On July 19, 2016, WhatsApp was blocked once again in Brazil. This time – the fourth one – the decision was issued by a state judge in Rio de Janeiro (click here to see an English version), which ordered the interception of real-time messages exchanged over the application in the context of a criminal investigation.
Facing similar orders, WhatsApp has been claiming that it is impossible to comply with them without compromising the security of the whole system. The argument is that since the adoption of “end-to-end” encryption technology, the company does not hold a master key to decrypt the content of messages, making it impossible to turn over the information requested by law enforcement authorities. When users communicate through the application, only the two participants – the sender and the recipient – hold the keys to decrypt their messages, which keeps them confidential and ensure that the encryption is “strong”, i.e. unbreakable. This is what has been causing the quarell.
Even though the case is under seal, differently from previous cases, the judge Daniela Barbosa de Souza Assumpção, from the 2nd Criminal Court of Duque de Caxias, decided to issue a public ruling separately, preserving the rest of the case in secrecy. This aspect was positive, because in the three previous cases there was hardly any information to understand what was at stake.
Nevertheless, the ruling was very controversial (being eventually reversed on the same day by the Chief Justice of the Brazilian Supreme Court – click here to see an English version). Apart from the discussion about the proportionality of the decision, which affected thousands of Brazilians, the question is whether there are legal grounds to force companies to develop backdoors. In other words, it would be necessary to answer whether there is any law in Brazil prohibiting end-to-end encryption, or any law requiring companies like WhatsApp to develop mechanisms that grant law enforcement with access to exchanged messages.
Besides the legal issues, each chapter of this story involves other questions that require a deeper understanding of how encryption technology works, what are its purposes and what are the arguments to justify its use: what are the consequences of the solutions that aim to “circumvent” end-to-end encryption, such as the judge tried to order? What is at stake in the case of a proposed bill to “regulate” access to users data from applications such as WhatsApp, as suggested by the Minister of Justice Alexandre de Moraes?
To shed some light on these questions, “Deu nos Autos” talked with two encryption experts: Riana Pfefferkorn, Cryptography Fellow at the Stanford Center for Internet and Society (USA), and Tobias Boelter, PhD candidate at University of California, Berkeley (USA) focusing on Security and Cryptography.
In their interviews, the experts emphasized that neither requiring companies to disable the use of encryption nor simply banning it can be considered good solutions. Instead, law enforcement authorities should invest in alternative methods of investigation, focusing on metadata. You can find the full interviews below, conducted by Dennys Antonialli, director of InternetLab, and Jacqueline Abreu, surveillance project lead at the same organization.
3 questions for Rihanna Pfefferkorn, the Cryptography Fellow at the Stanford Center for Internet and Society (USA):
“The debate over encryption vs. law enforcement is a “security vs. security” debate, not a “privacy vs. security” debate”
Alternative investigative resources
Dennys Antonialli (director of InternetLab):This is the fourth time a court decision demands the block of WhatsApp in Brazil due to the company’s refusal to turn over users data. Law enforcement authorities claim that the ability to intercept messages in real time and to have access to stored communications is vital to investigate and punish serious crimes. They also claim criminal organizations are relying on the app as their main source of communication to avoid surveillance. Are there any alternative sources of information/data law enforcement could be looking at to investigate these crimes while preserving the use of end-to-end encryption?
Riana Pfefferkorn: We really live in what’s been called a golden age of surveillance. At least, that’s true in the US. I don’t know what types of data law enforcement in Brazil collect, but under the Marco Civil, Luiz told me that companies have to retain non-content information about communications. Leaving aside whether or not Marco Civil’s data retention mandate is ultimately a good policy, under this law, even if police can’t obtain the actual contents of messages due to end-to-end encryption, my understanding is that they can find out who’s been messaging whom, when, and how often. That provides a great deal of knowledge, as EFF has explained. Also, if Brazilian law is like US law, they can obtain location data from the suspect’s mobile phone service provider about everywhere the suspect’s phone (and therefore the suspect) has been — a complete log of his movements over time. That may show where his conspirators live or work, where contraband is kept, etc. With enough information, police could get search warrants for those locations.
Law enforcement could also use traditional police strategies to investigate: they can get information from confidential informants or witnesses. They can get a court order to wiretap suspects’ phone calls, even though perhaps this is less useful if it is true that criminal organizations are trying to avoid surveillance and thus are not using the phone much.
Also, WhatsApp itself does not store messages, but iPhone users can choose to back up messages to the cloud. Brazilian police could use MLAT to get Apple to turn over the backup, as noted in this article. But that may not work — it is not clear to me whether those messages are encrypted, or whether the iCloud backup is encrypted by Apple — so I’m not sure that obtaining the backup would mean obtaining readable, unencrypted messages. Chris Soghoian suggests (in a tweet linked in that article) that users can store unencrypted backups of WhatsApp messages. If that’s true, those would be readable if obtained by police.
There is also the controversial practice of government hacking — when intelligence agencies or law enforcement use vulnerabilities in commercial hardware and software products to get access to a target’s computer or mobile phone. This happened in the “Apple vs. FBI” case, and in a high-profile child-pornography case. While virtually everyone in the security and civil liberties communities in the US agrees that backdoors are a bad idea, opinion is not unanimous when it comes to government hacking. Some experts think that government hacking is an acceptable alternative, as explained in this paper by several well-known computer security experts. I don’t support government hacking as a “solution” to the encryption “problem.” I suspect that you in Brazil could think up a few reasons why you might not be comfortable with the Polícia Federal having the ability to hack into your phone.
DA: The latest court decision states that messaging apps that refuse to develop technological backdoors to grant access to such messages by law enforcement are illegal and should be prevented from operating in Brazil. In addition, our Minister of Justice has made a statement defending the enactment of regulation that would require companies which are responsible for such apps to establish a local office in Brazil so that enforcement of these requests are facilitated. Just recently, the Supreme Court of India has dismissed a case seeking to ban end-to-end encrypted messaging apps in the country but, as you have recently noted, urged the petitioner to take the matter to the appropriate state agencies. At the same time, in the US several bills have been proposed and Apple has gone public about the FBI pressure to circumvent device encryption. How do you see these national attempts to ban the use of (end-to-end) encryption? What are the implications of these strategies worldwide?
RP: I view these national attempts to ban robust encryption as misguided and futile. Misguided, because strong encryption is so important for the economy, for protecting transactions such as banking, for protecting our data from hackers or thieves, for protecting fundamental rights like privacy and freedom of expression, etc. Futile, because no country can stop the spread of end-to-end encryption — people will develop end-to-end encrypted messaging apps, etc. in some other country that doesn’t ban it, and via our global Internet (or via Brazilians returning from visits to that other country, etc.), those tools will very quickly be downloaded by people in Brazil. People will still get their hands on strong, non-backdoored encryption, just not from companies operating in Brazil.
Privacy v. security
DA: In her decision, the judge frames this case as a tradeoff between the right to privacy and the right to public safety and national security. As we know, Brazilian law enforcement authorities are not the only ones pressuring companies to create backdoors. Do you think encryption is a threat to security? How do you reconcile these two apparently conflicting rights?
RP: No. The judge’s framing is wrong. Strong encryption promotes strong security, it does not threaten security. The debate over encryption vs. law enforcement is a “security vs. security” debate, not a “privacy vs. security” debate. If encryption is backdoored for law enforcement, that backdoor can be used by bad guys too. If Brazil requires backdoored crypto, then everyone using the backdoored crypto is at risk. That could include Brazilian businesses, which need to protect against economic espionage; Brazilian banks that could be hacked; and even the Brazilian government, which needs to keep state secrets secure from enemy governments. Strong encryption *defends against* bad guys, even though bad guys can use it to hide their activities. Given the numerous other investigative tools available to law enforcement as I described above, weakening encryption is a bad tradeoff.
3 questions for Tobias Boelter, PhD student at University of California, Berkeley (USA) focusing on Security and Cryptography:
“ Therefore, instead of insisting on encryption backdoors, law enforcement should focus on their capabilities of utilizing data obtained from other sources. Today we produce more data than ever, of which only a tiny fraction is end-to-end encrypted communication.”
End-to-end encryption and stored communications
Jacqueline Abreu (researcher of InternetLab): WhatsApp has recently announced it adopts end-to-end encryption to protect the content of the messages exchanged in the app and has been claiming the technology prevents anyone from having access to them (apart from the recipient). From a technical standpoint, is it true that the use of end-to-end encryption makes it impossible for the company to turn over the content of such messages to law enforcement? Is there a way to “decrypt” some of the messages that go through the app?
Tobias Boelter: It is impossible for WhatsApp to decrypt the content of messages that were sent using their app after the fact. This is the guarantee of strong end-to-end encryption.
Real time access (wiretaps)
JA: In the latest decision demanding the block of the app in Brazil, the judge demands WhatsApp to create a technological solution to allow law enforcement to have real time access to such messages (wiretapping):
“In fact, the court merely requires the disablement of the encryption key, with the interception of data traffic, with real-time deviation [of information] in one of the ways suggested by the Prosecutor’s Office, in addition to the routing of messages already received by the user and not yet encrypted, that is, the exchanged messages shall be forwarded in real time (as in the case of wiretaps of telephone conversations), before encryption is implemented.”
It seems that the judge is either suggesting what is typically known as to mount a “man-in-the-middle attack” or a compromise of an endpoint. Could you briefly explain how these mechanisms work? Are there any other ways to grant access to such messages?
TB: There are two ways that would enable WhatsApp to forward the content of future messages to the government. One fundamental difference to classical wiretaps is that the targets of surveillance will, assuming sufficient technical knowledge, be able to find out that they are being, or have been, surveilled. [These solutions, however, would either require that the company put itself in the middle of the exchanged communications, bypassing its own encryption system, or modified the technical functioning of the app.]
The first technique is what is commonly referred to a “man-in-the-middle attack”. For encryption between two parties to work, they have to exchange their so called public keys. WhatsApp does this exchange for you. In the process, WhatsApp could decide to give the parties WhatsApp’s personal private key instead of the right one. Then WhatsApp can receive all messages that the two parties send, re-encrypt them with the correct key and pretend that nothing happened. This issue is maybe best illustrated with an analogy from the “old world”. Imagine, you want to call a friend and only have his street address, but not his telephone number. So you write a letter with your telephone number and ask your friend to call you back. In the post office the government intercepts the letter and replaces your phone number with the government’s phone number and forwards the letter to your friend. Your friend now tries to call you, but in fact the government’s phone rings. They just call you on a separate line and forward your friends voice over this line. Of course you will see not your friends phone number as the caller ID, but you will think it is your friends phone number because you did not know it in the first place. However, when you one day meet your friend on the street, you can ask him whether this phone number is really his, he will say no, and then you know you have been surveilled. In the WhatsApp app, this is done by scanning each other’s “security code”.
The second technique would involve modifying the app so that it sends (certain) messages to the government in addition to sending them to the original recipient. WhatsApp can implement this new “feature” the same way they implemented end-to-end encryption: Publish a new version of the app in the App Store and push it to devices. This actually would also be the only technical way for WhatsApp to get the content of messages stored on the device. A skilled user could still figure out if her app is sending her messages to the government.
Finally, there is another strategy for the government to gain access to communication, which does not involve WhatsApp but instead focuses on the target’s device. If the government knows of software vulnerabilities in the operating system of the target’s phone, it can exploit those to gain access to the device’s storage of messages and install covert monitoring software on the device to sniff future communications. This process is usually even easier if the government has physical access to the phone, e.g. through a seizure. But then, the government would be morally obligated to disclose any known vulnerabilities to the vendors and have them fixed to maintain the security of all users.
Backdoors and vulnerability
JA: Some argue that implementing such solutions would jeopardize the security of the whole system. Is it true that this would expose the system to vulnerabilities? Is there any way to provide law enforcement with these capabilities and still ensure the system is as secure as when end-to-end encryption is adopted with no backdoors?
TB: This second technique that involves modifying the application itself would destroy user’s trust into WhatsApp as they would violate their promise of not being able to read messages. Essentially we would come back to the state where WhatsApp used no end-to-end encryption. Repressive governments, malicious WhatsApp employees and hackers capable of breaking into WhatsApp’s infrastructure would be able to read sensitive messages using the same mechanisms that the government would use after obtaining a legit court order.
Mounting a “man-in-the-middle” attack would also likely destroy user’s trust into WhatsApp but would only exploit weaknesses already inherent to end-to-end encryption, rather than introducing new vulnerabilities.
After all, as soon as the first cases in which governments use these techniques become public, the people the government seeks to convict are going to switch to a secure communication service of which plenty others, also open source ones, exist. Therefore, instead of insisting on encryption backdoors, law enforcement should focus on their capabilities of utilizing data obtained from other sources. Today we produce more data than ever, of which only a tiny fraction is end-to-end encrypted communication. Most services require this data to be unencrypted to function, and hence it will never be strongly encrypted. And even when it comes to communication, sensitive meta data indicating with whom, when, and for how long we communicate, is also still accessible by law enforcement in the traditional way.
Decision to block WhatsApp (Duque de Caxias Criminal Division)
Decision of Brazilian Supreme Court that granted the suspension of the decision of the judge of the Criminal Division of Duque de Caxias
By Dennys Antonialli, Francisco Brito Cruz, Mariana Valente and Jacqueline de Souza Abreu
Translation: Clarice Tambelli, Beatriz Kira and Juliana Pacetta Ruiz.