[liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]

[Andrés Leopoldo Pacheco Sanfuentes]

Thanks, FL, for your succinct description.

Anybody serious about decryption cannot use standard social networks,
which are predicated on access to private data for marketing and
"development" (eg, as test data for new features, debugging, etc)
purposes, and naturally open to government intrusion with few
exceptions that have proven irrelevant in the final analysis (e.g. the
iPhone in question was cracked and data on it accessed by the
government, without Apple's consent or assistance). Still, we as
concerned citizens of the world have to take the high road and object,
ceaselessly protesting this sorry state of affairs.

Those wanting to preserve the integrity of certain of their
communications and personal data need to resort to alternative tools,
which provide protections with varying degrees. Concerned citizens of
the world in the hacking space would continue to work on these tools
to shield them from the prying eyes of marketeers and governments.

Finally, what you depict about the rule of law and governments, as you
note, is not exclusive to this topic of private data. For example,
Central American and Mexican mothers and children entering the US
without authorization through its Southern Border and seeking
protection from rampant violence in their countries of origin are not
given the appropriate treatment as stipulated in current US law
regarding asylum seekers.

Best Regards | Cordiales Saludos | Grato,

Andrés L. Pacheco Sanfuentes
<alps at acm.org>
+1 (347) 766-5008


On Sun, Jan 15, 2017 at 7:25 AM, FL <flucom.02 at gmail.com> wrote:
> First of all I thank Carlo and Cristina for welcoming me. I was afraid that
> as a man who studied law rather than computer science I wouldn’t fit in here
> so well. :-)
>
> I’ll clarify right from the beginning though that neither I live in the US
> nor I work on the privacy field. I’m just a geek (not hacker) and a lawyer
> who happens to be deeply worried about the current state of affairs. Because
> of that and because I don’t have much time, I can’t study in deep the US
> regulatory frame that some of you have mentioned. However, I would very much
> like to say a few “general” things.
>
> I think we all here understand we are going through a dark age, where you
> can't trust the so-called rule-of-law anymore. That democracy and the
> rule-of-law are just a charade to cover-up the fact that a group of people
> can do whatever they want as they keep the power (technical resources in
> this case) to do so, has never been as evident as it is now.
>
> Facing that reality, I think it's good to reduce the possible approaches on
> this issue, very simply, to just two alternatives — laws of man and laws of
> physics (just as Assange et al. put it in 'Cypherpunks').
>
> We have realized laws of man don't matter that much anymore. That old
> principle of life, according to which the strongest one can do whatever he
> wants, is obviously bigger than any Constitution, law or court decision. So,
> if laws of man won't work as it has been proven over and over again until
> this point, it's clear the discussion should go on through a different path,
> i.e. laws of physics (aka encryption). It is true encryption, not laws, what
> matters the most. And if that means that there is something wrong in a
> widely used piece of code (say IM, browsers, etc.), it needs to be addressed
> right away.
>
> You can fight PRISM, XKEYSCORE and every secret program calling them
> illegal, against the Constitution, against what your Founder Fathers
> declared, and even against common sense and decency all you want. Still,
> nothing of that grants there won't be mass surveillance. If it's not clear
> and obvious enough at this point, I'll say it again: nothing. Your
> government will play whatever ridiculous legal gymnastics is necessary to
> call their dark practices ‘legal’. Except that, of course, nothing of that
> makes them legal, the same way that droning people on foreign and sovereign
> territories (even worse, with no previous due-process) is not legal just
> because Obama says so.
>
> In order to protect our privacy and freedom, encryption is the way to go and
> the really important matter to discus. This is why hackers are, in reality,
> the ones called to change the current state of things. Changes in law-making
> will do little, specially in a country that is not precisely well-known for
> having people willing to account their government, stand for their rights
> and turn things upside down a little bit if necessary.
>
> FL
>
> P. S. Have a look at this news. Needless to say, the legal implications of
> this are huge and affect not only privacy, but also basic principles such as
> due-process. The 'fuck you people' train is not stopping.
>
> https://theintercept.com/2017/01/13/obama-opens-nsas-vast-trove-of-warrantless-data-to-entire-intelligence-community-just-in-time-for-trump/
>
> (Btw, Obama ruling with executive orders bypassing the Constitution, the
> Congress and practically everything is no different from the Rule by Decree
> practiced in Ancient Rome a few centuries ago and many Latin American
> governments in the current era — I’d say it’s even worse.)
>
> On 15-01-2017, at 09:38, Rich Kulawiec <rsk at gsp.org> wrote:
>
>
> Who owns WhatsApp?  Facebook.
>
> What is the purpose of Facebook?  Surveillance and data acquisition.
> They've spent billions building the infrastructure for it.  They have
> expanded the nature and scope of it at every possible opportunity.
> They have been caught -- over and over and over again -- lying about it.
>
> So now, suddenly, for no particular reason, they're going to reverse
> course, do the exact opposite of what they've always done *and* they're
> going to tell the truth about it?  After spending billions to acquire
> WhatsApp and all that valuable data?  Yeah.  That's gonna happen.
>
> Quoting from the same story referenced earlier:
>
> "In August 2015, Facebook announced a change to the privacy
> policy governing WhatsApp that allowed the social network to
> merge data from WhatsApp users and Facebook, including phone
> numbers and app usage, for advertising and development purposes."
>
> And let me quote Dave Burstein's take on this from Dave Farber's IP list:
>
> I just read both articles twice. I'm not a security expert, but I think I
> see what's happening here.
>
> I believe the Guardian article was correct in the claim that Facebook
> could, sometimes read some encrypted messages, using a feature included to
> deal with users switching SIM cards, etc.  Depending on security settings,
> the user may not even be aware of the switch. Facebook "cooperates with
> legal government requests."  In England and probably other countries,
> the security agencies can legally request just about anything.
>
> The Guardian probably was misleading writing "Facebook and others,
> could intercept.  The Guardian shouldn't have called it a "backdoor"
> without qualifying the comment with "for Facebook & Governments."
>
> It appears that no one could use this without Facebook's help.
> Governments presumably could get Facebook's help.  It would cost Facebooks
> $B's to be shut out of India or Russia, $10's of billions if it prevented
> them from China.  I see no reason to believe Zuckerberg would resist to
> the end that kind of pressure.  Apple wouldn't; they just kicked the New
> York Times out of the App Store in China.  Google might, as evidenced
> by their willingness to exit China.
>
> Facebook's answer to Gizmodo was so misleading the author should not
> have written the story that way. Facebook denied that this was a way for
> outsiders to crack What'sApp, which wasn't the Guardian's claim.
> But Facebook didn't address the substantive claim in the article, that
> Facebook and the governments it cooperates with can intercept (some,
> sometimes.)
>
>
> I pointed out much the same thing on this list years ago.  If China
> goes to Facebook and says "put in a backdoor or stop doing business here",
> Facebook will put in a backdoor.  If Russia goes to Facebook and says
> "give us a full data feed or stop doing business here", Facebook will
> give them a full data feed.  Of course they will: there's no way they're
> going to leave all money on the table.
>
> ---rsk
> --
> Liberationtech is public & archives are searchable on Google. Violations of
> list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
> change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations of
> list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
> change to digest, or change password by emailing moderator at
> companys at stanford.edu.