and users must be specifically aware of the issue to avoid it. But why is anyone even expecting any true privacy from an American proprietary product? Have the PRISM and MUSCULAR programs suddenly been discontinued? Has Freedom Act amended NSLs also for non-Americans? How could Facebook afford not to pump everything they can get into XKEYSCORE as before? Why did the European Supreme Court rule that the US is not a safe harbor for EU citizen data? Did I miss any recent developments? Is it the general strategy to have people debate whether there is a backdoor when by law Whatsapp MUST have some backdoor? -- E-mail is public! Talk to me in private using encryption: http://loupsycedyglgamf.onion/LynX/ irc://loupsycedyglgamf.onion:67/lynX https://psyced.org:34443/LynX/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]
So I guess we can go back to what we were talking about a few days ago. You know, "fake news". FL > On 13-01-2017, at 21:26, Sebastian Benthallwrote: > > https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/ > >> On Jan 13, 2017 9:14 AM, "Rich Kulawiec" wrote: >> It is long *past* time for everyone involved in the kinds of activities >> discussed here to completely and permanently excise Facebook's >> services/products from their computing environment. No excuses. >> >> ---rsk >> >> >> - Forwarded message from Richard Forno - >> >> > To: Infowarrior List >> > Date: Fri, 13 Jan 2017 08:18:42 -0500 >> > Subject: [Infowarrior] - WhatsApp backdoor allows snooping on encrypted >> > messages >> > >> > >> > WhatsApp backdoor allows snooping on encrypted messages >> > >> > https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages >> > >> > A security backdoor that can be used to allow Facebook and others to >> > intercept and read encrypted messages has been found within its WhatsApp >> > messaging service. >> > >> > Facebook claims that no one can intercept WhatsApp messages, not even the >> > company and its staff, ensuring privacy for its billion-plus users. But >> > new research shows that the company could in fact read messages due to >> > the way WhatsApp has implemented its end-to-end encryption protocol. >> > >> > Privacy campaigners said the vulnerability is a ???huge threat to freedom >> > of speech??? and warned it can be used by government agencies to snoop >> > on users who believe their messages to be secure. WhatsApp has made >> > privacy and security a primary selling point, and has become a go to >> > communications tool of activists, dissidents and diplomats. >> > >> > < - > >> > >> > Boelter reported the backdoor vulnerability to Facebook in April 2016, >> > but was told that Facebook was aware of the issue, that it was ???expected >> > behaviour??? and wasn???t being actively worked on. The Guardian has >> > verified the backdoor still exists. >> > >> -- >> Liberationtech is public & archives are searchable on Google. Violations of >> list guidelines will get you moderated: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, >> change to digest, or change password by emailing moderator at >> compa...@stanford.edu. > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > compa...@stanford.edu. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.