Facebook Veep Arrested After Court Demands WhatsApp Access
Facebook’s most senior representative in Brazil has been arrested after subsidiary WhatsApp did not comply with an access request forcing it to reveal messages related to a suspected drug-trafficking ring.
Regional VP of the social network, Diego Dzodan, was cuffed at Garulhos airport yesterday after the messaging firm failed to accede to the court order for over a month.
“In the face of repeated non-compliance, the judge Marcel Maia ordered the arrest of a representative of the company in Brazil, Mr Diego Dzodan for obstructing the police investigation,” a court spokesman wrote in an email to The Guardian.
The arrest is yet another example of the courts getting it wrong on technology – this time on two counts.
First, WhatsApp is run as a separate company from Facebook, and secondly it operates end-to-end encryption with the keys stored on users' devices rather than a centralized server, meaning it couldn’t reveal the content of messages even if it wanted.
A spokesperson for the messaging giant, which Facebook bought in a $22 billion deal two years ago, said as much, claiming: “We are disappointed that law enforcement took this extreme step. WhatsApp cannot provide information we do not have.”
A Facebook representative, meanwhile, hit out at the arrest, claiming that the firm was available to answer any questions posed by the Brazilian authorities, according to the report.
“We are disappointed with the extreme and disproportionate measure of having a Facebook executive escorted to a police station in connection with a case involving WhatsApp, which operates separately from Facebook,” he said.
WhatsApp began rolling out end-to-end encryption to its users back in November 2014, with the help of Open Whisper System.
Its TextSecure system encrypts messages over the air to protect comms in transit and locally, so that if a device is lost or stolen – or confiscated by the police – they can’t be read. “Perfect Forward Secrecy” technology generates random public keys per session, so that even if one message were decrypted by an eavesdropper the rest could not be cracked.
However, F-Secure security adviser, Sean Sullivan, argued that while WhatsApp couldn’t supply law enforcement with message content it could potentially help with metadata.
“There is often conflict when law enforcement asks for such metadata because it asks for ‘all relevant’ data. A company such as Facebook will respond with a request to define what’s relevant,” he told Infosecurity.
“In other words, law enforcement is fishing for information and companies attempt to limit what they turn over to explicitly defined parameters.”
Although WhatsApp is extremely popular in the South American country, it has been in trouble before. In December a court ordered it to be shut down for 48 hours for failing to comply with a similar request.
The incident once again highlights the stand-off between Silicon Valley’s tech giants, many of whom have wrapped strong encryption into their products to better protect users, and law enforcers who often demand access to devices and messages.
Source: Information Security Magazine