18-Year-Old Cleared After Encrypted Snapchat Joke Led To F-18s and Arrest (bbc.co.uk) 133
Slashdot reader Bruce66423 shared this report from the BBC:
A Spanish court has cleared a British man of public disorder, after he joked to friends about blowing up a flight from London Gatwick to Menorca.
Aditya Verma admitted he told friends in July 2022: "On my way to blow up the plane. I'm a member of the Taliban." But he said he had made the joke in a private Snapchat group and never intended to "cause public distress"... The message he sent to friends, before boarding the plane, went on to be picked up by UK security services. They then flagged it to Spanish authorities while the easyJet plane was still in the air.
Two Spanish F-18 fighter jets were sent to flank the aircraft. One followed the plane until it landed at Menorca, where the plane was searched. Mr Verma, who was 18 at the time, was arrested and held in a Spanish police cell for two days. He was later released on bail... If he had been found guilty, the university student faced a fine of up to €22,500 (£19,300 or $20,967) and a further €95,000 (£81,204 or $103,200) in expenses to cover the cost of the jets being scrambled.
But how did his message first get from the encrypted app to the UK security services? One theory, raised in the trial, was that it could have been intercepted via Gatwick's Wi-Fi network. But a spokesperson for the airport told BBC News that its network "does not have that capability"... A spokesperson for Snapchat said the social media platform would not "comment on what's happened in this individual case".
richi (Slashdot reader #74,551) thinks it's obvious what happened: SnapChat's own web site says they scan messages for threats and passes them on to the authorities. ("We also work to proactively escalate to law enforcement any content appearing to involve imminent threats to life, such as...bomb threats...."
"In the case of emergency disclosure requests from law enforcement, our 24/7 team usually responds within 30 minutes."
Aditya Verma admitted he told friends in July 2022: "On my way to blow up the plane. I'm a member of the Taliban." But he said he had made the joke in a private Snapchat group and never intended to "cause public distress"... The message he sent to friends, before boarding the plane, went on to be picked up by UK security services. They then flagged it to Spanish authorities while the easyJet plane was still in the air.
Two Spanish F-18 fighter jets were sent to flank the aircraft. One followed the plane until it landed at Menorca, where the plane was searched. Mr Verma, who was 18 at the time, was arrested and held in a Spanish police cell for two days. He was later released on bail... If he had been found guilty, the university student faced a fine of up to €22,500 (£19,300 or $20,967) and a further €95,000 (£81,204 or $103,200) in expenses to cover the cost of the jets being scrambled.
But how did his message first get from the encrypted app to the UK security services? One theory, raised in the trial, was that it could have been intercepted via Gatwick's Wi-Fi network. But a spokesperson for the airport told BBC News that its network "does not have that capability"... A spokesperson for Snapchat said the social media platform would not "comment on what's happened in this individual case".
richi (Slashdot reader #74,551) thinks it's obvious what happened: SnapChat's own web site says they scan messages for threats and passes them on to the authorities. ("We also work to proactively escalate to law enforcement any content appearing to involve imminent threats to life, such as...bomb threats...."
"In the case of emergency disclosure requests from law enforcement, our 24/7 team usually responds within 30 minutes."
real secure guys (Score:3)
I think I'll stick with OTR [wikipedia.org] at least for 1-to-1 communication. Sending to a group is harder but it's not hard to be better than Snapchat.
Re:real secure guys (Score:5, Funny)
Re: (Score:3)
Seems to run over most messaging systems. Maybe you aren't talking to the right people to have encountered it.
Re: (Score:2, Offtopic)
I'm okay, I just decided to take a short break and to make a short trip to Tora Bora. Call it an ethnographic research sabbatical.
Re: (Score:2)
OTR is actually pretty safe, four of the five users just aren't that interesting and the fifth one, Tim, hasn't been heard of for several years and may in fact be dead.
On the other hand, Alice and Bob [wikipedia.org] are still at it ... :-)
We already knew the were doing it. (Score:5, Insightful)
Re:We already knew the were doing it. (Score:4, Insightful)
Well, I didn't need any proof but yes.
"But he said he had made the joke in a private Snapchat group"
"Private" snapchat group? LOL! What an ignorant snowflake!
Re:We already knew the were doing it. (Score:5, Insightful)
I hope someone takes them in for false advertising. I'm kind of sick of tech companies making promises they they don't keep. I mean I'm not surprised when they lie right to my face, but I'm also tired of it.
They only say snaps are encrypted (Score:5, Informative)
Other than chatting with thots, where a lack of chat encryption helps said thots report creeps in a manner which can be enforced, most everyday use cases for private communications are better served using Signal/WhatsApp with both disappearing messages and view-once media enabled.
Re: (Score:2)
Sadly the Snap Terms of Service doesn't spell out which services are covered by end-to-end encryption and which are not. It is unlikely a user would understand which communications are private and which are under the view of SnapChat and by extension, law enforcement.
Private as in not public (Score:3)
Re: (Score:3)
Re:Private as in not public (Score:4, Insightful)
Indeed the case here did not involve public panic; it involved a terrorist sending his last message to his associates or family on their communication channel. Many terrorist attacks in Europe are preceded by a similarly recording a short video of adherence to a group and responsibility declaration, let in a way for the authorities to find after the fact. This sort of message is intended to provide proper publicity of their acts and their groups, and also to ensure that the case will investigated as terrorist, as a proof of a political or ideological motive is a necessary condition for the authorities to classify the facts as "terrorist" rather than "the act of a crazy man".
Re: Private as in not public (Score:2)
⦠proof of a political or ideological motive is a necessary condition for the authorities to classify the facts as "terrorist" rather than "the act of a crazy man".
Skin color plays a larger role than âoeproof of a political or ideological motiveâ in how any given attack is described, at least in the US.
Re: (Score:2)
it involved a terrorist sending his last message to his associates or family on their communication channel.
But it didn't... it involved a teenager making a silly joke to his friends...
Re: (Score:2)
But it didn't... it involved a teenager making a silly joke to his friends...
Someone sends "In the name of the Taliban, I'm going to blow up a plane" then actually boards a plane. The message gets reported and the police has 30 seconds to make a decision. They don't know any context. How should they react, do nothing and hope for the best?
Emergency services constantly dispatch vehicles to find jokes, pranks, malicious false alarms, among the real situations. They know some of them are jokes, but they have to take all reports seriously.
Re: (Score:2)
Re: (Score:2)
Sure, in the moment they didn't know. However the court has the benefit of hindsight. So it's crazy to say " it involved a terrorist sending his last message to his associates or family on their communication channel" when referring to this specific incident. Perhaps you meant "For all they knew, it could have involved..."
I could see that as a generalized reply to " But private group means you are joking to your friends not scaring the public." which did sound like generalizing this case to others where
Re: (Score:3)
Why is it every generation seems to ignore the learnings of the past?
Before 9/11, everyone knew going through airports never to yell "bomb" or make a joke about a bomb. This was common knowledge.
So common, there were hacks for MacOS back in the day to replace the "bomb" error message with something less threatening because well, you know, sometimes they checked laptops going through. It wasn't unusual they'd request you'd boot it u
Re: (Score:2)
Um, pranking was always a right of passage for a wide age group of young adults. And airports got their fare share of it.
Re: (Score:2)
err, fair share.
Re: (Score:2)
I won't disagree with the sentiment, but was responding to the "it involved a terrorist sending his last message to his associates or family on their communication channel." which is very much was not in this case.
Guy made his (poor taste) joke intending it only for an audience that he knew well and would understand he was not serious. He did not intend to incite public disorder, he did not intend to make Spain dispatch fighter jets to waste their resources.
Re: (Score:3)
In this case, the crime *was* inherently inciting public disorder, so if you make no public action or statement, how can you be reasonably considered guilty of "public" disorder? If he had actually been planning/attempting a crime, they would have charged him with that and your statement may have applicability, but not here.
There was no crime or planned crime, only a reaction that, in retrospect, was embarassing in this scenario.
Re: (Score:2)
"Private" snapchat group? LOL! What an ignorant snowflake!
This was not meant as "I didn't think the government couldn't see the message" but a response to the charge of "public disorder".
Because it was a message intended only for friends, it's a stretch to say he caused "public" disorder. The UK is the one that turned a snooped message into a public disorder event.
Re:We already knew the were doing it. (Score:4, Informative)
I mean, the summary says:
I'm pretty sure they have the capabilities to read these messages (with Snowden literally telling us), but I don't think they would bother admitting that over this case.
Re: (Score:2)
The Snowden slide deck on PRISM is over a decade old, and my expectation is that all of those providers that are still relevant have fixed the issues in question.
Re: (Score:2)
In this case, it seems as if the SnapChat app on either end detected a message that included a threat, and forwarded the cleartext to themselves and the authorities. If the app doesn't detect a threat, then it would send the message to the recipient securely encrypted.
Re: (Score:2)
We didn't need proof. When they actively say they are doing it, all the while not being subject to the endless legal arguments between governments and e.g. Apple, I think that they are doing it was obvious.
Re:We already knew the were doing it. (Score:4, Interesting)
I sat in a courtroom as a juror just a few months ago, where detectives produced dozens of timestamped messages and pictures obtained via warrant from Snapchat of the defendant talking about drug deals and holding the exact, visually distinct guns he and his co-conspirator used in murdering someone just a few days after the pics were taken. From what the detectives indicated there are limits to what Snapchat can provide, so the results they get can be hit-or-miss, but it’s always far more than its users expect.
Sorry to nitpick but (Score:2)
Re: (Score:2)
A good enough picture will show the serial number.
Re: (Score:2)
How can the visual aspects of a gun be used to determine that it was same gun used in a crime?
Sorry, I didn’t mean to suggest the photos were used to prove that, though they certainly supported it. The guns were directly linked to the crime by ballistics and eyewitnesses, and then were linked to the murderers by eyewitnesses and the fact that they rolled up to a hospital mere minutes after the crime (the co-conspirator was shot during the crime) with their guns still in the backseat of the getaway vehicle. Beyond that, during sentencing the defendant we had just convicted of murder openly admi
Re: (Score:2)
Very interesting. My jury duties have all been void(null). I was brought into a selection room one time out of the several that I've done, but a bailiff came in and said there was a plea deal, so we filed back out.
"...and (no joke) both guns were found to have malfunctioned in the course of the crime in a manner consistent with bad practices demonstrated by these guys in Snapchat videos in the days immediately prior to the crime."
I always advise wannabees to make sure that they hold that gun sideways and po
Re: (Score:2)
How can the visual aspects of a gun be used to determine that it was same gun used in a crime?
Because it can be used to demonstrate it was the same model, This is circumstantial evidence, but it's still evidence and will add weight to the prosecution (or to the defence if the weapon is dissimilar).
Beyond this, it can also show identifying features (scratches, serial numbers, et al)
Re: (Score:2)
Indeed. Not that this is any surprises. It is not an accident that any actual security expert insists in end-to-end encryption, with the keys exclusively under user control. It is also no surprise that almost no app fulfills those requirements.
Re: We already knew the were doing it. (Score:2)
Re: (Score:2)
You can always find some pseudo-plausible bogus "argument". This is one.
Re: (Score:2)
It's not exactly a bogus argument, it's literally what happened in this case isn't it?
Re: (Score:2)
From a _very_ brief search, most of Snapchat is not end-to-end encrypted: https://www.cyberunit.com/blog... [cyberunit.com]
Re: (Score:2)
We knew this for a very long time. India has for example required pre-emptive access to encrypted chats and censorship for a while, and got it.
This isn't difficult to figure out how it's done either. Who handles the cryptographic key exchange between parties communicating in the encrypted chat? That party has the keys to decrypt everything.
Ironically encryprtion provides protection from the scenario discussed as a potential source of data. Sniffing from wi-fi. That's pretty much the only thing it provides p
Re: (Score:3)
Now we have proof that they have the ability to see encrypted communication.
No, no and no! The problem is what marketing calls "encryption," which means using TLS (HTTPS) to communicate with the Snapchat server. This is the same "encryption" we use on Slashdot to post public comments. Once it's on the snapchat server, any employee with access can read the message (or scrape by automated system, etc).
They do NOT have the ability to read properly end-to-end encrypted messages. However, that is not what Snapchat does..it's been known for a very long time Snapchat isn't particu
Re: (Score:3)
Snap chat is an Snapsnitch that is so fast (Score:2)
Snap chat is an Snapsnitch that is so fast that you better trun you self in the same day that you chat
Snapchat not encrypted (Score:2)
Re: (Score:3)
Data Sovereignty (Score:3)
Re: Data Sovereignty (Score:2)
Re: (Score:2)
What makes you so sure?
I could see the US gov going "Hey, corporation? We'll foot the bills for your servers and even run them for you, what do you say?"
Re: (Score:2)
That'd mean transparency. Govt critters absolutely love doing things in-kind instead of having a traceable payment: instead of the corporation giving a bribe, they can trade favours for favours.
Re: (Score:2)
As in "We get that data, so we don't question why you collect it".
Swatting... (Score:2)
Wtf are the F-18s gonna do? (Score:2, Insightful)
Assuming this was even real, what are F-18's gonna do against a terrorist inside a passenger plane?
Re:Wtf are the F-18s gonna do? (Score:5, Informative)
Assuming this was even real, what are F-18's gonna do against a terrorist inside a passenger plane?
I believe the idea is to shoot it down if it looks like its going to fly into something important. better to loose a few hundred passengers than to have it crash into a building with thousands as well as the passengers.
Re: (Score:3)
So, purely hypothetically, if I want something gone, and I know what flight they're gonna take...
Re: (Score:2)
Re: (Score:2)
Gotta sabotage the communication system as well, gotcha.
Re: (Score:2)
better to loose a few hundred passengers
It would be possible for the passengers to be knocked loose from the plane.
Re: (Score:3)
Assuming this was even real, what are F-18's gonna do against a terrorist inside a passenger plane?
Prevent a repeat of 9/11. The hard way.
Re: Wtf are the F-18s gonna do? (Score:2)
Advertised Feature (Score:2, Insightful)
The site says right up front that they scan your messages for anything dangerous and notify the authorities immediately. Why would anyone think their messages are secret?
This isn't a privacy violation; it's a teenager being an idiot. Why didn't he just tell the physical screeners at the boarding gate that he was going to bomb the plane? Same thing. Do young adults, 18 year olds who can drink and be soldiers and vote and everything, who book and board international airline flights. who grew up with the Inter
Re:Advertised Feature (Score:5, Insightful)
That is absolutely nowhere near being the same thing. Context is an essential element of communication. It would indeed be idiotic to say the same words to a stranger in a position of authority, but he was writing to a group of close friends who were also boarding the plane with him and he was confident (and reasonably so) that they would understand that he was pre-empting them joking about him bombing the plane.
FWIW the article I read in the Spanish press about this case a couple of days ago said that the Spanish Ministry of Defence opined that it was the UK Ministry of Defence which should be receiving the bill for scrambling the fighters, not the lad who sent the message, because they clearly overreacted.
Re: (Score:2)
When you consider "the abundance of caution" mentality of the watchers, the algorithms and the police then we can see that this is just the beginning of these sorts of interruptions of daily lives -- these sorts of overreactions are bound to b
Re: (Score:3)
The site says right up front that they scan your messages for anything dangerous and notify the authorities immediately.
Nobody ever reads the TOS. Haven't you seen that HumancentiPad South Park episode?
This isn't a privacy violation; it's a teenager being an idiot.
Lots of people make stupid jokes amongst friends and family when they assume the conversation is private. When my partner showed me a Facebook video of some idiot trying to unsuccessfully catch a gator and I responded with "the proper course of action would've been to just shoot the gator", I'm not expecting some game warden to stick his nose in my business to make sure that I'm not actually going around shooting gators with
Re: (Score:2)
Answer: they know better. Unless they are idiots.
Absolutely no where in this story is it implied that the teenager thought his text was completely secret. People say stupid things, or make jokes in bad taste. If you've never done so well... I for one welcome our new robotic overlords. All hail cstacy.
Re: (Score:2)
All hail cstacy.
I must confess I like the sound of that.
I'll take the liberty of signing up for my newsletter...
Re: Advertised Feature (Score:2)
You wrongly assume that he was only messaging his closest and dearest friends and family.
Good Work (Score:5, Insightful)
Goon on the judge in question for tossing that bullshit. Sanity in the courts is sometimes rare to see.
Re: (Score:3)
Yes and no. When someone does something stupid that causes actual expense, they should at least partially cover those expenses.
Stupid shit, should be punished. Though given his stage of his life, being dragged through the legal system may be punishment enough.
Re: (Score:3)
Do you think all the
Re: (Score:2)
Obviously, you mean punish the UK security agency for the prank call they made to the Spanish security agency on the grounds of what was clearly a joke message between friends?
A joke like that is only immediately obvious after the fact and with full context. You have the benefit of hindsight and complete ignorance as to what was actually passed onto federal agents.
Re: (Score:2)
What's more likely is that the UK security agencies operate a "zero tolerance" policy & take every utterance, no matter the context, as sincere. The problem is, if they operate under such policies in secret & with little or no oversight, which the UK's security agencies typically do, citizens have no idea of what kinds of extreme, unreasonable actions mi
Re: (Score:2)
Obviously, you mean punish the UK security agency for the prank call they made to the Spanish security agency on the grounds of what was clearly a joke message between friends?
Sure, in hindsight it was clearly a joke. But given the specificity of the threat and the person making it was on the plane, notifying them and taking precautions is a reasonable and necessary response. Had it been real and they did nothing the outcry would be huge.
Do you think all the /. users who post comments about shooting, killing, torturing, bombing, etc., warrant SWAT raids at those people's homes?
Unfortunately, idiots exist and sometimes need to be used as an example. A reasonable response is to gauge the seriousness of the threats and respond appropriately, from "Yea it's just one of the vast number of basement tough guy idiots on /.
Re: (Score:2)
Re: (Score:2)
Oh, I see. Why do you think a joke on Snapchat deserves more severe response than apparently sincere demands for killing people on /.?
No, what you don't see is the difference between someone making a credible threat versus the random /. internet tough guy. As I stated, the context of the threat is what needs to be considered in the response. Making a bomb threat, to friends, against a plane and boarding that plane is much more credible than some rando on slashdot saying something. Even so if the threat is specific enough to be credible then it is worth investigating or taking some action to thwart it. If you make a credible threat, say
Re: (Score:2)
Indeed you should. Context and location matters though. And when someone says something stupid that isn't stupid enough that everyone can write it off as not serious then they should learn a lesson from it.
Context matters in everything in life, not just context of where and how the conversation took place, but also the context of what messages were passed on to other people.
Yes stupidity should be punished, no on is suggesting jail the person, but a sever lack of judgement should have some punishment even i
Re: Good Work (Score:3)
Bullshit? Nah, public disorder it was. And some stupidity tax would be appropriate too in this case. He should've been made cover at least a part of the real expenses he caused.
Re: (Score:2)
Don't you think that's a bit of an overreaction for something said privately to friends? Sounds very Nineteen Eighty Four, you have to look out for hidden microphones in case they overhear something they could hang you with.
Re: (Score:3)
The thing is you can't know if if it's a joke or a, actual report of a terrorist to his associates or family, and the only way we have to deal with the question is to send the jets. Then tribunal gets involved because the manifestation of truth is the first purpose of the justice system.
The truth showed the guy intended as a joke and not a prank call, where the difference is in a prank call one voluntarily wreaks havoc and causes expenses, while he only intended a private joke in good faith. Being in good f
Re: (Score:3)
It was a private message to friends. Presumably, they understood it was a joke and no one who didn't realize that was intended to see it (given they had every expectation that their private message was private—and not snooped on).
In the end, the only charge was public disorder—and his message was never intended for the public.
Re: (Score:3)
the only charge was public disorder—and his message was never intended for the public.
I think the idea is that his message allegedly created a public disorder by causing panicked on his contacts who reported to police. Apparently it was clarified in court that the contacts understood the joke, therefore no public disorder was created, and he was rightfully cleared. Ideally the police investigation could have lead to the a dismissal before trial; maybe the instruction (investigating) judge wanted to hear the witnesses in court to make sure the whole interpretation was correct.
Re: (Score:2)
The thing is you can't know if if it's a joke or a, actual report of a terrorist to his associates or family, and the only way we have to deal with the question is to send the jets.
That's false. If they had been competent they could have acted before the plane took off. If they aren't competent, then they have no business messing with people's private chats, because they can get all confused and go off half-cocked. And that's exactly what we saw here.
If they are going to monitor people's private communications then the least they can do is be competent and make use of the information when it will save money. The messages occur within seconds. It only takes seconds for law enforcement
Re: (Score:2)
Riiiight⦠(Score:2)
What is more likely is that he said what he said to an audience of mostly unknowns, and one of them snitched.
Even if he sent the message to one person or a group of people he knew, it would be significantly more likely that they would have reported the threat to authorities without his knowledge than to have some ultra context aware filter snooping on every DMâ¦
Re: (Score:2)
But if it was one of the group forwarding to the police, THEN Snapchat would have denied being involved (and the timescale could have been shorter); WHILE in the facts Snapchat declared they scan the messages in general, forward to police within 30 minutes, and the timescale matches what Snapchat said.
Re: (Score:2)
Why does it matter whether or not Snapchat would have denied being involved? That is totally irrelevant.
We already know that Snapchat declares in their ToS that they are scanning messages on the server.
The point is that the time between when the idiot teen made a bomb threat and the time that the government scrambled fighters to intercept his plane was astonishingly short. There's no way that Snapchat's snooping flagged the text, had the text analyzed in context, then forwarded to the authorities, then forw
Re: (Score:2)
No, that is not "more likely". Snapchat clearly state that they examine messages pro-actively for threats.
Not so (Score:2)
The article I read about this in the Spanish press said that all of the other members of the Snapchat group were on the plane with him.
Re: Not so (Score:2)
And how would the spanish newspaper know that?
Re: (Score:2)
Because it's reporting on a court case.
Moving at the speed of Law Enforcement (Score:3)
[...] The message he sent to friends, before boarding the plane, went on to be picked up by UK security services. They then flagged it to Spanish authorities while the easyJet plane was still in the air.
Two Spanish F-18 fighter jets were sent to flank the aircraft.[...]
If it's worth compromising privacy in this way, if it's worth scrambling fighter jets, surely it's worth acting on the information in a timely way in the first place so that you catch the potential perpetrator before the plane is in the air? This information was considered so valuable and credible that they had to launch two thirty million dollar [washingtonpost.com] fighters but not valuable and credible enough to act on rapidly? Total fucking security theater, only believed by total fucking idiots. Keep in mind that this message will have been flagged instantly.
Re: (Score:2)
You misunderstand. This is not about detecting threats in real-time and acting on them fast. That is just something that occasionally is done, and in this case (and most/all others) somebody probably screwed up. The actual purpose of this system is mass-surveillance and profiling of individuals without probable cause or legal limits and that purpose does not need fast action.
The surveillance state does _not_, in any way, serve the general public. It exclusively serves itself and the maintenance and extensio
Re: (Score:2)
So exactly what I said then? That the purpose was security theater? Thanks for the help, bro.
Re: (Score:2)
If it's worth compromising privacy in this way, if it's worth scrambling fighter jets, surely it's worth acting on the information in a timely way in the first place so that you catch the potential perpetrator before the plane is in the air? This information was considered so valuable and credible that they had to launch two thirty million dollar [washingtonpost.com] fighters but not valuable and credible enough to act on rapidly?
So, slashdot now has commentators posting that the security agencies acted too quickly, they should have taken the time to investigate more thoroughly it would have been clear that it was a joke, and also commentators posting that the security agencies acted too slowly, they shouldn't have wasted any time investigating, but cleared the airport and grounded the plane immediately without.
Which? Did they act too slowly, or too quickly?
Re: (Score:2)
They should have thought for longer, and not pulled this shit at all, but if they were going to do something, they should have done it sooner. If they were going to act, they acted too slowly.
Welcome to the world of nuance! Buckle up...
Pretend encrypted Snapchat msg /s (Score:2)
Re: (Score:2)
The term experts use is "security theater" or "snake-oil security". It is _very_ common.
Re: (Score:2)
Lately Amazon has been heavily promoting a Prime streaming movie where (forgive me if I'm getting any of this wrong, I'm going by the plot synopsis from Wikipedia) the protagonist drinks semen-laced bathwater, performs oral sex on a woman while she's menstruating, commits multiple acts of murder, and masturbates on a grave. It's apparently labeled a "dark comedy".
But yeah, please tell us again how joking about air terrorism isn't ever funny in a fictional context.
Re: What a moron. (Score:2)
He should be aware that a human is not fertile while menstruating.
Re: (Score:2)
Found the fanatic.
"A fanatic is one who can't change his mind and won't change the subject.”
Winston S. Churchill
Seriously, try to shut up about it when it does not fit the context.
Re: (Score:2)
What are you blathering on about?