Comment 3 for bug 1412444

Revision history for this message
Matthew Paul Thomas (mpt) wrote :

Tony, thanks for the links to those bug reports. Quotes from the Android bug report that address my earlier questions:

0. What is the threat model: "it's about exposing and tracking surveillance, not necessarily directly increasing security."

1. What is the Type I error: "Nation state attackers are just going to intercept traffic when it hits the carrier network. Link level encryption won't slow them down in any way." And: "All link level encryption is broken, because via SS7 you can retrieve the encryption keys and SS7 isn't authenticated. And there is no easy way to change that, because without key handover your mobile phone would in fact be a stationary phone."

2. What is the Type II error: "Carriers routinely turn off network security in cases of natural disasters or popular events such as concerts, when networks become overwhelmed. Displaying a notice in those cases only serves to confuse people."

3. Why would anyone use Signal or Telegram instead: "Android traffic routinely traverses untrusted networks, such as open wifi access points, and end to end encryption is the only solution that guarantees the integrity and confidentiality of the data."

4. Which, if any, of the seven encryption algorithms are worthwhile: "A5/1 and A5/2 are broken. There has been no published work on A5/3 or A5/4 ... Also all the active interception gear just doesn't use ciphering at all."

To summarize my understanding, then: If the cellular network connection is not encrypted, you might be being spied on ... or you might just be at a concert or in a natural disaster. And if it *is* encrypted, that does not mean that you are *not* being spied on, either. So even if we limited our goal just to notifying you of surveillance, we couldn't be confident either way.

So, while I would be delighted if we could provide some just-in-time indication -- or even bad-TLS-style blocking -- for insecure connections, I don't think we can with the networks currently in use. If this changes five or ten years from now, such that legitimate connections always use well-researched link-level security, maybe that can be revisited. Or if there is some specific situation where we could be confident that you were being spied on, that might be presentable too.

In the meantime, though, it's reasonable to show the encryption type in System Settings somewhere, so I'm moving this report there.