Slashdot Mirror
UK Law Enforcement Is Against "3-Strikes"
Now that the UK is discussing plans for some form of 3-strikes regime to discourage file-sharing, TechDirt reports that the fans of due process have picked up unlikely allies: the law enforcement and spying establishments fear that a 3-strikes policy would result in far more encryption on the Net, greatly complicating their jobs. "Of course, they're not as concerned about due process and civil rights, as they are about making it more difficult to track down criminals online: 'Law enforcement groups, which include the Serious and Organized Crime Agency and the Metropolitan Police's e-crime unit, believe that more encryption will increase the costs and workload for those attempting to monitor internet traffic. ... A source involved in drafting the Bill said that the intelligence agencies, MI5 and MI6, had also voiced concerns about disconnection. "The spooks hate it," the source said.'" The Times (UK) Online has more details.
They dont want people to have any excuse to use encryption other than if you've got something to hide.
Besides.. linking terrorists to filesharers is a stretch despite how much easier it would make the UK RIAA's job.
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
The Serious and Organised Crime Agency, as opposed to what, the Laid-back and Disheveled Crime Buddies?
Never really understood this "3 strikes and you're out" theory. Law enforcement is too complex to be modelled after the rules of a US sports game. Can somebody explain how this idiotic idea came about, the thinking behind it?
What next? You don't go to jail if you say "Simon says" before committing an offence? Police can't arrest you if you're not touching the ground when they catch up with you?
I'm guessing that one possible reason is whilst encryption is moderately rare - then they might assume that any encryption means a greater chance of something to hide and hence they can focus on it.
And of course that unencrypted stuff is easier to track though less immediately suspicious.
Anybody work in forensics and can give us an insider viewpoint?
LP098 5B6FR
Dave Barnes 9 breweries within walking distance of my house
They are not concerned for what is good for the people. They don't want the law solely because they are afraid that it will lead to citizens making use of encryption that makes it harder for them to snoop. Pure selfish interest.
Sigs are too short to say anything truly profound so read the above post instead.
Law enforcement groups, which include the Serious and Organised Crime Agency (Soca) and the Metropolitan Police's e-crime unit, believe that more encryption will increase the costs and workload for those attempting to monitor internet traffic. One official said: "It will make prosecution harder because it increases the workload significantly."
One would think that encryption would stop them in their tracks, not just "increase the costs and workload"
[Fuck Beta]
o0t!
Don't be surprised. They're not considering what's good for _people_ they're considering what's good for them. It's bad for big brother if all the internets are encrypted.
IIRC, you are required to turn over keys if asked by the government in the UK, jail time if you don't.
If they're currently trying to figure out who to ask keys from, if everyone does it, workload on figuring out what is malicious and requires them to ask everyone or figure out some way to narrow it down.
Law enforcement groups, which include the Serious and Organised Crime Agency (Soca) and the Metropolitan Police's e-crime unit, believe that more encryption will increase the costs and workload for those attempting to monitor internet traffic. One official said: "It will make prosecution harder because it increases the workload significantly."
One would think that encryption would stop them in their tracks, not just "increase the costs and workload"
Those increased costs and workload are for actually doing "real" police work instead
- My uid ends in 69...
Encryption requires the extra step of going to the hardware store and buying a $5 wrench.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
I'd hazard a guess that the real issue these agencies have is about increased use of anonymous communication networks such as Tor rather than just "encryption" of the content. It's almost a given that widespread adoption of Tor will have two important effects: (1) there will be larger numbers of relay or exit nodes in the network - at present it is suspected that intelligence agencies control a large number of the exit nodes (and possibly relay nodes too) in the network; and (2) greater traffic through the network will make it significantly harder to perform timing attacks on entry and exit from the mix network to correlate traffic and thus break its anonymity.
Time to break out the popcorn and watch the private sector fascists go to war with the government fascists.
Competition in the fascism market benefits everyone. I think we can pretty much all agree we don't want any monopolies here...
Sure, it makes sense. Make it such a PR issue that everyone and their grandmother is concerned with security so that they use Tor. It's simply an arms race.
Encryption simply forces them to tap your keyboard, and the costs of that are much higher than the costs of running Wireshark on a router somewhere.
If commerical encryption were truly unbreakable by these groups, then I'd assume that they would have outlawed their use by now. That is a troubling thought.
Sigs are too short to say anything truly profound so read the above post instead.
law enforcement is against bad weather because it motivates people to live in houses and that makes citizens more difficult to monitor for criminal activity.
This.
Welcome to the Panopticon. Used to be a prison, now it's your home.
....and oops. I just showed this article to a friend who was resistant to using OTR to encrypt his IM communications, even though he had pidgin and could easily turn on OTR. Now he has seen the light and switched on OTR. Thanks UK Police!
-Steve
"I opened my eyes, and everything went dark again"
Of course, they're not as concerned about due process and civil rights, as they are about making it more difficult to track down criminals online
The enemy of my enemy is not my friend, even when they aid me.
I put on my robe and wizard hat..
I didn't know they made three more movies, but MI3 sure sucked.
They'll just pass a law requiring you to hand over the key. I believe those exist already in the US at least.
Either way, you're screwed.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
As a privacy advocate I recommend that, whenever possible, one should encrypt everything regardless of the sensitivity of the particular data.
This will effectively keep law enforcement from tagging encrypted network traffic as being suspicious because encrypted network traffic will become the norm.
How will the police track down dangerous criminals using the Internet you may ask? My answer would be who cares? In my book criminals have just as much right to privacy as do any law abiding citizen. Plus more law abiding citizens will have their right to privacy violated in the pursuit of criminals than do the actual criminals.
Benjamin Franklin said it best when he wrote "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."
Nick Powers
Encryption: I may not agree with what you say, but I will defend your right to encrypt it...
If commerical encryption were truly unbreakable by these groups, then I'd assume that they would have outlawed their use by now.
They pretty much have. In the UK you are legally obligated to give up your keys if required.
Of course, then comes the question of how they're going to determine if the keys were the real keys... or just to the first layer... or just to the first and second layer... or...
The intelligence agencies would do well to object quite a lot; we still haven't the final mass migration to rubber hose protected encryption and f2f darknets, but it's well on the way. If three-strikes regulation becomes popular, then most of the internet will become pretty opaque to any form of snooping, and any real threats will happily tag along on the mass of ordinary citizens just out to protect their privacy from whatever lobbyist it tugging at the puppet strings of the politicians for the moment.
This blatent peice of BBC propaganda from a couple of years back demonises "so called BIT TORRENT FILE SHARING" for encouraging encryption and making illegal wire tapping of UK civilians' data and telephone communications more difficult for the CIA and MI5. http://www.youtube.com/watch?v=dq2PK2W-vVI
Encryption simply forces them to tap your keyboard, and the costs of that are much higher than the costs of running Wireshark on a router somewhere.
Not only that, but it usually requires a much more involved process of those troublesome warrents and all to get actual wire-tepping done (usually, not always). Curse that due process!
Let's not be too disparaging here, the police sometimes have legitamte interests in information gathering, there really are some people who need to be taken down. It is not their job to just protect our rights politically, that's our job and the job of the politicians (who epically fail in internet law). It is their job to protect our rights in life, but not to lobby for it in law-making; so they serve their own interests here, but they do so legitimatly (refering to other posts, not yours here). At least it does point out one of the social problems of treating practitioners internet freedoms as common criminals... it makes real criminals easily lost in the system.
DISCLAIMER: I am very rarely serious. If the above comment seems asinine makes no sense, it is most likely a bad joke.
At least this hints that there isn't a trivial way of breaking RSA, AES, or the other popular systems.
I would certainly expect a side effect of increased **AA-related harassment to be increased use of encryption and anonymizers. My expectation keeps my blood pressure down. Every time I get upset about more ridiculous **AA junk, I consider the probable outcome and how this is all probably a good thing in the long run. While hiding from **AAs, people increase their privacy and make it more difficult for anyone else to eavesdrop at the same time.
Even keyboard logging isn't a shoe-in. 90% of the time they're not also monitoring the MOUSE as well. Some programs are now using on-screen keyboards for password entry to get around keyloggers. You can also on many systems pair a key-file with your password. The keyfile needn't necessarily stay on your computer if it's easily retrievable.
For example, you could use a source file from the first release of the Linux kernel as a keyfile. It's easily remembered, and easily retrieved from tons of locations on the net, yet incredibly hard to guess.
You can also keep your encrypted media hidden in the real world. Take those little cell phone memory cards for example. They're like 1 cm squared and wafer thin, but can hold gigabytes of information. Go to your front door, remove the top hinge, and cut a tiny notch in the door behind the hinge. Stick your card there and then replace the hinge covering your little notch. Or open your VCR or game system and tape the thing on the inside of the device before reassembling. Unless they see you do it, almost no one will find that. Or worst case scenario, get a wooden box, put your card in a zip loc bag (or really several of them), and just bury the thing somewhere that you know isn't likely to be searched. Having the key is no good if they can't find the lock.
Also is the mere fact that not everything you encrypt is stuff you'll be accessing too often. I have encrypted containers that I haven't accessed in years. They'd be keylogging a LONG time before they caught me typing my password.
"People who think they know everything are very annoying to those of us who do."-Mark Twain
To be fair the "UK law enforcement and intelligence services" should not be commenting on due process and civil rights, other than to confirm that they uphold them. It is their job to track criminals, it is our job to dictate the rules they must follow in doing so.
It's not really fair to apportion them with blame for the laziness, apathy and short-sightedness of voters and their elected officials. They're probably even more surprised than we are when their more outlandish proposals actually get approved.
Then that was necessary for them to do so that we'd think they couldn't crack it. Standard espionage novel fare-let the enemy catch you trying to steal their code machine so they think you need to steal their code machine because you can't crack their code otherwise...
Please, please, please...the word is obliged, not obligated. Thank you for your time.
[FUCK BETA]
My point is, no amount of encryption adds to your physical security. If they bug your ceiling, they can see you entering the password and doing all the other things you do with your computer. Hence the encryption does not make spying impossible, only a lot more expensive, geographically isolated, and more subject to the due process, as Znork (31774) points out nearby. IMHO, all the more reasons to use the end-to-end encryption as much as possible.
Ummmm yeah... that's pretty much exactly what the article summary said. Being able to read is now +5 insightful? Oh well, I'm here to witness the dying days of /. I guess.
The tyrant will always find a pretext for his tyranny - Aesop
This is one reason I think all these countries that are busily setting up mandatory internet filtering are completely defeating themselves.
Right now, 95% of people accessing child porn and the like just post on open unencrypted connections. Stupid - but there you go. Once the connection is filtered and only encrypted connections even work any more they will all become educated about encryption and anonymization sufficient to bypass the filters and 99% of the intelligence sources that are now helping to track down these criminals will go dark.
This simplistic and damaging law-making gets traction because of the people who are overly punitive.
That trait of excessive eagerness to punish is often coupled with these other traits:
Authoritarian Personality WP article
"The Authoritarians" paper
Actually, either's valid.
Here's a book review that might interest you: http://www.salon.com/books/review/2009/10/25/lexicographers_dilemma/
When MI5/6 owns your first contact with TOR and you enter "How was London yesterday" in clear text, all the have to wait for is that to exit.
TOR can flash it around the world a few times, when your clear text message returns, they have the IP of both users and the fact they feel the need to use TOR.
With the links to your telco, it becomes too easy.
Domestic spying is now "Benign Information Gathering"
I like this. In reality, properly-implemented encryption will completely prevent even the most well-funded government agency from monitoring your Internet traffic. But Police and Three Letter Agencies would never admit as much in a press release. Instead, encryption just "increases their costs and workload." Feh.
I think one of the reasons that the average person doesn't care enough about encryption to use it is because they have no idea how effective it is.
With new roles comes new funding.
New funding means a few token arrests, but a vast backend.
Today it tracks p2p, soon it just tracks.
Like cctv for the IRA is now OCR ed for tax and other revenue options.
As for laziness, apathy and short-sightedness, sure, they sold out to rendition and will be named over time.
Could be a new set of rules.
In the past outlandish proposals could be blocked as MI5/6 knew of the sexual needs, fraud, theft of their political masters and could end a political party for a decade.
Now with torture, containers, black sites, ghosts and false flags operations set up by top MI5/6/SAS ect, elected officials now have the upper hand.
Domestic spying is now "Benign Information Gathering"
While I appreciate your efforts to shoehorn your opinion into this, that's not what happened at all.
In fact, the original three strikes law was limited to serious offenders
http://en.wikipedia.org/wiki/List_of_Washington_initiatives_to_the_people#1993
I don't find anything "overly punitive" about incarcerating repeat serious offenders. I doubt any reasonable person would either.
So, no, it really had nothing to do with being "overly punitive", and that characterization is really not accurate at all.
However, as the person you incorrectly "corrected" said, politicians used it as a stumping point, and that's when things went to hell.
Last, I would avoid using simplistic tools like your list and links, they really have no value in the analysis of the "psychopathology" of the three strikes law, but are instead a very thinly veiled cheap shot at a certain group of political opponents.
It's as though you used phrenology to analyze skin cancer, it's useless and displays a gross lack of knowledge about the subject.
Encryption game is fun too. :)
Its like seeing something of interest on youtube or web 2.0, then getting the ip and paying a visit in full riot gear at 6 am.
Just to have a chat to tell you they know you, what your doing and can come back any time to chat about the "use" of the internet.
You also need a new door, sofa, wall paint, light, computer, modem and an electrician to turn the power back on.
Call it community policing
Domestic spying is now "Benign Information Gathering"
$5 wrench, a $500 bribe, or $5,000 informant is cute . ...
But why not just pay 500,000 and get the shipped consumer grade code altered?
it will last 2-10 years in the real world and the NSA ect will be able to read it in real time.
Its MS or Apple consumer quality
If your using Linux and are just too smart using real encryption, then you get a logger as you glow in the dark.
As for " install a key logger on a criminals computer "
they might write a few drafts, drafts 1 and 4 point to new ideas, networks, names ect. The final sent version might just be boring and suggest working faster, harder at a known activity.
If it were breakable you get 1 message, with the logger, you might get some more insight.
Loggers and demands for encryption key say nothing about breakable encryption.
Loggers are powerful tools, encryption key requests keep you in custody for days, a powerful legal tool to keep you locked up as further enquiries are made.
Both say nothing about breakable shipping consumer grade encryption.
As for IBM, they liked 20th C eugenics and seemed connected to ww2 Germany.
Not a great foundation for todays codes.
All that is known is the USA and UK love real time decryption, why would this change???
Domestic spying is now "Benign Information Gathering"
So, no, it really had nothing to do with being "overly punitive", and that characterization is really not accurate at all.
"It"? If you clarify your antecedent there you'll likely discover that "simplistic and damaging law-making [getting] traction" isn't what you're addressing, though it's what I was addressing. Like AC pointed out.
Otherwise, "a very thinly veiled cheap shot at a certain group of political opponents" deserves some attention here. I can understand your being sensitive to the issue as it seems to be denigrating of your political views. Please believe me that my interest isn't against your politics so much as it's against the pathology that happens to be correlated with your politics. Not everyone with your political beliefs is messed up in the head this way, though it tends to be the case. Indeed, there are crazy folk of a similar stripe on the other end of the political spectrum. (Granted, it happens far less.) I am addressing the insanity, not the politics. I try not to engage in in-group v. out-group fighting. That "Us v. Them" reflex is just more evidence of the pathology I'm talking about, so it's telling that you perceive yourself as attacked and need to attack me in return (and to identify me as a member of your out-group).
I highly recommend that you read The Authoritarians and grasp it. However, I expect instead you will emotionally reject it and provide rationalizations for doing so. I don't mean that as a slight, only an observation that might hopefully spur you to rise above such emotionalism, but it would be totally understandable for you to take offense. If you take the RWA survey to identify your level of RWA, it'll help you determine your degree of correlation with the various traits discussed in the paper. That stuff is pretty solid science. You could learn some things about your tendencies.
Which is why they don't want everyone using encryption. As long as they can raise a jury of people who don't, they can get by with the "they were using encryption, so they must be doing something wrong" argument, but when the jury is full of people who all use it, then that argument fails and they have to actually work for a living.
People should not fear their government. Governments should fear their people.
To save money they hire local home improvement store employees to fill out their riot squad.
You ended up with cases where a person could be sentenced to a life term in prison for a relatively minor crime, e.g. shoplifting.
No, they are sentenced to a life term for being a habitual criminal who won't reform.
Sure, shoplifting may be the final trigger, but that certainly isn't why we put them away for life.
Likewise, if you overload a bridge with a convoy of 70-ton tanks and then it breaks when a butterfly lands, we don't blame the butterfly.
They require you to relinquish your encryption keys for a reason.
There are similar dilemmas in law enforcement in North America -- if you won't roll down your window for the police when they pull you over for example, and they force their way into your vehicle, they've just committed (in most cases) an illegal search and everything else becomes fruit of the poison tree*.
Police procedure combined with human rights can in fact hinder investigation of some crimes, but some of us would argue that the rights and liberties are more important.
*IANAL
- Michael T. Babcock (Yes, I blog)
Incorrect. Vidalia makes it easy to not only operate Tor but set up a middleman, bridge, or exit node as well.
Proteus' Child
Doko ni datte; hito wa, tsunagette iru.
Thank the US right wingers who originally came up with the idea to lock up a person who is convicted of felony crimes three separate times for the rest of their lives as career criminals
http://en.wikipedia.org/wiki/Three_strikes_law
It's created in the US what become now known as the prison-industrial complex.