I wonder what part of "encryption that we can't break" the court doesn't understand? Yeah.. I'm giving FB the benefit here. Maybe they really can't break it.
Brazil is trying yet again to force Facebook's WhatsApp to release user messages, and has frozen US$6 million worth of locally-held funds. The decision was made by the Federal Court in Londrina, in northern Parana, according to Brazilian news outlet G1, which broke the news (in Portugese). The most recent operation was in …
Tuesday 5th July 2016 06:03 GMT Voland's right hand
"encryption that we can't break"
The part of "should not have designed it in a way which prevents lawful intercept".
If you are offering a product to customers which allows them to set up communications themselves you are under no obligation to do so.
If, however, you are running a service facilitating the communications for said customers you have some form of lawful intercept obligation in nearly all jurisdictions. Otherwise you are on the wrong side of the law in half of the world.
The sole reason why we are in a position where a service with end-to-end encryption has been provided worldwide is the artificial separation of telecoms and information service providers by the FCC in the USA. USA has allowed the latter to skip a lot of requirements including legal intercept. It is now trying to fight back and get them back via the most ridiculous possibly route of yet another new law. There is no need for yet another new law - just reclassify Apple, Facebook, etc as communications providers under existing legislation (CALEA, etc).
In any case, other jurisdictions do not necessarily have the same distinction and enforce it in the same manner. So if Brazilian law says "must allow legal intercept", sorry the law is an ass, WhatsApp has to find a way to comply.
Tuesday 5th July 2016 07:21 GMT find users who cut cat tail
Admittedly, I have only a vague idea how WhatsApp works.
Anyway if the communication is end-to-end, encrypted on one end by one user and decrypted at the other end by another user, then the communication WhatsApp transmits are the encrypted messages. I am sure they are willing to provide them.
When I encrypt something, burn it on a CD and send by mail, the post office does not have any obligation to provide decryption keys. They are just handling the encrypted package as I sent it.
That was an extreme example but where is the boundary? How far must WhatsApp detach itself from the encryption to become just like the post office? Or is it there already? I am curious.
Tuesday 5th July 2016 09:44 GMT MiguelC
Tuesday 5th July 2016 14:27 GMT It wasnt me
@ find users who cut cat tail
Your analogy is not quite right. You hand plain text to WhatsApp S/W. It does the encryption, transportation and decryption. But because of the way it designed its S/W it (supposedly) can't be decrypted by a man in the middle.
Brazil are saying that doesn't comply with local law.
If that's the case then its really not a privacy issue. Comply with the law or don't sell your product.
(I'm glad our law's don't mandate this. Yet.)
Tuesday 5th July 2016 08:50 GMT Anonymous Coward
@ "should not have designed it in a way which prevents lawful intercept".
There's no such backdoor law in Brazil, (anymore than there is in Netherlands or USA). This is an attempt to use the warrant to create such a backdoor requirement. It's pure court overreach.
I wonder if its lobbying from the FBI.
Feb 2016: FBI fails to force Apple to decrypt. USA clearly doesn't want backdoors.
April 2016: Dutch police raid Ennetcom, claim the owner had an unregistered gun, and the phones were being resold by drug dealers to other drug dealers as a means to launder money.
March 2016: Brazil arrest and release a Facebook VP to force decryption of Whatapps.
In both cases the police force are drug enforcement police, which I can imagine are FBI connected units. The timing and unit involved suggests some kind of coordination.
Wednesday 6th July 2016 08:15 GMT John Lilburne
Re: Court overreach
"In both cases the police force are drug enforcement police, which I can imagine are FBI connected units. The timing and unit involved suggests some kind of coordination."
Google spent years protecting the communications of its paedophile users on ORKUT from Brazillian justice. That was until they were hauled in front of a US senate committee and asked what the fuck they thought they were doing. The data was forthcoming a few days later.
Tuesday 5th July 2016 11:10 GMT h4rm0ny
>>"The sole reason why we are in a position where a service with end-to-end encryption has been provided worldwide is the artificial separation of telecoms and information service providers by the FCC in the USA. USA has allowed the latter to skip a lot of requirements including legal intercept"
There's a difference between how the two are handled, yes. But I don't think it should be resolved in the direction you seem (possibly) to think. With old phone systems, people needed the phone companies to handle the implementation of communication for them. Nobody could whip up a quick communications protocol and implement it independently over the wires. But today data and bandwidth are commoditized. Not only do we not need BT or AT&T controlling how we send messages to each other, they cannot control how we send messages to each other.
Unless Authority declares there shall be no unapproved types of data transfer - that everything must be in pre-approved formats that they can read, then any of us can whip up a communication system in a week which they cannot scan.
So what's the proposal here - companies are to be fined for doing things that members of the public can do for free? Commercial entities are put at a technical disadvantage over free alternatives? Neither seems fair to me.
Along with the other article on El Reg about Facebook being blamed for deaths in Israel because they didn't pro-actively spy on their users enough to satisfy the Israeli authorities, I'm actually, -gasp- finding myself defending Facebook this week! (A bit ;) )
Tuesday 5th July 2016 05:09 GMT Oengus
US$6million is almost chump change to the likes of Farcebook. It is less than a days profits.
Fines designed to deter normal businesses have little impact on these "mega-corps". They are treated as "the cost of doing business".
The reputational impact on Farcebook of handing over the messages (assuming they could) would be far more than this.
Tuesday 5th July 2016 08:41 GMT Anonymous Coward
Re: Chump change
"The $6 million represents fines accumulated since the January decision, which tripled each fortnight, G1 explains"
If that continues then in 1 month it'll be $54 million.
In 2 months it'll be half a billion.
3 months after that it'll be about $350 billion, the market cap value of facebook.
Wednesday 6th July 2016 11:01 GMT Anonymous Coward
Wednesday 6th July 2016 16:51 GMT R.P.Charlie
Re: Chump change
The drug running gangs are already offing people in the favelas who don't comply with their rules. They are also articulating the violence in the streets with local residents in fear of being murdered on a daily basis.
Also something you may be unaware of is that in the South of Brazil, known as the tri-border area (Brazil, Argentina, Paraguay) groups such as Hezbollah are ensconced carrying out their drug running, money laundering and trading in arms.
It's amazing how people screaming about human rights don't give a damn about the innocents slaughtered by the drug cartels and terrorist groups, as long as the law cannot see what nonsense they're putting out on the web.
Tuesday 5th July 2016 05:36 GMT ratfox
The fine is still small at the moment. It's going to be interesting to see how long Facebook considers starting in the country is worth it. On one hand, WhatsApp is life and blood for many Brazilians; on the other hand, Brasil is one of the biggest emerging countries. It would really hurt Facebook to leave...
Tuesday 5th July 2016 05:39 GMT Hans 1
Tuesday 5th July 2016 06:55 GMT localzuk
Tuesday 5th July 2016 11:14 GMT h4rm0ny
There's metadata. Presumably the company can see who your connections are and when you have sent and received messages from them. They also, as I understand it, gain total access to your address book when you install the app. Neither wholly take away from your point, but both are valuable and sometimes incriminating sets of data.
Tuesday 5th July 2016 19:44 GMT Hans 1
>Spy on you? How so? WhatsApp is now encrypted from end to end, so how would they spy on you? If they could spy on you, don't you think they would've handed over the messages in this case already?
Hello, anybody in ? WhatsApp wants access to your texts and contacts, if that is not spying, then I do not know what it is ... like facebook, they create webs of people who know people, can read any of your texts you send out at any moment ... encryption means that you do not know what they send to mother-ship .... Just d'ohhhhhhhhhhhhhhhhhhhhhh, must hurt, at some point, right?
Tuesday 5th July 2016 06:54 GMT localzuk
Tuesday 5th July 2016 08:38 GMT Anonymous Coward
End to end or not?
Does Facebook even have access to WhatApps messaging data? I thought it was end to end encryption?
If Facebook doesn't have users messages, how could they comply with the request?
If Facebook does have the messages, then this is a rod created they created for their own back. By having the messages, they've exposed themselves to lawsuits.
It would be like Blackberry's Indian turning point, 2010 Blackberry, the fastest growing service in India, gets an ultimatum: "Give us monitoring abilities over your users or we close you down". So they did and the customers closed them down instead... worldwide:
"According to a leaked document from the country's Department of Telecommunications ...it'll soon be possible for the government to see who you're emailing, who you're BBMing, the read-states of your BBM messages and even which websites you're visiting (hello!). An unnamed BlackBerry spokesperson is emphasizing that this is all legal"
So Blackberry users around the world read this, and their brand loyalty died a bit more.
If FB fought this and even eventually had to pull Whatsapp out of Brazil, that would be a better solution long term, than Blackberry's backdoor. Otherwise you're defining your customers rights as the lowest countries, lowest people's rights.
Tuesday 5th July 2016 08:41 GMT Thatguyfromthatforum
I don't buy the "your chats are now end to end encrypted and we can't read them" from Facebook. Why? Because when you try to use otr as an extra layer on fb chats they basically block your service. Fuckerberg makes his billions from US and Israeli back deals based on user data. Believing they would do what's best for the user is a pipe dream.
Wednesday 6th July 2016 14:02 GMT BuckeyeB