Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Government Wants Private Encryption Keys

Posted by ryuzaki0 on from the my-keys-not-yours dept.

An anonymous reader writes "Businesses and individuals in Britain may soon have to give their encryption keys to the police or face imprisonment. The UK government has said it will bring in the new powers to address a rise in the use of encryption by criminals and terrorists." From the article: "Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists. 'The use of encryption is... proliferating,' Liam Byrne, Home Office minister of state told Parliament last week. 'Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force.'"

36 of 822 comments (clear)

  1. My God by voice_of_all_reason · · Score: 5, Insightful

    I believe we are in need of a new Slashdot section: Horrifying

    1. Re:My God by cosmo_the_third · · Score: 3, Insightful

      Yeah..."Big Brother is Watching You" has become "Big Brother Knows All Your Secrets"

      --
      http://cyclocosm.com Pro cycling at its worst
    2. Re:My God by h4rm0ny · · Score: 4, Insightful


      Or how about a new /. heading: Wake Up !

      This is nasty. You can always tell when there are no reasons that would fly with the public when they have to invoke the paedophiles. US government has War on Terror, the UK has paedophiles.

      E-mail was a god-send for the intelligence services. Automated scanning and copies of everything to look back on if they ever chose. Encryption means the free party is coming to an end. GPG is turning off the stereo and saying "GO HOME!"

      They managed without it before. They can manage without it again. And if that means the Government can't achieve omniscience over the population... good!

      --

      Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
    3. Re:My God by wirelessbuzzers · · Score: 3, Insightful

      There are current encryption technologies already deployed in the market that allow for two sets of data to be encrypted with two keys into a single file. This allows a user to encrypt a sensitive file with an innocuous one, so that when required to disclose a private key the user can just give the one that decrypts the innocent data.

      Except not: plausible deniability only works if you're innocent until proven guilty. In the U.S., and even more so in Britain, if you're using crypto, it isn't true anymore. Just having a crypto program on your hard drive shows criminal intent, and if it does layered encryption, that shows intent to commit perjury also.

      --
      I hereby place the above post in the public domain.
    4. Re:My God by RedBear · · Score: 4, Insightful

      Again, these new laws will only deteriorate the right to privacy of innocent people, while the real criminals will be allowed to roam free doing their dirty deeds with little more trouble then a software upgrade.

      v'z fher v'yy trg zbqqrq qbja sbe guvf fvapr v'z rkcerffvat n ceb-crefbany-svernezf ivrjcbvag, ohg naljnl...

      Indeed, there is a very strong parallel between this and gun control schemes. The honest people give up their guns/keys to the government, the people who are already criminals have no reason to do so. The bad guys simply get smarter at hiding what they do. Who gets screwed in the end? It's always the honest, law-abiding citizens.

      Oh yeah, dear UK government, you can pry the encryption key for this post from my cold, dead hands, along with my firearm... (Although in this particular case I think it will be more difficult to get the gun than the key.)

      Doesn't seem like Orwell and friends really accomplished much, does it? They showed us the future but we're just walking right smack into it anyway, eyes wide shut.

    5. Re:My God by jez9999 · · Score: 4, Insightful

      I'm pretty sure that idea died a Horrifying death

      Wishful thinking, they extended it to 28 days without trial/evidence instead. Blair was still spouting on that the country's security had been compromised. Because police and security services had some power removed, right? ...

      One of Blair's favourite lines went something like this,

      "I don't understand why people seem to think that the rights of terrorist suspects should be more important than those of innocent people."

      --
      == Jez ==
      Do you miss Firefox? Try Pale Moon.
    6. Re:My God by alan.briolat · · Score: 3, Insightful

      I agree entirely - there seems to be a prevailing attitude that "suspects" now have the same lack of rights that actual "criminals" have. I think that the "Western Empire" is getting ready for its demise. The populations of the major player in said empire are becoming stupider and more gullible, and the politicians have crippled economies with their greed. There is nothing left but the promises and IOUs that account for the amount that countries like the US and the UK are going further into debt by each day.

      But not to worry - those of us who see what is happening before it happens can prepare. Everyone else will only find out when it is too late.

      --
      I swear we should be allowed to give mod points to sigs... "-1, Offtopic"
  2. key turning point in government relations by yagu · · Score: 5, Insightful

    Encryption keys don't kill people, people kill people.

    If owning (not divulging) encryption keys is criminalized, only criminals will own encryption keys.

    These "rules" will only push the envelope of how and what criminals (or terrorists, etc.) use to hide their activities. And at the same time, they will add one more burden to the general population to manage and ensure the government is informed of their encryption infrastructure. Nuts.

    The most effective infiltration into terrorist infrastructure is still social engineering. I'd rather the money spent creating and managing something like this spent training and hiring translators, covert agents, etc.

    A convincing point about the futility of this proposed rule comes from the article:

    Clayton, on the other hand, argues that terrorist cells do not use master keys in the same way as governments and businesses. "Terrorist cells use master keys on a one-to-one basis, rather than using them to generate pass keys for a series of communications. With a one-to-one key, you may as well just force the terrorist suspect to decrypt that communication, or use other methods of decryption," said Clayton.
    1. Re:key turning point in government relations by pete6677 · · Score: 4, Insightful

      Just as all criminals turned in their guns when they were outlawed, I'm sure they'll all turn over their encryption keys and keep using them to communicate so law enforcement can observe. Right. What would someone have to be smoking in order to think this is a good idea? Its nothing more than a blatant power grab that will ONLY affect law abiding people and have no effect whatsoever on "terrorists" or whatever other boogeyman will be used to justify more overreaching laws.

    2. Re:key turning point in government relations by gowen · · Score: 5, Insightful
      What happens if some blob of data on the computer is deemed "encrypted" by the Glorious Defenders from Assorted Boogeymen?
      Well, they go to court, and they have to try and convince a jury of your peers that they are correct, beyond a reasonable doubt. The same way every single other law operates. If they can support their assertions with sufficient convincing evidence you go to prison, if not, you don't.

      Besides, there are already horribly injust mechanisms for detaining people in Britain without the need for a trial. Thats what we should be getting worked up about (although the Human Rights Act is doing for them, fortunately).

      But this far more measured Act (which involves warrants, Section 49 orders, actual trials, and the need for evidence and all that) is what slashdotters choose to get worked up about. And why? Because it involves computers.

      Frankly, thats pretty pathetic.
      --
      Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  3. odd request by arakis · · Score: 3, Insightful

    How will they know that they have the correct private keys without "testing" them on the owners' encrypted communications every so often? Oh well, it is England after all. Living on an island can do odd things to living things.

    1. Re:odd request by gurutc · · Score: 3, Insightful

      And you could just add a false layer to the encryption. So the keys the govt have decrypt the data into something that's recognizable and looks real, but is just a facade for another still encrypted layer.

      --
      Moderation in All Things... Especially Moderation - gurutc
  4. Orwell, here we go again!! by casings · · Score: 3, Insightful

    Britain's use of anti-privacy situational crime prevention measures are a means of targeting petty crimes and the innocent while displacing more professional and semi-professional crime into other areas. These techniques do not stop the criminal, as he is already committing a crime, what would he care if you added "refused to give up private key" to his list of crimes?

    The UK needs to wake up and realize that these forms of crime control only waste money and create more crime, than stop crime from happening.

  5. Warning by Nerdfest · · Score: 5, Insightful

    If this goes into effect it would make it a very dangerous thing to have files of random characters .... you'd have a lot of trouble explaining them.

  6. Steganography by MarkByers · · Score: 4, Insightful

    Time for steganographic file systems where your private data can be hidden inside innocent looking files. They can't force you to disclose your key if they don't know and/or can't prove that you have one.

    http://en.wikipedia.org/wiki/Steganography

    --
    I'll probably be modded down for this...
  7. In other news... by GillBates0 · · Score: 5, Insightful
    increased use of encryption by criminals, paedophiles, and terrorists.

    ...it has been found that:

    - cameras are used by criminals, paedophiles, and terrorists - we need access to your negatives/memory disks.
    - houses are used by criminals, paedophiles, and terrorists - we need access to your house keys.
    - cars are used by criminals, paedophiles, and terrorists - we need copies of your car keys.
    - ATM machines are used by criminals, paedophiles, and terrorists - we need to know your PINs.
    - Online email services are used by criminals, paedophiles, and terrorists - we need to know your username/passwords.
    - Computers are used by criminals, paedophiles, and terrorists - we need to install a backdoor on your computer.

    --
    An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
  8. Re:perfectly reasonable by btpier · · Score: 3, Insightful

    If they want to force someone to expose their private data, they should get a warrant to do that once you are suspected of a crime not before. As others have said, this treats everyone like a criminal.

  9. In Soviet Russia... by Fapestniegd · · Score: 5, Insightful

    There was no crime, because the secret police would carry you off and shoot you in the head if you were even suspected of a crime. Wiretaps were the norm and the government could do whatever it wanted. Privacy didn't exist. And they were safer from criminals for it. Well, safer if we define criminals as ones that weren't in the KGB.

    Yeah, no "In Soviet Russia" Joke here.

    This is frightening. It's like we're becoming the very thing we fought in the cold war. A totalitarian government.

    But at least we have 37 types of cereal.

  10. Actions are criminal, not tools by dada21 · · Score: 5, Insightful

    A criminal that rapes someone may have talked during the rape -- it is the rape that was evil.

    A criminal that shoots someone in the head used a gun -- it is the shooting that is evil. He could have used a baseball bat.

    A criminal that blows up a building might use a cell phone -- it is the building exploding that is evil. He could have used e-mail or writing a big X on a tree.

    We have to stop government from criminalizing actions that are part of our right to speech. This right is not something Constitutional or created out of any government document -- it is a natural right that all humans share, no matter what the laws say.

    I'll continue to encrypt, and I'll dare the government to try to restrict me. If I have to, I'll encrypt by using an encryption program that hides my real text to make it look like readable language. Let them try to stop that. Or I'll use my own spoken code. Will they find a way to criminalize it?

    Don't criminalize tools, criminalize criminal actions.

  11. Re:Simple solution. by Anonymous Coward · · Score: 3, Insightful

    I had the same thought. Most encryption is transparent to the user, and session based.
    All I ever see is a little icon that tells me the connection is encrypted when I go to my banks web page...so, am I responsible for reporting the keys or is the bank? Or both? And does it matter that they are useless as soon as I log out?

  12. Implementation by WhiteWolf666 · · Score: 4, Insightful

    People; don't say "This can't be done."

    This is referred to as a "catch-all" type of law. Beware the wonders of selective enforcement.

    The idea here is that if you find a suspected terrorist, and they use encryption, you don't even need to bust them for terrorism OR for not providing their encryption keys when demanded. You can just go to step A, look up their name in the government encryption key database, find out that no, they did not provide their encryption key to , and take them directly to jail.

    Regardless of whether or not the are a terrorist, regardless of whether or not they are willing to turn over their encryption keys when asked, you can find them guilty.

    This is not about collecting everyone's encryption keys (at least not at first). Initially, this will be used as a blunt stick to smack anyone the government doesn't like. Think of the way seat belt laws are enforced; cops won't stop you for not wearing your seat belt, but they'll sure as hell issue a ticket for it even if you aren't speed, have all your paperwork in order, and have done nothing else wrong. It's a sort of standby crime they can get you on.

    --
    WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
  13. More like "Horribly Bad Joke." by C10H14N2 · · Score: 4, Insightful

    Just an example of astoundingly ignorant politicians who don't realize they're effectively criminalizing the use of cellular phones, the constantly changing keys of which would amass petabytes of data within a year, in just the UK--and that's just the keys, not the data they encrypted...and that's just the cellphones.

    What absolute morons.

    1. Re:More like "Horribly Bad Joke." by Tony+Hoyle · · Score: 4, Insightful

      ..and you ipsec keys, which change every few minutes, your ssh key, which is per session, your kerberos key, etc.

      Most people don't even realize how many keys they use. They could default on a law like this without even knowing it.

    2. Re:More like "Horribly Bad Joke." by RexRhino · · Score: 4, Insightful

      The real question is not why you think these encryption laws are idiotic... of course they are idiotic. The real question is why you think the laws on education, civil planning, economy, enviornment, health care, or anything else are more reasonable that these laws on encryption.

      You are probably an expert on computers/encryption, being a part of the Slashdot crowd, that you can understand how messed up these rules are. But if you were a doctor, you would probably think these rules are reasonable, and instead would think that the laws on health care are messed up. You are critical of these laws, because you have the knowledge to understand what is wrong with them... and you are probably don't really question the laws on subjects which you might not understand.

      So you must understand, the vast majority of the population who doesn't understand encryption, will think these laws are reasonable and nessicary, the same way you probably think the laws on education, or enviornment, or whatever are reasonable and nessicary. The average person is not going to take you any more seriously complaining about this, than you take the complaints from factory owners about enviornmental laws.

      At some point you are going to have to realize it isn't "idiotic" leaders who are making "idiotic" policies that are the problem... that our leaders are very very smart and competent... but that it is the idiotic concept that a handful of experts and technocrats can manage virtually every aspect of a huge diverse society. It is the concept that society can be centrally planned / regulated / and managed by lawmakers that is the problem, not with the specific "central planning".

    3. Re:More like "Horribly Bad Joke." by minuszero · · Score: 5, Insightful

      erm.
      RTFA

      Despite the poorly worded title, the UK govt. isn't about to ask you to submit every single key you ever generate.
      It just wants the ability to 'force' you to hand over the keys if and when it asks for them.

      Granted, this causes problems of it's own. I mean, I don't keep a list of every key i've used...

    4. Re:More like "Horribly Bad Joke." by ajs · · Score: 4, Insightful

      You're misunderstanding the technology or the law (I'm not sure which).

      They're talking about private keys (as in the private half of the public/private key pair in public key cryptography), not private keys (as in the only key in private key cryptography).

      This is a huge difference. Private key cryptography is used as the underlying scheme for protocols like SSH, SSL, etc, but public key cryptography is used to ensure the secure exchange of that key. of the private half of the key pair is known, that initial exchange is not secure, and thus there is no need to be TOLD the private key cryptosystem's key: it is handed to any listener who knows the private key that goes with the public key used to initiate the session.

      Oh, and the cell phone companies almost certainly already hand over the key pairs for the phones (or are issued them).

    5. Re:More like "Horribly Bad Joke." by Skjellifetti · · Score: 4, Insightful

      Hmmm...

      I'm not a food scientist, but I think labeling laws and food safety inspection regulations are very necessary. Who doesn't think that? The food industry that doesn't want me to know that their product contains transfats and which would be happy to sell me contaminated meat.

      I'm not a chemical engineer, but I support regulation of gasoline additives. Who doesn't support that? The oil companies who understand that lead is a very cheap way to increase octane levels.

      The real question is why you think the laws on education, civil planning, economy, enviornment, health care, or anything else are more reasonable that these laws on encryption.

      Because most regulations are designed to establish the bounderies of various property rights. Who owns the air -- you or the oil companies? In this case, the regs define the limits of what an individual or company can do with a common resource. Should a food company have the property right to sell unlabled food? Here, the regs are designed to put buyer and seller on more even terms -- they reduce the transaction costs of buying and selling food.

      But mandatory government access to private keys does nothing except make it easier for governments to invade personal privacy. In no way do such regs reduce the costs of transacting commerce or establish property rights boundries on common resources. These regs are fundamentally different from food, health, and environmental regulations.

      --
      FreeSpeech.org
  14. I'd like to see some stats... by erroneus · · Score: 5, Insightful

    ...I know that's like asking to be lied to, but I would like to know how often criminal investigations are hampered or even prevented because communications or information had been encrypted.

    Like so many others, I see this as nothing more than an attack on privacy and not as an aid to criminal investigations. Criminals are not going to turn over their keys. People who turn over their keys aren't likely engaged in criminal acts. "honest" people who believe in the right to privacy will become criminals, however.

    I'm not sure "police state" is the right word, but we're certainly talking about criminalizing the general population to the point that only people "in office" can have the right to privacy under the guise of "national security." And a funny thing happens to your rights when you become "a criminal." You lose them along with your ability to run for public office and all manner of other things.

  15. Cat. Mouse. Cat. Mouse. Cat. Mouse. by hacker · · Score: 5, Insightful
    "The use of encryption is... proliferating..."

    The use of illegal government spying on innocent citizens is proliferating.

    Your move now.

    ...(and no, you may not have my encryption keys).

  16. Re:perfectly reasonable by drooling-dog · · Score: 5, Insightful

    Why not get right to the root of the matter, then, and simply criminalize any attempt to engage in a private conversation? After all, speaking to someone face-to-face in a secure setting is functionally the same as using encryption in a remote communication. No more walks in the woods, unless you immediately file a synopsis of everything you talked about with the proper authorities...

  17. Re:On the other hand by DragonWriter · · Score: 4, Insightful

    Catching up? That's so unfair. Its not like the British are newcomers at this -- if they hadn't done it first, there likely wouldn't be a US.

  18. patently wrong by l4m3z0r · · Score: 4, Insightful

    In america we have whats called the 5th amendment. Which should mean that I have protection under the law to not be forced to answer questions that incriminate myself. What is your password? and what is your encryption key? should be similiar to Where were you the night the victim was shot? I don't have to answer if i believe that in answering the question it will incriminate me in a crime.

  19. Obligatory Ayn Rand by mrchaotica · · Score: 5, Insightful
    "There's no way to rule innocent men. The only power government has is the power to crack down on criminals. When there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws." -- Ayn Rand
    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  20. Re:Actually... by RexRhino · · Score: 5, Insightful

    Under pure anarchy, people would naturally take care of each other and no-one would go without care, or

    Under pure anarchy, people COULD take care of each other and no-one would go without care. How successful they are is up in the air - Most anarchists or minarchists are not utopians, so just because we have anarchy doesn't mean our problems are all solved. In the same way that we support science, but we don't expect science to solve all our problems.

    Here are some examples of ways everyone could have universal and equal health care without being provided by the state:

    1. We could have such a wealthy society that healthcare would be so cheap and plentiful as to be essentially free and universal. Take, for example, television. Go to the poorest neighborhoods in the U.S., and all homes will have a television set. The vast majority will even have cable or satalite. In fact, people living in poverty are more likely to see a television as an "essential" item than rich people (who can afford other types of entertainment). There is no government run television program that provides it to everyone... it is just that our society is so wealthy that TV has become so cheap that it is universal. It is possible that we could have such a thriving economy that paying for health care is just not an issue.

    2. We could have private, self-organized, voluntary organizations that provide health care to everyone. Churches aren't funded by the government, they rely totally on voluntary participation and funding, and yet churches exist everywhere. There is no reason why any service couldn't be provided equally to all people, based on voluntary contribution.

    3. There could be some sort of technological advancement that renders conventional medicine irrelevant.

    4. Labor could form unions, and demand health care as a standard part of all employment. Employeers would be forced to pay for medical care, or face a highly organized nationwide strike.

    4. There could be any combination of the above. Or any number of other possible situations that I cannot even begin to list. Use your imagination.

    Universal health care is impossible and there's no point in striving for it?
    Universal Health care seems to be a failure as it has currently been implemented by governments. One could argue that by relying on the state to give universal health care, that we have given up on health care.

    I'm just not sure what you'd call any entity that provided universal health care other than "the state".

    The state is enforced on all who exist in a geographic location based on the threat of violence through the police and military. Any entity that does not use violence, and does not force participation in the system, would not be a state system. You may thing "the present system is not violent", but it is. The violence may be hidden under layers of beurocracy, but try refusing to pay your tax, or try opening a health clinic without government permission, and the government is going to send some armed individuals to deal with you pretty quickly.

    But on a deeper level, the fact that you have to ask me how we could provide universal health care without a state, is a symptom of the bias and indoctrination. You should be able to think up a few methods for solving the problem without the use of the state yourself. Even if you think the state is still the best way to solve the problem, the fact that the average person cannot even comprehend there could be other solutions besides the government... the fact that virtually no-one gives the other solutions any thought should be warning signs that there is a serious problem. The fact that to be anti-government in our society means to be anti-equality, or anti-prosperity, means that any non-government solutions are going to be supressed. After all, who wants to be anti-equality or anti-prosperity.

  21. Re:...what if... by RexRhino · · Score: 4, Insightful

    Statist indoctrination trumps. There may be disagreement about how a state is run, but my guess is that everyplace you were educated, the absolute nessicity of a strong central state was a given. One country might justify the need for a state in order to protect itself from foriegn enemies, another might justify the state in order to provide social services, another might justify the state for other reasons. But they all agree on the supremecy of the modern centralized state. They disagree on the way a state should be run, the principles the state should abide by... but they all see the state as an institution that is intrinsicly "good". I very highly doubt that anywhere in the world, you were taught to question the government itself as an institution (and I don't mean to question the current political regime, or the current party in power... but I mean to question the state in itself).

  22. The criminals dont follow laws anyhow.. by segfault_0 · · Score: 3, Insightful

    The criminals using encryption are already breaking the law and obviously wont turn in their keys to the police. The only people who will be caught up in this legislation are the good people who follow laws. Whomever thought this up should be sacked for pure stupidity.

    --

    I was crazy back when being crazy really meant something. (Charles Manson)