[messaging] Second thoughts on WhatsApp encryption

Mike Hearn mike at plan99.net
Thu Nov 27 03:52:23 PST 2014

The events of recent days in the UK have made me see e2e crypto in a new
light. Perhaps instead of seeing it as a technique to protect innocent
users from malicious service providers, it can also be seen as a way to
protect innocent service providers from malicious users.

It's becoming clearer over time that holding or routing users personal
communications is more of a liability than a profit centre. Targeting ads
based on personal communications hardly works - people rarely talk about
commercially relevant stuff via WhatsApp or iMessage or Facebook Messenger.
Meanwhile, a few governments are getting upset that they Silicon Valley has
all this information (and thus power) but isn't giving it to them on a
silver platter.

The recent notion in the British Parliament that tech companies should be
simultaneously investigating all their users and hold the blame if ANY of
them turn out to be a terrorist is highly similar to what governments did
to banking in the 80's and 90's through the invention of anti-money
laundering laws. Nobody in the tech industry wants to end up like HSBC;
widely reviled because everyone "knows" they were involved in drug dealing
and sanctions evasion (this isn't even remotely true).

In this light, WhatsApp's move looks highly prescient. Currently there are
no information laundering laws. It looks like things might be heading in
that direction though, at least in some parts of the world. Better to make
a stand now and put yourself in a position where you cannot possibly know
what your users are doing, than end up with lots of data lying around and
be retroactively found guilty by politicians for failing to do more. It
won't change your profit margin much because this data was all useless for
making money anyway, and it can help protect you in future, assuming you're
based in America and CALEA holds.

Inverting the threat model neatly solves a few hard problems. For example,
key verification UI is irrelevant now because the crypto isn't there to
protect users. Whilst a company could still do the silent key switcharoo
when served with a precisely targeted court order, they can't be told they
should have reported some user who went on to do something bad just because
the data happened to flow over their wires.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141127/e827d7ed/attachment.html>

More information about the Messaging mailing list