
Supreme Court to hear petition seeking ban on WhatsApp - m0v_eax
http://timesofindia.indiatimes.com/tech/tech-news/Supreme-Court-to-hear-petition-seeking-ban-on-WhatsApp/articleshow/52887016.cms
======
jacquesm
Every time you hear about something like this or read an article about
something like this you have to slow down for a moment and realize that we
brought this on ourselves. The original intent of the internet was _peer to
peer_ , not global centralized services that we all connect to.

There is no technical reason why something like whatsapp can't be peer-to-
peer. Choosing for a centralized service is implicitly choosing for giving the
powers that be the opportunity to massively listen in on our various modes of
conversation, to figure out your 'graph' _and /or_ to allow censorship.

An old quote has that the internet sees censorship as a routing problem and
will route around the break. But that only works if we explicitly refuse to
allow centralized services.

~~~
colejohnson66
Serious question: how would you decentralize something like a messaging app?
Don't you need /something/ to facilitate routing? Or do you use some kind of
public-private key encryption on a blockchain? But then how do you get
someone's public key if they're offline? And why would you want to store a
blockchain of everyone's encrypted messages? To get around that, you'd end up
with some centralized server storing the whole blockchain and you only
receiving yours? But then you're back at the problem Bitcoin has: You want a
decentralized blockchain, but people don't want to store 73,745 megabytes[0]
of other people's transactions they don't care about. Bittorrent's DHT system
still relies on a few "kickstart" servers to send you a list of peers who can
send you a list of peers...

[0]: [https://blockchain.info/charts/blocks-
size](https://blockchain.info/charts/blocks-size) (26 Jun 2016, 0519 UTC)

~~~
dingo_bat
>Serious question: how would you decentralize something like a messaging app?

Like email. Let everyone host their own chat server. Pass messages around to
the correct server and let it forward it to the user's device.

~~~
zanny
Which are what XMPP and Matrix do. Both have username / server routing and for
Matrix at least history propagates between participant host servers.

Or you go the Tox / Ring route with a DHT of users and cut out the server
alltogether, but the server part is pretty much always necessary for "pretty
usernames". Tox has been basically dead in the water for quite some time
because they have no effective DNS for users that is universal to all the Tox
apps with multiple competing implementations.

My personal takeaway is that if you are going to have a server you should take
full advantage of it like Matrix does, because Matrix mobile clients can be
push-notify based and not need to always be online to get messages (though Tox
et al have ways around that, they are all dependent on storing messages
locally to the destination in the DHT, and most users do not want to have to
cache other peoples messages).

------
viraptor
I found it interesting that a "right-to-information (RTI)" activist would be
against encryption, calling national security reasons. It seems RTI is the
Indian version of FOIA
([https://en.wikipedia.org/wiki/Right_to_Information_Act,_2005](https://en.wikipedia.org/wiki/Right_to_Information_Act,_2005))
which confuses me even more - how are those connected?

I could kind of see how the plaintext communication makes bribery and similar
things harder (which is what RTI should prevent), but if that's the reasoning
it seems to be really backwards.

~~~
Alterlife
There is probably no direct connection between RTI and encryption. Here are
some other stories I found involving this gentleman:

\--

[http://timesofindia.indiatimes.com/city/gurgaon/Most-
mobile-...](http://timesofindia.indiatimes.com/city/gurgaon/Most-mobile-
towers-are-illegal/articleshow/21640776.cms)

[http://indianexpress.com/article/cities/delhi/two-gurgaon-
sc...](http://indianexpress.com/article/cities/delhi/two-gurgaon-schools-
accused-of-misusing-dps-name-get-notices/)

[http://www.thehindu.com/news/national/move-to-link-
digital-l...](http://www.thehindu.com/news/national/move-to-link-digital-
locker-with-aadhaar-challenged/article7387459.ece)

\---

All three don't have anything to do with government corruption. What I get
from this is:

1\. He is involved in things other than government corruption.

2\. RTI is a tool that he uses, so RTI activist is probably a misnomer

3\. This is possibly just an well intentioned old man who doesn't understand
technology doing the wrong thing for the right reason.

But the supreme court is hearing him? Well then I hope that this gets squashed
at the highest level before it turns into a discussion.

~~~
gnoway
The article points out that he's 27 years old.

~~~
reachtarunhere
And I thought that only the old fogies were the crazy lot. Pity.

------
dineshp2
One of the arguments against mass surveillance is that it is blatant intrusion
of privacy, and hence it should not exist.

On the other hand, the arguments against encryption seem to be that it
cripples the Government agencies in their work against terrorists, which is a
genuine concern.

There seems to be no way to address both these major concerns (that I am aware
of), and hence the battle between privacy advocates and the camp against
encryption in the name of national security will continue.

Banning a single service such as WhatsApp is not a solution to this problem.
If someone really wants their communication to be encrypted, they can easily
make it happen using the numerous tools available, and there is nothing the
Government can do about it.

~~~
lenish
>Banning a single service such as WhatsApp is not a solution to this problem.

Generalizing this argument a bit, banning encryption is also not a solution to
this problem. The cat is, as they say, out of the bag, and unless we're going
to burn every cryptography book and remove every website documenting
cryptographic methods or hosting cryptography code, there's no putting it back
[1].

1: Presuming the development of effective post quantum cryptography cannot be
prevented and distributed, which considering the current state of PQC seems
unlikely.

~~~
avs
I think this is worth taking a step further and asking for a definition of
cryptography...what is cryptography?

Obviously here we are speaking in a mathematical sense, but encryption of
information predates the internet. Hell, it predates electricity. Where do you
draw the line? can I not encrypt my conversation with a friend by referencing
shared unique experiences?

~~~
zappo2938
I was talking to young woman a bunch of us helped get into drug rehab recently
and she said when she first moved here she used dating apps to find people who
supply drugs. All of sudden, her best friend's name is Molly and going out
line dancing mean something completely different on dating sites. I forget
what she was calling the different drugs, but like a secret crypto key, they
shared a common language.

~~~
brightball
You should read The Code Book sometime

------
matheweis
It struck me as I was reading this, the entire reason this is even a possible
thing is the advent of the "App Store"

If users obtained thier software elsewhere, the system could still "ban" it,
but people would still obtain it.

With the app stores, it becomes fairly easy for a government to unilaterally
ban a piece of software.

~~~
umeshunni
They could still obtain it, but the government could still mandate that local
ISPs and telcos block connectivity to it. This is like what they do when they
ban websites.

~~~
matt_wulfeck
They do ISP-level DNS banning, like what happened with Twitter.

Sometimes we can't engineer ourselves out of a problem and need to do it
democratically. Looks like this government is a little rotten if you ask me.

~~~
DroidX86
The petition was brought forth by an RTI (Right to Information) "Activist" and
Web Dev who works on security for private companies. It has nothing to do with
the government.

------
dietrichepp
> almost impossible for even a super computer

"Almost" impossible is a stretch. It's regarded as impractical regardless of
computational power or other available resources with current computational
technology. We might as well not even try.

> Decrypting a single 256-bit encrypted message would take hundreds of years,
> Yadav said.

That's an interesting way to phrase it.

~~~
Thiez
On a "normal" computer, it's impossible with the available resources. I think
Bruce Schneier illustrates it very well on his blog:
[https://www.schneier.com/blog/archives/2009/09/the_doghouse_...](https://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html)

If you were in possession of an ideal computer, that floats in space and uses
only the minimum energy required by physics to distinguish two states, and you
were able to convert all the mass in our solar system directly into energy
(which you probably wouldn't want to do, for obvious reasons) and feed that
energy into the ideal computer, then you would be able to count (no decryption
attempts here, just counting) all the way up to 2^231.

Trying to brute-force 256-bit keys is a very unrewarding activity indeed. If
Yadav thinks he would be able to do it in "hundreds of years" rather than
"long after all the stars have died" he must have a computer hidden somewhere
that would run Crysis very smoothly even with all the settings on maximum.

------
seabass
To someone new to crypto, how do companies like WhatsApp implement their end-
to-end encryption? Where are keys generated and how are they persisted in a
way that allows messages to be re-read no matter what device users are running
the app from but doesn't allow governments any chance at access to the keys?

~~~
gjkood
If you want to do the heavy lifting in understanding Cryptography, almost all
the relevant documentation can be found at the following resource.

[http://csrc.nist.gov/publications/PubsFIPS.html](http://csrc.nist.gov/publications/PubsFIPS.html)

A lot of the hard (math heavy) stuff used in modern cryptography has been
published almost a couple of decades ago and good books are available on
Amazon. I usually just buy them used as you get very good deals for books that
have been published several years ago.

I would recommend Bruce Schneier's 'Applied Cryptography, Protocols,
Algorithms and Source Code in C'. I was surprised to see the 20th Anniversary
Edition is out now.

[https://www.amazon.com/Applied-Cryptography-Protocols-
Algori...](https://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-
Source/dp/1119096723/ref=sr_1_8?ie=UTF8&qid=1466950028&sr=8-8&keywords=cryptography)

The math involved uses a lot of number theory (prime numbers, prime
factorization, modulo computations, chinese remainder theorem, elliptic
curves, etc)

Once you get a basic understanding of the math, you will find out why it is
hard to find the keys (if properly generated) through brute force computer
attacks.

------
kyled
Mass surveillance does not stop terrorism effectively.

Bruce Schneier wrote a book called Data and Goliath and touches on the subject
a bit. Simply to many false positives are detected.

But how will governments decrypt communications you say?

Simple, they hack the devices performing the communication, if they are
important enough. They can then get the key if needed. Encryption forces
governments to do targeted surveillance.

This isn't just about whats app, it's about all crypto systems. Without
privacy, you have no liberty.

~~~
GavinMcG
There's no "d" – it's Bruce Schneier.

~~~
gjkood
I ran into this very same issue during another posting on HN. It was auto
correct at play. I had to go back and reedit it twice because it was auto
correcting it back to 'Schneider'.

------
patall
I wonder how someone like this can call themself an activist, when it is
obvious that they have not even thought about it once. If you are truely a
terrorist, it takes you a few hours to implement a one-time-pad solution that
will be unbreakable (and you cannot prevent that, there is not much knowledge
needed for that). Only thing needed is a source of randomness but since we are
talking about messaging, we do not even need more than a megabyte of it.

But well, I am from europe, looking forward to you kicking out your security
industry and outsourcing it to us. Thanks for that.

------
hitr
Many comments here say that it is an intrusion of privacy but a random machine
sitting some corner of the world, parsing boatload of data(including yours)
and detecting that there is an act of terrorism and in effect saving people. I
am OK with that machine parsing through my data. I feel that when you write
your email or uploading photos on FB/Instagram or send a tweet ,A machine is
already doing that and many people still use all these services . Also
technically some Facebook/Google/Twitter employee can look at all those data
if he wants to.So i believe govnt should get a provision to look deep into the
data if it needs to save a one person or a hundred people.I do reflect the
concerns discussed here [1]

I am saying that a provision should be given for government or any agency if
it helps saving people's lives but only with a warrant or better scrutiny for
the request. Shouldn't that be the case?

[1]
[https://www.theguardian.com/technology/blog/2013/jun/14/nsa-...](https://www.theguardian.com/technology/blog/2013/jun/14/nsa-
prism)

~~~
tanderson92
To be clear, you are saying that because you are "OK with that machine parsing
through [your] data", you think that should authorize the government to parse
through my data? Why should your set of values for privacy and lack of care
for its preservation affect my right to privacy?

~~~
hitr
All I am saying is I am Ok if it saves the lives of innocent people. And I am
definitely against people looking at my data ,a human should only get control
through a warrant or tight scrutiny but that provision should be there in the
system.

~~~
zAy0LfpBZLC8mAC
OK, now imagine the machine detects something. What now? A human isn't allowed
to look at it, if I understand you correctly? Or only with a warrant? What
would be the basis for the warrant? The fact that the machine detected
something? Also, who gets to decide about the code the machine is running?
Could someone just decide to have it flag everything, thus giving the basis
for a warrant for everything, thus allowing humans to look at everything?
Could you elaborate?

------
foxyv
In following case, supreme court is set to determine if law of gravitation is
constitutional.

------
x1798DE
This is probably my US-centrism talking, but it seems like the title could be
updated to reflect that this is _India_ 's Supreme Court, not the US Supreme
Court.

~~~
dang
I'm tempted to agree, but if we consider the domain part of the title (which
we do), it already says India. And it's good for HN readers to have to work a
little.

~~~
GabrielF00
FWIW the domain is in a smaller font with lower contrast than the title. I
would guess that a lot of people automatically skip over the domain when they
read hacker news headlines, because it's less legible than the title and feels
distinct.

~~~
dang
All true, but we also need to get out of the habit of consuming only the most
easily scannable information.

As Kahneman explains in "Thinking Fast and Slow", System 2 (the reflective
system, the one we want to be working a little on HN) is lazy and prefers to
rely on System 1 (the reflexive one that deals in subsecond responses). I
think the protests of HN readers when a title isn't trivially digestible or
doesn't quite match expectations are largely the grumbling of System 2 that it
needs to get up and move around a bit. And that's actually good for us—not the
grumbling, but the working a bit. So the expectation to have titles spell
everything out is a mildly bad thing and it's salutary to thwart it a little
now and then.

~~~
rwbhn
Hear, hear! Thank you.

~~~
dang
Btw it was Alan Kay who pointed out the analogy between Kahneman and the
reflexive/reflective distinction I've been using to try to understand the
dynamics of HN. That was a helpful observation on Alan's part that among other
things spurred me to take Kahneman back off the shelf.

------
vonklaus
Just to be clear this is the _Indian Supreme Court_. While it is from the
indiatimes.com english language news outfit, I would assume the majority of
readers on HN are not indian. Context here is important, as some may not read
the article unfortunately, and even then, it isn't immeadiately clear.

~~~
dingo_bat
>I would assume the majority of readers on HN are not indian

Do we have any stats on this? I am assuming most HN readers are American but I
think Indians would be 2nd or 3rd on the most readers list.

~~~
vonklaus
I don't have stats on this. I assume that HN being almost exclusively an
english language forum would have deographics reflecting this. I would guess
(again without stats) that it is North Americans (largely US and Canada), U.K.
and then Germany possibly China and India next. If you find stats would be
interested though.

------
ilostmykeys
Title is terribly missing which country you're talking about. Most here would
assume the US, in which case the title would have more audience. So while I
understand the intent is to have more audience, the integrity of communication
is lost.

~~~
rahimnathwani
It's obvious from the domain (timesofindia.indiatimes.com).

~~~
xeromal
Not necessarily. A lot of times I'll see random US-related news posted by UK
sites.

