back to article UK spookhaus GCHQ can crack end-to-end encryption, claims Australian A-G

British signals intelligence agency Government Communications Headquarters (GCHQ) can crack end-to-end encrypted messages sent using WhatsApp and Signal, according to Australian attorney-general George Brandis. Brandis made the claim speaking to the Australian Broadcasting Corporation's AM program, on the occasion of Australia …

  1. john jones 1

    the laws of australia only apply to those companies in australia... what we should be asking is how they intend to PREVENT messages such as im.qq.com from being secured

    also wouldn't it be great to get all the messages from the australian prime minsters Wickr and whatsapp ?

    good old george has admitted it can be done...

    1. Yet Another Anonymous coward Silver badge

      Australian encryption is easily crcked

      Shorten everything to the first couple of syllables and put an 'o' at the end

      1. Anonymous Coward
        Holmes

        Re: Australian encryption is easily crcked

        No wonder Australian encryption is weak. They're still using SHA-0 which can be broken using a boomerang attack.

    2. bazza Silver badge

      What we should be asking is how they intend to PREVENT messages such as im.qq.com from being secured

      If it's ad funded, the law can go after the advertisers, and ultimately the law can go after the telcos and ISPs too. The software may exist, but it can be made unprofitable and, perhaps, its servers unresolvable.

      For example, the Google boycott that started in the UK and spread has shown governments all over the world how to get a grip on online services. It became socially unacceptable to advertise on Google, so Google lost some revenue. If that social unacceptability became law, the boycott is country-wide and they lose even more money.

      Cue lots of talk of extra moderators and AIs, all across the industry. Will it be enough? Who knows, but they need to try hard. One day it could be that if WhatsApp annoys the cops in a country, Facebook risks losing all advertising revenue in that country.

      If enough countries get fed up with a particular service's uncooperative responses to law enforcement warrants, their money stream gets cut off.

      It's a cunning tactic. End users don't notice, apart from the lack of ads.

      It's a disaster in the making for the social networks because they really cannot trust their users to self moderate, so they have to do it instead. This kind of governmental pressure on their revenue stream is only going to increase. For example, Gov wants to clamp down on on line bullying? Make it socially unacceptable to advertise, pass a law to back that up. Facebook's (or whoever's) AI and moderation systems will have to get better and better, which sounds more and more expensive.

      Now, if they knew for sure who their users actually were, that's a different matter. The buck can be easily passed is a user is legally identifiable.

      1. K

        @bazza..

        sorry, but your wrong and reading way to much Daily Mail!

        Several high profile businesses who rely upon "Brand awareness" may have pulled advertising from Google, but thats a PR stunt, these companies have a high SEO ranking and a lot of their traffic is driven by this. Their actual spend with Google is quite meager.

        The bulk of Google's revenue comes from SME businesses, who don't have the brand awareness or the high SEO ranking, so Google's advertising platform is their life blood. A lot of these businesses get anywhere from 50-90% of their business from this. Their response to the government would simply be a 2 finger salute!

        Even if the government did pursue them legally and win (after months and years of court cases), the PR would go full circle and bite them in the ass - those small businesses would go under, thousands would be out of a job - basically, it'd f*ck the economy and then f*ck the government!

        Finally, even if it became technically and politically feasible, the people who do want to hide their communications would just shift to another platform that has little or no commercial interest with-in that jurisdiction, such as QQ (Who's primary commercial, user-base and infrastructure is in China) where the UK/AU/US/NZ government's can't touch them!

  2. Meph
    Facepalm

    You would almost be forgiven for thinking this was a Monty Python sketch if it weren't for the horrible sense that somehow it's real, and that our government truly does believe that Australian law overrules the laws of mathematics, physics, etc. etc.

    1. tfewster
      1. Yet Another Anonymous coward Silver badge

        so gravity will be easy-peasy

        How else does Australia cling on to the bottom of the globe ?

        1. Frumious Bandersnatch

          Re: so gravity will be easy-peasy

          Topist!

        2. MrDamage Silver badge

          Re: so gravity will be easy-peasy

          > "How else does Australia cling on to the bottom of the globe ?"

          Our government sucks, hard.

          1. Solarflare

            Re: so gravity will be easy-peasy

            Simple, ground harnesses.

        3. Anonymous Coward
          Anonymous Coward

          Re: so gravity will be easy-peasy

          Skyhooks

      2. Mark 65

        Physics is just applied mathematics, so gravity will be easy-peasy

        I always remember my physics teacher saying that mathematics was just a subset of physics, but then he would say that wouldn't he?

    2. Anonymous Coward
      Anonymous Coward

      To continue your Python reference, Is every Australian's user name 'Bruce'? If not, it might cause a little confusion.....

      1. Adam 1

        > Is every Australian's user name 'Bruce'?

        Don't be absurd. At least half are 'Sheila'. Don't make me go all Andy Murray on you!

      2. Woodnag

        Confused

        I checked my Python refrence, and one doesn't declare names or variables or constants...

    3. Anonymous Coward
      Anonymous Coward

      We've just been told that the earth is flat!

      1. J. R. Hartley

        The DUP have such sights to show you.

  3. sanmigueelbeer
    WTF?

    So what's the use?

    the only laws that applies in Australia is the law of Australia.

    Hey George, while you're at it, can you revoke the Law of Supply and Demand?

    So if GCHQ can crack E2E encryption, what is the use for forcing companies, like Apple, WhatsApp, Telegram, Signal, to cooperate?

    1. Destroy All Monsters Silver badge

      Re: So what's the use?

      You may notice that the Law of Supply and Demand has been legislated away some time ago by the introduction of Central Banking.

      Why, you can get credits of 0% or lower these days, while your savings that you hand to somebody to use actually give you negative interest.

    2. mark l 2 Silver badge

      Re: So what's the use?

      Assuming that GCHQ can break E2E now I guess they want it putting in law so that if some future app comes out that the spooks cannot break the legislation requires the app maker to add a backdoor to operate in Australia.

      What worried me more is they keep mentioning handset manufacturers and not just app creators, which sounds like they want a backdoors putting into all phones even those that don't use these E2E messaging apps.

  4. Woza
    Joke

    Wait for it...

    "The laws of mathematics are very commendable but the only laws that applies in Australia is the law of Australia"

    Let pi = 3...

    1. Chris G

      Re: Wait for it...

      Here is proof that intelligence, education or the ability to construct a genuinely meaningful sentence are not requirements for politicians.

      1. smudge

        Re: Wait for it...

        Agreed - but they still have to be voted into power.

        Just heard that the second law of thermodynamics has been declared unconstitutional.

        1. thondwe

          Re: Wait for it...

          There's gotta be a joke w.r.t the connection being vote counting, maths and laws here...

        2. Dodgy Geezer Silver badge

          Re: Wait for it...

          SW Australia has already done that - they believ in Climate Change and renewable Energy....

    2. JimboSmith Silver badge

      Re: Wait for it...

      They just need to hire Bergholt Stuttley Johnson (aka Bloody Stupid Johnson) and it's job done.

      http://discworld.wikia.com/wiki/Bloody_Stupid_Johnson

      RIP Sir Terry Pratchett

    3. Anonymous Coward
      Anonymous Coward

      Let Pi = 3

      They tried something similar in Indiana in 1897 (Pi =3.2)

      https://en.wikipedia.org/wiki/Indiana_Pi_Bill

      It is a good thing that the sensible Hoosiers of the time decided not to go with the idea.

      If as is reported Brandis said “Last Wednesday I met with the chief cryptographer at GCHQ ... And he assured me that this was feasible.” the one of three scenarios is necessary

      1. Encryption theory has or can be been broken by GCHQ therefore someone is going to get a Fields Medal out of this. ( I assume that the genus is <= 40 years old)

      2. If not 1. then for encryption to be broken it requires cooperation by those doing the encryption. That may be true but to be feasible would require a massive and enduring conspiracy of the order that has kept FTL techology hidden in Area 51 for more than 60 years.

      3. In the unlikely event that Options 1 and 2 are not true then Brandis is talking out of his arse.

      Personally I go for the Area 51 type conspiracy argument as it is most convincing. As a member of the public Option 1 requires me to have some understanding of the Mathematics involved and yet at the same time ignore the results . Option 3 requires me to distrust politicians and I can't do that without looking stupid when I vote for them.

      Option 2 it is. Go GCHQ!

      1. Anonymous Coward
        Anonymous Coward

        Re: Let Pi = 3

        3. In the unlikely event that Options 1 and 2 are not true then Brandis is talking out of his arse.

        He's a politician, what organ were you expecting him to use?

      2. veti Silver badge

        Re: Let Pi = 3

        You guys - the story author included - are reading way too much into this.

        Nobody needs to "break end-to-end encryption". All they need to do is grab the mobile phone of the person sending or receiving the message, and it's game over. And when you're a government, you can do that sort of thing.

        That's totally feasible, and also explains how the laws of Australia can override those of maths.

        1. Anonymous Coward
          Anonymous Coward

          Re: Let Pi = 3

          Umm... But if you can't get to the encrypted information without a password - as implemented in quite a lot of cases - you've then got to get the password out of the owner/user of the phone in question unless you're sprightly enough to actually grab the phone while they're logged on, which I gather has happened.

          Yes, you can pass laws requiring people to give up their passwords when officially ordered to do so (the UK has such a law) but sometimes people decide they'd rather get sent down for "refusing to hand over a password" than whatever they might get done for otherwise.

          On top of that, actually going out and grabbing someone's phone requires actual people going out in real life, travelling to a place, and so on and so forth - probably after having got a court warrant also requiring real people going to a real place in real life etc. Lots of real life physical effort and time. The spooks would much prefer it if they could get hold of any information they wanted without stirring from their offices.

      3. Mark 65

        Re: Let Pi = 3

        You missed option 4 - attack the endpoint. If I have the ability to run code as root on your device then chances are I can get at the data before it gets encrypted thus, in "Brandisology" I have cracked the end-to-end encryption. This is how they plan on doing it and GB is just another legal fuckknuckle that cannot comprehend what he's being told. All the more reason to get some sort of Qubes for mobes.

      4. Dodgy Geezer Silver badge

        Re: Let Pi = 3

        Does GCHQ HAVE a 'chief cryptographer'?

    4. theblackhand

      Re: Wait for it...

      Once they had cracked ROT26, ROT 13 can only be a few more years away.

    5. staggers

      Re: Wait for it...

      Wasn't pi set to 4 somewhere? I have this vague memory of that being the case.

      I know I could look it up. When I were a lad either someone knew the answer, or you had to nip to the library for an answer.

      There's no such thing as 'general knowledge' anymore.

      My grandfather was an 8 year old boy when Jack the Ripper was doing his stuff. Because of that, I know about Vesta Tilly, to mention an example.

      I was giving a colleague a lift home once. On the radio came a song I'd never heard. It was obvious who it was. I said that it must be a new single by George Harrison.

      You can guess the reply. And mine.

  5. Old Shoes

    Confirmed endpoint breaks

    If there is any technical accuracy to what he says, this just means they've got a way to break the end point (your Android or iPhone) and then extract the SQLite database full of unencrypted messages that you've forgotten to clear.

    So clear your old chats and hope that SQLite is vacuumed* before PC Plod gets his hands on your phone.

    * iMessage and WhatsApp didn't in the past: https://www.zdziarski.com/blog/?p=6143

    1. Brenda McViking

      Re: Confirmed endpoint breaks

      At least with Whatsapp, if you backup your whatsapp messages to google drive, as is the default setting, then they're stored unencrypted.

      Thus, given no-one ever bothers changing the defaults, governments with data sharing pacts with 'Murica are free to view the vast majority of the public's messages by asking Google. I'd guess with iMessage it's the same - simply demand a handover from iCloud. Use secret courts if necessary.

      The only messages they can't easily read will be those between tech savvy people who have disabled backups, in which case you've probably reduced the population enough to be able to brute-force the keys with your anti-terrorism funded NSA-o-matic 2017-spec supercomputer. Or any other number of endpoint break-ins, sure.

      1. cbars Bronze badge
        Headmaster

        Re: Confirmed endpoint breaks

        Good point, but it isn't the default setting. You're prompted on first run; on Android anyway

      2. Adam 1

        Re: Confirmed endpoint breaks

        @Brenda, the key sizes we are referring to here are so massive that even a NSA-O-matic isn't going to be able to brute force a single file before the heat death of the universe.

        On the other hand, there are ""other avenues of investigation" that do have a pretty good chance of working.

      3. Anonymous Coward
        Anonymous Coward

        Re: Confirmed endpoint breaks

        iMessage does not do this. iOS 11 and macOS 10.13 will support placing messages into iCloud, but the claim is they will still remain encrypted

      4. Anonymous Coward
        Anonymous Coward

        Re: Confirmed endpoint breaks

        And judging by the way Google has blacklisted video/audio files I've put in there they're readily scanning through everything.

        New Product line:

        Google CrimeAnalytics, police departments subscribe to automatic updates about dissidents in their precinct.

        1. Anonymous Coward
          Anonymous Coward

          Re: Confirmed endpoint breaks

          And judging by the way Google has blacklisted video/audio files I've put in there they're readily scanning through everything.

          Why, are they illegal, or just copyright infringements? What am I saying; it is likely just Google's AI being a knob end...

          New Product line: Google CrimeAnalytics, police departments subscribe to automatic updates about dissidents in their precinct.

          Apologies, but I'm going to hijack your ironic pun.

          It's impossible to be a dissident in a country where they don't lock you up just in case you might say something they don't like. You can try being a dissident in the USA but it's nearly impossible. You basically have to commit a physical crime such as theft or murder to get them to throw you in jail.

          Note, that's not the same as there being no consequences arising from what is actually said, even in the USA... Actually going ahead and saying the wrong thing and it's fines, jail time. Quite right too, that's how it should be (for most liberal westernised societies' definition of 'wrong').

          Oh, and in most countries it's illegal to fail to report criminal activity / material. So far from Google selling the information to the cops, Google are already obliged by law to hand over criminal material (if they're aware of it) or risk facing criminal charges themselves. And of course Google know that and do indeed cooperate with LEAs. Knowingly doing otherwise is Obstruction of Justice.

          Obvious Trend

          The basic problem for Google and other social networks like Facebook is that their reliance on not being seen as the "publisher" of material is wearing thin. The trend is definitely towards being responsible for their users' posts. So they're becoming more vulnerable to such charges.

          So far governments seem content to use civil systems of intervention (take-down notices, etc). That's got to be made to work properly, quickly and reliably. Technology might help, but I doubt it.

          However if that doesn't substantially reduce the quantity of illegal material circulating, or does nothing to reduce on line harassment or bullying or abuse, it will be judged a failure. The rate of take downs is irrelevant; governments will judge it by what remains available despite the take downs.

          That's why I'm doubtful of technology being useful. It'll only ever tackle a % of the problem material. Say it deals with 50% of illegal posts; great, but if the number of illegal posts made by users had trebled at the same time, the amount remaining available has actually gone up 50%.

          If that happens then governments will lose patience and it may start becoming a matter for criminal law. If so, encryption and foreign hosting might make it impossible for direct local legal interventions, but their ad revenues are susceptible to being blocked. And if that happens, they're dead in the water.

          Poor Strategy

          Given such a poor ultimate outcome for the social network companies, I conclude that their entire business strategy is doomed.

          This ultimate outcome is far from unlikely, no matter how fanciful it may seem today. All governments, particularly democracies, are painfully aware of how important being strong on law and order is. Government has to be seen to be doing something about online criminality, otherwise it risks getting voted out. Online racist abuse, terrorist materials, harassment, bullying, etc is now a political issue. Hence the Google Boycott that started in the UK, €50million fines in Germany for every single illegal, fake or slanderous item not dealt with, etc.

          Now that it's political, the networks are on a hiding to nothing. They cannot win. They will lose money.

          Given that, why persist as they currently are? Why not change business model sooner rather than later, save the time and money?

          For example, Google is currently free, and earns approximately $25billion a year, from (I'm guessing) 3 billion users. Let's call it $8 per user. If it were guaranteed completely ad free, no data slurping, would you pay $10 per year to use all of Google's services? I would.

          Given that Google could then cut their electricity bill enormously (a large amount of their compute power is analytics), they'd be ahead of the deal. Or they could charge $5.

          The side effect is that Google would have credit card details for users. Sure, users would still have stupid YouTube handles, but if a user posted something illegal then the consequences can be more than a closed account. The actual person could be easily held to account by the courts. And knowing that might deter them from posting it in the first place.

          Problem solved.

          1. Anonymous Coward
            Anonymous Coward

            Re: Confirmed endpoint breaks

            " It's impossible to be a dissident in a country where they don't lock you up just in case you might say something they don't like. "

            Wrong. A dissident is someone who publicly says something the government doesn't like. Nobody actually cares what your real private thoughts/opinions are (even in dystopian hell holes), they just don't want you to challenge their power, or to foment unrest among the masses.

            As long as on the outside you behave according to the desired norms, and you keep your trap shut and do as the law tells you, they won't bother you (ignoring if you actually piss off someone in government, then they will make your life hell, but that is personal and occurs whatever your thoughts and opinions may be).

            So, with that in mind, what you have described as "western democracies" and "strong rule of law and order" are basically the same thing. It wasn't always like this, but the last 20 years has seen a slow erosion into police states, not unlike the communist hole I originally experienced all this in.

            " Note, that's not the same as there being no consequences arising from what is actually said, even in the USA... Actually going ahead and saying the wrong thing and it's fines, jail time. Quite right too, that's how it should be (for most liberal westernised societies' definition of 'wrong'). "

            Oh really? So if in future laws are brought saying "thou shall not insult the emperor/fatherland/whatever", or "thou shall spend 5 years in our army doing whatever is ordered on pain of death" that is all right as it is obviously the law, and objecting people should suffer the consequences? Sure these examples are extreme, and are used for the purposes of making a point, but given time and the slow march of incremental pushes, it is not unfathomable.

            On an example closer to home, we can look at Edward Snowden, who broke the law, and some politicians have called for him to be executed as a traitor. They are technically right, as he broke the law and that is one possible consequence of doing so. Does that make it right in your eyes?

            You seem to think those nightmare countries like North Korea are like that due to lack of strong law and order, when in fact it is the exact opposite. They have laws for everything, all of which have "consequences", and in your world it is ok to suffer the consequences for those laws, no matter how unjust you think they may be?

            and "liberal westernised societies' definition of 'wrong' " is pretty much a function of brainwashing, rather than some sort of intelligent individual enlightenment. Specifically any dissenting voices are ridiculed, stamped on or silenced in the media. If you want a new law, you just brainwash the masses to convince them "society" as a whole thinks its a good idea, then off you go. It is quite simple really.

      5. Anonymous Coward
        Anonymous Coward

        Re: Confirmed endpoint breaks

        Quote: "The only messages they can't easily read..."

        Well...I don't think that's quite right. Lot's of people have implemented private ciphers...which would also count as "can't (be) easily read". For example, here's YATM (yet another test message) for the bright sparks in OZ to read:

        *

        will-call preenlarging hexadecane mecometer swarf chorea moralising polyergic ungood unamazedness winterfeeding mobiliary Kymric hymeneally shivah Chlamydoselachus uvate centrifugation GADO gilpy intermeningeal factually Brynmawr NDAC hyperphagic dogcatchers Mitman Tzapotec OOP hexactine hout alada

        *

        1. Rich 11

          Re: Confirmed endpoint breaks

          *

          will-call preenlarging hexadecane mecometer swarf chorea moralising polyergic ungood unamazedness winterfeeding mobiliary Kymric hymeneally shivah Chlamydoselachus uvate centrifugation GADO gilpy intermeningeal factually Brynmawr NDAC hyperphagic dogcatchers Mitman Tzapotec OOP hexactine hout alada

          *

          You'd better leave it at that. You're starting to turn me on.

          1. Woodnag

            Careful

            I'd avoid anyone with Chlamydoselachus if you're planning anything intimate.

  6. Your alien overlord - fear me

    Me thinks the UK bod really was implying that you install spyware on one of the devices and use a keylogger to see what was being typed rather than using some massive super-computer to do a bit of number crunching.

    1. John Smith 19 Gold badge
      Unhappy

      "Me thinks the UK bod really was implying that you install spyware on one of the devices "

      Probably.

      He also probably didn't want to make the AG's brain explode with too much complexity.

      Which with this one seems a distinct possibility.

      Lawyers are so used to making the law do whatever they want it to that they really can't conceive of a situation where this doesn't work.

      1. Doctor Syntax Silver badge

        Re: "Me thinks the UK bod really was implying that you install spyware on one of the devices "

        "He also probably didn't want to make the AG's brain explode with too much complexity."

        Maybe it did explode but nobody noticed.

        1. Ogi

          Re: "Me thinks the UK bod really was implying that you install spyware on one of the devices "

          Maybe it did explode but nobody noticed.

          Maybe nobody noticed because there wasn't anything in there to go "pop" in the first place?

          Saying that, fat good it is having uber secure and encrypted app if you run it on a complete sieve of an OS like Android.

          Fact is, Android was designed from the ground up for spying. That was its prime purpose. Sure, the spying was for Google so they could target ads and make money off you (hence the OS was free) rather than some dark government agency, but spying none the less.

          Hence why permissions are such a tacked on joke, and you have to fight the OS to stop it sending data to third parties (and you can never be sure you got it all).

          The problem is, even if Google do not co-operate and provide access to their spying system to governments (which I find unlikely they would deny, even if they publicly deny it) government black hats can reverse engineer the OS and find them themselves.

          It is like when you insert a backdoor into a system, for whatever reason (even a complete pure and noble one), there is always the chance someone else will stumble upon it, and abuse it.

          Same here, so when the GHCQ boss says they can access encrypted messages, I believe him, they don't have to break the encryption, or the app itself.

          If the underlying OS is compromised, everything above it is blown wide open (to the point of them pulling the session keys out of memory if they wanted to). Keypresses, screen output, microphone, camera, the lot.

          1. StargateSg7

            Re: "Me thinks the UK bod really was implying that you install spyware on one of the devices "

            This is WHY i use custom designed CPU that DO NOT USE Arm, iax86, MIPS or Power-8./9 instruction sets AND I use a custom compilers, assembler and Operatings system NOT based upon Windows, Linux, Unix, MacOS, etc. I also use a custom Motehrboard with custom hardware COMMS and Network stack,

            custom Java and HTML implementation and our own SQL database system with line-by-line and

            field by field examination of all commands and data sets.

            I am the MOST FULLY PARANOID COMPUTER TECH you can imagine!

            NOTHING I HAVE is Windows, Linux or MacOS...every piece of hardware

            down to the CPU/GPU/Norrhbridge/Southbridge chipset and ALL software

            is COMPLETELY CUSTOM with non-RSA/AES-style encryption

            that is Quantum/Shor's Resistant ! at BOTH the file system

            and application level.

            1. Kiwi
              Joke

              Gota ask @SG7

              Are you perhaps descended from a combination of C9 and AMFM???/

            2. Anonymous Coward
              Anonymous Coward

              Re: "Me thinks the UK bod really was implying that you install spyware on one of the devices "

              Unfortunately the cheapo wireless keyboard you use doesn't encrypt and so your keystrokes are broadcast to everyone within a 5 mile radius. Not to mention the Van Eck they use on the monitor.

            3. Wandering Reader

              Re: "Me thinks the UK bod really was implying that you install spyware on one of the devices "

              I am the MOST FULLY PARANOID COMPUTER TECH you can imagine!

              Well done, you have all the tech you need. If only you had some secrets...

      2. Trollslayer
        Devil

        Re: "Me thinks the UK bod really was implying that you install spyware on one of the devices "

        "He also probably didn't want to make the AG's brain explode with too much complexity."

        Spoilsport.

    2. EricM

      Re: Install Spyware

      Probably. That would be the same way Germany is heading with their "State-Trojan". It's quesionalble if he could tell the difference in approaches. At least this would make his remark not completely foolish.

      However, using maltware attacks will wear off quickly if done in anything more numerous as terrorist investigations.

      It does not scale to the levels needed for the proposed mass-surveillance on every terrorist AND criminal alike.

      1. Anonymous Coward
        Anonymous Coward

        Re: Install Spyware

        @EricM - I don't like beer, but you may assail me with a nice cup of Horlicks any time you like :-}

      2. Anonymous Coward
        Anonymous Coward

        Re: Install Spyware

        malware attack fails to work against a (half) determined evildoer. All you need to do is buy a new, cheapo phone every now and then. Or a very old one (never mind the pigeons)

  7. Anonymous Coward
    Anonymous Coward

    Cognitive Dissonance

    When a person, faced with proof that their ideas are wrong, does or says something completely ludicrous which seems entirely reasonable within their own head.

  8. Winkypop Silver badge

    Oh George

    You've done it again!

    1. Nick Kew

      Re: Oh George

      Have an upvote for the Joyce Grenfell reminder. Could he be the same George?

  9. Destroy All Monsters Silver badge
    Facepalm

    These are the people who are in charge

    Top. Men!

    In related matters, IMF exhorts Germans to "save less, spend more".

    1. Chris G

      Re: These are the people who are in charge

      "In related matters"

      That's why the IMF et al have us in a negative interest state nowadays.

  10. Anonymous Coward
    Anonymous Coward

    Nice try, though..

    I must admit it is a nice try to sow doubt about the crypto in certain tools in the hope they will be abandoned by people in favour of less secure applications.

    Given who owns WhatsApp now I will not touch it with a 10ft barge pole it, ever (just because the fox hasn't chewed on any chickens recently is no reason to host him with your chickens), but Signal is AFAIK kosher (it is about the only US originated crypto product I trust, but that's because I know Moxie's work in general to be of rather high grade). Also, it works well, which is probably what is really pissing them off.

  11. Vogon Captain

    There is no part of this that makes sense. Our leaders are becoming more indistinguishable from children with each passing day.

    1. Anonymous Blowhard

      "Our leaders are becoming more indistinguishable from children with each passing day."

      My children understand that the laws of mathematics and physics don't just exist/apply because someone says they do or they don't...

    2. Anonymous Coward
      Anonymous Coward

      Our leaders are becoming more indistinguishable from children with each passing day.

      There's a difference between apparent raging dementia and childhood: the latter you can still educate.

  12. Anonymous Coward
    Anonymous Coward

    Regular readers will recall ...

    various stories over the years that UNLESS encryption is done 100%, there will be cracks that the 5-eys can jemmy apart to break the encryption. From bad random number seeds, subtle weaknesses in implementation, bad key choice, and just plain crap coding leaving stuff in memory to be hoovered out as plaintext.

    In fact, a crude application of Prado would hint at 80% of encrypted traffic is susceptible to indirect decryption.

    Leaving 20% to concentrate the big guns on.

    Also, we need to bear in mind that cracking encryption is only one string in a bow of tools to help the security services do their (supposed) job of keeping us safe. Usually it's enough to know two actors are using heavy-grade encryption to focus more traditional surveillance and progress from there.

    Part of the problem is that any tools for people to try and test *their* encryption to see if it's 5-eyes proof will either suffer the same flaws as encryption itself, or just be put up by the 5-eyes to catch really determined baddies.

    For my money, if you start by assuming all internet traffic is readable from the off, you'd have a better chance of keeping things secret.

  13. Anonymous Coward
    Anonymous Coward

    growth in the amount of encrypted traffic

    “rapid growth in the amount of encrypted traffic from around three per cent a couple of years ago to now over 55, 60 per cent of all traffic.”

    OMG, despite the best bombing / charming efforts, the terrorists are multiplying, get them NOW!

    ...

    well, with this projection, in a few years' time they will become us :D

    1. Anonymous Coward
      Anonymous Coward

      Re: growth in the amount of encrypted traffic

      That 60% of encrypted traffic is Ozzies getting around geoblocking and watching the U.S. version of Netflix over VPN.

  14. Prosthetic Conscience
    Joke

    Ah Britain,

    Exporting democratic and humanitarian values since..

    Wait a minute!

  15. Mark 85
    Facepalm

    Dear lord... is there no end to these idiots who have no clue? See icon.

  16. Diogenes

    Obsfucted plaintext ?

    Jean has a long moustache.

    Wound my heart with a monotonous langour

    1. Pen-y-gors

      Re: Obsfucted plaintext ?

      Okay,meet you on the beach on the 6th.

  17. The Central Scrutinizer

    This is getting so tedious. Brandis is so totally technologically illiterate it's embarrassing. So now they're going to pretend that maths doesn't exist. Stick fingers in ears and yell "lah lah lah lah not listening"! Saying something over and over doesn't make it so.

  18. Barrie Shepherd

    "Methinks the pollies, Asio, GCHQ, dost protest too much"

    I'm coning to the conclusion that the rank stupidity coming out of Australian (and other) politicians mouths could be part of a cover-up.

    For all we know GCHQ/ASIO/NSA are already able to read the WhatsApp and similar messages (probably because of flaws in the apps/phone OS) but don't want us mortals to know - so best cover story, and distraction, is to shout and scream from their various Mount Olympuses,about the need to have the capability and how naughty people are for not giving them it.

    If they could why would they publicly announce that they can read the messages? - that would only push the criminal to other alternative communication means.

  19. David Pearce

    If GCHQ could actually break E2EE, they would be VERY unlikely to admit it. They are an organisation that takes keeping secrets seriously. See the history of breaking Enigma code for just how long secrets can be buried.

    1. Barrie Shepherd

      A similar case where the Ministry of Defence may have tapped, en mass, UK telephone conversations to Ireland in the early 1990s.

      http://www.lamont.me.uk/capenhurst/original.html

      1. Anonymous Coward
        Anonymous Coward

        Or you could go back to the 1790's where their county Postmaster predecessors were employed to open the mail to look for seditious scribes.

        1. dajames

          Or you could go back to the 1790's where their county Postmaster predecessors were employed to open the mail to look for seditious scribes.

          Ah, yes ... we have sixty of those ... from Caesarea.

          1. Ikkabar

            Are they in the cell beside Sampson the Sadducee Strangler?

        2. Breen Whitman

          And offensive behaviour. Ankles exposed by dresses cut too high, and other perversions

  20. Snorlax Silver badge
    Facepalm

    "In this house we obey the laws of thermodynamics!!"

    "Well, the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable but the only laws that applies in Australia is the law of Australia."

    What is is with Australians and their contempt for laws? That's how most of their ancestors ended up down there in the first place...

    The laws of mathematics don't apply? What about the Newton's law of universal gravitation? Coulomb's law perhaps?

    1. scrubber

      Re: "In this house we obey the laws of thermodynamics!!"

      "What about the Newton's law of universal gravitation?"

      We all know they don't apply near black holes, and Australia is...

  21. JJKing
    Happy

    New comedy show. Brandis Laws

    Obsfucted plaintext ?

    Jean has a long moustache.

    Oh dear, the invasion/liberation of France is going to happen with the next 48 hours. Will this madness ever stop?

    On the good news front, I am very pleased to be part to the increase of encrypted traffic. At least 95% of my written and audio communications are now encrypted. If the secret squirrels want to find I have nothing of not to discover then the bastards are going to have to works for it.

    1. Wensleydale Cheese

      Re: New comedy show. Brandis Laws

      "Jean has a long moustache."

      Oh dear, the invasion/liberation of France is going to happen with the next 48 hours. Will this madness ever stop?

      Well, the post you are quoting was made on 14th July, Bastille Day.

  22. Pen-y-gors

    End-to-end - NOT

    The term end-to-end encryption is a bit misleading. What it actually means it's encrypted from the point where it's encrypted until the point where it's decrypted - which is true of all encryption. Until they devise a way to encrypt your thoughts in your brain and decrypt them in your eyeballs at the other end, there's always going to be an opportunity to hack before it's encrypted or after it's decrypted, provided you have access to the device.

    I suspect that's what GCHQ spook meant about 'It's feasible'.

    And in other news, Australian government repeals Boyle's law - volume of high pressure hot air generated by aussie politicians is now infinite.

    1. Adam 1

      Re: End-to-end - NOT

      There is a fundamental difference here between E2E and others.

      Alice wants to send something to Bob using infrastructure controlled by Mallory.

      Non E2E solutions involve encrypting comms between Alice and the service provider, then the service provider storing that message somewhere (perhaps temporarily), then the service provider encrypting the comms Bob.

      That service provider is something like a WhatsApp (pre signal implementation). They do it in 2 parts because

      1. Key management is much easier when either Alice or Bob get a new device.

      2. Key exchange is much easier when Alice and Bob aren't both online simultaneously. The service provider can hold messages sent while the other is offline then deliver it when they come online. Diffie Hellman for example requires Bob to generate a random key before Alice can know how to encrypt that message.

      Pre E2E, governments could demand that the service providers pass on the messages they are sending on to Bob. If they were encrypted, they would be encrypted using the service providers keys so no problems complying. Post E2E, service providers themselves don't know how to do it. That's a big difference.

  23. Anonymous Coward
    Anonymous Coward

    Dead drop

    A recently intercepted message has been decoded as follows;

    Agent Orange, congratulations on your continuing efforts to destabilise the USA.

    Drop the nuclear codes into the fourth hole at the Mar{redacted} course.

    Your master is pleased, the tapes are secure.

  24. Anonymous Coward
    Anonymous Coward

    E2E can be decrypted

    I wonder if GCHQ is confusing bollocks with youth text speak.

    They are quite similar.

  25. Anonymous Coward
    Anonymous Coward

    Mathematics vs Australia

    Unfortunately the laws of mathematics are universal. The law of Australia applies only to Australia. Also, the laws of mathematics are defined by nature not people only one of those is arrogant.

  26. scrubber
    Childcatcher

    I think he has the trifecta...

    they are also used “ … by people who seek to do us harm. They're being used by terrorists, they're being used by drug traffickers, they're being used by paedophile rings.”

    Yep, all three bogey men used to scare the people into doing what he wants. Terrorists, drug traffickers and paedophiles. Although I do see sex traffickers starting to come into this elite group.

  27. Anonymous Coward
    Anonymous Coward

    "British signals intelligence agency Government Communications Headquarters (GCHQ) can crack end-to-end encrypted messages sent using WhatsApp and Signal"

    Only by stealng the keys from compromised end point devices though.

  28. Anonymous Coward
    Anonymous Coward

    1 + 76 - 23 = 34.61

    Austray-ya!

    -Mal

  29. Anonymous Coward
    Anonymous Coward

    other things

    "are used by ordinary citizens, they are also used “ … by people who seek to do us harm. They're being used by terrorists, they're being used by drug traffickers, they're being used by paedophile rings.”

    quite right. we should ban oxygen molecules at once.

  30. a_builder

    Yup or is it just a simple double bluff?

    And there is the other possibility that infact GCHQ and NAS have figured out the weakness in the encryption methods used and are able to crack most off the message systems real time.

    Say Telegram is actually the easiest one to crack, down to some error in the way the algorithm is applied, then you make the most fuss about being unable to crack it so all of the actors then use it and you have a nice data stream.

    I must say I have been mighty puzzled that GCHQ et al have been so helpful telling all the bad guys which Apps can't be cracked.

    Or am I over thinking this one?

  31. Breen Whitman

    I note they use that pedos-use-encryption card.

  32. Phil Kingston

    i tire of this government's "because terrorists" argument to every intrusion.

  33. Chris 155

    In Government Speak...

    Feasible means "possible".

    It doesn't mean it has actually been done or that the price to do it would be remotely sane.

  34. Anonymous Coward
    Paris Hilton

    Crikey, what a flock of Galahs.

    Who cares if GCHQ can see your missives, when all the missives would say would be something like

    "Do you think Tony knows I voted against him." or "Do you want to go for a quickie". Totally useless.

    Facebook probably has more on you than the GCHQ or ASIO want to have unless you're conspiring to dispose the Government outside an election or injure the nation.

    Just don't violate my PC that is my personal (electronic) space.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like