IF THERE’S ANYTHING the world has learned from the standoff over the encrypted iPhone of San Bernardino killer Syed Rizwan Farook, it’s that the FBI doesn’t take no for an answer. And now it’s becoming clear that the government’s determination to access encrypted data doesn’t end with a single iPhone, or with Apple, or even with data stored on devices. It may extend as far as any app that encrypts secrets in transit or in the cloud.
Messaging service WhatsApp, which is owned by Facebook and has encrypted messages between its Android users for the past two years, is the next tech firm to be drawn into the widening battle between U.S. law enforcement and Silicon Valley over encryption. As the New York Times reported over the weekend, the Mountain View, California-based company told a court it can’t comply with a wiretap warrant that compels it to reveal a user’s data in a criminal case, arguing that the data is encrypted with keys it doesn’t control. And technologists and privacy lawyers say that order should serve as a broader warning to any app developers that value their users’ privacy: After Apple and WhatsApp, they should prepare to be the next to face the Justice Department’s decryption demands.
“This is definitely the first in what we can be confident will be a multi-pronged attack on apps,” says Nate Cardozo, an attorney with the Electronic Frontier Foundation. “The most important thing for developers to take away is that they need to develop their apps to make this kind of thing very difficult.”
Cardozo warns that the WhatsApp order, coming on the heels of the Apple case, signals that the Justice Department is taking a more aggressive stance toward software companies that use end-to-end encryption to put the the power to decipher communications exclusively in device-owners hands. He says he’s worked with “a handful” of those companies over the last 18 months who have all have been contacted by the FBI and warned that pedophiles, criminals or terrorists had used their privacy-preserving app, and asked that the app be re-engineered to give law enforcement access to “plaintext”—decrypted communications. “They say, ‘If you don’t cooperate with us and modify your system to give us plaintext going forward…you’ll have to face the public consequences that the FBI can come out and say you hindered an investigation,'” Cardozo describes the FBI’s position. “That’s a strong threat.”
Though the FBI backed down in each instance that Cardozo has encountered, WhatsApp’s case is different. The fact that the FBI and the Department of Justice went so far as to issue a wiretap order—despite almost certainly knowing that WhatsApp couldn’t comply due to its encryption architecture—may have been a formality that presages more pressure to come, says Cardozo; he cautions that the next order could cite the requirement for “technical assistance” in the Wiretap Act to try to force WhatsApp to change its code to make law enforcement eavesdropping easier, just as the FBI is trying to force Apple to create a weakened version of its mobile operating system to crack Farook’s iPhone.
Taking Sides in a New Crypto War
Neither WhatsApp nor the Justice Department responded to a request for comment on the wiretap dispute. But unnamed sources told the Times that the Justice Department remains split on whether to push its wiretap order further, with some officials instead opting to wait for promised congressional legislation that would mandate companies help law enforcement decrypt data. President Obama weighed in on the broader debate Friday when he told the audience at SXSX in Austin, Texas, that tech companies need to find a way to give the government access to encrypted communication when necessary. “If, technologically, it is possible to make an impenetrable device or system, where the encryption is so strong that there is no key, there is no door at all, then how do we apprehend the child pornographer?” the president asked.
Meanwhile, app makers seem to be taking positions on the opposite side of the encryption conflict: The Guardian todayreports that Facebook, Google, Whatsapp, Snapchat, and more, plan to extend encryption services in the near future. And as that crypto war becomes more entrenched, the security community has warned for weeks that app developers might be the next target in the FBI’s campaign to break into uncrackable communications: Apps like Signal, Silent Circle, Telegram, Wickr, and even Apple’s own iMessage all already implement varying degrees of end-to-end encryption to prevent anyone from the NSA to their own administrators from reading people’s messages.
“As Apple faces court orders to backdoor its own devices, developers should be thinking about securing their own apps,” Jonathan Zdziarski wrote on Twitter just after the FBI’s iPhone order became public nearly a month ago, offering an Amazon link to a book on “Hacking and Securing iOS Applications.” In the wake of the WhatsApp wiretap order, Johns Hopkin University computer scientist Matthew Green repeated that warning, cautioning developers against any system in which they might have access to decryption keys that could be commandeered to spy on users:
But even end-to-end encrypted apps that don’t have any central control of users’ decryption keys may still have weaknesses that could allow eavesdroppers to gain a foothold. WhatsApp’s Android app has been using the same crypto protocols as the encrypted messaging app Signal since late 2014. But it has yet to implement a feature in Signal that allows people to check the key “fingerprint” of the person they’re communicating with. That could allow the FBI, particularly with WhatsApp’s forced compliance, to act as a “man-in-the-middle,” impersonating someone to intercept their communications. Apple’s iMessage suffers from the same problem. And both apps have their messages backed up by default to iCloud or to the user’s iTunes, potentially creating an unencrypted copy for the cops.
Signal, by contrast, avoids backing up users’ messages by default to prevent that sort of accidental leak, says Frederic Jacobs, a former lead developer for the app’s iOS versionwho will join Apple as an intern this summer. It allows users to check key fingerprints to prevent man-in-the-middle attacks. And it’s open source, which in theory allows anyone to audit the app’s code for a sly backdoor secretly mandated by a sealed court order. All of that may be more than most app developers can do to prepare for an FBI wiretap demand, Jacobs admits. But at the very least, they can avoid collecting unnecessary user data. “More data is a liability,” he says. “If there’s any data you can avoid taking from the phone and sending to the server, that’s a start.”
But if the Justice Department goes so far as to legally demand that companies change their apps as a form of “technical assistance” in wiretap orders, app makers won’t be able to depend on security engineering alone to protect people’s privacy, warns the EFF’s Cardozo. “I don’t think you can fight law with tech. You can fight tech with tech and law with law,” Cardozo says. In other words, tech firms that offer encrypted communications should also be prepared for the possibility of a legal fight. “Be aware that just because the FBI tells you to do something doesn’t mean you have to do it. And talk to a lawyer.”source