WhatsApp too gets hacked.
Encryption is bad now.
Can here. Let’s talk encryption.
Intrinsic motivation is hard to muster, but it is powerful. Back when I worked at a cloud storage company, our CTO really wanted us to be excited about our End-to-End Encrypted (E2E) offering. He believed, rightly so, that without E2E, any rogue employee could look at any customer’s data. So we built a small web application that randomly pulled photos from employee’s accounts and put them on a giant TV screen for everyone in the office to see. There was a small backlash; the employees were encouraged to use the product for their daily use but no one really agreed to have their coworkers see the photos of their kids.
The giant screens, however, stayed for a few months until we actually finished the E2E features fully integrated.
Encryption was thrust back into the headlines, albeit in a roundabout way. Financial Times reported last week that the Israeli spyware company, NSO Group, developed a tool that used Facebook’s WhatsApp voice call feature to install a surveillance software directly.
It is scary stuff (emphasis mine):
WhatsApp, which is used by 1.5bn people worldwide, discovered in early May that attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s phone call function.
The malicious code, developed by the secretive Israeli company NSO Group, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs, said the spyware dealer, who was recently briefed on the WhatsApp hack.
You get a missed call, and game-over. You may not even be aware that you’ve been hacked! It doesn’t get much worse (better?) than that.
Facebook’s WhatsApp is famous for deploying end-to-end encryption to billions of people worldwide. That seems like a noble thing. It is likely that WhatsApp founders actually believed in the benefits bestowed upon with the encryption scheme. But then, they also said [advertising sucks], so who knows? You can’t buy loyalty they say, but turns out, you can rent it.
I’ve talked long about whether Facebook merging all its chat applications into a giant Voltron of a messaging app while also introducing E2E is a privacy-forward act.
First, the encryption. Zuckerberg might appear to leave data on the table when he decides to encrypt all communications, but that’s hardly the case. Facebook doesn’t use the contents of the messages today for advertising. Yet the company’s targeting is so good and people more predictable than they think, people accuse the company of listening their private conversations. Moreover, even when Facebook encrypts all the messages you send and receive, it will still be collecting tons of other sources of data, such as the metadata about the messages, location information gathered but the apps, your browsing habits via the various trackers on the web, data shared by apps that use Facebook SDKs, and the huge troves of data buys from other data brokers. None of that, seemingly is changing.
In some way, the NSO Group’s hack (seemingly) has little to do with end-to-end encryption; rather it relies on a bug in the larger app to install a surveillance tool that captures things before they are encrypted by the app.
The end in “end-to-end” sort of hides the fact there are several layers that exist before the data is fully encrypted, in a way that makes it invisible to the transport layer. First of all, you have to type it in to your phone, which exposes what you type to people (or cameras, mind you) around you. Even if your screen is covered, and keyboard, you are still leaking data from your keyboard, both visually and acoustically.
But then there’s also the operating system that your app is running on; you simply rely on the fact that your keyboard isn’t logging things as you type them, your camera isn’t recording when it shouldn’t, so on and so-forth. There are a lot of “loose” ends before the end-to-end shrouds your messages in mathematical secrecy. And then, there’s the recipient. In most cases, you have no idea what situation the recipient is in or who he or she might be. For all you care, they might be just broadcasting your texts to the building across from them.
Encryption is just part of the puzzle, it is definitely not panacea.
Relatedly, Bloomberg writer Leonid Bershidsky stirs the pot:
“End-to-end encryption” is a marketing device used by companies such as Facebook to lull consumers wary about cyber-surveillance into a false sense of security. Encryption is, of course, necessary, but it's not a fail-safe way to secure communication.
Bershidsky’s piece generated its own controversy and I admit I hesitated before linking to it, granting it further clicks and page views. The provocative tone makes it hard to tell if it was written in good faith, and the original headline (“WhatsApp hack shows End-to-End-encryption is pointless”) did not do it many favors. Something about WhatsApp encryption does make people say dumb things, I think. *cough*Guardian*cough*.
To make the obvious painfully obvious, I do not think E2E is a marketing ploy, but rather a necessity at this point. Whether that necessity is driven by public demand for privacy (good!) or Zuckerberg et al wanting to defer any sort of responsibility for what happens on its platform (bad!) is a different discussion.
However, the point Bershidsky tries to make but gets lost in his inflammatory rhetoric is that if you are targeted by a state-level actor, you are probably done for. The Mariana trench level of depth hardware and software stack ensures someone will forget to plug a hole somewhere. And of course, the many, many, points of leverage a government has over people around you practically ensures that only the most life-long dedicated evade the Big Brother’s watchful eyes. If all fails, there’s always a wrench somewhere.
Then, a more interesting thing to ponder is whether you would want truly unbreakable E2E communications widely available to everyone at all times. My knee-jerk reaction to this is “Yes” but at the same time, “But how?”. Think hard enough, and you might even end up at “Maybe not?”.
We’ve seen that as there’ll be E2E communications, there’ll be ways to work around them. It is painfully naive to think we’ll hit on a technology to fix all those before the technology to break it all won’t develop. I am not a quantum technology expert, but some people are worried.
And there’s the human side. Be it Signal, Facebook’s WhatsApp, Wire, or Telegram, or Apple’s iMessage, or Wickr, we are at the mercy of a few people to get a ton of software and hardware right, and do the right thing all the time. We practically ran the internet on a buggy cryptography library for more two years before anyone noticed, and that was open source software.
I admit I don’t have a good answer here.
On one side, I do not want people over at Menlo Park to peer through my chats on Facebook’s WhatsApp nor do I want people in Switzerland to go through my ProtonMail email. I am not sure if they cannot right now, but I know without E2E, they can. I’ll take that side of the deal, and you should too. Similarly, basic encryption protects you from a customs officer at the border having a bad day, or an ex-boyfriend that just wants some dirt. The same argument goes for mitigation dragnet surveillance. Not everyone, yet, can afford NSO Group’s software.
Moreover, E2E makes data stored in the cloud much, much less valuable. I believe that there are unaccounted liabilities in data, one of which is how the vast quantity of it presents a nice fat prize to focus all hacking efforts on. Properly encrypted data turns the data into an amorphous blob that is of no use to anyone.
Yet, how do you explain to tens of Indians or Myanmar residents that you simply cannot control people’s behavior, when you are benefiting from the encryption mostly? Apple put on a brave face when it resisted FBI’s attempts, but will it be able to do the same if there was a bigger threat to national security? Will Microsoft? Would we even know that these companies cooperated with the government? If Google tomorrow drops a key logger on your phone, I am not sure if anyone would be the wiser.
This stuff is not going to be fixed by us being miserable about it, but rather having a real debate between technologists and other stakeholders. This will mean working with governments, but also investing in new technologies. The other options are not workable.
Going back to the company I mentioned in the beginning. I am not sure how much the shame-board helped, but we eventually finished implementing what we called The Vault at the time; a folder that you could optionally put your data in. It’d be slightly slower, and some of the features like search and thumbnail generation wouldn’t work on all devices, but it “worked”. Yet, turns out, turning yourself into a dumb hard drive in the cloud is not much a business model. So that idea got scrapped.
There’s a lot more to say about that, but hey, I am not going to put that in writing or even tell you online. I’ll tell in person. Between us ;)
What I’m Reading
Why Books Don’t Work: Andy Matuschak, a well known software engineer, talks why books (or lectures for that matter) aren’t great mediums for people to actually learn and integrate things from and presents his own (experimental) solution. Andy is always at the forefront of learning sciences, and I’m looking forward to see where he goes with this:
Instead, I propose: we don’t necessarily have to make books work. We can make new forms instead. This doesn’t have to mean abandoning narrative prose; it doesn’t even necessarily mean abandoning paper—rather, we can free our thinking by abandoning our preconceptions of what a book is. Maybe once we’ve done all this, we’ll have arrived at something which does indeed look much like a book. We’ll have found a gentle path around the back of that intimidating slope. Or maybe we’ll end up in different terrain altogether.
The Night The Lights Went Out: This is part harrowing, and part hilarious. Writer Drew Magary describes in gory details how he woke up from a chemically induced coma after a traumatic brain injury. I don’t want to spoil anything, but you owe it to yourself to read this:
[…] But I do know that I’m different. Still me, but not quite. All the pieces of me aren’t all lined up exactly as they were, and I haven’t fully accepted this yet. I liked who I was before all this. I’m not sure about this new fella.