Can we speak in private? Chat app intros end-to-end crypto tech
Making the terrorists’ job easier? ‘Yes’, say the cops
Messaging app LINE has introduced end-to-end encryption, with secure chat messaging available on all version of the software, including the desktop version, and turned on by default on Android.
LINE boasts that it has become the first messaging app to offer end-to-end encryption across multiple devices and platforms with the introduction of a feature it calls "Letter Sealing".
Initially applied to one-to-one individual chats and location sharing, Letter Sealing will be extended to cover different features and devices in the near future, according to LINE.
Full encryption is applied when both participants in a chat have the Letter Sealing feature (available for iOS and Android users with LINE 5.3.0 or later version installed) enabled on their devices.
Keys associated with encrypted content will be stored only on users’ devices rather than on a central server. That means there’s no key for LINE to hand over as and when law enforcement come knocking.
Other targeted attacks such as attempts to plant malware on devices or running man-in-the-middle (MITM) attacks might be possible, however.
Moving towards end-to-end crypto is the common direction of travel for many messaging apps (WhatsApp, iMessage etc). Many in law enforcement and intelligence have argued that the technology will make it harder for them to hunt terrorists and child abusers, hence requests from this quarter for back doors.
Investigations into terrorism that touch on unravelling the content of secure messaging may become more difficult but they're by no means impossible, as this example from Belgium earlier this year illustrates.
LINE’s technical documents on how its technology works can be found here.
LINE’s protocol is proprietary and it hasn’t been independently reviewed, as yet. Security experts are interested in what LINE is doing but seemingly inclined to prefer existing choices based on Off-the-Record (OTR) Messaging, an instant messaging encryption protocol, and Signal/TextSecure for mobile messaging (see a discussion among security pundits on Twitter here).
“This seems weaker than OTR (no forward secrecy mentioned), and like most 'E2E' apps, the server can MITM,” said app developer Greg Slepak. ®