Monday, 3 August 2015

#CryptoWars - why back doors in iMessages are stupid

Obviously that is a tad convoluted, and you might expect the phone to be able to work out keys to use automatically, but it raises serious questions.

With end to end encryption any "back door" has to be added by the sender. This means that if, say, someone in China texts someone in America, the sending phone has to add the necessary "back door" keys at the start. Now, US may be able to bully Apple in to adding their keys, perhaps by making US laws, but what if Chinese made laws saying Apple was not allowed to do that when on Chinese soil?

Even if you changed it to be a server based solution, what country wants to entrust all message intercepts on such a popular platform to the control and whims of a foreign country - we need end to end encryption to protect us, and countries need to insist on it to protect their citizens.

As I also ask at the end of the video - is this only down to the country you are in, or is the sender's (and recipient's) nationality a factor too? How would Apple know that?

But then whose keys are included at the sending end, in what circumstances, and by what legal jurisdiction?


  1. On behalf of the Elbonian Government I would just like to say:


  2. It looks like the Elbonian Government is deploying a not-too-subtle Orc-In-The-Middle attack anyway!

  3. I'd go with this argument:

    Wouldn't it be great it the police had a key to everyone's house. That way if someone smelled gas,or there was a fire, or someone suspected you were locked inside, injured, or some sort of emergency, the police could get in and save the day?

    Of course, having every single copy of every single key at the police station would defeat the purpose, instead the police would have to have a single master/skeleton key, so they don't have to rummage around for yours.

    Now imagine you're a criminal, and you want to go on a robbery spree, Do you waste your time picking every single lock, or do you work out how to steal/clone the master key and unlock them all?

    As soon as we tell the Mafia, Vory, Yakuza, et all that there is a master key, they'll put crazy resources into getting it.

    1. While I am definitely not in favour of handing over keys / weakening encryption etc, it is worth pointing out that the analogy does fall down a bit when you look at what the police do instead of having keys to everybody's house - they can use an enforcer - - to break in if the circumstances warrant it, whereas with strong encryption there is no equivalent...

  4. "We're not subject to Albanian law"

    With Albania a candidate for accession to the European Union and the UK signed up to the European Arrest Warrant, we may very well find that we soon ARE subject to Albanian law.

    Apparently "computer crime" is one of the categories of offence that does not require dual criminality for the arrest warrant to take effect. So it is not beyond the realms of possibility that a UK citizen sending a message to an Albanian without complying with Albanian back-door requirements could be arrested in the UK and sent to Albania to face trial and punishment.

    (I realise that Albania is just a random example used in the video, but let's not get too over-confident about being immune from foreign laws when our government is all too happy to hand over our sovereignty to outsiders any time they ask for it).

    1. Err, "Elbonian law". Elbonia is a fictitious country. But the point you make is interesting non the less.

    2. My mistake. I did watch the video on my phone after all. But the point remains that as the EU accepts new members and continually expands its power over national governments, we may find ourselves increasingly subject to foreign jurisdictions that are far more draconian and unpleasant than our own.

  5. If you are Aung San Suu Kyi lobbying for democracy in Burma, or in the MDC lobbying for democracy in Zimbabwe, then Western Governments are keen that you can communicate secretly with the outside world - without fear of being 'overheard' by that state.

    So should 'repressive' states be banned from installing back doors ?

    And, if so, who gets to define which states are repressive ?