Why governments getting access to private WhatsApp conversations is a terrible idea

UK Home Secretary Amber Rudd took a very strong position against WhatsApp and other apps providing end to end encryption to their users during an interview on BBC yesterday. She said she  finds it unacceptable that terrorists can use that to “hide” and that the security services should be able to access WhatsApp conversations.

It is not my intention to make political criticism in this blog, but this is a very serious issue and it is directly related with my professional interests. I will try to explain why this is a terrible and very dangerous idea, why you should care about it regardless of the country you live in, and why I think you should try to understand it and speak up against it.

1. Finding private texting apps unacceptable is just pointless

Cryptography wasn’t invented by WhatsApp, or Facebook, or Google. It is a branch of mathematics more than anything else, and software engineers merely implement the mathematical algorithms to make practical use of it. The technology is there for anyone to use it, and the mathematical knowledge is there for anyone to find and study it. Even if the government passed a new law and forced WhatsApp to remove the encryption, that would not make the possibility to have private online conversations disappear. There will always be another option, you can’t just make the technology disappear by passing a law.

Rudd’s comment about finding this unacceptable is more or less the same as she saying she finds algebra unacceptable. If tomorrow the government decided to prohibit the study of algebra, that won’t make all of us forget about it and people all over the world keep using it and reading books about it. It is just a pointless exercise. The reasonable thing to do is first, understanding the implications of the use of cryptography, and deal with the reality of it.

Anyone with some knowledge of software development and a very rudimentary understanding of cryptography can create a private texting application. We don’t need WhatsApp for that. Forcing the big companies not to do it won’t stop the terrorists using some other application.

2. The right to have a private conversation is a basic human right

The right to privacy is recognised by the UN, the European Convention on Human Rights and – not surprisingly – the British Human Rights Act of 1998. This includes the right to private correspondence, and there is no reason to think that online correspondence is any different to any other type of communication with regards to our rights.

The Home Secretary, the person responsible for British citizenship issues and for MI5 and MI6, is effectively saying that she finds it unacceptable for a company to provide a product that allows the citizens to exercise a basic human right. This is absolutely outrageous. If people (probably including herself) understood what this actually means and what is at stake there would be no need to have a debate about this.

This kind of idea belongs to totalitarian regimes. Not allowing private conversations is what organisms like Stasi did.

Terrorist attacks are a risk to our security but allowing the government (any government!) to listen to our conversations is a risk to the very existence of our civilization, because it undermines one of basic freedoms that are the foundation of it. If we allow them to take this right from us, which one will be the next one we lose?

3. If we allow it, the terrorist have already won a battle

Aren’t we supposed not to give in to terrorism? To make them realise their attacks are useless, to let them know they won’t achieve anything with violence? Don’t we want to show the terrorist that we are strong and they won’t win?

Well, what message do you think we will be sending if we give up one of our basic freedoms because we fear them? If we allow that, they have won something already, they have made us lose something. It will mean that their attacks were useful in subjugating us, that we are willing to give up our own freedoms in response to their terror strategy. Don’t you think that will encourage them to keep attacking? That would transform terrorism into the most effective tactic ever: in exchange for a few crazy or fanatical and suicidal people, millions of citizens will cede and give up their freedoms out of fear.

Terrorist leaders think they will gain something with their attacks. Prove them wrong.

4. Terrorists don’t need modern texting apps to operate

Some of you might be thinking that’s all very nice and interesting but actually you care more about the safety of  your family than about this kind of abstract ideas of freedom. I understand that. Fear is a powerful thing, and more so when you think about your loved ones being hurt.

However, do you really think giving the security service access to WhatsApp conversations will make us safer? As I explained in point 1, terrorist will just use some other app. It is as easy as that. Even more, let’s assume things get really far and smartphones are outlawed. Do you think that will stop anyone who wants to make harm?

Terrorism is way older than WhatsApp, than smartphones, than cellphones… They didn’t need WhatsApp’s private chats on the September 11, March 11 or July 7 attacks.  IRA and ETA performed lots of successful attacks for decades here in Europe without any of that. Even if we could somehow prevent terrorists from using cryptography (which we certainly can’t), that woudn’t stop them attacking. That is just wishful thinking of the worst kind.

We need to remove their motivation and willingness to attack. Removing a random technology from the equation won’t solve anything.

5. Criminalising cryptography will only help the criminals

These kind of ideas coming from people in a position of power and responsibility make cryptography look like some criminal tool, something that’s helping terrorists kill innocent people. In fact, cryptography is making us safer and it’s the foundation of online security. It not only allows us to have private conversations, it allows us to buy online safely, it protects our sensitive data from criminals, protects us from identity theft, improves banking security (even if you don’t use online banking), allows the security forces to communicate securely, etc.

As a society, we need to have a balanced view of it and not criminalise its use or study. That will only harm our safety in the long run, and won’t stop the terrorist from using it. Doesn’t the Home Secretary realise that cryptography is not only preventing the security forces to spy on terrorists, but it is also preventing terrorist to spy on the security forces? Even if we could magically make all the cryptography technology disappear tomorrow, what do you think would be a bigger risk, police not being able to read every single text message of potential attackers, or the attackers being able to spy on the secret services, police and military communications?

Criminalising the study, use and advancement of cryptographic technology will only make us more vulnerable, ignorant and fearful in the long run.

6. Closing thoughts

This is probably the most important topic I’ve ever written about. Setting a legal precedent like what Amber Rudd is suggesting would be a blow to the foundations of the free world and its core values. It would be, at best, a minor annoyance for the terrorists. At worst, it would make them stronger in the long term. It would definitely make us weaker.

I do believe that most people that agree with the Home Secretary, or the media that don’t challenge those ideas, do so in good faith. I don’t think they understand the implications or even the technology itself. It is nonetheless irresponsible. I hope in the end common sense and reason will prevail but I believe we all have to speak up and educate our fellow citizens and ultimately our politicians if it is needed.

Please defend your freedoms. Don’t let terrorism and fear win.

What the Trappist-1 exoplanets discovery means… and doesn’t mean

Yesterday’s NASA announcement about the discovery of 7 Earth sized exoplanets in the Trappist-1 system is all over the news. People seem understandably excited, and even Google celebrated creating a brand new doodle just hours after the announcement. And as usual with scientific news, you can find quite a lot of confusion around.

So what does a discovery like this actually mean?

Artist impression of the possible look of the planets. Credits: NASA/JPL-Caltech

Credits: NASA/JPL-Caltech

It means that astronomers have found strong evidence of the existence of those 7 planets orbiting a star other than our own. They have a pretty good idea about their size and mass and where they are and a bunch of other things, but… they don’t have any cool pictures of them! Sorry to disappoint on that one 🙂 This is probably the most common confusion I’ve seen, and some not so responsible people in the media actually fail to remind the readers that the pictures are an artist impression… in other words, how they imagine the planets could look.

The fact is that unfortunately we are not yet able to travel anywhere near other systems. Let’s put the thing in perspective:

  • The Moon’s average distance to Earth, the farthest ever any human has traveled, is 384,402 km.
  • Mars, most possible the next human destination in space, is around 56 million km when it’s closest to us (though actually that is not such a good indication about the distance a possible trip there would cover)
  • The spacecraft that has traveled farthest away from us is Voyager 1. Since 2014 flying in interstellar space, which means it is outside of the Sun’s neighborhood. This is an incredibly amazing feat! It took the ship 37 years to get there. And for those of thinking that it must be a slow one because it is so old now, sorry to disappoint again! It is actually the fastest vehicle ever made. So how far is it? About 20,600 million km from the Earth.
  • And how far is Trappist-1? About 40 light years away, which is about 3.8 x 10^14 km (those are 14 zeroes!) or 380 million million km, or 18,000 times the distance to Voyager 1.

So as you can see we are not going to get any nice photographs of these planets anytime soon, much less travel there, regardless of how habitable they might be. So if you were packing your luggage… sorry to disappoint again!

So why should you care?

Because even with all these limitations, we can still listen there! Have you seen Contact? That’s obviously just a movie, but it shows what scientists have been trying to do for some time with SETI and also promoting new projects as recently as 2015.

The difficult decision with those projects is where to listen, where to point the antennas to. A system with 3 possibly habitable planets seems like a great candidate! If we ever find evidence of extraterrestrial intelligent life, we need to find planets like those.

Also, let’s think big and long term. Maybe one day in the far future we will actually be able to send spacecrafts to other stars. Maybe some millennia in the future people will celebrate this discovery. Maybe even they will make another doodle about it.

Rosetta ends its mission 

More than two years ago, when I was starting this blog, I  wrote a little post about Rosetta waking up. It was exciting to follow its progress during this time.


Time flies and today the guys in Darmstadt flew it into the comet it’s been orbiting all this time, thus ending its mission. 

Rosetta has been one of the most inspiring space missions in the last years. Its purpose is not just scientific. The Rosetta wake up campaign got children involved and hopefully inspired them. Space missions offer us a look into the unknown, allow us to think big, to imagine our future, to think long term, and to feel proud of what we humans can achieve when we work together.

Rosetta’s journey ended today but scientists and engineers will be learning from its data for years to come, and hopefully its legacy will inspire and amaze us for a much longer time.

Factory classes are (very often) a bad design choice

I’ve seen factory classes used in several of the projects I’ve worked on and in my experience they are misused more often than not. Please note that I am talking  about factory classes, not the factory pattern itself, which is useful in more cases. Let me explain.

Object creation in a factory 🙂

One of the most important Object Oriented design best practices is the single responsibility principle. Some people argue that a factory class adheres to this principle: one class (the factory) is responsible for creating objects the right way, and another one to do its job. Following this, what you often find is something like this:

class EnterpriseyClass:

class EnterpriseyClassFactory:
def create_enterprisey_object(a,b): ...
def create_enterprisey_object_with_other_args(c,d): ...

The first problem with this approach is that it’s missing the point of the factory class pattern: the benefit of having a separate factory class is that it can return different object types. For example, you could have a database connection factory class that is able to return a MySql connection or an Oracle connection, each being a different class that follows the same contract. In this way, the class calling the factory doesn’t have to worry about which class should be created, and so the code can be simpler.

However, if the factory class only returns one type, I see no reason to have a separate class. I like to have interfaces that are as clear as possible, at every possible level, from the class design to the UI. Going back to the EnterpriseyClass example, when I am trying to create an object of that class, I don’t have any clear indication that I should use a factory class. You could document that or add a tip as a comment in the constructor, but that is just trying to solve a problem we have created ourselves. Just move the factory method inside the class and get all the benefits of the factory pattern without the problems.

Besides, going back to the topic of class responsibility, I think that the first responsiblity of every class should be providing the means to create a valid object. Moving that responsibility outside of the class is against the very foundations of OO.

The example about the database connections doesn’t have this problem. You still should be able to create a MySql connection if you need to. Using the the factory class gives you the benefit of an additional layer of abstraction, if  you need it, but doesn’t limit or confuse  you.

Code should be as obvious to use as possible. That will make developers who work with it happier, more productive, and their code will have less bugs. Moving  a factory method outside of its class just for the sake of it will make it more confusing. Just don’t do it. Unless you have a very good reason to. Then please comment! 🙂

Getting GitPython to work on Windows

So I was getting this very annoying error trying to use GitPython on Windows:

git.exc.GitCommandNotFound: [WinError 2] The system cannot find the file specified

It’s easy to find lots of places advising you to set up the GIT_PYTHON_GIT_EXECUTABLE environment variable. However I still was having issues while trying to do it inside my script (I didn’t want to set up directly in Windows). The trick is that it has to be set not just before the GitPython classes are used, but before they are even imported! I really don’t like having imports in the middle of my scripts, but I guess we have to live with it for now!

Here is a little code sample to help you with that. For extra safety and convenience, I got the install path from the registry:

import os
import winreg

r = winreg.ConnectRegistry(None, winreg.HKEY_LOCAL_MACHINE)
k = winreg.OpenKey(r, r'SOFTWARE\GitForWindows')
install_path = winreg.QueryValueEx(k, 'InstallPath')[0]
git_path =  os.path.join(install_path, 'bin/git.exe')
assert os.path.exists(git_path), "Git path not found"
os.environ['GIT_PYTHON_GIT_EXECUTABLE'] = git_path
from git import Repo # Ugly place to have the import...
empty_repo = Repo.init('some\path') # ... but now we can use Repo succesfully!

A couple of tips to speed up your Maven builds

Maven might not be everyone’s favorite tool but if you work with Java it is very possible you will have to work with it sooner or later. One problem it has is that it is not terribly quick. While trying to save some time while doing builds, I learned a couple of tips that you might find useful. You can really cut your build times if you…:

  • Don’t repeat yourself: Use the -rf option! In a multi-module project, when building a module fails Maven will give you a little tip about using the resume from (-rf) option. Pay attention to it! It should be in the last few lines of the output. Once you have fixed the issue with the module, you can resume the full build with the command provided by Maven itself.
  • Use your hardware: Simply add -T1C to the Maven build command to use all your cores. You can really notice the difference in performance this way. I wonder why Maven doesn’t do this by default.

Hope that’s useful. Feel free to comment to add your own Maven performance tips!

Installing Python’s matplotlib on a clean Ubuntu system

It took me a while to figure out how to get matplotlib installed on my brand new Xubuntu 15.04. I assume the steps should be pretty much the same for other Ubuntu systems.

$ sudo apt-get install libpng12-dev
$ sudo apt-get install libfreetype6-dev
$ sudo apt-get install pip
$ sudo apt-get install python-dev
$ curl -O https://bootstrap.pypa.io/get-pip.py
$ python get-pip.py
$ pip install matplotlib

You can try that everything is ok by typing python in a terminal and pasting this code in it:

import matplotlib.pyplot as plt

If after that you want to install SciPy and pip install scipy fails take a look here.

I might have missed something, feel free to comment if you have problems following the steps.