[liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]

[Thomas Delrue]

On 01/14/2017 08:17 AM, FL wrote:
> I'm not sure that every American company, by law, must implement a backdoor, as you imply. The last time I checked, iMessage was a very secure platform with no known vulnerabilities — which in fact has made Apple struggle with US agencies more than a few times.

CALEA
(https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act)
is no longer in effect? Or am I thinking of the wrong thing?

>> On 14-01-2017, at 10:02, carlo von lynX <lynX at time.to.get.psyced.org> wrote:
>>
>>> On Fri, Jan 13, 2017 at 07:26:29PM -0500, Sebastian Benthall wrote:
>>> https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
>>>>> https://www.theguardian.com/technology/2017/jan/13/
>>
>> I've also read http://www.golem.de/news/schluesselaustausch-aufregung-um-angebliche-whatsapp-backdoor-1701-125571.html
>> and https://tobi.rocks/pdf/whatsappslides.pdf
>> and to me it seems like all of the articles are
>> technically describing the same procedure.
>> The difference is only in the framing.
>>
>> For Facebook it is a necessity that people not be
>> bothered by key changes, for anyone in the libtech
>> business it is an alarming signal that MITM is
>> technicaly possible by default and users must be
>> specifically aware of the issue to avoid it.
>>
>> But why is anyone even expecting any true privacy
>> from an American proprietary product? Have the
>> PRISM and MUSCULAR programs suddenly been discontinued?
>> Has Freedom Act amended NSLs also for non-Americans?
>> How could Facebook afford not to pump everything they
>> can get into XKEYSCORE as before? Why did the European
>> Supreme Court rule that the US is not a safe harbor
>> for EU citizen data? Did I miss any recent developments?
>>
>> Is it the general strategy to have people debate whether
>> there is a backdoor when by law Whatsapp MUST have some
>> backdoor?