[Infowarrior] - Facebook, Google and WhatsApp plan to increase encryption of user data

Richard Forno rforno at infowarrior.org
Mon Mar 14 07:16:36 CDT 2016


Facebook, Google and WhatsApp plan to increase encryption of user data

Danny Yadron

http://www.theguardian.com/technology/2016/mar/14/facebook-google-whatsapp-plan-increase-encryption-fbi-apple

Silicon Valley’s leading companies – including Facebook, Google and Snapchat – are working on their own increased privacy technology as Apple fights the US government over encryption, the Guardian has learned.

The projects could antagonize authorities just as much as Apple’s more secure iPhones, which are currently at the center of the San Bernardino shooting investigation. They also indicate the industry may be willing to back up their public support for Apple with concrete action.

Within weeks, Facebook’s messaging service WhatsApp plans to expand its secure messaging service so that voice calls are also encrypted, in addition to its existing privacy features. The service has some one billion monthly users. Facebook is also considering beefing up security of its own Messenger tool.

Snapchat, the popular ephemeral messaging service, is also working on a secure messaging system and Google is exploring extra uses for the technology behind a long-in-the-works encrypted email project.


A legal filing implies that Department of Justice has a plan B, which involves demanding the company’s electronic signature

Engineers at major technology firms, including Twitter, have explored encrypted messaging products before only to see them never be released because the products can be hard to use – or the companies prioritized more consumer-friendly projects. But they now hope the increased emphasis on encryption means that technology executives view strong privacy tools as a business advantage – not just a marketing  pitch.

These new projects began before Apple entered a court battle with the Department of Justice over whether it should help authorities hack into a suspected terrorist’s iPhone. Apple is due to appear in a federal court in California later this month to fight the order.

 
FBI director James Comey testifies during a House committee hearing about the Department of Justice’s fight with Apple. Photograph: Drew Angerer/Getty Images
Polling has shown public opinion is divided over the case. And any new encyrption efforts by tech firms put them on a collision course with Washington. Two US senators, the Democrat Dianne Feinstein of California and the Republican Richard Burr of North Carolina, say they have written draft legislation that would create penalties for companies that aren’t able to provide readable user data to authorities. Barack Obama has also made it clear he thinks some technology companies are going too far. “If government can’t get in, then everyone’s walking around with a Swiss bank account in their pocket, right?” he said 11 March at the SXSW technology conference in Austin, Texas.

WhatsApp has been rolling out strong encryption to portions of its users since 2014, making it increasingly difficult for authorities to tap the service’s messages. The issue is personal for founder Jan Koum, who was  born in Soviet-era Ukraine. When Apple CEO Tim Cook announced in February that his company would fight the government in court, Koum posted on his Facebook account: “Our freedom and our liberty are at stake.”

His efforts to go further still are striking as the app is in open confrontation with governments. Brazil authorities arrested a Facebook executive on 1 March after WhatsApp told investigators it lacked the technical ability to provide the messages of drug traffickers. Facebook called the arrest “extreme and disproportionate”.

WhatsApp already offers Android and iPhone users encrypted messaging. In the coming weeks, it plans to offer users encrypted voice calls and encrypted group messages, two people familiar with the matter said. That would make WhatsApp, which is free to download, very difficult for authorities to tap.

Unlike many encrypted messaging apps, WhatsApp hasn’t pushed the security functions of the service as a selling point to users. Koum, its founder, has said users should be able to expect that security is a given, not a bonus feature.

It’s unclear if that will change. In the coming weeks, WhatsApp plans to make a formal announcement about its expanded encryption offerings, sources said.

The efforts come at a crossroads for Silicon Valley. Google, Facebook, Snapchat, Amazon, Microsoft and Twitter have all signed on to legal briefs supporting Apple in its court case. At the same time, some of the companies have shown an increased willingness to help the government in its efforts to fight the spread of Islamic extremist propaganda online – often using their services.

Facebook’s chief operating officer, Sheryl Sandberg, has talked publicly about how tech companies can help the west combat Isis online and Eric Schmidt, executive chairman of Google’s parent company, Alphabet, recently joined a Defense Department advisory group on how tech can aid in future battles.

Those matters may seem separate, but US national security officials view the increasing availability of encryption technology as a major aid to Islamic State’s online recruitment efforts. At some point, tech firms may have to choose whether they care more about being seen as helping the west to fight terrorism or standing as privacy advocates.

Some technology executives think one middle path would be to encourage the use of encryption for the content of messages while maintaining the ability to hand over metadata, which reveals who is speaking to whom, how often and when. That is why the specifics of the new products will be key to determining both their security and Washington’s reaction to them.

The Guardian couldn’t immediately determine the specific details of Snapchat’s and Facebook’s projects. All the companies declined to comment.

In 2014, Google announced a project called End to End, which would make it easier to send encrypted emails in such a way that only the sender and recipient could decode them. The project, once a collaboration with Yahoo, has been slow-going.

That appears to have changed in recent months, though, sources familiar with the project said, and other Google employees have shown in renewed interest in the idea. At a February internal town hall at Google, one engineer stood up and asked vice-president of security and privacy engineering Gerhard Eschelbeck why Google wasn’t doing more to support encrypted communications, according to two people familiar with the exchange.

Gerhard countered the company increasingly was putting effort behind such projects. Some Google employees are discussing whether the technology behind End to End can be applied to other products, though no final determinations have been made.

“This has been an ongoing effort for a long time at Google,” one person briefed on the project said. One of the challenges for the search giant is that there are some types of data for which it remains challenging to offer end-to-end security, both for usability and business model reasons.

Google sells targeted ads by scanning users’ email, a process that gets tricky if the contents remain encrypted. Many consumers also use Gmail accounts, which include large amounts of free storage, as a sort of online file system, sometimes dating back more than a decade.

“There are lots of difficulties at Google that aren’t same at Apple,” the person briefed on the project said. “The business models are just different.”

In the meantime, WhatsApp’s encryption is based on code developed by a well-known privacy evangelist, Moxie Marlinspike, whose secure messaging app Signal is used by security hawks. One advantage of Marlinspike’s encryption tools is that they have been tested repeatedly by outside security experts.

Apple, the company behind the two-year debate over encryption, is also taking steps to beef up privacy. The company has been in discussions with outside security experts about ways to make it technically harder still for investigators to force the company to hand over data from customers’ iPhones, according to sources. The New York Times earlier reported on those conversations.

Last month, Frederic Jacobs, an accomplished cryptographer and one of the coders behind Signal, announced he had accepted a job at Apple. It’s a summer internship with the security team for the iPhone’s core software.

--
It's better to burn out than fade away.



More information about the Infowarrior mailing list