Source: www.schneier.com – Author: Bruce Schneier
Comments
numberri •
I know another case earlier this year is when India threatened to ban Proton Mail in India due to it using end-to-end encryption. (link) Regardless, it’s disappointing to see this. Smart criminals will just move to other services, and unaware citizens will have their privacy breached.
Winter •
@numberri
Smart criminals will just move to other services, and unaware citizens will have their privacy breached.
Maybe that is because the current Indian government is going after unaware citizens and not after smart criminals. In other words, this is also self protection.
Vivek •
Why do white people get so worried when software made by white people have to follow the rules in non-white countries?
Is there any chance that WhatsApp/Meta would threaten to take their toys and go home if the US government makes an equivalent demand?
Most people on this page know in their hearts that the US government has already done so and Meta has complied with their tails between their legs.
Winter •
@Vivek
Why do white people get so worried when software made by white people have to follow the rules in non-white countries?
First, human rights are for everyone and India has ratified the universal declaration of Human Rights. Article 12 of the UDHR states:
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Hence, the Indian state has signed a declaration to protect the privacy of its citizens and their communications.
Second, the current administration of India has shown to be willing to trample on the Human rights and the rule of law to stay in power and drive out all non-Hindu’s. Which gives us very good grounds to believe that they will maximally abuse any access to WhatsApp messages.
Third, we all protest too when Western countries try to break E2E encryption.
A question. Why do you oppose the privacy of Indian people?
Clive Robinson •
@ ALL,
The practical solutions to the “End To End Encryption”(E2EE) have been known for a very long time. Claude Shannon gave if a fundamental mathematical proof back getting on for a century ago in the early 1940’s if not earlier.
But we need to remember E2EE is just a tiny part of the privacy problem.
To understand why you have to understand the fundamental problem of privacy is that if you want it you have to “pay in some way” by thought and effort, which most are unwilling to do.
Thus those that do become a very clear visible signal well above the well trimmed grass unless they go to considerably extra effort. So the price of privacy rises yet further. The same goes for other issues to do with the ends of the communications channel which gives rise to “traffic analysis” and other higher level attacks against privacy and the attendant costs of keeping it[1].
Now consider who this cost rise benefits and who it harms… Worse how it’s enabled both technologically and sociologically.
All for the sake of apparant convenience… Thus an “easy life” has become in effect an “Orwellian life”.
As for,
“Smart criminals will just move to other services”
Will they?
I actually doubt it, and history in recent times shows the opposite as far as,
“The convenience of electronic communications”
The technology makes the cost of mass surveillance ever cheaper for those that profit by it. And society insists that you must be part of the mass surveilled at your own expense or be an outcast.
The thing is that few even who read this blog, realise that we are,
“Sleep walking into a trap of our own making.”
Like lambs to the slaughter…
Thus the question is what are “we” –the harmed– going to do against those harming us?
[1] I’ve mentioned many times over the years what you need to consider as part of a workable privacy strategy. It’s not just a lot of hard work, it’s also very fragile, and unlike many years ago nothing on “approved channels” is ephemeral any more. This “record it all” policy I’ve likened to those who surveil attempting to build a “Time Machine” so that they can take information and methods from now and apply it to what happened in the long past to punish those that have become inconvenient tomorrow.
One Random Geek •
It is not just in India, there are many governments who would like to have access to encrypted content. Here are a few articles which shed more light on this subject:
Australia’s spies and cops want ‘accountable encryption’ – aka access to backdoors:
ht ps://www.theregister.com/2024/04/25/asio_afp_accountable_encryption/
The U.K. Government Is Very Close To Eroding Encryption Worldwide:
ht ps://www.eff.org/deeplinks/2023/07/uk-government-very-close-eroding-encryption-worldwide
Human rights and encryption:
ht ps://en.wikipedia.org/wiki/Human_rights_and_encryption
underdog •
Just a side note that the Declaration of Human Rights does not imply any legal obligations on countries which have adopted/recognized it.
Bob •
@Vivek
It’s about oppressive regimes undermining the safety and security of the population. While I understand appealing to racism makes for a convenient distraction, it is actually nothing more than distraction in this case.
Soak your head, and take your bad-faith gaslighting with you.
iAPX •
@underdog, @Winter, All
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. …
There’s nothing arbitrary if everyone and anyone is surveilled, the new normal.
… Everyone has the right to the protection of the law against such interference or attacks.
As long as the law state that everyone is surveilled, Human Rights are respected, and that’s the new normal in many countries.
Bob •
@iAPX
There’s nothing arbitrary if everyone and anyone is surveilled
Utter nonsense. The arbitrariness of a given decision is not dependent on the scope of impact.
Bob •
I also want to make the point that the apologists here know their arguments are bad. They are not engaging in good faith. Hypocrisy and gaslighting are the official pastimes of authoritarians.
lurker •
“Meta is committed to end-to-end encryption as an enabler of human rights”
I’m struggling to marry this statement to Meta’s past behaviour towards the privacy of its users …
Winter •
@iAPX
There’s nothing arbitrary if everyone and anyone is surveilled
There is according to the legal definition of arbitrary:
‘https://legal-dictionary.thefreedictionary.com/arbitrary
Arbitrary
Irrational; capricious.
The term arbitrary describes a course of action or a decision that is not based on reason or judgment but on personal will or discretion without regard to rules or standards.
An arbitrary decision is one made without regard for the facts and circumstances presented, and it connotes a disregard of the evidence.
A decision for blanket surveillance ticks all the boxes. It is is based on
- personal will
- without regard to rules or standards
- without regard for the facts and circumstances
- connotes a disregard of the evidence
echo •
Interestingly current UK Prime Minister Sunak (who is a hard Brexiter and hard transphobe and hates the poor and disabled and who along with his wife are dipping their fingers in the till and whose family and in-laws are personal friends of Modi) loves Whatsapp. Being PM he can lean on the Home Office, police, and security services et al and has even snubbed FOI’s and contempt of court. I guess when you’re at the top and the safeguards we all thought existed turn out not to exist in practice you become above the law. I’m guessing Modi et al have equivalent ideas. Don’t they always?
@Winter, @Bob
Very good comments and deftly handled!
Any decent manual on human rights and equality would also have a security section to it. You can get angry or anxious people fall prey to bad practice but deliberate bad actors can use both human rights and equality as cover for disruption, or recruitment away from the mainstream towards the margins which defuses the main effort or builds a base to work counter to the main effort.
This is old stuff really but it’s certainly been weaponised to a huge degree by very organised and very well funded state and none state actors recently. As noted arguments with bad faith actors aren’t worth having. The time wasting and rabbit holes don’t even have entertainment value.
@One Random Geek
The U.K. Government Is Very Close To Eroding Encryption Worldwide:
The current UK government have been a centre of undermining international law and global destablisation since Johnson, through Truss, and continuing under Sunak.
@Lurker
I’m struggling to marry this statement to Meta’s past behaviour towards the privacy of its users…
Meta are a major out in the open enabler of human rights abuse and far right recruitment and disinformation along with Twitter and Youtube. Mind you if Western far right aligned politicians and centrist to far right media models didn’t give them oxygen the far right wouldn’t be as full of itself as it has been in recent years, nor would the Kremlin or other authoritarian types feel they could get way with it.
In the UK courts have occasionally leaned on human rights when the government has waved around national security or fiscal policy. This is wrong in principle and as we’re beginning to see clearly where human rights are ignored or fiscal policy is weaponised to dilute human rights provision it leads to a lot of security problems which inevitably create more work for the security services and military and foreign office. Human rights lawyers might want to take a closer look at this one and develop some legal instruments along these lines.
Clive Robinson •
@ Bob, iAPX, Winter, ALL,
Re : The meaning of arbitrary is it’s self arbitrary.
“The arbitrariness of a given decision is not dependent on the scope of impact.”
Arbitrary is one of those words that is best avoided.
Because it can be used to opposite effect depending on your view point as an observer to any given event. To see why look at a common definition,
“The word arbitrary refers to something that is based on random choice or personal whim, rather than any reason or system.”
Do you see the problem?
“What if my given ‘reason or system’ is selected to meet a ‘personal whim’ or ‘random choice’ to meet a quota etc?”
So something that is apparently uniform in application to whom it is applied to, appears at one level not to be arbitrary.
However viewed at another level it is very arbitrary if not capricious.
You get this all the time with legislation designed to give advantage to one group of people whilst argued publicly that it applies to all.
It kind of has the same failure that the alleged “forensic science” has. That is you argue back from effect to cause whilst trying to appear you are arguing from cause to effect.
It goes horribly wrong –or right– when more than one cause can give an effect.
John White •
Vivek: Shouldn’t Modi consider focus on building toilets rather than oppressing farmers and Muslims?
Anonymous •
@One Random Geek: Yes- this is a common focus of what Mr. President Trump called ‘s**thole countries’ like India, Australia, the UK, the US.
Bob •
@Clive
The meanings of all words are “arbitrary” depending on your definition of various words in this sentence. I’m not going to learn Lojban, and I’m not going to debate what the meaning of “is” is.
Closed source solutions are vulnerable to underhand tricks (e.g. weakening the key selection algorithm as was done to DES exported from the USA in the 20th Century) which would be near impossible for end users to detect. Putting my tin foil hat on, it could be that India, Britain, etc are just wanting access to the same backdoors as the US government has already forced on Meta / etc.
I’ve never been able to understand why GNU’s Jami hasn’t been more widely employed as provider of end-to-end encrypted conversations. Its open source nature could allow bad actors and other users to validate that it truly has strong encryption.
lurker •
@Julia Clement
Jami has the same popularity as PGP for the same reason: there’s no one-click instant gratification. WhatsApp has that simplicity, but then you’re suckered by The Man.
ResearcherZero •
Encryption is often a very small part of a crime. Politicians, regardless of their ideology are privileged. They live in privileged locations with good security and excellent resources. Across the board – they lack compassion or incentive to assist those who do not.
They are often rude, smug or condescending when victims of crime bring problems to them.
Be those MPs male or female, each and every political party has failed to address the concerns of vulnerable people when they have taken their concerns to those politicians.
“The criminal justice system has enough case managers, police and prosecutors to support victims — but they are not prioritised.”
‘https://www.abc.net.au/news/2022-04-24/silent-treatment-of-sex-assault-victims-/101008326
“One significant reason cases are dismissed is that the police decide the report is baseless, so they mark it as unfounded and do not forward it to a prosecutor. This dismissal happens in 1 in 5 cases. Many convicted sexual felons in an anonymous survey admitted to committing several more assaults than they were charged for, with only 3.3% of the assaults they committed resulting in their arrest and only 5% of the assaults identified in official records.”
There are similar figures for violence against children…
“At 47%, almost half of children report having been a victim or witness of violence in the last year.”
(its academic study has not been a focus of victimological interest until very recently)
‘https://www.childrenscommissioner.gov.uk/blog/protecting-children-from-serious-violence/
Need for structural solutions to protect children from the negative impact of violence.
https://www.apa.org/news/press/releases/2024/02/violent-neighborhoods-brain-development
ResearcherZero •
A significant reason why police decide a report is baseless is because they fail to follow up or properly investigate the matter. They make a decision that such a report is baseless without any adequate evidence to base their decision upon. Simply their opinion.
If police mistakenly let an offender go, resulting in further harm, they often drop further cases that are reported – which identify that very same offender committing similar crimes.
Cases are also dropped if considered very serious, yet sensitive matters that may have wider ramifications. Abandoning such cases leads to further violence and wider social harm.
Police will drop these cases if they feel there is not enough community support or public awareness. Again, proceeding is strongly informed by their own opinion and willingness.
ResearcherZero •
Victims die or are further harmed simply because they are refused assistance from police.
This has continued for decades even when the police and prosecutors have enough evidence.
Rather than worry about encryption — instead clear the backlog of outstanding cases that already have more than ample evidence to bring about a resolution for victims and families!
ResearcherZero •
MPs are also very happy to employ encryption when it suits their own needs.
Populist tactics might get votes — but the ramifications are destabilising.
Targeted killings are “not our policy”…
Yadav and Gupta spent weeks trading encrypted texts about the plot to kill Pannun.
Yadav directed plots against Sikh activists on orders from intel chief Samant Goel.
The plot was likely known to Modi’s national security adviser, Ajit Doval.
It is unlikely that RAW would operate without approval by the prime minister.
‘https://www.westernjournal.com/indias-prime-minister-met-biden-government-dispatched-hit-squad-assassinate-us-citizen-american-soil-report/
Special permission is needed to carry out tasks like research and journalism or visit areas in India listed as “protected”. In addition to cancelling OCI cards, the Indian government downgraded the privileges of 4.5 million OCI cardholders in 2021.
India’s press freedom has now dropped lower than Pakistan and Afghanistan.
All mainstream media are now owned by businessmen close to prime minister Modi.
‘https://www.latimes.com/world-nation/story/2024-04-17/in-modis-india-opponents-and-journalists-feel-the-squeeze-ahead-of-election
Discriminatory and divisive policies continue to be used to displace communities.
The methods are strategic and calculated…
Modi’s decade in power has seen a surge in violence against minorities.
There is no closure for victims — on both sides, who say they have been neglected.
With no security or even the assurance of it, few say they see a future for themselves.
Winter •
@Clive
Re : The meaning of arbitrary is it’s self arbitrary.
The Universal Declaration of Human Rights is a legal text, so you should use the legal definition of the word.
Legal types have gone to great lengths to make sure that there is little to no arbitrariness in the use of words and definitions in their texts.
lastoftheV8s •
@Vivek You write:……..Why do white people get so worried when software made by white people have to follow the rules in non-white countries?
Im flagging youre comment to bruce as “deliberately trolling” and quite frankly is not helping or bringing anything to this discussion.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Original Post URL: https://www.schneier.com/blog/archives/2024/04/whatsapp-in-india.html
Category & Tags: Uncategorized,encryption,India,Meta,privacy,WhatsApp – Uncategorized,encryption,India,Meta,privacy,WhatsApp
Views: 0
