Slashdot Mirror
UK Law Enforcement Is Against "3-Strikes"
Now that the UK is discussing plans for some form of 3-strikes regime to discourage file-sharing, TechDirt reports that the fans of due process have picked up unlikely allies: the law enforcement and spying establishments fear that a 3-strikes policy would result in far more encryption on the Net, greatly complicating their jobs. "Of course, they're not as concerned about due process and civil rights, as they are about making it more difficult to track down criminals online: 'Law enforcement groups, which include the Serious and Organized Crime Agency and the Metropolitan Police's e-crime unit, believe that more encryption will increase the costs and workload for those attempting to monitor internet traffic. ... A source involved in drafting the Bill said that the intelligence agencies, MI5 and MI6, had also voiced concerns about disconnection. "The spooks hate it," the source said.'" The Times (UK) Online has more details.
They dont want people to have any excuse to use encryption other than if you've got something to hide.
Besides.. linking terrorists to filesharers is a stretch despite how much easier it would make the UK RIAA's job.
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
The Serious and Organised Crime Agency, as opposed to what, the Laid-back and Disheveled Crime Buddies?
Never really understood this "3 strikes and you're out" theory. Law enforcement is too complex to be modelled after the rules of a US sports game. Can somebody explain how this idiotic idea came about, the thinking behind it?
What next? You don't go to jail if you say "Simon says" before committing an offence? Police can't arrest you if you're not touching the ground when they catch up with you?
LP098 5B6FR
Dave Barnes 9 breweries within walking distance of my house
They are not concerned for what is good for the people. They don't want the law solely because they are afraid that it will lead to citizens making use of encryption that makes it harder for them to snoop. Pure selfish interest.
Sigs are too short to say anything truly profound so read the above post instead.
Law enforcement groups, which include the Serious and Organised Crime Agency (Soca) and the Metropolitan Police's e-crime unit, believe that more encryption will increase the costs and workload for those attempting to monitor internet traffic. One official said: "It will make prosecution harder because it increases the workload significantly."
One would think that encryption would stop them in their tracks, not just "increase the costs and workload"
[Fuck Beta]
o0t!
IIRC, you are required to turn over keys if asked by the government in the UK, jail time if you don't.
If they're currently trying to figure out who to ask keys from, if everyone does it, workload on figuring out what is malicious and requires them to ask everyone or figure out some way to narrow it down.
Law enforcement groups, which include the Serious and Organised Crime Agency (Soca) and the Metropolitan Police's e-crime unit, believe that more encryption will increase the costs and workload for those attempting to monitor internet traffic. One official said: "It will make prosecution harder because it increases the workload significantly."
One would think that encryption would stop them in their tracks, not just "increase the costs and workload"
Those increased costs and workload are for actually doing "real" police work instead
- My uid ends in 69...
Encryption requires the extra step of going to the hardware store and buying a $5 wrench.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
I'd hazard a guess that the real issue these agencies have is about increased use of anonymous communication networks such as Tor rather than just "encryption" of the content. It's almost a given that widespread adoption of Tor will have two important effects: (1) there will be larger numbers of relay or exit nodes in the network - at present it is suspected that intelligence agencies control a large number of the exit nodes (and possibly relay nodes too) in the network; and (2) greater traffic through the network will make it significantly harder to perform timing attacks on entry and exit from the mix network to correlate traffic and thus break its anonymity.
Sure, it makes sense. Make it such a PR issue that everyone and their grandmother is concerned with security so that they use Tor. It's simply an arms race.
This.
Welcome to the Panopticon. Used to be a prison, now it's your home.
I didn't know they made three more movies, but MI3 sure sucked.
If commerical encryption were truly unbreakable by these groups, then I'd assume that they would have outlawed their use by now.
They pretty much have. In the UK you are legally obligated to give up your keys if required.
Of course, then comes the question of how they're going to determine if the keys were the real keys... or just to the first layer... or just to the first and second layer... or...
The intelligence agencies would do well to object quite a lot; we still haven't the final mass migration to rubber hose protected encryption and f2f darknets, but it's well on the way. If three-strikes regulation becomes popular, then most of the internet will become pretty opaque to any form of snooping, and any real threats will happily tag along on the mass of ordinary citizens just out to protect their privacy from whatever lobbyist it tugging at the puppet strings of the politicians for the moment.
Encryption simply forces them to tap your keyboard, and the costs of that are much higher than the costs of running Wireshark on a router somewhere.
Not only that, but it usually requires a much more involved process of those troublesome warrents and all to get actual wire-tepping done (usually, not always). Curse that due process!
Let's not be too disparaging here, the police sometimes have legitamte interests in information gathering, there really are some people who need to be taken down. It is not their job to just protect our rights politically, that's our job and the job of the politicians (who epically fail in internet law). It is their job to protect our rights in life, but not to lobby for it in law-making; so they serve their own interests here, but they do so legitimatly (refering to other posts, not yours here). At least it does point out one of the social problems of treating practitioners internet freedoms as common criminals... it makes real criminals easily lost in the system.
DISCLAIMER: I am very rarely serious. If the above comment seems asinine makes no sense, it is most likely a bad joke.
At least this hints that there isn't a trivial way of breaking RSA, AES, or the other popular systems.
Even keyboard logging isn't a shoe-in. 90% of the time they're not also monitoring the MOUSE as well. Some programs are now using on-screen keyboards for password entry to get around keyloggers. You can also on many systems pair a key-file with your password. The keyfile needn't necessarily stay on your computer if it's easily retrievable.
For example, you could use a source file from the first release of the Linux kernel as a keyfile. It's easily remembered, and easily retrieved from tons of locations on the net, yet incredibly hard to guess.
You can also keep your encrypted media hidden in the real world. Take those little cell phone memory cards for example. They're like 1 cm squared and wafer thin, but can hold gigabytes of information. Go to your front door, remove the top hinge, and cut a tiny notch in the door behind the hinge. Stick your card there and then replace the hinge covering your little notch. Or open your VCR or game system and tape the thing on the inside of the device before reassembling. Unless they see you do it, almost no one will find that. Or worst case scenario, get a wooden box, put your card in a zip loc bag (or really several of them), and just bury the thing somewhere that you know isn't likely to be searched. Having the key is no good if they can't find the lock.
Also is the mere fact that not everything you encrypt is stuff you'll be accessing too often. I have encrypted containers that I haven't accessed in years. They'd be keylogging a LONG time before they caught me typing my password.
"People who think they know everything are very annoying to those of us who do."-Mark Twain
To be fair the "UK law enforcement and intelligence services" should not be commenting on due process and civil rights, other than to confirm that they uphold them. It is their job to track criminals, it is our job to dictate the rules they must follow in doing so.
It's not really fair to apportion them with blame for the laziness, apathy and short-sightedness of voters and their elected officials. They're probably even more surprised than we are when their more outlandish proposals actually get approved.
My point is, no amount of encryption adds to your physical security. If they bug your ceiling, they can see you entering the password and doing all the other things you do with your computer. Hence the encryption does not make spying impossible, only a lot more expensive, geographically isolated, and more subject to the due process, as Znork (31774) points out nearby. IMHO, all the more reasons to use the end-to-end encryption as much as possible.
This simplistic and damaging law-making gets traction because of the people who are overly punitive.
That trait of excessive eagerness to punish is often coupled with these other traits:
Authoritarian Personality WP article
"The Authoritarians" paper
I like this. In reality, properly-implemented encryption will completely prevent even the most well-funded government agency from monitoring your Internet traffic. But Police and Three Letter Agencies would never admit as much in a press release. Instead, encryption just "increases their costs and workload." Feh.
I think one of the reasons that the average person doesn't care enough about encryption to use it is because they have no idea how effective it is.