The media and its misunderstanding technology

[PaulCa]

https://www.bbc.co.uk/news/uk-england-hampshire-45408338

I forgot the police "can" now ask for your password and... put your in prison for refusing to give it. This was highly controversial when the law was proposed, and in my view it still is.

 

[PaulCa]

Do you have a source for that?
That's not the way facebook or whatsapp claim their end-to-end encryption works.

If the encryption was done at facebook/whatsapp then it wouldn't be end-to-end and the police could intercept with a normal "wire tap" warrant at the ISP.

 

[touch]

If the encryption was done at facebook/whatsapp then it wouldn't be end-to-end and the police could intercept with a normal "wire tap" warrant at the ISP.

Yes, that's my understanding too.
Messages are encrypted with keys generated on a user's device so nobody else would be able to read messages - even employees with full access to database, etc.

Obviously, I havn't seen the code of these apps so I'm just assuming that facebook/whatsapp are not lying about how their encryption works. It would be interesting if there was a credible source which claims otherwise.

 

[Felon]

If the messages are encrypted on the phone, then I imagine that the IP communication between the devices is also encrypted, (SSL, or whatever) so that any attempt to do a wire-tap at the ISP, (Lawful intercept) would result in them capturing encrypted packets, unless they can crack the encryption, the wire-tap would be useless I imagine.

 

[Shocky-FM]

Social media is fair game as far as I'm concerned,

Gets a bit more complicated with Google and Apple accounts...

 

[touch]

unless they can crack the encryption, the wire-tap would be useless I imagine.

Also, each individual message has a unique encryption key. So they'd need to repeatedly "crack" the encryption.

 

[Deleted member 77746]

Encryption works by write > read > send > scramble > receive > unscramble > read

 

[touch]

Encryption works by write > read > send > scramble > receive > unscramble > read

Nope.
The scramble comes before send.
The message is scrambled on your device. It then gets sent to the recipients device and is unscrambled there. Nowhere else en route is it unscrambled (eg facebook server, etc)

 

[Felon]

Nope.
The scramble comes before send.
The message is scrambled on your device. It then gets sent to the recipients device and is unscrambled there. Nowhere else en route is it unscrambled (eg facebook server, etc)

Yeah that's how I remember it working for Whatsapp, and why I remember there was such a hullaballoo around it - because the company itself couldn't even provide access, because the company servers weren't part of the encryption - it was device to device, pretty damn strong.

 

[Deleted member 77746]

Nope.
The scramble comes before send.
The message is scrambled on your device. It then gets sent to the recipients device and is unscrambled there. Nowhere else en route is it unscrambled (eg facebook server, etc)

ai that's the one!

 

[jsmoke]

All about winsock.dll people that's where the magic is.

 

[Destination]

I may be too cynical, but the sheer fact he refused to hand it over shows he’s got something to hide.

Thus why such actions were made an offence, and indeed, why this chap was jailed for it.

 

[Malevolence]

Gotta be a sandwich or two short of a picnic to discuss raping and then murdering a child on a Facebook account under your own name.

 

[Strife212]

It is stored in encrypted form

No it isn't. It's a one way hash.

 

[jsmoke]

No it isn't. It's a one way hash.

What I said. It's hashed then stored in the db.

 

[stockhausen]

Stephen Nicholson was jailed for 14 months - he will probably serve about half that.
I wonder how long he would have got for "dealing" cannabis?
Probably less than 14 months but he would get likely a whole lot more for murder and sexual activity with a child.

Still, not to worry, Facebook will probably release the relevant details within a couple of months and then, if the "wholly inadequate excuse" for a human being is telling the truth he can be tried for dealing cannabis.

 

[PaulCa]

I may be too cynical, but the sheer fact he refused to hand it over shows he’s got something to hide.

The thing that pops into mind is... "You have the right to remain silent"

It's slightly different in England speak, but basically this:
https://en.wikipedia.org/wiki/Right_to_silence_in_England_and_Wales

The law requiring you to provide evidence against yourself is in contradiction of this, is it not?

The providing your password to police thing unnerves me. I see it as opening yourself up to impersonation, framing and being taken out of context. Also you have to consider that giving the password to facebook may indeed give them the password to much more. Not only that but it provides police with access to otherwise private information about other friends and family for which they do not have a warrant.

 

[robfosters]

The thing that pops into mind is... "You have the right to remain silent"

It's slightly different in England speak, but basically this:
https://en.wikipedia.org/wiki/Right_to_silence_in_England_and_Wales

The law requiring you to provide evidence against yourself is in contradiction of this, is it not?

The providing your password to police thing unnerves me. I see it as opening yourself up to impersonation, framing and being taken out of context. Also you have to consider that giving the password to facebook may indeed give them the password to much more. Not only that but it provides police with access to otherwise private information about other friends and family for which they do not have a warrant.

The case isn’t a misdemeanour, it’s the tragic murder of a young girl. For me, finding the killer comes before all else. He was close to the girl, lived in the same house. If he’s as innocent as he claims, wouldn’t one of his priorities be to help the police with their enquiries and to eliminate him, thereby freeing resources up to follow other leads?

No, he’s blatantly refused that. It’s obvious he has something to hide, but the police may now have to wait up to six months before they can get access to his Facebook. Somethings seriously wrong with the system.

Oh, and this isn’t sixties London or an episode of the Sweeney, the police don’t ‘fit’ people up any more.

 

[RoyMi6]

Yes, that's my understanding too.
Messages are encrypted with keys generated on a user's device so nobody else would be able to read messages - even employees with full access to database, etc.

Obviously, I havn't seen the code of these apps so I'm just assuming that facebook/whatsapp are not lying about how their encryption works. It would be interesting if there was a credible source which claims otherwise.

Sorry, I think we're both in agreement.

All I'm suggesting is that because these apps are closed your putting all your faith in these companies to implement the encryption the way they say they are.

The best sort of encrypted communication applications are going to be one that are open to review so that it can be confirmed that they're implementing the processes correctly.

...in all fairness, the way "secure conversations" are implemented on Facebook Messenger suggests that the two parties are actually the devices you're using...

I agree that, on the surface, Facebook and WhatApp appear to be implementing it correctly.

I can't prove otherwise, but I don't think you could confirm that's the case either...

 

[jpaul]

The law requiring you to provide evidence against yourself is in contradiction of this, is it not?

prior art article here
Self-incrimination—Privilege against selfincrimination— Refusal to disclose means of access to protected data

Thus, despite the privilege, individuals might sometimes be required to answer questions or provide information or documents which might incriminate them. In those circumstances it was not submitted that the privilege against self incrimination was absolute, nor that the offence created in the context of RIPA 2000, Pt III was incompatible with Art 6 of the Convention.
....
On analysis, the key which provided access to protected data, like the data itself, existed separately from each appellant’s will. Even if it was true that each created his own key, once created, the key to the data, remained independent of the defendant’s will even when it was retained only in his memory, at any rate until it was changed. If investigating officers were able to identify the key from a different source no one would argue that the key was not distinct from the equipment which was to be accessed, and indeed the individual who owned the equipment and knew the key to it. Again, if the arresting officers had arrived at the premises immediately after a defendant had completed the process of accessing his own equipment enabling them to identify the key, the key itself would have been a piece of information existing, at that point, independently of the defendant himself and would have been immediately available to the police for their use in the investigation. In that sense the key to the computer equipment was no different to the key to a locked drawer. The contents might or might not be incriminating: the key was neutral. In the instant case the prosecution was in possession of the drawer: it could not, however, gain access to the contents.

so if the key can be obtained elsewhere, seem to be obliged to divulge it.

All I'm suggesting is that because these apps are closed your putting all your faith in these companies to implement the encryption the way they say they are.

a strawman suggesting how back-doors could have been left in.


I can't see why he did not divulge the key though, was he hoping that bought time, may have meant that some of the (friend/accomplices) data would be lost since fb would not have managed to encircle/archive it all.


On original OP, media unlike ministers, understand technology all to well, but any means to orchestrate public opinion for legislation to infer social responsibility on the social media companies is fair ? .. so op needs to think about medias motivation (albeit self preservation for them too)