British intelligence able to read and flag private Snapchat messages
reuters.comOP title is not backed up by linked article whatsoever. The article says nothing at all to that effect.
The article says this, however, which I don't really understand:
> He suggested one of the chat's other members could have warned the police, but if that were the case, that other member would have to be charged, not Verma.
Can anyone help explain this?
I believe the part you are asking about means: Verma did not make a threat, but a private joke in a group chat, so he's not liable for the police reaction. If his friend is the one who informed the police, while knowing it was a joke, the friend should be charged instead.
The submitted title broke the HN guidelines badly. From https://news.ycombinator.com/newsguidelines.html: "Please use the original title, unless it is misleading or linkbait; don't editorialize."
If you want to say what you think is important about an article, that's fine, but do it by adding a comment to the thread. Then your view will be on a level playing field with everyone else's: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...
(Normally we'd revert the title, but the comments in this thread have been so skewed by submitted title that the thread won't make sense anymore if I do that.)
It's an /assumption/ that British intelligence able to read and flag private Snapchat messages, as the article literally states, "The trial did not make clear how the British services managed to have access to Verma's private messages, the judge stressed."
The truth is, it isn't public knowledge how this unfolded and anything suggesting otherwise is conjecture.
Also, this post doesn't' reflect the article title, "Spanish judge clears British teen of Menorca flight bomb hoax charges".
If we're speculating, a much more likely explanation is that Snapchat moderation teams monitor certain words in certain areas, flagging for example any message containing "bomb" sent from an airport.
This is arguably even creepier than government surveillance, since it implies Snapchat employees are looking at the content of private chats and the user may never know.
I'm surprised the amount of trust you put in Snapchat and likewise companies whose sole purpose is to maximize their profit by selling user data
It also means that there's no encryption, or the key is known to Snapchat employees (and therefore to everybody who has enough money).
Might be automated, but still, a corporation controls what gets flagged.
There's no need to speculate about encryption or surveillance.
"we may need to enforce our Terms and other policies. In some cases, we may also use or share your information to cooperate with law enforcement requests, escalate safety issues to law enforcement, industry partners, or others, or comply with our legal obligations."
Not clear if it was message interception or (maybe more likely) Snapchat have their own moderation that can refer outward. The text is not e2e encrypted
Snapchat boast about having a small turnaround for threats that they proactively scan for and forward to law enforcement.
There is no mystery or need for intelligence skullduggery here.
so in other words there is no e2e encryption?
Do they claim it is?
> He suggested one of the chat's other members could have warned the police, but if that were the case, that other member would have to be charged, not Verma
This doesn't make sense to me. Why would that other member be charged for reporting a threat?
Because they would have obviously known it was their friend making a joke.
I don't think they could have known for sure it was a joke.
The judge’s point is that if they want to sue anyone for misleading them, it should be whoever sent them the message. He’s not saying they would necessarily win that hypothetical case.
So why shouldn't Snapchat (who presumably reported it to the government) be charged for the same offense of reporting a non-threat?
I'm not suggesting they should be, but just following the same logic as your comment.
I thought they might have been talking about reporting a false threat, or something of that nature?
If you are a comedian working on a joke and write one about a political assassination in your private journal, certainly you can't be charged with communicating a threat, because you did not communicate it. But if a friend/enemy finds your notebook, knows you have no intent to harm, but reports the journal to authorities out of spite anyways, then the friend could be culpable for communicating a false threat, even though the joke is in your handwriting. Maybe they were getting at something like that?
In any case, it was very awkward wording at best for a report from Reuters, it should have been either explained or left out.
The MOD encourages their personnel to use Snapchat, and blocks WhatsApp (on their internal networks).
What more do you need to know?
Interesting, I'd like to know more. What makes you say that?
Previously here: https://news.ycombinator.com/item?id=39094306
Is there any recourse for him to figure out how the message was intercepted and his false arrest?
Recently read The Making of Atomic Bomb & Skunkworks. Govt puts enormous amount of money & employees best people in given area to achieve their objectives. It's hard for me to imagine govt will be ok to have tech that they can't crack, they will find a way to crack. I am not saying we should be OK with it, but I don't see a path to make it happen. It can be made difficult with E2E and other tech but not impossible.
It’s mathematically impossible to crack the technology of E2EE. But govts have all the power to coerce the companies into not using E2EE at all times and to lie that they do.
It's conjectured, but not proven, that there is no efficient algorithm on classical computers to compute discrete logarithms over elliptic curves.
This is absolutely hilarious. I myself made multiple jokes over the years on plain unencrypted cell phone with my friends, knowing full well that it’s very likely all conversations are listened to with (probably) STT and regexes, but I always thought that my country’s intelligence service has the competence to distinguish a joke from the real deal.
The only reasonable explanation I have is that he got flagged by Snapchat automatically who reported him to the authorities immediately. Even without E2E encryption, how would they intercept the message as the app is most likely communicating with the server via HTTPS or SSL?
> The message was somehow intercepted by British security services
"somehow" is doing a lot of heavy lifting there. There are multiple routes to alert the authorities by the public that don't involve randomly intercepting internet traffic.
I think "Intelligence" was used in the name at a time when spying was done on foreign countries. If the spying is now done on the domestic general public it seems we should change the name to something more appropriate.
Domestic intelligence...
The title of this post is very misleading. This is not what the story says at all.
Was this text captured due to something like Echelon doing mass surveillance?
I don't know much about hashing but is it possible five eyes just has a zettabyte-scale rainbow table covering scary words? They could use that to score encrypted messages and act on the scary ones.
Strong encryption has properties that make "known plaintext" attacks impossible. You should not be able to tell the message from pure randomness. Breaking End-to-End-Encryption is not impossible but rather far fetched. If they read Snapchat, my bets would not be on broken crypto, but rather a lack thereof.
I don't see any use for hashing here, and encrypted messages have padding (otherwise you could trivially decrypt simple messages like yes/no)
A more serious problem with the story is if they had any kind of advanced (or magical) brute force or mathematical path against some standard encryption scheme - they would not waste that major secret on some random 18yo joker.
(Although in the background, fuckups are always possible and they did send a fighter jet initially so there was some pressure to follow through. Still not enough to risk a major secret.)
I don’t know. Without even going in normal standard crypto, if you XOR a few words with a random initialisation vector, is it possible to flag those messages?
i'm certain that the feds can read my whatsapp.
100% zuck is ratting me out. every message.
considering xkeyscore and prism are over 10 years old. can only imagine what things are like now.
especially with the push of whatsapp business, orgs can freely store ur messages to them.
also by relying on the whatsapp metadata (the one where you can export by urself), it should be already good enough for feds agent to locate u.
for the E2E itself, as non crypto guy, seems the open whisper paper implemented on whatsapp alr good enough?
> the open whisper paper implemented on whatsapp alr good enough?
i think wikileaks showed us that we cannot really trust anything when it comes to the sophistication of tech surveillance.
What did wikileaks show about the sophistication of tech surveillance?
I thought I read another article that said it was caught because he was connected to and using the airport's wifi.
That's not how wifi works.
Being on wifi doesn't mean that wifi network has access to your encrypyed communication.
Right, is it possible he was on wifi and not using end to end?
Since when are Snapchat messages private?
If anyone is actually surprised by this....? You do not own your device. No root = not your phone.
The guy us lucky he got the sane judge. It could have easily gone very badly for him.
Personally, start from the premise that my iphone is a CIA tracking device. That changes my behavior accordingly.
Though ideally I should expect privacy from the electronics I own.
You'd think if the CIA is so good at tracking, they'd know when you were joking.
Most intelligence orgs from most companies can read messages on any app if they comprimise your phone through existing backdoors
So these people do not want to talk about and are generally unable to provide examples of their surveillance stopping an actual threat because "they do not want to give away their capabilities", but when they get shown up for being absolute fools by taking an obvious joke seriously, they have no problem starting noisy court proceedings? They were likely just so giddy that they finally got something, they didn't stop to think whether it was real, suing that kid in red-faced anger and embarrassment afterwards.
These fuckups should be paid for out of their budget.
At least in the US a lot of the surveillance is probably illegal and cannot be used in court. They way they get around this is parallel construction. [1] Reuters had an awesome article about this a long time ago, which seems to have been removed from their site. [2] The NSA or whoever spies on somebody they're not supposed to be spying on. They see he's e.g. selling drugs, and further spying shows the time of a sell. They pass this onto a local law enforcement agency who then finds some sort of plausible justification to go stop/search the involved car. A cop, who just happens to have a drug sniffing dog, stops the car for 'driving erratically' or whatever.
If the intelligence agency revealed they were involved then not only could the person involved sue to get his own charges dismissed, but more importantly he could also sue the NSA to try to get the entire program scrapped. Countless entities (Wikimedia, EFF, and others) have tried to sue the NSA for this but it always ends the same way. They can't prove they were hurt by spying, or even that they were spied on, so the cases get tossed for lack of standing.
So they are actually being honest when they say they don't want to give away their capabilities, but that's because what they're doing is probably illegal. At least in the US, but I assume the UK must have something akin to the 4th amendment. To not have a government randomly spying on everybody is one of the foundations of a Free society. We were supposed to learn from KGB, Stasi, and so on. And maybe we did, but not the right lessons.
---
[1] - https://en.wikipedia.org/wiki/Parallel_construction
[2] - https://web.archive.org/web/20130806082051/http://www.reuter...
> Reuters had an awesome article about this a long time ago, which seems to have been removed from their site. [2]
It seems the link stopped working some time in the past 2 weeks or so.
How often does this even get used? How does the NSA even communicate to a police officer in the field? I think you give local cops a ton of credit. At the end of the day it looks like there are more hard drugs available on the street than ever before despite all the spooky tech and warrantless searching.
I think selling drugs was a simple, if dated, example. And nobody suggested the NSA would contact an officer 'in the field' - they said contacting the agency/department
> At the end of the day it looks like there are more hard drugs available on the street than ever
Nobody said they're doing it to get drugs off the street.
The NSA (probably) communicates it to the DEA’s Special Operations Division, which creates an entry in the DEA’s DICE database and tips off a DEA field office, which then asks local law enforcement to do a “random” stop and to use some Parallel Construction to keep it hush hush.
It was probably used in the Silk Road investigation.
They aren’t going after drugs they are going after people for their political beliefs. Remember when the IRS audited every organization just for having the word “patriot” in their name?
The people that gravitate towards positions of unrestrained power often seem to have an authoritarian bend. If there's an opportunity to use their power to be a hero, that will scratch the itch, but in the absence of that opportunity, they seem to readily turn their power on the rest of us.
A man's urge to be a Hero and save the day, and a bureaucrat's fear of losing reputation are a deadly cocktail.
That's a great statement. DDG seems to think you came up with it. Is that so?
Thank goodness I'm not inebriated near an all-night tattoo parlor.
> Thank goodness I'm not inebriated near an all-night tattoo parlor.
Speaking of brand new sentences ...
The nerve they have to try and make the victim pay damages too?
"We messed up, send the Spanish authorities to scramble a jet to escort the flight, but he should pay for that"
The balls on these guys.
Who is the "We" in "We messed up" here?
Presumably, the "We" is British intelligence, but it's Spanish prosecutors that were asking for the kid to reimburse the Spanish government for the cost of scrambling the fighter jet.
> but it's Spanish prosecutors that were asking for the kid to reimburse the Spanish government for the cost of scrambling the fighter jet
The point still stands, regardless who was asking for the reimbursement.
In fact the last person who should be expected to pay out is the victim of this incompetence. A delivery driver being sent on a prank order delivery doesn't expect the victim to pay for the order.
I totally agree that joint failures by the British and Spanish government shouldn't be paid for by the victim. I'm just saying that there isn't any evidence that British intelligence asked for any restitution. I think they screwed up, know it, and are keeping quiet.
The Spanish prosecutors, on the other hand... shame on them for having the nerve to continue prosecution, particularly after Spanish law enforcement subjected the victim to time in jail.
> but when they get shown up for being absolute fools by taking an obvious joke seriously, they have no problem starting noisy court proceedings
Those aren't the same people, though.
One needs to ask themselves, what is more likely?
1. The /feds/ broke Snapschat's end to end encryption and they're monitoring for all traffic with designated stopwords, or...
2. One of his friends reported him, one way or another, or..
3. Snapchat's end to end encryption is... not. I can't find any definitive statement that the chat messages themselves are E2EE, only that photos and videos are encrypted and the key is exchanged between users[1]. This means that Snapchat can monitor for text messages or decrypt uploaded attachments when necessary, since they have access to the message that contains the key for the attachment.
Most likely Snapchat's E2EE is just a facade, they probably have a dictionary of "funny" words on the device (and/or the server) and automatically flags the message in the internal systems when certain stopwords are being used.
https://values.snap.com/privacy/privacy-by-product
Snap doesn't mention encryption in regards to chat, only in "my memories"
I think there's arguably several things going on in reality.
I don't think anyone has "broken" proper encryption that any major service is using, but I believe there is proof that the encryption is being bypassed in one of multiple ways.
One way could be through things like Pegasus, the Israeli spyware that can be silently installed on mobile phones. How this gets onto the device in the first place is not disclosed, but with the major app stores already having the capability to remotely install apps without your permission, this is obviously a very easy way to do it.
There have also been leaked US government documents stating that they have systems in place to monitor unencrypted messages from major proprietary apps like Facebook, Whatsapp, Instagram etc. I think any time you don't have the source code to at least the client program, there's no guarantee it's properly encrypting things in the first place.
Also it's possible the Whatsapp and similar programs are simply compromised by design, to where even though messages DO use E2EE, the client program itself could still be intercepting the messages secretly BEFORE they're encrypted and then doing who knows what with them. Without the source it's hard to know.
And with UK being part of Five Eyes I don't doubt at least some of this tech is shared with them.
> Most likely Snapchat's E2EE is just a facade, they probably have a dictionary of "funny" words on the device (and/or the server) and automatically flags the message in the internal systems when certain stopwords are being used.
On device content scanning notifies Snapchat of a certain type of threat, that + metadata goes to a real-time law-enforcement system which combines it with other sources to decide whether a lawful intercept is warranted - if so, Snapchat pulls the cached messages off the device and forwards them on.
It’s arguable that would be reasonable and legal, depending on the watchlist.
On device scanning would be reasonable? What happened when everybody was up in arms about Apple wanting to do on device scanning for child porn?
Well - it’s reasonable for a government to seek to stop absolute privacy subverting the prevention and detection of crime … I think, so a state has to find some way to be able to construct reasonable suspicion and then lawful search on routine internet activity. (Opinions vary, obviously)
The almost real-time response is what makes it really hard to believe it was in response to some list of codewords that probably get mentioned in messages many thousands of times per day. (and which, as far as we know, has never triggered a response like this previously.) Someone shoulder surfing or a friend freaking out and calling see something/say something seems much more likely IMO.
Group chats generally don’t have E2EE. Most apps provide that only for one-to-one conversations. Group E2E encryption is a difficult problem.
I think signal/OTR has e2ee support for pretty large groups.
The kid was using airport wifi for this right? I'd guess public airport wifi installs some backdoored SSL cert and is generally monitored (and you probably agree to this ToS when you use it) - you may even agree to not make jokes about planes - I wouldn't be surprised.
WhatsApp and Signal have had end-to-end encryption for group chats for a very long time.
You're not wrong.
I've implemented E2EE in group chats using Olm/Megolm and it's not easy to scale and comes with a ton of limitations.
If I was running Snapchat, I wouldn't see the point in dedicating that many resources and infrastructure to it.
> Group E2E encryption is a difficult problem.
Not if it was architected properly from the beginning.
Nah the best you could do for a long while was just to have n^2 bilateral encryption sessions that behave like a group channel. Only fairly recently was a workable construction for doing many-party encryption sessions actually developed, called TreeKEM, and is now standardized in the IETF MLS standard. This is literally bleeding edge cryptography.
It's an extremely flexible design and has relatively few constraints in how it can be used in a larger system, but it's just extremely new.
The ART construction exited a few years ealier than TreeKEM but that's a weaker design with more restrictions so it wasn't adopted very widely afaik.
When talking about recent, you're talking about 6 years ago right?
Has it been 6 years already? I must be getting old.
> Nah the best you could do for a long while was just to have n^2 bilateral encryption sessions that behave like a group channel.
What? We could do better than that before we had group chats. PGP will let you send encrypted email to multiple recipients, and multiple simultaneous bilateral encryption sessions are not involved.
The system is:
1. You encrypt the message using a symmetric encryption key.
2. You encrypt the key, which is short, once for every recipient.
3. You prepend the whole bundle of encrypted keys to the message.
4. You send that out. Everyone receives the same encrypted data. This is what would appear in a group channel.
5. When you receive a message, you try to decrypt it. If decrypting the header doesn't produce a key for you, then you're not one of the recipients.
Even if you want to analyze this as a set of bilateral sessions, the storage and computation requirements are linear, not quadratic: when I send a shared message to Alice and Bob, I need to know how I send messages to Alice, and I need to know how I send messages to Bob, but I don't care how Alice sends messages to Bob.
PGP is poorly suited for live conversations with rotating members like this since it doesn't support post-compromise security or perfect forward secrecy (not in-protocol, at least), which most people would expect from an E2EE chat protocol. I was speaking of protocols that did have these properties.
TreeKEM also manages sublinear communication, constant per message (since there's a shared secret already used for the ratchet) and logn for key updates or group membership changes.
The concept of encryption is poorly suited for live conversations with rotating members. If you don't know who you're talking to, there's no point in encrypting your message.
> I was speaking of protocols that did have these properties.
The method PGP uses to encrypt messages to multiple recipients will still work for whatever protocol you have in mind. Why is your dislike for PGP relevant?
That's pretty reductive, perhaps you don't have a fully connected graph of relationships in a group but other parties you do know in a group you trust to vouch for others. There's also lots of data privacy/security compliance reasons you'd want to have E2EE with large groups. I believe I heard that some larger companies wanted to investigate using MLS to encrypt internal communications, and having hundreds/thousands of people in a group where most don't know each other but they're all managed by an authority who doesn't want to be able to know what they're discussing.
I don't dislike PGP I'm just saying that it doesn't natively have PFS and PCS, which are generally accepted by security people as being necessary properties for a protocol to be considered full E2EE.
> I believe I heard that some larger companies wanted to investigate using MLS to encrypt internal communications, and having hundreds/thousands of people in a group where most don't know each other but they're all managed by an authority who doesn't want to be able to know what they're discussing.
But it's impossible for the authority to achieve that goal. If they manage the group membership, they are free to add themselves and read the discussions.
> Most likely Snapchat's E2EE is just a facade, they probably have a dictionary of "funny" words on the device (and/or the server) and automatically flags the message in the internal systems when certain stopwords are being used.
Reminds me of whenever I used to phone a friend during my teenage years I would always start with "BOMB QUEEN, BOMB QUEEN."
2. ... friends of friends, or somebody posted his "joke" to a platform which GCHQ does real-time monitoring of, or ...
4. Compromised endpoint(s).
(I also somewhat favor your #3.)
Yes, such as keyboard apps.
Ridiculous to demand a fine from him being the victim of bad surveillance.
Snapchat text is often used to prosecute people, I think the message being forwarded is a likely explanation, despite chats not being thoroughly encrypted and the article saying it would be unlikely. Could have been an anonymous tip.
My exact thought. If the Spanish prosecutors want somebody to pay for those expenses it should be the British gov or whatever other agency as it is the same as if I warned the police of some fake bomb threat.
Certainly. Of course then governments would share less information if they are culpable for any false positives. But penalizing the wrongly accused is a special way of worsening an already significant fuckup.
With every ounce of privacy given up, each person-hour spent waiting in a security line at the airport, and each incident like this, the bad guys win a little bit more. The cultural shift wreaked in the aftermath is something I rarely see measured and weighed.
There is no way British intelligence could have acted so quick, if it was true. Maybe if he/they were already being watched.
This is an interesting theory, if it's technically possible would be it. For sure airports would watch such traffic if they technically can.
"It was previously thought the WiFi network at London Gatwick Airport could have intercepted it, but an airport spokesperson told the BBC it didn't have that capability."
Else it's the 'friends'
The WiFi network in one of the London airports had this weird phone time error when connecting, it wanted to update time definitions, I always wondered if it's had to do with certificate validation, or just a simple misconfiguration, or even if it was just my personal device.
or maybe, hear me out, there was a person sitting next to him at the airport and saw his snapchat messages and freaked out?
This is why even if you aren't doing anything wrong, you should always use E2E encrypted communication.
Not really, no. The real issue here is not that private chats were surveilled. The issue that caused grief is the idiotic reaction to an innocent joke made among friends, and then trying to make the victim pay for that mistake.
> even if you aren't doing anything wrong
I mean... joking about bomb threats at an airport is not "not doing anything wrong".
Should we throw the person in prison for it? No, of course not. Is it a dumb thing to do? I think so. Very dumb.
> you should always use E2E encrypted communication
I agree with that.
Joking about bombs in a private conversation with six friends who know it's a joke is different from joking about bombs where others might overhear. The kind of person who posts on HN might assume Snapchat isn't really private, but most people would not.
Well, the current evidence is that there's at least a reasonable chance that one of the friends wasn't in on the joke.
> I mean... joking about bomb threats at an airport is not "not doing anything wrong".
This isn't just Snapchat surveillance. Most of the people joking about "bombs" aren't at the airport. If they knew he both joked, and was currently at the airport, then the surveillance has to be much more pervasive somehow.
Sorry, but by this example I shouldn't say "Hi" to my friend "jack" at the airport because it will sound like "hijack". I expect airports to have uniquely high numbers of "jokes" about airplane hijackings as such a thing is on everyones mind.
That was a great episode of Three's Company!
> I mean... joking about bomb threats at an airport is not "not doing anything wrong".
in a private message to friends? it most definitely is.
also what does airports have to do with anything? are you implying its okay to do if the target is a rural farmhouse, but not an airport?
> what does airports have to do with anything?
Happy to explain. Due to previous attacks people and law enforcement around air travel are more on edge about such threats. This is because for inherent technical reasons during a flight a relatively small explosive can have devastating consequences. This is due to the pressure difference between the cabin and the atmosphere at cruise altitude , and the inherent energies incorporated in an airliner. (Both potential energy due to altitude, kinetic energy due to speed and chemical energy in the fuel.)
> are you implying its okay to do if the target is a rural farmhouse, but not an airport?
I'm not implying that. I simply did not claim anything about threats agains rural farmhouses.
> in a private message to friends? it most definitely is.
It seems we disagree on this point then.
There’s also the small matter of that attack mode having actually been fashionable amongst murderously-suicidal ideologue types over the years.
https://en.m.wikipedia.org/wiki/Timeline_of_airliner_bombing...
Security forces pay more attention to threat vectors that have a track record of actively being exploited.
whether law enforcement is more on edge is their problem. Either you are ACTUALLY threatening, or you're not. A joke between friends in a private channel is NOT a threat.
a farmhouse is a funny thing to jump to as an example.
s/farmhouse/school/ and holy hell will rain down upon you. the zero tolerance at schools has become ridiculous.
I had a gate agent joke about needing to check a replacement plane for bombs before we can board. She said it over the intercom and then said "I probably can't joke about that at an airport."
There was a lot of laughter and it made me far less annoyed about the delay. It was hilarious.
The situations are not equal.
"We are checking the plane for bombs" cannot be interpreted as a threat. If it were to be misunderstood as serious, it would indicate an abundance of caution by the airline.
"I am going to blow up a plane" sure can. If it were to be misunderstood as serious, it would indicate an immediate threat to the health and safety of hundreds of people.
I never said they weren't doing anything wrong though. Maybe it shouldn't be as easy to wander into an airport with a bomb.