Slashdot Mirror
UK Law Enforcement Is Against "3-Strikes"
Now that the UK is discussing plans for some form of 3-strikes regime to discourage file-sharing, TechDirt reports that the fans of due process have picked up unlikely allies: the law enforcement and spying establishments fear that a 3-strikes policy would result in far more encryption on the Net, greatly complicating their jobs. "Of course, they're not as concerned about due process and civil rights, as they are about making it more difficult to track down criminals online: 'Law enforcement groups, which include the Serious and Organized Crime Agency and the Metropolitan Police's e-crime unit, believe that more encryption will increase the costs and workload for those attempting to monitor internet traffic. ... A source involved in drafting the Bill said that the intelligence agencies, MI5 and MI6, had also voiced concerns about disconnection. "The spooks hate it," the source said.'" The Times (UK) Online has more details.
After all the news about UK i'm surprised to read they've actually considered whats good for people.
Good job and continue that.
They dont want people to have any excuse to use encryption other than if you've got something to hide.
Besides.. linking terrorists to filesharers is a stretch despite how much easier it would make the UK RIAA's job.
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
The Serious and Organised Crime Agency, as opposed to what, the Laid-back and Disheveled Crime Buddies?
Never really understood this "3 strikes and you're out" theory. Law enforcement is too complex to be modelled after the rules of a US sports game. Can somebody explain how this idiotic idea came about, the thinking behind it?
What next? You don't go to jail if you say "Simon says" before committing an offence? Police can't arrest you if you're not touching the ground when they catch up with you?
Give people legal right to 1mbit as the finns, then this law would never happen.
Fantastic agency name. They are serious and organized about crime! Yeah!
I'm guessing that one possible reason is whilst encryption is moderately rare - then they might assume that any encryption means a greater chance of something to hide and hence they can focus on it.
And of course that unencrypted stuff is easier to track though less immediately suspicious.
Anybody work in forensics and can give us an insider viewpoint?
LP098 5B6FR
Dave Barnes 9 breweries within walking distance of my house
Did the Copyright cartels not think 3 steps ahead here?
Granted suspected 'evil-doers' are probably already using encryption, but once you force untold thousands into the encryption game, you've suddenly forced a needle in the haystack scenario, if it isn't there already.
It would be highly amusing if National Security was brought to its knees by the very heart of the Copyright industry. Protecting profits at the expense of your national safety..... blah, blah, something about reaping what you sow.....
Law enforcement groups, which include the Serious and Organised Crime Agency (Soca) and the Metropolitan Police's e-crime unit, believe that more encryption will increase the costs and workload for those attempting to monitor internet traffic. One official said: "It will make prosecution harder because it increases the workload significantly."
One would think that encryption would stop them in their tracks, not just "increase the costs and workload"
[Fuck Beta]
o0t!
IIRC, you are required to turn over keys if asked by the government in the UK, jail time if you don't.
If they're currently trying to figure out who to ask keys from, if everyone does it, workload on figuring out what is malicious and requires them to ask everyone or figure out some way to narrow it down.
Law enforcement groups, which include the Serious and Organised Crime Agency (Soca) and the Metropolitan Police's e-crime unit, believe that more encryption will increase the costs and workload for those attempting to monitor internet traffic. One official said: "It will make prosecution harder because it increases the workload significantly."
One would think that encryption would stop them in their tracks, not just "increase the costs and workload"
Those increased costs and workload are for actually doing "real" police work instead
- My uid ends in 69...
Encryption requires the extra step of going to the hardware store and buying a $5 wrench.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
This is actually a precursor to demands to regulate encryption, not an attempt to stop a 3 strikes law.
UK civil "service" hell is the compromise created by pleasing as many special interests as possible, except the interests of the individual.
I'd hazard a guess that the real issue these agencies have is about increased use of anonymous communication networks such as Tor rather than just "encryption" of the content. It's almost a given that widespread adoption of Tor will have two important effects: (1) there will be larger numbers of relay or exit nodes in the network - at present it is suspected that intelligence agencies control a large number of the exit nodes (and possibly relay nodes too) in the network; and (2) greater traffic through the network will make it significantly harder to perform timing attacks on entry and exit from the mix network to correlate traffic and thus break its anonymity.
Time to break out the popcorn and watch the private sector fascists go to war with the government fascists.
Competition in the fascism market benefits everyone. I think we can pretty much all agree we don't want any monopolies here...
Encryption simply forces them to tap your keyboard, and the costs of that are much higher than the costs of running Wireshark on a router somewhere.
If commerical encryption were truly unbreakable by these groups, then I'd assume that they would have outlawed their use by now. That is a troubling thought.
Sigs are too short to say anything truly profound so read the above post instead.
law enforcement is against bad weather because it motivates people to live in houses and that makes citizens more difficult to monitor for criminal activity.
This.
Welcome to the Panopticon. Used to be a prison, now it's your home.
....and oops. I just showed this article to a friend who was resistant to using OTR to encrypt his IM communications, even though he had pidgin and could easily turn on OTR. Now he has seen the light and switched on OTR. Thanks UK Police!
-Steve
"I opened my eyes, and everything went dark again"
Of course, they're not as concerned about due process and civil rights, as they are about making it more difficult to track down criminals online
The enemy of my enemy is not my friend, even when they aid me.
I put on my robe and wizard hat..
I didn't know they made three more movies, but MI3 sure sucked.
They'll just pass a law requiring you to hand over the key. I believe those exist already in the US at least.
Either way, you're screwed.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
As a privacy advocate I recommend that, whenever possible, one should encrypt everything regardless of the sensitivity of the particular data.
This will effectively keep law enforcement from tagging encrypted network traffic as being suspicious because encrypted network traffic will become the norm.
How will the police track down dangerous criminals using the Internet you may ask? My answer would be who cares? In my book criminals have just as much right to privacy as do any law abiding citizen. Plus more law abiding citizens will have their right to privacy violated in the pursuit of criminals than do the actual criminals.
Benjamin Franklin said it best when he wrote "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."
Nick Powers
Encryption: I may not agree with what you say, but I will defend your right to encrypt it...
If commerical encryption were truly unbreakable by these groups, then I'd assume that they would have outlawed their use by now.
They pretty much have. In the UK you are legally obligated to give up your keys if required.
Of course, then comes the question of how they're going to determine if the keys were the real keys... or just to the first layer... or just to the first and second layer... or...
The intelligence agencies would do well to object quite a lot; we still haven't the final mass migration to rubber hose protected encryption and f2f darknets, but it's well on the way. If three-strikes regulation becomes popular, then most of the internet will become pretty opaque to any form of snooping, and any real threats will happily tag along on the mass of ordinary citizens just out to protect their privacy from whatever lobbyist it tugging at the puppet strings of the politicians for the moment.
The enemy of my enemy is not my friend but a tool to wield against my enemy. Often while also using my enemy against my enemy's enemy so that they are both sufficiently weakened by the conflict, and cannot defend themselves against me.
Seriously, have you not played any strategy games ever?
This blatent peice of BBC propaganda from a couple of years back demonises "so called BIT TORRENT FILE SHARING" for encouraging encryption and making illegal wire tapping of UK civilians' data and telephone communications more difficult for the CIA and MI5. http://www.youtube.com/watch?v=dq2PK2W-vVI
Encryption simply forces them to tap your keyboard, and the costs of that are much higher than the costs of running Wireshark on a router somewhere.
Not only that, but it usually requires a much more involved process of those troublesome warrents and all to get actual wire-tepping done (usually, not always). Curse that due process!
Let's not be too disparaging here, the police sometimes have legitamte interests in information gathering, there really are some people who need to be taken down. It is not their job to just protect our rights politically, that's our job and the job of the politicians (who epically fail in internet law). It is their job to protect our rights in life, but not to lobby for it in law-making; so they serve their own interests here, but they do so legitimatly (refering to other posts, not yours here). At least it does point out one of the social problems of treating practitioners internet freedoms as common criminals... it makes real criminals easily lost in the system.
DISCLAIMER: I am very rarely serious. If the above comment seems asinine makes no sense, it is most likely a bad joke.
At least this hints that there isn't a trivial way of breaking RSA, AES, or the other popular systems.
I would certainly expect a side effect of increased **AA-related harassment to be increased use of encryption and anonymizers. My expectation keeps my blood pressure down. Every time I get upset about more ridiculous **AA junk, I consider the probable outcome and how this is all probably a good thing in the long run. While hiding from **AAs, people increase their privacy and make it more difficult for anyone else to eavesdrop at the same time.
You can see now, when HADOPI in France is active, really _massive_ movement French to anonymouse and encrypted networks like i2p2, tor, freenet.
If commercial encryption were truly unbreakable by these groups, then I'd assume that they would have outlawed their use by now. That is a troubling thought.
Good (ie created by people who know what they are doing, not some snake-oil salesman) encryption is currently unbreakable, If it were breakable, the feds wouldn't have had to install a key logger on a mobsters computer to get the PGP passphrase. If it were breakable, the UK wouldn't have enacted a law to make it a crime to keep your mouth shut when asked for the encryption key. If it were breakable, the police wouldn't care if people used it.
Sure, you can go about and spew conspiracy theories about how the NSA can break anything, but I seriously doubt that is the case. Oh, it's no doubt that they try. They need to know if other governments can break the encryption, so they try. But once they have something broke, they make recommendations on how to secure the algorythm. Remember DES? They told IBM to make a couple of changes, making the algorithm stronger. If they knew of a significant weakness in AES, they wouldn't have recommended AES. If a significant weakness in AES is found (and there are attacks on it coming from the public sector), a new call for encryption will be made.
Another reason I don't think the NSA is overly concerned that they can't crack something is that they know that sometimes a $5 wrench, a $500 bribe, or $5,000 informant is a lot cheaper and faster then trying to break the encryption.
Even keyboard logging isn't a shoe-in. 90% of the time they're not also monitoring the MOUSE as well. Some programs are now using on-screen keyboards for password entry to get around keyloggers. You can also on many systems pair a key-file with your password. The keyfile needn't necessarily stay on your computer if it's easily retrievable.
For example, you could use a source file from the first release of the Linux kernel as a keyfile. It's easily remembered, and easily retrieved from tons of locations on the net, yet incredibly hard to guess.
You can also keep your encrypted media hidden in the real world. Take those little cell phone memory cards for example. They're like 1 cm squared and wafer thin, but can hold gigabytes of information. Go to your front door, remove the top hinge, and cut a tiny notch in the door behind the hinge. Stick your card there and then replace the hinge covering your little notch. Or open your VCR or game system and tape the thing on the inside of the device before reassembling. Unless they see you do it, almost no one will find that. Or worst case scenario, get a wooden box, put your card in a zip loc bag (or really several of them), and just bury the thing somewhere that you know isn't likely to be searched. Having the key is no good if they can't find the lock.
Also is the mere fact that not everything you encrypt is stuff you'll be accessing too often. I have encrypted containers that I haven't accessed in years. They'd be keylogging a LONG time before they caught me typing my password.
"People who think they know everything are very annoying to those of us who do."-Mark Twain
Who's on first?
Yes.
best fucking slashdot comment in a long time
Explaining the joke will not get you upmodded
Then that was necessary for them to do so that we'd think they couldn't crack it. Standard espionage novel fare-let the enemy catch you trying to steal their code machine so they think you need to steal their code machine because you can't crack their code otherwise...
Please, please, please...the word is obliged, not obligated. Thank you for your time.
[FUCK BETA]
Too bad the law wasn't thought up by Canadian lawyers. If you get caught filesharing, you can't connect to the Net for 2 minutes.
Of course, starting a flame war might get you 5 minutes, but would that really be so bad? :P
My point is, no amount of encryption adds to your physical security. If they bug your ceiling, they can see you entering the password and doing all the other things you do with your computer. Hence the encryption does not make spying impossible, only a lot more expensive, geographically isolated, and more subject to the due process, as Znork (31774) points out nearby. IMHO, all the more reasons to use the end-to-end encryption as much as possible.
This is one reason I think all these countries that are busily setting up mandatory internet filtering are completely defeating themselves.
Right now, 95% of people accessing child porn and the like just post on open unencrypted connections. Stupid - but there you go. Once the connection is filtered and only encrypted connections even work any more they will all become educated about encryption and anonymization sufficient to bypass the filters and 99% of the intelligence sources that are now helping to track down these criminals will go dark.
This simplistic and damaging law-making gets traction because of the people who are overly punitive.
That trait of excessive eagerness to punish is often coupled with these other traits:
Authoritarian Personality WP article
"The Authoritarians" paper
Actually, either's valid.
Here's a book review that might interest you: http://www.salon.com/books/review/2009/10/25/lexicographers_dilemma/
I like this. In reality, properly-implemented encryption will completely prevent even the most well-funded government agency from monitoring your Internet traffic. But Police and Three Letter Agencies would never admit as much in a press release. Instead, encryption just "increases their costs and workload." Feh.
I think one of the reasons that the average person doesn't care enough about encryption to use it is because they have no idea how effective it is.
While I appreciate your efforts to shoehorn your opinion into this, that's not what happened at all.
In fact, the original three strikes law was limited to serious offenders
http://en.wikipedia.org/wiki/List_of_Washington_initiatives_to_the_people#1993
I don't find anything "overly punitive" about incarcerating repeat serious offenders. I doubt any reasonable person would either.
So, no, it really had nothing to do with being "overly punitive", and that characterization is really not accurate at all.
However, as the person you incorrectly "corrected" said, politicians used it as a stumping point, and that's when things went to hell.
Last, I would avoid using simplistic tools like your list and links, they really have no value in the analysis of the "psychopathology" of the three strikes law, but are instead a very thinly veiled cheap shot at a certain group of political opponents.
It's as though you used phrenology to analyze skin cancer, it's useless and displays a gross lack of knowledge about the subject.
$5 wrench, a $500 bribe, or $5,000 informant is cute . ...
But why not just pay 500,000 and get the shipped consumer grade code altered?
it will last 2-10 years in the real world and the NSA ect will be able to read it in real time.
Its MS or Apple consumer quality
If your using Linux and are just too smart using real encryption, then you get a logger as you glow in the dark.
As for " install a key logger on a criminals computer "
they might write a few drafts, drafts 1 and 4 point to new ideas, networks, names ect. The final sent version might just be boring and suggest working faster, harder at a known activity.
If it were breakable you get 1 message, with the logger, you might get some more insight.
Loggers and demands for encryption key say nothing about breakable encryption.
Loggers are powerful tools, encryption key requests keep you in custody for days, a powerful legal tool to keep you locked up as further enquiries are made.
Both say nothing about breakable shipping consumer grade encryption.
As for IBM, they liked 20th C eugenics and seemed connected to ww2 Germany.
Not a great foundation for todays codes.
All that is known is the USA and UK love real time decryption, why would this change???
Domestic spying is now "Benign Information Gathering"
Noo... English must not change! Alright, Old English to Middle English to Modern English is fine but LEAVE MODERN ENGLISH ALONE!!!1
So, no, it really had nothing to do with being "overly punitive", and that characterization is really not accurate at all.
"It"? If you clarify your antecedent there you'll likely discover that "simplistic and damaging law-making [getting] traction" isn't what you're addressing, though it's what I was addressing. Like AC pointed out.
Otherwise, "a very thinly veiled cheap shot at a certain group of political opponents" deserves some attention here. I can understand your being sensitive to the issue as it seems to be denigrating of your political views. Please believe me that my interest isn't against your politics so much as it's against the pathology that happens to be correlated with your politics. Not everyone with your political beliefs is messed up in the head this way, though it tends to be the case. Indeed, there are crazy folk of a similar stripe on the other end of the political spectrum. (Granted, it happens far less.) I am addressing the insanity, not the politics. I try not to engage in in-group v. out-group fighting. That "Us v. Them" reflex is just more evidence of the pathology I'm talking about, so it's telling that you perceive yourself as attacked and need to attack me in return (and to identify me as a member of your out-group).
I highly recommend that you read The Authoritarians and grasp it. However, I expect instead you will emotionally reject it and provide rationalizations for doing so. I don't mean that as a slight, only an observation that might hopefully spur you to rise above such emotionalism, but it would be totally understandable for you to take offense. If you take the RWA survey to identify your level of RWA, it'll help you determine your degree of correlation with the various traits discussed in the paper. That stuff is pretty solid science. You could learn some things about your tendencies.
You ended up with cases where a person could be sentenced to a life term in prison for a relatively minor crime, e.g. shoplifting.
No, they are sentenced to a life term for being a habitual criminal who won't reform.
Sure, shoplifting may be the final trigger, but that certainly isn't why we put them away for life.
Likewise, if you overload a bridge with a convoy of 70-ton tanks and then it breaks when a butterfly lands, we don't blame the butterfly.
They require you to relinquish your encryption keys for a reason.
There are similar dilemmas in law enforcement in North America -- if you won't roll down your window for the police when they pull you over for example, and they force their way into your vehicle, they've just committed (in most cases) an illegal search and everything else becomes fruit of the poison tree*.
Police procedure combined with human rights can in fact hinder investigation of some crimes, but some of us would argue that the rights and liberties are more important.
*IANAL
- Michael T. Babcock (Yes, I blog)
Costs come from the UK Stasi banging on your door, beating you with a 5 pound wrench until you give up your passwords.
Dont forget, under UK law, you have no right to remain silent when asked for passwords.
Thank the US right wingers who originally came up with the idea to lock up a person who is convicted of felony crimes three separate times for the rest of their lives as career criminals
http://en.wikipedia.org/wiki/Three_strikes_law
It's created in the US what become now known as the prison-industrial complex.