A British man accused of public disorder after joking about blowing up a flight has gone on trial in Spain.
Aditya Verma made the comment on Snapchat on his way to the island of Menorca with friends in July 2022.
The message, sent before Mr Verma departed Gatwick airport, read: "On my way to blow up the plane (I'm a member of the Taliban)." Mr Verma told a Madrid court on Monday: "The intention was never to cause public distress or cause public harm."
If found guilty, the university student faces a hefty bill for expenses after two Spanish Air Force jets were scrambled.
Mr Verma's message was picked up by the UK security services who flagged it to Spanish authorities while the easyJet plane was still in the air.
A court in Madrid heard it was assumed the message triggered alarm bells after being picked up via Gatwick's Wi-Fi network.
Appearing in court on Monday, Mr Verma - who is now studying economics at Bath University - said the message was "a joke in a private group setting".
"It was just sent to my friends I was travelling with on the day," he said. Pressed about the purpose of the message, Mr Verma said: "Since school, it's been a joke because of my features... It was just to make people laugh."
So no one involved in the private Snapchat message reported this to Spanish authorities, the UK government intercepted private communications, read it, and misinterpreted a private joke as real threat.
Just imagine how western media reporting on this if it happened in China.
Snapchat messages and text are not end to end encrypted.
Wait for real? That’s hilariously ironic given their entire purpose.
They say that picture and video snaps are, but they refuse to reveal how unlike other services.
They are extremely dodgy in answering if text messages are encrypted, and from what I’ve seen it looks like pure advertising.
This would be case in point of a public network was somehow able to read and flag the message.
That did not happen - snapchat would refuse to connect to its server completely if the cert wasn't recognized, so even with one of these awful MITM inspection gateways present (by itself unlikely anyway in an airport AP / outside of a corporate network, because they couldn't deploy their custom CA to the clients) it would've been impossible.
This was obtained through snapchat itself providing the logs real time to GCHQ.
Not end to end encrypted /=/ not encrypted at all.
End to end encryption = service owner cannot decrypt and read the contents of transmitted data, it's encrypted on source device, decrypted on end device, encrypted throughout transit with keys/information that the transiting devices and network do not possess.
What we're talking about here is normal web encryption or client to server (transit) encryption.
Let the equals signs indicate encrypted data transmission and <> indicate the end of such encryption at connection endpoints.
ClientA (sender of message) <==> Snapchat Servers <==> other clientB (recipient of message) (There are two distinction connections here, one from clientA, the other from clientB, they do not directly connect in this example)
The snapchat servers establish the encrypted connections to both end user devices for relaying messages. However the messages are not encrypted when they reach the servers, the servers and snapchat infrastructure and personnel can see the messages and act upon them like any other data.
MITM'ing the connection 2000s style is not necessary. Snapchat and nearly any other large company that doesn't provide end2end encrypted messaging has both automated systems which scan for keywords and sentiment as well as manual review teams to review flagged content and send tips on it quickly to national and local police. In addition many participate in sharing all data with intelligence agencies in the NATO EYES network of agencies such as NSA and GCHQ who themselves perform scanning and sentiment analysis and such on the content.
As to subverting e2e if you control the code you can just have the applications look for certain flags or indicators on the messages once received/sent (and decrypted as apps must be able to decrypt them themselves) and then open connections (TLS web cert transit encrypted) to the company servers and re-transmit the decrypted data along with associated metadata. There's also stuff with key management for systems that allow multiple devices for users without manual approval where the company could have something that silently adds a special GCHQ/NSA box as an additional device for every single account and generates keys for it and forwards all messages to it but does not disclose this to the user and in such a way the company could technically be unable to access such data themselves while still providing access to intelligence agencies and call that e2e (and it would be just not what we consider properly implemented e2e).