8

According to The Telegraph, a member of the British government is calling on WhatsApp to release the messages sent by the terrorist that committed the attack on London on March 22, 2017.

It's lead me to wonder, does WhatsApp, barring any intentional backdoors, have a way to break its own end-to-end encryption assuming no access to the physical device?

Meaning, if the government were to obtain a court order, would it even be possible for WhatsApp to comply?

Anders
  • 64,406
  • 24
  • 178
  • 215
Magisch
  • 293
  • 2
  • 9
  • 2
    There may be end-to-end encryption, but the only thing that's keeping WhatsApp from sharing the information outside that communication is their promise of privacy. Given that Facebook owns WhatsApp, I don't have much faith in that promise. – S.L. Barth Mar 27 '17 at 07:25
  • @S.L.Barth no the end-to-end would make it impossible (if implemented correctly) to share the content of the messages as whatsapp does not have the private keys to decrypt the messages. – Wealot Mar 27 '17 at 08:05
  • 1
    Because you're constraining the question by saying "no intentional backdoors", but also saying that the end-to-end encryption is properly implemented, you are basically asking us to guess at a potential, unknown, vulnerability. – schroeder Mar 27 '17 at 08:32
  • 1
    I think they (whatsapp) could comply to a government request without a backdoor, they can get a copy of the key for the front door. And they probably have something in place to do this already in their code for their 'report abuse' functionality. But also the language 'properly implemented' is hazy, proper for who? – daniel Mar 27 '17 at 08:36
  • @Wealot That's why I said "outside that communication". The actual exchange of messages is end-to-end encrypted. But the WhatsApp instance on a user's device still has access to the plaintext. Who guarantees us that the app doesn't store the plaintext, and sends it to FB via a covert channel? – S.L. Barth Mar 27 '17 at 08:36
  • @daniel The report abuse function could also simply copy the message to a known account - it's being used by someone with the legitimate key, who can see the clear text, after all. You don't need to decrypt it again. – Matthew Mar 27 '17 at 08:41
  • But if it was like that (plain text sent from user A's machine) then user A could report abuse and 'frame' user B by changing the contents of the message, whatsapp would need to know the message actually came from user B by getting the private keys and checking a log of the messages. This is why I am suggesting that the providers that we are talking about here do have some way of reading end to end encrypted messages in certain cases. – daniel Mar 27 '17 at 08:49
  • 1
    @S.L.Barth Ah ok! didn't understand it properly then :D. But yes it all comes back to what Whatsapp says versus what they actually do.... :P – Wealot Mar 27 '17 at 08:56
  • @Wealot No problem. To be fair, I don't think they'll _break_ their promise of privacy. They'll _dodge_ it. They probably have some clause in the T&C to get at your data after all. – S.L. Barth Mar 27 '17 at 09:00

5 Answers5

6

I think the answer is maybe. They may save the keys at the start, or have functionality to copy the keys from the device, but still sell their messaging service as end to end encrypted. The idea then is that if one of the users reports bad behavior from another user they can step in and decrypt the messages to verify the claim. Also this means whatsapp might get a secret request from some TLA and do it without telling anybody, possibly without access to the users devices since those guys could already have a copy of the encrypted messages.

Also if it is like this then everyone would like to pretend it's not, people would still have to act outraged when something happens in the news that involves the program.

daniel
  • 774
  • 3
  • 12
  • 1
    I wrote "Assuming no intentional backdoors on their part" – Magisch Mar 27 '17 at 06:59
  • 3
    We have a different idea of what a backdoor is, I think a back door is "only the secret key can decrypt this message, or the super secret backdoor key password123" – daniel Mar 27 '17 at 07:22
  • Could those messages then be used as evidence in court? That would give away the "secret" backdoor. – Awn Mar 27 '17 at 09:03
  • 2
    @Eclipse That's a classical problem - once you use information gained by cryptanalysis, the enemy will know you've broken their encryption. The usual answer is to find other ways in which the information would be found. They can't use such information directly without exposing themselves. But it may help to find other incriminating evidence that can be used in court. – S.L. Barth Mar 27 '17 at 09:10
  • 2
    Yep, DEA calls it parallel construction, I remember a documentary saying with the enigma Churchill would would fly a reconnaissance plane over where they knew someone to be from the broken encryption . – daniel Mar 27 '17 at 09:21
4

Even if Whatsapp fully respects privacy and managed not to be able to access its users private key (*), intelligence services could still be interested in encrypted messages. If they can get a smartphone containing a key but where messages has been cleaned, the key + the encrypted messages allows to immediately decrypt everything.

AFAIK, Whatsapp is a closed source application, so I cannot say whether they store the private keys on their own servers or not.

Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84
  • This is SPOT ON and exactly answers the OP's question. WhatsApp of course can hand over the messages sent thru them. Decrypting them is something else. – Marcel Mar 27 '17 at 12:11
  • Even though Whatsapp is closed source, people can reverse engineer the binary application to see what it does. – paj28 Mar 27 '17 at 14:06
  • @paj28 I'm unsure that the license allows reverse engineering, but I'm sure that **I** won't do. If I want to securely exchange data, I will rely on well known protocols like MIME encrypted mails, and never waste time to try to guess what is in a closed source protocol! – Serge Ballesta Mar 27 '17 at 14:30
3

Given that Whatsapp does everything it says it does (so no intentional backdoors in the broad sense of backdoor) that would not be possible.

A device receiving the messages has the private key on the device. Whatsapp says it does not get that private key from the devices (and I believe someone would have noticed if they did...).

Conclusion: No Whatsapp cannot comply with any requests for content of messages if they haven't intentionally build a "backdoor"

Wealot
  • 879
  • 2
  • 12
  • 25
  • @SergeBallesta That is what I meant, sorry if that did not come over correctly. I edited the sentence a bit. – Wealot Mar 27 '17 at 12:23
2

They can add a backdoor

If the current version does not have a backdoor, they can release an updated version that does. Most mobile devices are configured to automatically update applications.

paj28
  • 32,736
  • 8
  • 92
  • 130
  • 1
    But would that help them read past conversations? – Anders Mar 27 '17 at 08:56
  • 1
    @Anders You can see past conversations in WhatsApp, right? So unless the user has deleted the conversation, the plaintext is still available. – S.L. Barth Mar 27 '17 at 08:58
  • 2
    @S.L.Barth Good point. But one of the participants of that conversation will not turn on his phone to recieve any updates. The other party might very well be smart enough to delete the messages, given that this is in the international news and everything. – Anders Mar 27 '17 at 09:02
  • @Anders no, not past conversations (probably). The Signal protocol supports forward secrecy. – Awn Mar 27 '17 at 09:04
  • 2
    @Anders - I don't know what state the terrorist's phone is in, but if it's on but locked, it may still get application updates. – paj28 Mar 27 '17 at 09:09
2

Backdoor or not - that's mainly a question of semantics - I think these are the two relevant points:

  • If WhatsApp has the ability to get decrypted conversations, they have been misleading their customers about what their app does.
  • Wheater or not WhatsApp would mislead their customers is a question of trust that can not be answered objectively here.
Anders
  • 64,406
  • 24
  • 178
  • 215