First step is finding a way to educate the mainstream (including politicians) on the dangers of master keys and backdoors.
It is too easy for many politicians and security agencies to think that their master keys and backdoors won't ever fall into the wrong hands, that they're careful, etc. And if you point out the problem, they'll tell you they'll be even more careful.
Think about it from a non-techie perspective. I don't think most people even understand the concept that a message that goes from sender to recipient in WhatsApp can't be decrypted by Facebook, let alone by anyone else. I don't even know if there is a common analogue-world comparison you can draw, this is an utterly new concept for people who don't understand encryption.
E2E encryption is scary. I'm also in the "you can't ban math, why try" camp. But I can't see authorities/politicians give up the idea of getting access to decrypted communications after court orders, in a 100 years, even if everyone completely understood the topic. It's just not happening.
I mean, if you put it that way, assumption of innocence is also a scary concept; being the police and having to let someone you know is a murderer or terrorist go because you can't prove what they did is routinely touted as a genuinely terrifying prospect in plenty of TV shows.
Privacy is a human right in Europe. I don't think it's a pipe dream to give encryption some good PR, especially when it powers the internet, keeps your payments safe, protects you from bad guys, etc.
Pushing hard on the concept that Encryption == Privacy is very important. We should not call intentionally-backdoored crypto "Encryption", but something obviously bad such as "Open-Door Fake Encryption", or whatever actually speaks to people.
We expect privacy in "unencrypted" phone calls, but seem happy that law enforcement can eavesdrop on 4G when they have to. Not sure how much more privacy people expect. If you explain to people how much privacy they give up just clicking a random facebook questionnaire - they nod and then still do. Privacy and integrity is important but it will never match e.g. "terrorism" or "safety" on the list of important issues I think.
> We expect privacy in "unencrypted" phone calls, but seem happy that law enforcement can eavesdrop on 4G when they have to.
Don't assume that "we" are happy about that. You might be; others are not.
Unbreakable encryption should be available to everyone, and straightforward for everyone to use, and used by default rather than only for "sensitive" information. Unbreakable encryption should be so widely used that the thought never even occurs to anyone to associate it with wrongdoing. Communication using unbreakable encryption should simply be "communication".
> Don't assume that "we" are happy about that. You might be; others are not.
I don't want to suggest everyone is happy with the status quo, but it's at least not one of the top items on everyone's agenda for change.
> Unbreakable encryption should be available to everyone, and straightforward for everyone to use, and used by default rather than only for "sensitive" information. Unbreakable encryption should be so widely used that the thought never even occurs to anyone to associate it with wrongdoing. Communication using unbreakable encryption should simply be "communication".
I agree with you - but I also doubt it will happen. Not because of some government conspiracy but because I don't for a second believe that people would choose "government can't tap a criminal's phone call or text messages even with a court order" as an acceptable drawback for the benefit "my own conversations are always secure". I really don't. I'd be happy to be proven wrong though. So I simply don't think there is any democratic pressure for it.
One of many angles is "perhaps you trust your government (or perhaps not), but do you trust every government with a backdoor? Do you trust everyone who has gotten hold of it? Do you trust that it can't be broken or stolen or abused?"
We need to very clearly and universally make the message clear: there's unbreakable encryption, and there's broken encryption, nothing in between. Anything that purports to be in between is either broken or soon will be.
I trust my current government, I don't trust most foreign ones and I don't even trust my own next government. I think we now have the two key pillars of the dilemma: we can never have back doors (broken encryption which is as bad as no encryption), and neither the public (I'm guessing) nor authorities will allow a situation where even a court order doesn't allow eavesdropping. And between these two there is no middle ground.
Where do the existing "readily available, off-the-shelf encryption solutions" mentioned in the link fall in this dichotomy? Are they unbreakable because no network administrator can read my WhatsApp messages? Or are they broken, because Apple can push out an OS update and steal messages without the user knowing?
If anyone calls me on a regular phone call, I'm always aware of this.. It's that nasty feeling of being spied on that's really the main reason I hate this so much. The government shouldn't have any reason to spy on me but spying on everyone is simply becoming the norm because they can.
I mean scary to authorities used to be able to do targeted surrveillance of messages in transit such as law enforcement. Not to people.
It's obviously even more scary (an existential threat) to authorities that are used to be able to do mass surveillance of messages in transit (Such as the NSA).
Even a closed-source app is never really closed. In the end it's all machine code which is basically source code as well. There's many tools to analyse binaries, like IDA Pro. It's just difficult and often steps are taken to obfuscate what it's doing.
Having the higher-level source code just makes it a lot easier.
But if WhatsApp did this, it would probably be noticed pretty quickly by experts. But like I said above, Whatsapp's achilles heel isn't really the E2E encryption. It's the cloud backups.
Also wven if it does not exhilarated user data now, it's one update from doing that tomorrow. Quite possible even via a targeted update on some specific people "not in favor".
If it was open source there is some chance a backdoor would be spotted (eq. by Linux distropackage msintainers), but not when a company is pushing obfuscated binary blobs preatty much directly to users.
Well, not directly, for most people that would be via Apple/Google stores.
And of course these stores could have secret functionality for shipping targeted updates.
But if it exists, this means that 1) none of the developers working on the store backend decided to leak info about it and 2) none of the targets have had an expert look at their device to find an unusual update that wasn't seen by anyone else.
Over time, the probability of either of those things happening would be going up…
Non-techies most certainly understand what encryption is and if you describe what 'end' in the WhatsApp notice about end to end encryption means, it's very clear to them.
No, non-techies do not "understand what encryption is". They'll understand if you explain it to them, but if you ask someone off the street what encryption is, the closest to a correct description they may give you is "it's garbled text you can decrypt".
It's hard enough to explain the easy, obvious stuff like tax brackets. You think people have a native understanding of encryption?
> You think people have a native understanding of encryption?
It’s easy. Tell people they’re speaking English to one other person who also speaks English at a dinner table. No one else in the world speaks English. You can look and sound like you’re talking about how excellent the food is, but really you’re saying how terrible it is... and no one on earth will ever know, other than the one person who understands you.
This is not a good way to explain encryption to people. Explaining the concept of a "key" is essential to explain why this doesn't work.
- In your example, the contents can be deduced from the "encrypted" data, without the key. Indeed, there is no key, but rather a complex dictionary transformation.
- A "backdoor" is merely teaching GCHQ to speak English. Sounds perfectly reasonable in your example.
I'd argue the exact problem is that politicians have the particular understanding of encryption that you just gave.
You need to communicate two things:
1) Why backdooring safe encryption irreversibly breaks it for everybody
Guys, both of you are behaving like non-tech people are idiots. They are as smart as you. They often have college degrees. Even children understand perfectly well what encryption is. Boy/girl scouts go out of their way to teach it, etc.
It is too easy for many politicians and security agencies to think that their master keys and backdoors won't ever fall into the wrong hands, that they're careful, etc. And if you point out the problem, they'll tell you they'll be even more careful.
Think about it from a non-techie perspective. I don't think most people even understand the concept that a message that goes from sender to recipient in WhatsApp can't be decrypted by Facebook, let alone by anyone else. I don't even know if there is a common analogue-world comparison you can draw, this is an utterly new concept for people who don't understand encryption.