
Police tracked terror suspect, phone went dark after Facebook/WhatsApp warning - Terretta
https://www.msn.com/en-us/news/technology/police-tracked-a-terror-suspect-until-his-phone-went-dark-after-a-facebook-warning/ar-BBYyMU8
======
sigwinch28
The perspective of the law enforcement agencies, as usual, beggars belief.

IMO Facebook/WhatsApp were totally in the right here: they were not issued any
legal documents or binding court orders, saw that their systems had been
compromised, and therefore informed _all compromised users_ without
discrimination.

Really though, using "terror suspect" here is like crying "think of the
children": it's sensationalist garbage designed to drum up public support
through fear. This is the same old e2e encryption vs. overstepping law
enforcement debate, but with the kinky old "what about terrorism" mixed with
the currently fashionable "boo Facebook and other tech giants" angle.

Basically, Facebook did something (which I believe was) ethical and law
enforcement agencies employing covert tactics that skirt the well-established
legal processes got caught with their pants down.

~~~
ianhawes
I wonder if the evolution of law enforcement to this attack will be to have a
court issue a gag order preventing said companies from notifying their users
of attempted or successful attacks.

~~~
gst
Doesn't the GDPR currently require companies to notify users about such
attacks (does "personal data breach" also apply to client-side stored data)?

> When the personal data breach is likely to result in a high risk to the
> rights and freedoms of natural persons, the controller shall communicate the
> personal data breach to the data subject without undue delay.

(Source: [https://gdpr-info.eu/art-34-gdpr/](https://gdpr-
info.eu/art-34-gdpr/))

------
mijoharas
> When evidence gathered by his unit is used in court, efforts are made to
> hide the true source of the evidence.

This seems very shady.

> The European official said his own unit is so secretive that senior security
> and government officials in his own country don’t know about the methods and
> tools they deploy.

How can this stuff be regulated with things like this? if the government is
kept in the dark about these things, how can they govern?

------
londons_explore
Am I the only one who thinks terrorism incidents are really rare, and perhaps
our government's efforts are perhaps better focussed on more common crimes,
like car thefts, muggings, etc.

~~~
narag
The article mentions 2015, I don't think French will take your advice:

[https://en.wikipedia.org/wiki/November_2015_Paris_attacks](https://en.wikipedia.org/wiki/November_2015_Paris_attacks)

~~~
pornel
Isn't that exactly the point? We still talk about the 2015 tragedy, even
though we have equally deadly tragedies every day, except from "boring" causes
that don't make the news.

~~~
narag
Maybe it's different in the USA. In France, more than a hundred killed in a
night is very alarming news. Do you think Gendarmerie should forget about
terrorists so they can focus on more "boring" causes?

Sad I need to say: I don't agree with the tone of the article. I was just
responding to a comment that said exactly that.

~~~
pornel
> Do you think Gendarmerie should forget about terrorists so they can focus on
> more "boring" causes?

Yes. Terrorism works exactly because of irrational out-of-proportion reaction
to the attack. The attack is only for show, and later harm is self-inflicted.
e.g. after 9/11 more people died from increased road use caused by fear of
flying, than from the attack itself.

Every day lots of people die in car crashes, from diseases, pollution,
accidents, suicides, addictions, poverty, but these deaths are too common, too
numerous, and not spectacular enough to get 24/7 news coverage — such deaths
have been deemed acceptable, unlike terror deaths.

When there's a war on terror trillions of dollars appear out of thin air, but
when a fraction of that is needed to improve healthcare or environment it's
"but who's going to pay for it?"

~~~
narag
It seems you're writing from a USA perspective, that's alien from European
reality. There aren't so many violent deaths over here and a sizeable
proportion of them has been caused by islamic terrorism. Saying that police
should ignore that threat shows a terrible level of misinformation.

On the other hand we spend much more in public healthcare than in wars. Are
there other problems that take lives? Of course, but terrorism _is_ one of the
biggest problems that fall into police competences.

------
mikece
“WhatsApp killed the operation,” the official said.

Yeah, they detected anomalous activity, investigated, and alerted affected
users. This sounds like a point in favor of WhatsApp and Facebook, looking out
for the integrity of the apps of their users -- but it still won't convince me
to stop using Wire and Signal and adopt WhatsApp.

Curious: does any version of this story say what model of phone the terrorist
suspect was using? If it was an Android then quietly asking Google for
tracking info on the phone should have been easy; if it was an iPhone this
would be quite newsworthy since Apple asserts their phones are secure from
attack and Apple as a whole have made a very big deal about privacy of user
data, something which I think would be appealing to a terrorist trying to
communicate covertly.

------
afthonos
> A team of European law-enforcement officials was hot on the trail of a
> potential terror plot in October, fearing an attack during Christmas season,
> when their keyhole into a suspect’s phone went dark.

There was no terror attack. Why is this the framing of the story?

~~~
lm28469
Just so you know: many, if not most, terror attacks aren't disclosed to the
public when they are stopped before happening.

~~~
dboreham
How convenient.

~~~
lm28469
It makes sense in literally every way you look at it. Can't be used for
political reasons ("look at us we stopped 10 attacks by the bad guys, reelect
us because the last president only stopped 5"), avoid leaking info to
potential accomplices, &c.

~~~
FDSGSG
How can this possibly work? Do they just not prosecute these people then?

~~~
lm28469
Of course you do, you just don't display it on every single mainstream news
channels for 2 weeks straight like we do when an attack is successful. Just
like for every other crimes, if you look for details you'll find them but they
won't be given to you in national news.

~~~
FDSGSG
This sounds super far fetched to me. Journos wouldn't pass on a good story
like this.

~~~
DanBC
You do hear about attacks that have been prevented. Here's one recent example.

[https://www.bbc.co.uk/news/uk-england-
tyne-51022706](https://www.bbc.co.uk/news/uk-england-tyne-51022706)

But don't forget that places like GCHQ do not release information, so it would
be very unusual to get "GCHQ helped identify these suspects". Here's one
example where the GCHQ link was made clear (in news reporting), and it's
pretty extreme.

[https://en.m.wikipedia.org/wiki/Matthew_Falder](https://en.m.wikipedia.org/wiki/Matthew_Falder)

------
josteink
Eh. The police used spyware which relied on a vulnerability in WhatsApp. And
then the vulnerability got fixed.

Am I supposed to feel sorry for the police now? Should we not fix security
issues because law-enforcement may be relying on them?

~~~
dsfyu404ed
>Am I supposed to feel sorry for the police now? Should we not fix security
issues because law-enforcement may be relying on them?

Well according to law enforcement you're supposed to be in favor of anything
that makes their job easier and removes them from accountability regardless of
trade-offs. So yes, at least if you ask them.

------
lolc
I'm happy Facebook is keeping users secure. When secret services are
complaining about them, they are doing something right.

But isn't acknowledging cracking efforts a dumb move in the first place? Do
"they" just want us to think that these protections work and it's a free-for-
all behind the scenes? After all, if I were cracking phones, I'd want my
targets to think Whatsapp is secure. So I could complain about how Whatsapp
works against me even if it doesn't. And Facebook would be in on it because
it's good for their reputation to be seen as protecting its users.

There's always room to spin a conspiracy theory.

------
raxxorrax
> encryption shouldn’t allow criminals to be “less accountable online than in
> real life"

This makes me angry. First about the statement about encryption, then about
European law-enforcement officials being concerned with accountability.

But I really like to know about the security flaws in their video calling. I
thought they use end-to-end encryption for that too. Sounds difficult to
inject malware here. We really need details about the security flaws for an
effective defense in the future.

------
fuzzy2
Previous discussion:
[https://news.ycombinator.com/item?id=21939637](https://news.ycombinator.com/item?id=21939637)

