WhatsApp and Signal messages at risk of surveillance following EncroChat ruling, court hears | Computer Weekly - eviltoast

Police could lawfully use bulk surveillance techniques to access messages from encrypted communications platforms such as WhatsApp and Signal, following a ruling by the UK’s Investigatory Powers Tribunal (IPT), a court has heard.

  • Zak@lemmy.world
    link
    fedilink
    English
    arrow-up
    110
    ·
    5 months ago

    The headline is a little misleading. The actual ruling is that police can obtain warrants to install surveillance malware on phones when they have evidence the owner is using it to communicate about crimes.

    • NarrativeBear@lemmy.world
      link
      fedilink
      English
      arrow-up
      21
      ·
      5 months ago

      Could malware be installed without access to the physical phone? How would this be achieved. Is it with a backdoor from the phone manufacturer or infected somehow from the sim card service provider.

      • Plopp@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        ·
        5 months ago

        Depending on circumstances it can be done remotely in different ways AFAIK using things like IMSI Catchers, malicious and sometimes invisible SMS messages, and maybe spearfishing or other methods. Or a combination of things, leveraging different weaknesses of the phone in question.

        • hoshikarakitaridia@lemmy.world
          link
          fedilink
          English
          arrow-up
          10
          ·
          5 months ago

          And because this could just enable government bodies to fuck around with spying, that’s why usually you have to get a warrant for this kinda stuff on the grounds of probable cause.

        • AtHeartEngineer@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          5 months ago

          This is much much harder though, and would risk exposing the vulnerabilities they are using, so they likely won’t use these methods unless it’s higher profile and involves some higher up govt entities. Your normal street crime cop shop won’t be able to do this.

      • aodhsishaj@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        5 months ago

        Likely as not, person charged with crime is in custody. Police force person to unlock phone, then police install malware and wait for comms to come in.

        • bionicjoey@lemmy.ca
          link
          fedilink
          English
          arrow-up
          12
          ·
          edit-2
          5 months ago

          You’d have to be a real idiot to keep using the same phone after the police arrested you and forced you to unlock it, especially for doing crimes.

      • pwalker@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        Well just recently researchers discovered a campaign installing backdoors on iPhones using a chain of several 0-day expoits or in this case using also 0-click exploits, where no interaction from a user is needed. However those attack chain are so advanced that practically normal law enforcement would never be able to do it. But theoretically yes some well equiped state actors are able to infect you without noticing. If you are really intrested to see how advanced these attack are search for “project triangulation” or watch the recording from last years chaos computer conference: https://media.ccc.de/v/37c3-11859-operation_triangulation_what_you_get_when_attack_iphones_of_researchers#t=373

    • conciselyverbose@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      The court heard that the Investigatory Powers Act 2016 allows law enforcement to obtain a TEI warrant for a single investigation or operation, such as the covert monitoring of the activities of an identified organised crime group. However, the lawyers argued that a TEI warrant could not be used to monitor all users of a particular messaging service. It was not enough, they said, that the targets for surveillance were using a common technology “incidental to their suspected criminality”.

      I think this is their point. The additional links are walled, but the assertion it sounds to me like they’re making is that the ruling authorized them to hack and surveil an entire platform, rather than based on probable cause against specific individuals.

    • doodledup@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      1
      ·
      5 months ago

      Tell me you haven’t read the article without telling me you haven’t read the article.

      Also you seem to have no clue what you’re talking about.

    • radivojevic@discuss.online
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      5 months ago

      I don’t use Google. I haven’t used Google in… I dunno, a decade? They offer no services that are better than the competition. In fact, the only quality thing they ever made was Google maps.

      • Blisterexe@lemmy.zip
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        And now openstreetmaps is just as good – worse for car, better for biking and walking, really depends for public transit

        • Saik0@lemmy.saik0.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          5 months ago

          worse for car,

          Hard disagree. Find an error in Google Maps and submit a correction… My house lives on one such error. I’ve submitted probably 200-300 attempts to fix it… Google Maps just refuses. My address is fixed/correct in literally every other map software out there.

          Google maps sucks if they can’t even be bothered to have an accurate map. People get sent 20 miles away if they strictly type my street address into google.

          • Blisterexe@lemmy.zip
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            I said that because my osm app doesnt have traffic data, i dont drive but id assume that’s important

            • Saik0@lemmy.saik0.com
              link
              fedilink
              English
              arrow-up
              1
              ·
              5 months ago

              Driving data is nice, but actually having correct addresses is way more important than knowing if there’s a bit of traffic.