back to article EncroChat hack case: RAM, bam... what? Data in transit is data at rest, rules UK Court of Appeal

British prosecutors can make use of evidence gathered by the French and Dutch police from encrypted messaging service EncroChat’s servers thanks to a legal interpretation of whether RAM counts as data storage, the Court of Appeal has ruled. The judgment, handed down on the afternoon of 5 February, has far-reaching …

  1. Anonymous Coward
    Anonymous Coward

    In storage...or in transit....

    .....private ciphers make all of that completely moot. And although the anoraks tell me that private ciphers are cr*p, I just don't believe it. Maybe someone from Cheltenham who reads El Reg can IMMEDIATELY decipher this piece of book cipher messaging:

    *

    SBg1qzc1mvgVeDihupKhqz0369yzUZMT0dgHOlgB

    cjUdWhSfMj4FqlSbq1IfWv4z2v63Mzy70XeP0Pih

    oNkNAvGRCb8FeX2Hif6Z490diX8TY3ORy3MXOvAb

    CZororWv8pIpw7KfkPanMpY3YjopQ78duJKJEF47

    gnuduXSfCTwJo1SFKdUtc7oJKfAV8R8pc1kdGzWR

    evsnUzMP61Q90JGTeFAngfa1iDqBGTKfqza5Kf2x

    mBWn014N8NkncnMbA54ryrCDSLq56v8rQDQ7EF0z

    0xyZ8H27u1CR6bOpADeX0NY3AB2RMVKlK1MhMBYl

    GjyxAzYbg501Y9aDcRUl

    *

    1. Yet Another Anonymous coward Silver badge

      Re: In storage...or in transit....

      No need - you get 5years for not telling us what it means,

      ps we don't have to believe you that you don't have another secret key that you haven't told us.

      1. Anonymous Coward
        Anonymous Coward

        Re: In storage...or in transit....

        @Yet_AnotherAnonymous_coward

        OK. The "book" is the linux.words file. The key is 1000dead2000letter3000box. Err...or maybe 967chinese1856willow2021pattern......can't remember....old codger at work!

        1. Yet Another Anonymous coward Silver badge

          Re: In storage...or in transit....

          But the point of a one time pad is that the message can be deciphered into any messages of that length.

          So you can't prove that the 'real' key doesn't decide into something else nefarious

      2. needmorehare
        Trollface

        Not quite true...

        IANAL but the text of RIPA Part III is very simple and easy to read and you don't need them to believe anything, all you need is a plausible enough message which is intelligible enough to an average human reader when decrypted.

        One day, AI will be able to generate slightly different fully intelligible messages for all recipients based upon what appear to be identical ciphertexts, completely buggering any forensic methodologies for tagging messages without compromising every single sender. Each recipient would know what to mentally discard but each recipient would have to mentally discard different parts of the resulting message to obtain the same contextual meaning. This would poison the well so badly that even were a single witness to snitch, other recipients could claim plausible deniability all having received different messages in the first place!

        This is the beauty of One Time Pad and a potential use case for homomorphic encryption, depending on the class of information being processed. You don't have to prove that the key you're using re-creates the true original message, only that it makes the protected information in question intelligible. Therefore, generating a set of decoy keys to create plausible dummy messages from ciphertext is actually a valid way to circumvent s.49 notices.

        You can even have a situation where every witness supplies their (each very different messages) openly to the police with no legal risks. After all, if everyone delivers a slightly different end result, who is perjuring and who isn't? (answer: nobody) If all versions seem to somewhat fit the facts but are different enough in seemingly inconsequential ways, it isn't reliable evidence or testimony anymore.

        This would leave the age old tactic of psychological intimidation as the only remaining weapon and encryption will be back where it started: A get out of jail free card for intelligent people to use at will.

    2. Chris G

      Re: In storage...or in transit....

      That is the answer, use a primary layer of encryption before entering your message into your device, then send via your choice of end to end encryption.

    3. doublelayer Silver badge

      Re: In storage...or in transit....

      "although the anoraks tell me that private ciphers are cr*p, I just don't believe it. Maybe someone from Cheltenham who reads El Reg can IMMEDIATELY decipher this piece of book cipher messaging:"

      Hey. That's not a private cipher. We all know what book codes are. The methods of encrypting and decrypting using them are common knowledge. So are the weaknesses which are used while attacking them. The only private part is the book and the numbering scheme, which you can't disclose anyway. You've just used a public cipher.

      Private encryption isn't necessarily bad. The only problem with it is that it might be bad, and you haven't exposed it to an avalanche of attack like if it was a public one. So if you've done it wrong, you're more likely to be caught. It's easy to do it wrong. If you're confident that you can do it properly, then go ahead. Many have thought as much and found their mistake cost them. Many more either had or developed the humility to admit they might have flaws and submitted their algorithms to the rigorous testing of colleagues.

      1. Loyal Commenter Silver badge

        Re: In storage...or in transit....

        You are Bruce Schneier AICMFP.

      2. Anonymous Coward
        Anonymous Coward

        Re: In storage...or in transit....

        @doublelayer

        Quote: "...We all know what book codes are. The methods of encrypting and decrypting using them are common knowledge...."

        Really. If indeed the "book" is linux.words, that's a book more than 400,000 words long. Perhaps the sample cipher text provides a hint at randomisation. Now the number of permutations of a "book" 400,000 words long is a number two million digits long. No....not two million permutations, but a number just a little bit bigger.

        So.....are you still quite so certain that "methods of encrypting and decrypting...are common knowledge"?

        1. doublelayer Silver badge

          Re: In storage...or in transit....

          Yes, I am. I don't need to know the numbering scheme you've used to know what a numbering scheme is. In fact, I can't know the numbering scheme you've used or I'd have broken the encryption. That's analogous to the private key. Meanwhile, by telling me that you're employing a book code, I already know what you're doing to encrypt the message. I'd still have to figure out the book (you gave that away now but you don't have to) and how you're choosing words from it.

          A private cipher is sending a message without telling me that it's a book code. In fact, it usually also means that you don't use any public ciphers, which leaves out a book code. I then have to decode the message entirely from the ciphertext, without knowing any structural details about what you've done. That does make the first step harder, because I have a lot of possible methods you might have tried. And in fact it may make you more secure if your code doesn't have any problems. As previously stated, you have only your own analysis to check that, and many have been wrong before. The reason we advise against private ciphers is a two-part one: a) you might be wrong about the reliability of the cipher and nobody has tested it and b) if this isn't your private cipher but someone else's, it's possible they deliberately undermined it to read your messages and kept the structure hidden so you wouldn't find out.

    4. Anonymous Coward
      Anonymous Coward

      Re: In storage...or in transit....Nothing to do with encryption

      The issues in this judgement have nothing to do with encryption. The "data capture" took place on handsets at points either prior to transmission and prior to encryption or after receipt and after decryption. In both instances data was available in the clear. The arguments are about what was captured was still technically in the course of transmission (and hence intercept and hence inadmissible) or stored (in which case an "equipment interference" warrant can be used and the result is admissible).

      1. Anonymous Coward
        Anonymous Coward

        Re: In storage...or in transit....Nothing to do with encryption

        Except that the key point in the judgement is that they consider it stored and not being transmitted asit was not Encrypted and messages being transmitted are alsways encrypted by the application.

        I think the article overstates the judgement to an extent as the above distinction might not always be valid or possible and so not be covered.

    5. Bibbit

      Re: In storage...or in transit....

      How dare you? My mother was a saint!

  2. TimMaher Silver badge
    Windows

    2B pencil

    If you get your hands on the notepad that the writer used, you can rub it with a 2B pencil to reveal the last message sent.

    That message is in storage whereas a copy, in the hands of the GPO, is in transmission.

    In this case you have your evidence.

    This changes if the message writer shredded the notepad before walking down to the post box.

    Any Infosec. lawyers care to comment?

    1. Gordon 10

      Re: 2B pencil

      And afaik that was exactly the ruling. Now I'm dubious that the interception was actually happening in Ram - but that appears to have been how it was presented at the initial trials.

      It all depends if the MITM attack was directly on the messaging service or on the update service, which then lead to the installation of a listener or similar.

      1. Loyal Commenter Silver badge

        Re: 2B pencil

        As I understand it, they are saying they got a copy of the messages "from RAM" before they had been encrypted for transmission, or after they had been received and decrypted. This implies that they either exploited a flaw in EncroChat, managed to install a modified version of it on the target's phones, with a hook into the pre-encryption/post-decryption code to exfiltrate the messages, or found a flaw in the OS or hardware that allowed them to snoop on memory contents.

        Either way, this would be happening "in storage" on the phones, rather than a MiTM attack on the transmissions, which would require either an undisclosed weakness in the encryption, or access to the private keys (I'm assuming the encryption in use is some sort of standard public/private key pair encryption where the sender of a message uses the receiver's public key to encrypt the payload, which can only be decrypted using the receiver's private key)

        1. Anonymous Coward
          Anonymous Coward

          Re: 2B pencil

          I suspect the separate mechanisms originated from there being practical differences in how the warrant was being served. The targeted equipment interference mechanism meant the warrant was served against the owner/user of the end equipment; when granting such a warrant the suspect's right to privacy would need to be considered but that's about it. The targeted interception warrant would be served against a third party comms carrier, and so would need to be weighed against the rights of the carrier as well as the suspect. It would also carry more risk of collateral damage - i.e. potentially compromising or delaying the messages of other customers of the comms carrier as well as those of the intended target. In other words it's where the information is captured that's important, not it's state of processing.

          If the messages were indeed captured at the customer's end point (though details are scant, this is what seems to be implied here), then the TEI warrant would seem appropriate, regardless of whether it came from RAM or more persistent kinds of storage. If the data was grabbed from equipment that was the property of someone else (i.e. telecoms network or EncroChat servers) then the TI mechanism should have been used instead.

          What makes this case interesting is that the method used to obtain the data seems to have used a man in the middle attack on a 3rd party (EncroChat) which ultimately lead to the data being grabbed at the end user's equipment. If the malware used interfered with EncroChat's equipment in any way they may have a claim against the authorities for using the TEI warrant without due regard for their rights in the matter. However, I doubt the suspect being prosecuted has a leg to stand on.

          1. Loyal Commenter Silver badge

            Re: 2B pencil

            I get the sense that the MiTM attack in question in this case would have been against the update mechanism for either the EncroChat app itself, or the phone's OS, to install a compromised version of such, and thus allow the capture of the unencrypted messages without the user's knowledge.

            If the messaging app uses decent encryption and is hard to break, use a side-channel attack to circumvent that encryption entirely.

            I've no problem with this approach, as long as it is targeted against a specific user, and has proper oversight (i.e. a warrant, and not one that is so broad it allows "fishing expeditions").

        2. Gordon 10

          Re: 2B pencil

          I agreed. The piece we dont have enough data on - assuming reports of a MITM are true - is on what process the attack happened. If we also assume the RAM scraping is true it seems unlikely to be a MiTM against the main transmission service and more likely an update service or similar.

  3. Tom 38
    Thumb Down

    Filth

    I cannot help but think they have decided what is desirable for society - that these messages can be used as evidence under the warrant that was used - and come backwards from that conclusion to get to a judgement. There is no way that a data structure in RAM, assembled for the purposes of transmitting a message, is anything other than a message in transit. Just because they got to the letter before it was put in the envelope doesn't mean that the letter wasn't in the process of being sent.

    1. Gordon 10

      Re: Filth

      I agree with your first sentence. Unfortunately both myself and appeals court disagree with the rest.

    2. Loyal Commenter Silver badge

      Re: Filth

      Just because they got to the letter before it was put in the envelope doesn't mean that the letter wasn't in the process of being sent.

      I think it's more akin to watching through the window with binoculars as you write that letter and taking a note of the contents before you put it in the envelope and send it. At this point, the letter isn't in the process of being sent any more than a cake is in the oven being baked when you're weighing out the ingredients.

    3. Adam Azarchs

      Re: Filth

      My interpretation of the distinction is that it was intended for e.g. listening in on radio transmissions or splicing a probe into a fiber line. That is, if you have to compromise the premises of the defendant then it's in storage, but if your presence is only in places outside of their physical control then it's in transit. Sealing up an envelope and putting a stamp on it doesn't protect a letter from being taken by a search warrant for your house. It's not in transit until you drop in in the mail box.

      1. Anonymous Coward
        Anonymous Coward

        Re: Filth

        Is it not more that the letter has been put in the letter box but because the postie hasn't put it in his van and driven away yet it isn't 'technically' in transit yet? Whilst I have no sympathy with those being prosecuted with this haul, I do think the police and legal system have interpreted the rules in a rather questionable way here, particularly given the absence of detail around the way in which the messages were seized. "The letter was 'at rest' on the sorting office conveyor belt, m'lud"! Maybe it's time to stop making the distinction if it's ignored by law enforcement when inconvenient.

        1. pmb00cs

          Re: Filth

          Except the envelope in this instance is the encryption. So the message has been read outside the envelope.

          The question here is did the message get read before it went in the envelope, after the recipient opened the envelope (both perfectly legal under the warrant obtained), or was the envelope opened en-route by the authorities (illegal under the warrant obtained).

          The court has ruled that as the authorities are incapable of opening the envelope en-route arguing over the nature of the information storage mechanism used prior to the message being put in the envelope is moot, and the message isn't in transit until it is in the envelope.

          The defence position appears to be akin to the sender didn't put the message in the envelope until they were stood at the postbox, and the recipient took the envelope off the postie outside their home, therefore there is a period where the message is both outside the envelope, and still in transit. If this were the case it would be possible for the interception to be illegal under the warrant used and thus they need to know exactly how the message was intercepted so they can know if it was intercepted legally or not. The court has ruled this is not a valid analogy of E2E encrypted services, so they don't need to dig any further, thus the warrant was appropriate.

          1. YetAnotherLocksmith Silver badge

            Re: Filth

            FWIW, I agree.

            Either there was something wrong with the encryption and a plain text copy was secretly transmitted somewhere and captured by the police (Unlikely in the extreme), or the plaintext was taken from the phone. If it was on the phone, it was at rest. (Unless, of course, it was on a mobile... I'll get my coat.)

            If it wasn't being transmitted (as in, actually left the phone flying through the air), it was at rest/in storage. RAM is storage. It might be stored encrypted too, for a short while, but it was certainly stored while being written prior to sending, and it was certainly captured before encryption.

    4. sev.monster Silver badge

      Re: Filth

      The problem with your logic is that intent has no hold here: even though the message was crafted with the intent to be transmitted, they didn't snatch the message in transit, so it's fair game. Despite how infuriating it must seem as someone that understands how this networking stuff and the app works and the intentions of the people that designed them, it does make perfect sense...

      I do think however that language should be added to make better distinction on gotchas like this, else we all must enter our messages into our encrypted chat apps using a ROT13 encoded book cypher—which at that point, why bother with the encrypted chat app? Just use MMS at that point :)

      1. doublelayer Silver badge

        Re: Filth

        Well said. I think there are two important parts that need clarifying (well, one clarifying and one fixing).

        1. It doesn't matter if it's in volatile or nonvolatile memory. What does matter is whose memory. If it's the user's memory, then it's at rest. If it's in a transmission system's memory, then it's in transit. Possibly we need to clarify what a system is that holds a message while waiting for a user to come get it, but sends that message on to the user. I'd classify that as a transmission system.

        2. The important part: "Legal protections against unlawful interception, in section 3 of the Snoopers’ Charter, don’t apply to data in storage targeted by police hackers under a TEI warrant." We should consider whether we need to extend some or all of those protections to data at rest.

        1. rg287

          Re: Filth

          Yes, what this fundamentally shows is that the split of TI/TEI should only really be an administrative matter relating to whether you're serving a warrant on a carrier or acting directly against the end point.

          If you want to eavesdrop on someone's communications in real-time or near-real-time (as opposed to a one-time search/inspection warrant) then the same strong protections and oversight should apply, regardless of whether you intend to achieve this by intercepting messages "on the wire" or by compromising the endpoint and reading them once they've been decrypted (to avoid transit security).

          The protections need to be tied to the outcome rather than a bypassable technical definition of transit/at-rest. Although I'm sure that creates additional problems such as arguing that "The malware only phoned home once a week so the intercept wasn't "real-time" - more like doing a search once a week." (that one would be trivially dismissed if the malware works on a store-and-forward basis, collection is clearly real-time. But doubtless other technicalities could be introduced to muddy the waters).

    5. rg287

      Re: Filth

      There is no way that a data structure in RAM, assembled for the purposes of transmitting a message, is anything other than a message in transit.

      What about a draft copy of an email? In RAM, assembled for the purposes of transmitting a message - but few would recognise it as "in transit" until sent.

      They seem to have found a bit of a grey area here.

      A received message or a draft is clearly at rest. Where do you draw the line?

      One might argue that it's the moment the data leaves the app and hits the OS network stack (in which case a TI warrant might indeed be required to deploy end-point malware attacking the network stack).

      Others might argue that it's once it leaves the radio of the handset and involves either snooping on cellular/802.11 data or tapping the connection of the common carrier..

      If the malware was in fact attacking the app (or the RAM the app was using) then I'm inclined to agree with the court that a TEI warrant is technically appropriate - even though it amounts to a real-time eavesdropping (not merely searching a device/premises) which is what the TI warrant is for. If you receive a fax, then it's "stored" to paper - even if only transiently on it's way to the shredder.

      This in itself is not a problem except that of course the TI Warrants come with different oversight and protections. The conditions attached to TEI Warrants are not designed to cover real-time eavesdropping.

    6. gnasher729 Silver badge

      Re: Filth

      You read it: The message in transit was encrypted. Nothing was ever decrypted and in transit. Police didn't decrypt anything. So what they got CANNOT have been in transit. Contrary to what you say, the letter wasn't in transit before it was put in the envelope. I'd say a letter is in transit from the moment it leaves my home. If I put it into an envelope while walking to the post box, that's different.

    7. Cynic_999

      Re: Filth

      Agreed. This ruling means that ALL communication intercepts can be interpreted as not being a message in transit, with the exception of analogue telephone calls. Even voice calls on a mobile phone entail holding the digitised audio data in RAM for a few uS before being transmitted.

  4. KarMann Silver badge
    Black Helicopters

    Next legal argument:

    The data was being stored in the optical fibres, Your Honour….

    It doesn't seem too unlikely anymore.

    1. Yet Another Anonymous coward Silver badge

      Re: Next legal argument:

      The photon has a non-zero probability amplitude at any distance.

      So the photon 'existed' in the police station, so they didn't intercept it, it came to them.

    2. Anonymous Coward
      Anonymous Coward

      Re: Next legal argument:

      It would be interesting to consider something like a mercury delay line memory. In those the data is never sitting still, it's bouncing up and down a tube full of mercury as sound waves. From one point of view it is at rest, because there's no second party receiving it. But physically it is being transmitted...

      Apply the same concept to a radio signal bounced off the moon. Such a system is intending that there is no second party receiving it, but it's definitely a radio transmission and it's definitely available for reception by any other party on that side of the planet.

      I doubt such exotica will be found in Samsungs any time soon...

      On the whole this sounds like a sensible decision by the court.

      I noticed that the court laid into the defences' various legal experts who'd argued that it was being transmitted. This is none trivial. All of those technical experts have now been tagged as having been trying to pull the wool over a court's eyes, and doing so with crude and obvious ruses of language (to paraphrase what the judgement said). These guys have just ended their careers as expert witnesses.

      The language used by the judgement sounds like they've come pretty close to annoying that judge, and effectively come close to perjury... The role of expert witness does not give one license to say whatever the lawyer hiring oneself wants you to say.

      And in these cases, they have made an incorrect and dumb argument in court presumably having given the lawyer and their (allegedly pretty nasty) client some assurances along the lines of "This one is in the bag". So now those lawyers and their clients, who may have not followed other lines of defence thanks to those assurances, are disappointed and maybe be asking questions like " where's my refund?", and "how long can you hold your breath?".

  5. Anonymous Coward
    IT Angle

    > Thanks to the reporting restriction orders we cannot lawfully link to any of the police press releases.

    OT to the main point of the article, but does issuing a press release under such circumstances count as entrapment?

    1. A.P. Veening Silver badge

      In my (not so humble) opinion it does, but IANAL.

      1. sev.monster Silver badge
        Coat

        Watch your butt.

    2. tip pc Silver badge

      I was wondering if there Is a published list of all the things that can't be discussed or published.

      1. A.P. Veening Silver badge

        There is, but you are not allowed to link to it.

  6. Gordon 10
    Unhappy

    Whilst the Judges seem to have overthought this but so has El Reg

    Bear in mind that afaik the Appeals court generally covers interpretation of LAW NOT interpretation of exact events. So arguments can quite quickly spiral off into theory land as happened here.

    So from a laypersons perspective it seems to have been a bait and switch, the ruling was on whether it was right to have a infrastructure geared TEI based on the contents of RAM. To which this answer is a no brainer - well duh of course it was. So the judges ruling is valid.

    If the method of interception WASN'T from ram, but OTA - then the method of collection was not legal - but even then this appeal ruling still stands, because that wasnt what was being challenged.

    I have a feeling that the defence screwed up in the early trials and this was a late attempt at a correction. The defence at new trials should have the method of collection documented in detail and sworn to by an expert.

    I also have a suspicion that the Rozzers/CPS are deliberately playing the "expert is a foreigner card" to game the evidence on the collection method. Besides which its Druggies, Paedo's and Organised Crime so its all good innit. (Sorry I sunk below the level of a Daily Heil reader for a miinute).

    1. Loyal Commenter Silver badge

      Re: Whilst the Judges seem to have overthought this but so has El Reg

      From what little I've heard about the EncroChat cases, it is organised crime they are targeting. Involving drug smuggling, people trafficking, modern slavery, and quite possibly child prostitution as well. All the sorts of things that nasty people like the Ndragheta get up to. Whilst it is all too easy to go "full Daily Mail" and wail about paedos, it's also possible to go too far the other way and minimise the very real problem of serious and organised crime.

      Of course, there is a balance to be struck with the freedom vs safety debate. Perfect freedom allows the strongest to subjugate the weak with no recourse, whilst perfect safety constrains personal freedom to intolerable levels. On the one hand, you wouldn't want to live in a war-torn anarchy ruled over by despots, on the other hand, you also wouldn't want to live in a police state where your every move is monitored. Logic leads us to a sensible middle ground, where the police have the tools to tackle organised crime, but are limited in their reach by oversight. In this case, an appropriate warrant, and the Court of Appeals decided that the warrant they had was appropriate.

      1. John Brown (no body) Silver badge

        Re: Whilst the Judges seem to have overthought this but so has El Reg

        "In this case, an appropriate warrant, and the Court of Appeals decided that the warrant they had was appropriate."

        Maybe it's because IANAL and I'm not in infosec, but why two different warrens for data at rest or in transit in the first place?

        1. Jimmy2Cows Silver badge

          Re: Whilst the Judges seem to have overthought this but so has El Reg

          IANAL either, but I can imagine it's something like the difference between compromising an individual or single premises' devices, and compromising what could be national or international comms infrastructure.

      2. Danny Boyd

        Re: Whilst the Judges seem to have overthought this but so has El Reg

        >you also wouldn't want to live in a police state where your every move is monitored

        Aren't we already?

        1. Loyal Commenter Silver badge

          Re: Whilst the Judges seem to have overthought this but so has El Reg

          No. I'd suggest taking a look at the former East Berlin, if you want to see what an actual police state looks like. The infrastructure and organisational structures needed to pull it off are pretty obvious.

          1. gnasher729 Silver badge

            Re: Whilst the Judges seem to have overthought this but so has El Reg

            There was an East German author who wrote a letter to the Stasi: He knew they were watching him, and someone was reporting on him, and that obvious cost a lot of money. Since he didn't do anything wrong, couldn't they pay _him_ for writing these reports, which would be much more efficient because he didn't have to follow himself, being in the same place as himself all the time, and the reports would be more accurate because he knew where he was all the time, and anyway, he could do with the money?

          2. Graham Cobb Silver badge

            Re: Whilst the Judges seem to have overthought this but so has El Reg

            Yes, I found the Stasi museum in Leipzig very interesting and extremely unsettling. They had files on almost everyone in the country and were almost able to prevent the movement which led to the toppling of the Berlin wall, with technology limited to just typewriters and chemical-based photographs. It shows what giving the security services too much power and resources can lead to.

            Today's police have access to much more efficient technology with almost no constraints from the courts or the government. They are are but one small policy step away from being able to use those to quash any sort of dissent, protest or disagreement. And the courts are not stopping them.

            We need the courts to impose serious restrictions (with the related inefficiency) on the police so that they prioritise their resources on the things that the people want the police for, like real crimes against the person and against personal property, not on protecting the government or big business against embarrassment or protest.

            This particular case is not political, of course, but using it to launder a major lack of controls over police techniques will come back to bite us all.

            1. Loyal Commenter Silver badge

              Re: Whilst the Judges seem to have overthought this but so has El Reg

              The Stasi Museum in Berlin is situated in the former headquarters, which the citizens of East Berlin had the foresight to seize early on and preserve. This meant that many of the records were not destroyed. Interesting things of note were the equipment used to intercept, open and reseal all mail, and the "bread van" which was used to disappear people.

              The offices are so well preserved that they were used in the filming of the series, "Deutschland 83". If you look closely, the only inauthentic thing in those scenes is the modern strip lighting on the ceiling. At the time the building was preserved, those offices were already pretty anachronistic, with the furnishings dating from the '50s and '60s.

              All in all, an absolutely fascinating place, and a timely reminder that the cost of liberty is eternal vigilance.

        2. Nick Ryan Silver badge

          Re: Whilst the Judges seem to have overthought this but so has El Reg

          Probably more accurate to state "Not there yet, but working on it."

  7. MiguelC Silver badge
    WTF?

    "Thanks to the reporting restriction orders we cannot lawfully link to any of the police press releases."

    hmmm, what???

    1. gazthejourno (Written by Reg staff)

      "No report of these proceedings shall identify any user or suspected user of EncroChat until further order"

      Drastically overbroad and definitely not what the judge in a linked, earlier case intended to achieve, but the effect is what it is.

      1. The Mole

        So in a separate story reporting on the press releases you would be permitted to link to the press releases as long as you make no mention of those proceedings? But reporting on the press release and mentioning the proceedings would be illegal.

        1. Symon
          WTF?

          If you want to search all of Plod's websites, use this in Google:-

          site:police.uk

          HTH.

  8. ExampleOne

    If data in RAM is in storage and not in transit, does this mean that all DVD players are now, under this interpretation of the law, making copies of the DVD in storage? The figleaf that the "copies" were in transit clearly can't legally match to this ruling can it?

    There are definitely significant implications of this ruling outside the "snoopers" angle, I fear.

    1. John Brown (no body) Silver badge

      Not to mention solid state storage which is essentially RAM, L1, L2 and L3 cache RAM and the weird shenanigans that Optane gets up to. The ruling seems to imply that data is "at rest" so long as it has not left the device by wire or radio. So yes, theoretically, a DVD player or similar is "making a copy" either in the act of reading the data from the disk or when it transmit it to a display device.

      Not forgetting of course that in various paedofile cases, having nasty images on a computer isn't just "possession", it's "make a copy", even if just in the browser cache.

    2. Anonymous Coward
      Anonymous Coward

      That's more or less the reasoning behind software licensing - in order to use the software you need to copy it into RAM, so you need a license that can contain a whole load of restrictions that wouldn't normally be allowed if you were buying a physical product.

    3. Bitsminer Silver badge

      Yes indeed, your DVD player is making a copy in it's own RAM, then converting to a video stream for display on the TV. But your DVD player came with a software license authorizing you to play (copy/convert/stream) the movie.

      Imagine a TV station playing a copyrighted movie -- their digital broadcast system will transfer copies of the (digital original of the) movie to several stages of subsystems before transmitting over the air. Perhaps inserting ads, or perhaps the ads were inserted an earlier time for a ready-to-play digital file.

      Are they making unauthorized copies? (Presumably they have a license to broadcast the movie, but not to copy it, however ephemerally.)

      ISTR this was an actual concern for the design and implementation of digital broadcast studio equipment.

      1. TRT Silver badge

        Hm... so the implications of not having HDCP all the way throughout the display chain? I mean, my old RGB data projector is fine and still works to throw photons at a screen in a controlled way, but the setup simply chokes at some content which requires HDCP... I'm being frustrated in the realisation of my license / contract with the distributor etc.

      2. Nick Ryan Silver badge

        Such a TV station is making authorised copies and performing authorised modifications to the original as per their license and agreement to do so. Parts of this agreement involve the protection of non-encrypted versions of the original, any versions in between and that the output will be encrypted.

        All pretty standard stuff and has been the case for years, in different forms and across different technologies (because these change very quickly).

        It's no conicidence that the best (illegal) copies of movies and such have come from compromised internal systems, and equally no coincidence that the suppliers of digital movies, in particular, supplies digitally watermarked versions unique to each licensee. This way when something does get out, they can identify the source.

    4. katrinab Silver badge
      Meh

      From the TV Catchup case: as long as you have transmission rights, and they did for the public service channels, but not the other channels on FreeView, you don't need a separate licence for any copying necessary to carry out the transmission.

  9. sev.monster Silver badge
    Boffin

    As a non-GPU-informed plebian:

    I think the only way around this interpretation would be to create a shader that accepts RGB-encoded encrypted bytes as input and decrypts it in real-time, mapping characters to an internal font to then arrange and display on the screen; using this, it would be theoretically possible to display an encrypted message without retaining the decrypted message in CPU or GPU memory, following some gymnastics with frame buffers... Now, do pixels on your monitor count as data at rest?

    1. doublelayer Silver badge

      You can do that without the complicated GPU stuff by decoding bytes and manually drawing them on the screen using the CPU alone. There are sufficient registers to do that but insufficient ones to store the whole message. It doesn't really matter much. If your computer has a) the encrypted message and b) the means to decrypt it, a warrant for the data on your computer can give them the cleartext message. Which they didn't have to do in this case since they also had the unencrypted message. The important point was that the message was located inside the user's device and not on the infrastructure of a network. I have no problem with that interpretation. Whether more protections are needed when getting data at rest is an important part to consider though.

    2. gnasher729 Silver badge

      Since this was all phones: It would certainly be possible for Apple or Google to write code that can display encrypted messages on the screen in a readable form without ever decrypting more than a single letter. I doubt they are interested.

  10. MatthewSt

    End to end encryption

    If EncroChat (like others) offers "end to end encryption" and the messages were not encrypted when acquired, then by the platforms own definition they weren't in transit

    1. Vincent Ballard
      Headmaster

      Re: End to end encryption

      I think that reasoning is a bit too glib. The guarantee given by end-to-end encryption is that the data which passes through routers and servers (so roughly layer 2 or 3 in the OSI model) is encrypted by keys which are not available to the people who run the routers and servers, but encryption itself belongs in a higher layer. However, that higher layer is arguably layer 6 rather than layer 7. Which layer should count as the cutoff between rest and transit?

  11. SGJ

    The fact that *unencrypted* messages were obtained rather than the encrypted versions that were sent off to or obtained from the network makes me think the Court of Appeal got this right. The unencrypted message must be stored in RAM in order for them to be encrypted or decrypted. The message in transit would be the encrypted version.

  12. tip pc Silver badge

    Android or IoS

    the worry here is that the platform running the app was not secure enough. Much has been made over the years about memory encryption & segregation, but if they can pull plain text out of the app, I assume the OS on the platform was not robust enough to prevent other apps reading its private data, i assume the OS is at fault else its the app.

    would be funny of the crims had copy pasted from 1 app to another causing this issue!!

    1. Loyal Commenter Silver badge

      Re: Android or IoS

      It's probably a bit more complicated than that and involves the police deliberately back-dooring the device, which is what they would need the warrant for in the first place.

      There are probably a number of ways of doing this, and the net result would be a silent update to either the target's phone's OS, or to the app in question. Off the top of my head, this could be done either by intercepting the requests to check for software updates via the OS app store, with help from the makers of the OS, or at a network level by using a so-called "stingray" mobile base station to target and intercept traffic from a phone with a specific IMEI. The exact mechanisms for doing so are no doubt kept tightly secret, because the same techniques would also be used by intelligence agencies as well as law enforcement.

    2. gnasher729 Silver badge

      Re: Android or IoS

      The OS on the phone was a hacked version of Android. So yes, a hacked version of Android is likely to be less secure than any original version of Android. Encro whatever claimed that iPhones were not secure enough. Apple must have laughed when they heard about this absolutely completely 100% pwning.

      1. Loyal Commenter Silver badge

        Re: Android or IoS

        I think they may have had a point about iPhones though. Whilst the phone may be secure, I believe there are a number of hoops to jump through to get an app onto an iPhone, which can only be done via their app store. This means that Apple have a review process, where they could be compelled by law enforcement agencies to amend the app they make available, and to do so in secret. From the perspective of the makers of EncroChat, this is a security risk.

        Android has similar provisions with apps on Google Play. However, Android phones allow side-loading of apps (if you enable it), which allows any APK to be installed. I'm assuming this is how EncroChat is distributed to users. If not, then it could be back-doored by Google on the request of law enforcement agencies.

        As it is, these considerations have no bearing on whether or not the OS itself can be back-doored, and it's not too much of a leap-of-faith to think that both Apple and Google may have been compelled to produce back-doored versions for law enforcement use, which such agencies could then arrange to be patched onto target phones via OTA updates. Such patches could be things such as allowing a snapshot of the device's memory, or the portion of memory allocated to a specific process, along with all sorts of other things. Once again, one would hope that such things are tightly controlled by the need for a warrant, even if it’s one from a secret court.

  13. YetAnotherJoeBlow

    Yet again...

    Yet another fine example of police work demonstrating that a back door in the crypto is not needed for enforcement action. Every week I see such examples all over the world. By now there is no shortage of evidence indicating that said back door is needed at all - just good police work.

  14. NiceCuppaTea

    I can never use data again

    Some of our contracts at work state that data at rest must be encrypted. If RAM now counts as data at rest how am i supposed to ever decrypt/use that data without breaching contract?

    1. Jimmy2Cows Silver badge

      Re: I can never use data again

      Depends on how the contract describes "at rest". Since it's a specific term you're being required to abide by, it should have a definition somewhere in the contract. If you comply with that definition you'll be fine. If the term isn't defined then it's not your problem, but you should check with your legal weasels. IANA legal weasel.

    2. Loyal Commenter Silver badge

      Re: I can never use data again

      It's a known problem. See, for example, .Net's SecureString which goes some way towards addressing the problem, but still leaves a window where the contents must be decrypted for use, at which point they can be "snooped".

    3. gnasher729 Silver badge

      Re: I can never use data again

      They basically say there is "at rest", and "in transmission", and "something in between". If you write a message or want to read it, it must be decrypted.

    4. Vincent Ballard
      Coat

      Re: I can never use data again

      Homomorphic encryption lets you process data while keeping it encrypted. But that still leaves the issues of data input and (non-aggregated) output.

  15. Fruit and Nutcase Silver badge
    Joke

    Quantum Message

    Both prosecution and defence agreed that messages couldn’t be “stored” and “transmitted” at the same time.

    Have they considered a "Quantum Message" - one that is both at rest and in transit?

    That would obviously need a "Quantum Interception Warrant"

    1. Loyal Commenter Silver badge

      Re: Quantum Message

      But you couldn't know whether it had been served or not, without destroying the contents of the message.

      1. Fruit and Nutcase Silver badge

        Re: Quantum Message

        Actually, remember "Super Injunctions", where you are not allowed to know that a Super Injunction has been granted, let alone what it is for? They have prior form/so could easily come up with a "Quantum Interception Warrant"

  16. TRT Silver badge

    Wrong reasoning, right result.

    They interfered with the equipment as per their presumably reviewed and approved by justices warrant. Seems fair enough to me. I can't get why the legals went down this route of bizarre and specious arguing. Unless it's because it was such specious and vague and technically walking a knife edge argument would be bound to end in appeal and counter appeal and counter appeal against the counter appeal until all the lawyers can't actually make it to court anymore because their trouser pockets weigh too much.

    In my mind the two mechanisms are akin to a warrant to plant a bug and a warrant to tap a wire.

    1. Peter 26

      Re: Wrong reasoning, right result.

      I agree this is akin to planting a bug or a wire tap.

      In other articles I've read about this they said they couldn't decode the signal if they had sniffed it in transmission, therefore this proves they didn't get the data in transit. I believe this is sound logic.

      Police need to be able to investigate crimes, plant bugs etc. I have an issue with mass surveillance, but at an individual level getting a warrant to bug a specific person because you think they have committed a crime is what I think most people would agree should happen.

      The bigger implications of this though is that they planted an updated firmware to EVERYONE who had one of these phones. This was mass surveillance by the backdoor. Maybe in this case it's true that the vast majority of people were using these phones for crime, but I'd like that to go to a judge beforehand to approve the mass surveillance, and I'd expect the bar of evidence to be extremely high before approving this. Plus instructions from the judge on destroying data of any non criminal behaviour captured for innocents caught up the in the mass trawl.

      Then you have the issue of which country approves this... Should French courts be authorising hacking of other English citizens phones?

      1. YetAnotherLocksmith Silver badge

        Re: Wrong reasoning, right result.

        To be fair, it is/was an international drug, torture and generally not-nice crime gang, and the French and Belgian and other EU police forces also had these criminals in their country. They gave us the info to be nice, not because they had to. They simply went in and grabbed everything they could. What we do with it is our business, as long as we don't upset anything for the nice gendarmes...

  17. gnasher729 Silver badge

    So the argument is: The police never decrypted the messages, but grabbed unencrypted messages (either before encryption or after decryption). And since what was transmitted was encrypted, the unencrypted messages CANNOT have been in transit. I think there would be a question if you used https: Does the whole process of https (encryption on my side, transport, decryption on your side) count as "transmission"? If not then hacking _into_ the https process would be fine. Similar with VPN.

    1. doublelayer Silver badge

      "Does the whole process of https (encryption on my side, transport, decryption on your side) count as 'transmission'?"

      As the ruling goes, it would be as follows:

      1. You construct an HTTP request in plain text in memory. If they seize it on your machine here, it's at rest.

      2. You encrypt it to ciphertext which we'll presume you store in memory. If they seize the ciphertext, it's at rest. Also, if they can seize that ciphertext, they wouldn't as they could also seize the plain text earlier and that's easier.

      3. You establish a TLS connection to a server and send the chunk along a network to it. If they intercept your encrypted data by watching it as it goes to the server, it's in transit.

      4. The server receives and decodes it. If they seize it on that server, then it's at rest.

      You can think of it as "Where does the interception occur?". If it's on your computer or the remote computer, it's at rest. If it's in between, it's in transit.

  18. Grease Monkey Silver badge

    And there's your problem right there. This law (like so many) is poorly drafted.

    RAM is very definitely storage. So anything in RAM can be said to be stored.

    However if something is only in RAM for the purposes of being in processed then you could also argue that that it is in transit.

    As such the law as it is drafted says that the method by which the data was collected was legal. It also says it was illegal in effect, but that's clearly nonsense. So in this case those prosecutions can proceed. However it also demonstrates that the law needs to be re-written as it's clear that something can't be both legal and illegal at the same time under the same legislation.

  19. TDog

    Carbon Copy

    IMHO. There has been a lot of dispute about whether the message was in transit or at rest. This seems to be conflating two different messages. There was a message (presumably in plaintext) that was stored in the RAM of the device - there was then a second message created by applying an encrypting / enciphering function to the original message and that was the message that was transmitted (in transit).

    If access is gained to the original message then it was a static message - and similarly if the recipient's device were bugged then there would be again at least two messages - the transmitted encrypted message and the static message in RAM that was in plaintext. Again - IANAL.

    The RAM message is transient and has no long term existence but it is still a static message, just as if a carbon copy had existed and then been burned for security purposes.

    BTW if access to the device's RAM was available that might question the security of the keys on the device.

    1. TRT Silver badge

      Re: Carbon Copy

      The content is still the content whether it's a copy or not. If the police break in, photograph all the documents and present their COPIES in court, the INFORMATION would be thrown out as being illegally obtained.

  20. tomboley

    Instead of being worried about semantics, let's be more concerned over the increasing invasive power the government has over our electronic systems

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon