Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Transportation Encryption Security

18-Year-Old Cleared After Encrypted Snapchat Joke Led To F-18s and Arrest (bbc.co.uk) 133

Slashdot reader Bruce66423 shared this report from the BBC: A Spanish court has cleared a British man of public disorder, after he joked to friends about blowing up a flight from London Gatwick to Menorca.

Aditya Verma admitted he told friends in July 2022: "On my way to blow up the plane. I'm a member of the Taliban." But he said he had made the joke in a private Snapchat group and never intended to "cause public distress"... The message he sent to friends, before boarding the plane, went on to be picked up by UK security services. They then flagged it to Spanish authorities while the easyJet plane was still in the air.

Two Spanish F-18 fighter jets were sent to flank the aircraft. One followed the plane until it landed at Menorca, where the plane was searched. Mr Verma, who was 18 at the time, was arrested and held in a Spanish police cell for two days. He was later released on bail... If he had been found guilty, the university student faced a fine of up to €22,500 (£19,300 or $20,967) and a further €95,000 (£81,204 or $103,200) in expenses to cover the cost of the jets being scrambled.

But how did his message first get from the encrypted app to the UK security services? One theory, raised in the trial, was that it could have been intercepted via Gatwick's Wi-Fi network. But a spokesperson for the airport told BBC News that its network "does not have that capability"... A spokesperson for Snapchat said the social media platform would not "comment on what's happened in this individual case".
richi (Slashdot reader #74,551) thinks it's obvious what happened: SnapChat's own web site says they scan messages for threats and passes them on to the authorities. ("We also work to proactively escalate to law enforcement any content appearing to involve imminent threats to life, such as...bomb threats...."

"In the case of emergency disclosure requests from law enforcement, our 24/7 team usually responds within 30 minutes."
This discussion has been archived. No new comments can be posted.

18-Year-Old Cleared After Encrypted Snapchat Joke Led To F-18s and Arrest

Comments Filter:
  • by OrangeTide ( 124937 ) on Sunday January 28, 2024 @12:04AM (#64193710) Homepage Journal

    I think I'll stick with OTR [wikipedia.org] at least for 1-to-1 communication. Sending to a group is harder but it's not hard to be better than Snapchat.

  • by Revek ( 133289 ) on Sunday January 28, 2024 @12:04AM (#64193712)
    Now we have proof that they have the ability to see encrypted communication.
    • by ls671 ( 1122017 ) on Sunday January 28, 2024 @12:12AM (#64193724) Homepage

      Well, I didn't need any proof but yes.

      "But he said he had made the joke in a private Snapchat group"

      "Private" snapchat group? LOL! What an ignorant snowflake!

      • by OrangeTide ( 124937 ) on Sunday January 28, 2024 @01:02AM (#64193780) Homepage Journal

        I hope someone takes them in for false advertising. I'm kind of sick of tech companies making promises they they don't keep. I mean I'm not surprised when they lie right to my face, but I'm also tired of it.

        • by Anonymous Cward ( 10374574 ) on Sunday January 28, 2024 @06:42AM (#64194116)
          Photos you send are unreadable to Snapchat thanks to end-to-end encryption, but not the contents of text chats. Those are still protected by TLS and the full disk encryption Snapchat uses on their servers, but is fully readable to them and thus could be made readable to anyone else too.

          Other than chatting with thots, where a lack of chat encryption helps said thots report creeps in a manner which can be enforced, most everyday use cases for private communications are better served using Signal/WhatsApp with both disappearing messages and view-once media enabled.
      • Noone assumes online is private from govt snoops. But private group means you are joking to your friends not scaring the public. its the difference between say in a public theater shouting "Fire!!" or whispering softly to your date "Baby you are on fire!" . The guy was NOT trying to cause a panic or making public threats.
        • by ghoul ( 157158 )
          Now some idiot overheard him saying "Baby you are on fire" to his date and called the fire brigade; the bill should go to the idiot (in this case the British Home ministry) not the guy whispering.
        • by test321 ( 8891681 ) on Sunday January 28, 2024 @06:10AM (#64194086)

          Indeed the case here did not involve public panic; it involved a terrorist sending his last message to his associates or family on their communication channel. Many terrorist attacks in Europe are preceded by a similarly recording a short video of adherence to a group and responsibility declaration, let in a way for the authorities to find after the fact. This sort of message is intended to provide proper publicity of their acts and their groups, and also to ensure that the case will investigated as terrorist, as a proof of a political or ideological motive is a necessary condition for the authorities to classify the facts as "terrorist" rather than "the act of a crazy man".

          • ⦠proof of a political or ideological motive is a necessary condition for the authorities to classify the facts as "terrorist" rather than "the act of a crazy man".

            Skin color plays a larger role than âoeproof of a political or ideological motiveâ in how any given attack is described, at least in the US.

          • by Junta ( 36770 )

            it involved a terrorist sending his last message to his associates or family on their communication channel.

            But it didn't... it involved a teenager making a silly joke to his friends...

            • But it didn't... it involved a teenager making a silly joke to his friends...

              Someone sends "In the name of the Taliban, I'm going to blow up a plane" then actually boards a plane. The message gets reported and the police has 30 seconds to make a decision. They don't know any context. How should they react, do nothing and hope for the best?

              Emergency services constantly dispatch vehicles to find jokes, pranks, malicious false alarms, among the real situations. They know some of them are jokes, but they have to take all reports seriously.

              • by gwjgwj ( 727408 )
                Is it not allowed to lie to your friends and relatives anymore?
              • by Junta ( 36770 )

                Sure, in the moment they didn't know. However the court has the benefit of hindsight. So it's crazy to say " it involved a terrorist sending his last message to his associates or family on their communication channel" when referring to this specific incident. Perhaps you meant "For all they knew, it could have involved..."

                I could see that as a generalized reply to " But private group means you are joking to your friends not scaring the public." which did sound like generalizing this case to others where

            • by tlhIngan ( 30335 )

              But it didn't... it involved a teenager making a silly joke to his friends...

              Why is it every generation seems to ignore the learnings of the past?

              Before 9/11, everyone knew going through airports never to yell "bomb" or make a joke about a bomb. This was common knowledge.

              So common, there were hacks for MacOS back in the day to replace the "bomb" error message with something less threatening because well, you know, sometimes they checked laptops going through. It wasn't unusual they'd request you'd boot it u

              • by evanh ( 627108 )

                Um, pranking was always a right of passage for a wide age group of young adults. And airports got their fare share of it.

              • by Junta ( 36770 )

                I won't disagree with the sentiment, but was responding to the "it involved a terrorist sending his last message to his associates or family on their communication channel." which is very much was not in this case.

                Guy made his (poor taste) joke intending it only for an audience that he knew well and would understand he was not serious. He did not intend to incite public disorder, he did not intend to make Spain dispatch fighter jets to waste their resources.

      • by Junta ( 36770 )

        "Private" snapchat group? LOL! What an ignorant snowflake!

        This was not meant as "I didn't think the government couldn't see the message" but a response to the charge of "public disorder".

        Because it was a message intended only for friends, it's a stretch to say he caused "public" disorder. The UK is the one that turned a snooped message into a public disorder event.

    • by Njovich ( 553857 ) on Sunday January 28, 2024 @03:08AM (#64193880)

      I mean, the summary says:

      SnapChat's own web site says they scan messages for threats and passes them on to the authorities. ("We also work to proactively escalate to law enforcement any content appearing to involve imminent threats to life, such as...bomb threats...."

      I'm pretty sure they have the capabilities to read these messages (with Snowden literally telling us), but I don't think they would bother admitting that over this case.

      • The Snowden slide deck on PRISM is over a decade old, and my expectation is that all of those providers that are still relevant have fixed the issues in question.

    • by robbak ( 775424 )

      In this case, it seems as if the SnapChat app on either end detected a message that included a threat, and forwarded the cleartext to themselves and the authorities. If the app doesn't detect a threat, then it would send the message to the recipient securely encrypted.

    • We didn't need proof. When they actively say they are doing it, all the while not being subject to the endless legal arguments between governments and e.g. Apple, I think that they are doing it was obvious.

    • by Anubis IV ( 1279820 ) on Sunday January 28, 2024 @09:16AM (#64194304)

      I sat in a courtroom as a juror just a few months ago, where detectives produced dozens of timestamped messages and pictures obtained via warrant from Snapchat of the defendant talking about drug deals and holding the exact, visually distinct guns he and his co-conspirator used in murdering someone just a few days after the pics were taken. From what the detectives indicated there are limits to what Snapchat can provide, so the results they get can be hit-or-miss, but it’s always far more than its users expect.

      • How can the visual aspects of a gun be used to determine that it was same gun used in a crime?
        • A good enough picture will show the serial number.

        • How can the visual aspects of a gun be used to determine that it was same gun used in a crime?

          Sorry, I didn’t mean to suggest the photos were used to prove that, though they certainly supported it. The guns were directly linked to the crime by ballistics and eyewitnesses, and then were linked to the murderers by eyewitnesses and the fact that they rolled up to a hospital mere minutes after the crime (the co-conspirator was shot during the crime) with their guns still in the backseat of the getaway vehicle. Beyond that, during sentencing the defendant we had just convicted of murder openly admi

          • Very interesting. My jury duties have all been void(null). I was brought into a selection room one time out of the several that I've done, but a bailiff came in and said there was a plea deal, so we filed back out.

            "...and (no joke) both guns were found to have malfunctioned in the course of the crime in a manner consistent with bad practices demonstrated by these guys in Snapchat videos in the days immediately prior to the crime."

            I always advise wannabees to make sure that they hold that gun sideways and po

        • by mjwx ( 966435 )

          How can the visual aspects of a gun be used to determine that it was same gun used in a crime?

          Because it can be used to demonstrate it was the same model, This is circumstantial evidence, but it's still evidence and will add weight to the prosecution (or to the defence if the weapon is dissimilar).

          Beyond this, it can also show identifying features (scratches, serial numbers, et al)

    • by gweihir ( 88907 )

      Indeed. Not that this is any surprises. It is not an accident that any actual security expert insists in end-to-end encryption, with the keys exclusively under user control. It is also no surprise that almost no app fulfills those requirements.

    • by Luckyo ( 1726890 )

      We knew this for a very long time. India has for example required pre-emptive access to encrypted chats and censorship for a while, and got it.

      This isn't difficult to figure out how it's done either. Who handles the cryptographic key exchange between parties communicating in the encrypted chat? That party has the keys to decrypt everything.

      Ironically encryprtion provides protection from the scenario discussed as a potential source of data. Sniffing from wi-fi. That's pretty much the only thing it provides p

    • Now we have proof that they have the ability to see encrypted communication.

      No, no and no! The problem is what marketing calls "encryption," which means using TLS (HTTPS) to communicate with the Snapchat server. This is the same "encryption" we use on Slashdot to post public comments. Once it's on the snapchat server, any employee with access can read the message (or scrape by automated system, etc).

      They do NOT have the ability to read properly end-to-end encrypted messages. However, that is not what Snapchat does..it's been known for a very long time Snapchat isn't particu

      • I'll add I am aware that Snapchat claims to use end to end encryption for photos and videos, but not text messages, nor group chats. The content in question was text messages on group chats, so apparently with their half-baked "security" that means they can read all those messages on their backend.
  • Snap chat is an Snapsnitch that is so fast that you better trun you self in the same day that you chat

  • Anyone who thinks Snapchat is really encrypted definitely doesnâ(TM)t read many court casesâ¦
  • by ghoul ( 157158 ) on Sunday January 28, 2024 @12:58AM (#64193776)
    This is why Indian govt insists Indian data be kept on servers in India. They want the same type of control that Western govts have over the Social media giants. Court Orders for data searches are so easy to get in US. Its actually an automated form. Prosecutors/investigators fill it in and a rule based system automatically generates a FISA court order. The signing judge may glance at it for 15 secs and click an I agree button and their signature gets added digitally.
  • Can now take on a whole new perspective...
  • Assuming this was even real, what are F-18's gonna do against a terrorist inside a passenger plane?

  • Advertised Feature (Score:2, Insightful)

    by cstacy ( 534252 )

    The site says right up front that they scan your messages for anything dangerous and notify the authorities immediately. Why would anyone think their messages are secret?

    This isn't a privacy violation; it's a teenager being an idiot. Why didn't he just tell the physical screeners at the boarding gate that he was going to bomb the plane? Same thing. Do young adults, 18 year olds who can drink and be soldiers and vote and everything, who book and board international airline flights. who grew up with the Inter

    • by pjt33 ( 739471 ) on Sunday January 28, 2024 @03:50AM (#64193924)

      Why didn't he just tell the physical screeners at the boarding gate that he was going to bomb the plane? Same thing.

      That is absolutely nowhere near being the same thing. Context is an essential element of communication. It would indeed be idiotic to say the same words to a stranger in a position of authority, but he was writing to a group of close friends who were also boarding the plane with him and he was confident (and reasonably so) that they would understand that he was pre-empting them joking about him bombing the plane.

      FWIW the article I read in the Spanish press about this case a couple of days ago said that the Spanish Ministry of Defence opined that it was the UK Ministry of Defence which should be receiving the bill for scrambling the fighters, not the lad who sent the message, because they clearly overreacted.

      • And with social media the bytes transmitted have become much much less while the implied context is greater than ever. We have legal arguments over what 2 emojis like Rocketship+Moon mean. We seem to have an ever tersening of content with an ever expanding context.

        When you consider "the abundance of caution" mentality of the watchers, the algorithms and the police then we can see that this is just the beginning of these sorts of interruptions of daily lives -- these sorts of overreactions are bound to b
    • The site says right up front that they scan your messages for anything dangerous and notify the authorities immediately.

      Nobody ever reads the TOS. Haven't you seen that HumancentiPad South Park episode?

      This isn't a privacy violation; it's a teenager being an idiot.

      Lots of people make stupid jokes amongst friends and family when they assume the conversation is private. When my partner showed me a Facebook video of some idiot trying to unsuccessfully catch a gator and I responded with "the proper course of action would've been to just shoot the gator", I'm not expecting some game warden to stick his nose in my business to make sure that I'm not actually going around shooting gators with

    • Answer: they know better. Unless they are idiots.

      Absolutely no where in this story is it implied that the teenager thought his text was completely secret. People say stupid things, or make jokes in bad taste. If you've never done so well... I for one welcome our new robotic overlords. All hail cstacy.

      • by cstacy ( 534252 )

        All hail cstacy.

        I must confess I like the sound of that.

        I'll take the liberty of signing up for my newsletter...

  • Good Work (Score:5, Insightful)

    by Barny ( 103770 ) on Sunday January 28, 2024 @02:44AM (#64193854) Journal

    Goon on the judge in question for tossing that bullshit. Sanity in the courts is sometimes rare to see.

    • Yes and no. When someone does something stupid that causes actual expense, they should at least partially cover those expenses.
      Stupid shit, should be punished. Though given his stage of his life, being dragged through the legal system may be punishment enough.

      • Obviously, you mean punish the UK security agency for the prank call they made to the Spanish security agency on the grounds of what was clearly a joke message between friends?

        Do you think all the /. users who post comments about shooting, killing, torturing, bombing, etc., warrant SWAT raids at those people's homes?
        • Obviously, you mean punish the UK security agency for the prank call they made to the Spanish security agency on the grounds of what was clearly a joke message between friends?

          A joke like that is only immediately obvious after the fact and with full context. You have the benefit of hindsight and complete ignorance as to what was actually passed onto federal agents.

          • Presumably, the security agency involved was supplied with sufficient context, i.e. Snapchat user data, to make a reasonably informed evaluation?

            What's more likely is that the UK security agencies operate a "zero tolerance" policy & take every utterance, no matter the context, as sincere. The problem is, if they operate under such policies in secret & with little or no oversight, which the UK's security agencies typically do, citizens have no idea of what kinds of extreme, unreasonable actions mi
        • Obviously, you mean punish the UK security agency for the prank call they made to the Spanish security agency on the grounds of what was clearly a joke message between friends?

          Sure, in hindsight it was clearly a joke. But given the specificity of the threat and the person making it was on the plane, notifying them and taking precautions is a reasonable and necessary response. Had it been real and they did nothing the outcry would be huge.

          Do you think all the /. users who post comments about shooting, killing, torturing, bombing, etc., warrant SWAT raids at those people's homes?

          Unfortunately, idiots exist and sometimes need to be used as an example. A reasonable response is to gauge the seriousness of the threats and respond appropriately, from "Yea it's just one of the vast number of basement tough guy idiots on /.

          • Oh, I see. Why do you think a joke on Snapchat deserves more severe response than apparently sincere demands for killing people on /.?
            • Oh, I see. Why do you think a joke on Snapchat deserves more severe response than apparently sincere demands for killing people on /.?

              No, what you don't see is the difference between someone making a credible threat versus the random /. internet tough guy. As I stated, the context of the threat is what needs to be considered in the response. Making a bomb threat, to friends, against a plane and boarding that plane is much more credible than some rando on slashdot saying something. Even so if the threat is specific enough to be credible then it is worth investigating or taking some action to thwart it. If you make a credible threat, say

    • Bullshit? Nah, public disorder it was. And some stupidity tax would be appropriate too in this case. He should've been made cover at least a part of the real expenses he caused.

      • by AmiMoJo ( 196126 )

        Don't you think that's a bit of an overreaction for something said privately to friends? Sounds very Nineteen Eighty Four, you have to look out for hidden microphones in case they overhear something they could hang you with.

        • The thing is you can't know if if it's a joke or a, actual report of a terrorist to his associates or family, and the only way we have to deal with the question is to send the jets. Then tribunal gets involved because the manifestation of truth is the first purpose of the justice system.

          The truth showed the guy intended as a joke and not a prank call, where the difference is in a prank call one voluntarily wreaks havoc and causes expenses, while he only intended a private joke in good faith. Being in good f

          • by Barny ( 103770 )

            It was a private message to friends. Presumably, they understood it was a joke and no one who didn't realize that was intended to see it (given they had every expectation that their private message was private—and not snooped on).

            In the end, the only charge was public disorder—and his message was never intended for the public.

            • the only charge was public disorder—and his message was never intended for the public.

              I think the idea is that his message allegedly created a public disorder by causing panicked on his contacts who reported to police. Apparently it was clarified in court that the contacts understood the joke, therefore no public disorder was created, and he was rightfully cleared. Ideally the police investigation could have lead to the a dismissal before trial; maybe the instruction (investigating) judge wanted to hear the witnesses in court to make sure the whole interpretation was correct.

          • The thing is you can't know if if it's a joke or a, actual report of a terrorist to his associates or family, and the only way we have to deal with the question is to send the jets.

            That's false. If they had been competent they could have acted before the plane took off. If they aren't competent, then they have no business messing with people's private chats, because they can get all confused and go off half-cocked. And that's exactly what we saw here.

            If they are going to monitor people's private communications then the least they can do is be competent and make use of the information when it will save money. The messages occur within seconds. It only takes seconds for law enforcement

      • It's not actually stupid to share a joke between friends who understand the joke. The expense was caused by having a system which monitors electronic communications for privately said things like that and scrambles fighter planes based on such little evidence. You can argue about whether operating a system which does this is stupid, or whether it's a reasonable cost to pay for the possibility that it might one day do some actual good, but you have to accept that such a system is going to have sudden large e
  • What is more likely is that he said what he said to an audience of mostly unknowns, and one of them snitched.

    Even if he sent the message to one person or a group of people he knew, it would be significantly more likely that they would have reported the threat to authorities without his knowledge than to have some ultra context aware filter snooping on every DMâ¦

    • But if it was one of the group forwarding to the police, THEN Snapchat would have denied being involved (and the timescale could have been shorter); WHILE in the facts Snapchat declared they scan the messages in general, forward to police within 30 minutes, and the timescale matches what Snapchat said.

      • Why does it matter whether or not Snapchat would have denied being involved? That is totally irrelevant.

        We already know that Snapchat declares in their ToS that they are scanning messages on the server.

        The point is that the time between when the idiot teen made a bomb threat and the time that the government scrambled fighters to intercept his plane was astonishingly short. There's no way that Snapchat's snooping flagged the text, had the text analyzed in context, then forwarded to the authorities, then forw

    • No, that is not "more likely". Snapchat clearly state that they examine messages pro-actively for threats.

    • The article I read about this in the Spanish press said that all of the other members of the Snapchat group were on the plane with him.

  • [...] The message he sent to friends, before boarding the plane, went on to be picked up by UK security services. They then flagged it to Spanish authorities while the easyJet plane was still in the air.
    Two Spanish F-18 fighter jets were sent to flank the aircraft.[...]

    If it's worth compromising privacy in this way, if it's worth scrambling fighter jets, surely it's worth acting on the information in a timely way in the first place so that you catch the potential perpetrator before the plane is in the air? This information was considered so valuable and credible that they had to launch two thirty million dollar [washingtonpost.com] fighters but not valuable and credible enough to act on rapidly? Total fucking security theater, only believed by total fucking idiots. Keep in mind that this message will have been flagged instantly.

    • by gweihir ( 88907 )

      You misunderstand. This is not about detecting threats in real-time and acting on them fast. That is just something that occasionally is done, and in this case (and most/all others) somebody probably screwed up. The actual purpose of this system is mass-surveillance and profiling of individuals without probable cause or legal limits and that purpose does not need fast action.

      The surveillance state does _not_, in any way, serve the general public. It exclusively serves itself and the maintenance and extensio

    • If it's worth compromising privacy in this way, if it's worth scrambling fighter jets, surely it's worth acting on the information in a timely way in the first place so that you catch the potential perpetrator before the plane is in the air? This information was considered so valuable and credible that they had to launch two thirty million dollar [washingtonpost.com] fighters but not valuable and credible enough to act on rapidly?

      So, slashdot now has commentators posting that the security agencies acted too quickly, they should have taken the time to investigate more thoroughly it would have been clear that it was a joke, and also commentators posting that the security agencies acted too slowly, they shouldn't have wasted any time investigating, but cleared the airport and grounded the plane immediately without.

      Which? Did they act too slowly, or too quickly?

      • They should have thought for longer, and not pulled this shit at all, but if they were going to do something, they should have done it sooner. If they were going to act, they acted too slowly.

        Welcome to the world of nuance! Buckle up...

  • That should be pretend encrypted Snapchat msg /s
    • by gweihir ( 88907 )

      The term experts use is "security theater" or "snake-oil security". It is _very_ common.

Hackers are just a migratory lifeform with a tropism for computers.

Working...