Slashdot Mirror
Snoopers' Charter Could Mean Trouble For UK Users of Encryption-Capable Apps
An anonymous reader writes with a story at IB Times that speculates instant messaging apps which enable encrypted communications (including Snapchat, Facebook Messenger and iMessage) could be banned in the UK under the so-called Snooper's Charter now under consideration.
The extent of the powers that the government would claim under the legislation is not yet clear, but as the linked article says, it "would allow security services like the Government Communications Headquarters, or GCHQ, and MI5, or Military Intelligence Section 5, to access instant messages sent between people to and from the country," and evidently "would give the government right to ban instant messaging apps that use end-to-end encryption."
That might sound outlandish, but reflects a popular and politically safe sentiment: "'In our country, do we want to allow a means of communication between people which we cannot read? My answer to that question is: "No, we must not,"' [Prime Minister] Cameron said earlier this year following the Charlie Hebdo shooting in Paris."
They planned their horrific act over a kitchen table. They had no need for instant messengers, e-mails of Skype to talk from one end of the apartment to another.
---- The above post was generated by the Turing Institute. Maybe.
Get in touch with your representatives and whack them over the head until they see sense. TA.
Do you want zero expectation of privacy in every aspect of your life, Mr. Cameron? Well, do ya? PUNK?
I guess if I can't encrypt communications between myself and my bank, because the government can't see that I'm not talking about terrorist plans, I should stop on-line banking altogether, and just go back to paper, as it's more secure that way.
I sure as hell won't be giving any sites my credit card details if I can't encrypt them. No crypto, or easily defeated crypto means that ANYONE, not just the "good guys" can read my traffic.
Always read at -1, don't let others decide what you should and should not read.
Since governments have historically killed more people than any group (terrorist or not), shouldn't the law be that governments shouldn't be allowed to hide any communications from the people?
Exposing all the cases where government employees are "feathering their own nests" would be a nice side benefit.
any pigeons left in the UK .. I say
They know that a ban on Whatsapp would be immensely unpopular and would make millions of people realize how stupid their drive against encryption is.
Instead, their intent is to force Whatsapp and others to voluntarily hand over the communications of their users, much like Blackberry (reportedly) agreed to do for countries with regressive regimes.
The real "Libtards" are the Libertarians!
If you are on vacation and you need to visit the hospital, they will likely want to talk with your doctor (in another country, using an incompatible medical records system). How are they going to manage that without violating government rules on transmition of medical records?
Get an interception warrant. The government has access to enough legal vehicles for dealing with people obstructing justice and it's not as if there isn't a case for encryption already. It is illegal to open mail that is not addressed to you. The difference is that where an envelope reminds the holder to respect another persons privacy, encryption enforces a persons right to privacy.
Governments are not too happy with things that put peoples rights firmly with the people who own the government in the first place.
My ism, it's full of beliefs.
Just ten or twenty years ago a sitting politician saying this in a "democracy" and expecting to keep his job would be unthinkable.
Don't worry. If you're not doing anything wrong you have nothing to worry about, until the government decides to ban whatever it is you're doing.
In our country, do we want to allow a means of communication between politicians which we the citizens cannot read? My answer to that question is: No, we must not.
We must work around it, circumvent it any way we can. When our rights can be voted away, majority rule has hit a brick wall
“He’s not deformed, he’s just drunk!”
Even Iran and China don't do that. They have both have some very week laws that they use with warrants(pre-signed by judges, but still it's a warrant) against specific people to read their communications and encrypted material or mitm or whatever...
What the government want is the "Great Firewall of the UK". That's what we should call it, instead of the "Snooper's Charter".
The real "Libtards" are the Libertarians!
Clearly, you can't stop people using encryption. Perhaps those who don't mind their personal details being public, like idiot Cameron, could opt in to Stasi-land. Of course, this will never happen, since if it did, most companies will just leave England. At least Scotland has a parliament, and the people there are not mentally deficient enough to spout such absurd crap.
For all the good reasons already posted here. Which just goes to show how out of touch most politicians are.
What's really funny is that "Joe Poster" imagines that it will happen and thinks up endless ridiculous scenarios.
Period. End of story.
if you fail to hand over your keys to the law in the UK. It's been like this since the late 90s. The Conservatives have a bent against privacy and have always pushed through laws that are directly against the populous's will. You're either an anarchist, a peadophile, or a terrorist, according to them - if you use encryption.
That's nothing new, the US is the same, as are most civilised countries. So the real question is: Who is the driving force behind it, and what is their endgame? And why are all communications about it protected against the Freedom of Information acts all around the world?
How does the government intend to prevent illegal encryption being hidden inside legal, weak-sauce encryption, without systematically cracking all of the latter? Note that such actions entirely pre-empt the promise to only handle private data with per-case permission from a court.
Bye SSH.
People will just move to messaging systems where the vendor never has the key. There are plenty of choices already available.
We have seen this happen already with mass surveillance. The more they tighten their grip, the more people fall through their fingers.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
It's impossible to enforce an encryption ban in all it's forms. While the UK's government could in theory try to ban obvious encryption, they can't necessarily detect and stop every kind of encryption. Good people have obvious uses for encryption, and obviously would try to use some for security. One way I see is to use mimicry, where communications are encrypted to look like a plain kind of communication like poetry or spam. This kind of communication is pretty hard to "prove" that it is encrypted. All you can tell is that it looks suspiciously similar to previous messages. But that isn't grounds for anything. I would love to see some government monkeys try to prove that that is actually encrypted. For additional fun, the messages should go though normal scrambling encryption before mimicry, then, not only does it not look like it's encrypted, but it actually is using the kind of encryption they banned. And the prime minister can still read their terrible poetry.
...the WhatsApp ban is due to go live within the next two weeks.
True, but that's the big flaw in the plan that they just don't seem to grasp. WhatsApp and the makers of other tools *can't* voluntarily had over the communications without a major redesign of their software, which they are most probably not going to do because it would also compromise all their other users that are not afflicted by clueless politicians who refuse to accept the advice of people who do have a clue. There's also the issue of the sheer number of tools that let people DIY their own P2P communications that are in widespread use: SSH, private HTTPS servers, plus countless open source tools and less well known alternatives to the big players like WhatsApp. It's enough to make the game of whack-a-mole the media studios engaged in with torrent sites seem like child's play.
The best tack for WhatsApp, et al to take would probably be to do nothing, keep the encryption in place, and let the UK government choose it's poison. The government can either backdown and admit the legislation is as unenforceable as we all know it to be, or they can try and ban such products from the UK - which, given the number of alternative download sites, already installed instances of the software, alternative products, and so on, would be like nailing fog to the wall. In that case, they won't have to admit that the legislation is as unenforceable but instead they'll get *shown* that's it's unenforceable, that they didn't have a clue when they wrote it, and probably manage to alienate a bunch of voters in the process.
UNIX? They're not even circumcised! Savages!
because their no-encryption stance will force it.
oh, and internal communications in their corporations with encryption in the data centers... shut those boys down, they're criminals! GHCQ said so.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Cameron sounds like the Donald Trump of the UK, except scarier - he's already been elected.
It must have been something you assimilated. . . .
So they want to stop you from sending encrypted files. Will they stop you from sending files full of random data? And if not, can they tell the difference?
Blocking WhatsApp would be done by blocking their messaging servers. Preventing the software from entering the country is, of course, impossible. But if you can't send any messages with it it's useless.
I can't encrypt my data in the UK? Then I guess I have to take my business elsewhere.
Seriously, how long will you allow this idiot to cripple your economy along your privacy?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Only criminals will use Facebook Messenger?
Bark less. Wag more.
Don't be so sure that they won't redesign their software, and don't think that bans are the only tools which governments have at their disposal. Skype was originally secure but has since been modified to add backdoors and, possibly, spyware. Apple was forced to forego direct client-to-client communications in FaceTime and begin relaying calls through severs (where they could be intercepted) because of a patent suit from VirnetX,, a company that specializes in military patents and has also sued Skype.
Yes, companies have and will redesign their software to degrade security at the behest of governments, or they'll get sued by patent trolls operated as front companies for those governments.
...underestimate the power of a one time pad and Radio Londres.
(not necessarily a radio, there's also the option of snail mail or just sending what appears to be nonsense strings via email or IM and using an OTP to decode...)
The point is you can encrypt using a non-repeating cipher AKA one time pad and in about oh, three seconds destroy that pad if need be.
"The pigeon has flown. Jack Bauer has bitten the ear off the dog. Leaky faucets trip horses."
^Decrypt that, motherfuckers.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
Right, but what will actually happen (hopefully) is that the law will come into force, and WhatsApp, SnapChat, Apple, Google and Facebook will all say "okay, well, all your chat apps are now unavailable, sorry".
As you rightly point out, that'll make the law immensely unpopular, and hopefully it'll get repealed.
It should be pretty easy to design meta-apps that encrypt the traffic of the mainstream apps, if those app makers cave to dumbass laws like proposed.
I imagine script kiddies will be able to assemble and distribute new variants of encryption meta-apps on about a 10 per day new ones basis, using proven open-source code libraries as the core encryption tech.
Where are we going and why are we in a handbasket?
That country is going downhill so fast. They are becoming luddites! There was a time I saw pictures of their country side and thought that would be a nice place to retire. I'll settle for Seattle.
No, that's the point. The reason why iMessage, Facebook Messenger and SnapChat would be banned is exactly because these are messaging platforms where the vendor does not have the key.
The government wants to ban such messaging platforms.
Then they will see how fucking ridiculous it after everyone has hacked everything possible on their networks.
On this issue, I honestly wouldn't be surprised if the tech companies stood side by side and said "fine, the UK gets no chat apps if the UK won't allow end to end encryption".
The UK doesn't know how to repeal laws. Only make them and amend them.
...send your angry, blowfish encrypted e-mails to either mayt@parliament.uk (Theresa May) or camerond@parliament.uk (David Cameron)
Correct - the way the UK repeals a law is to make a new law saying "sections x to y of the blah blah act of 2015 shall be held delete".
British people who want to continue to use WhatsApp can continue to use WhatsApp by moving to China. British people will still have a choice.
I suspect Cameron's jealous of his ancestors who owned slaves and is just trying to come up with a way to bring slavery back under another name. Stop enslaving your people Cameron!!!
Actually on 2nd thought if your in the UK and want to overthrow your masters move to the US and join the free state project. With enough people taking action there might be real change without violent revolution. And hey- if it ever came to it at least there would be enough people to give violent revolution a chance.
Of course if this were passed, anyone planning a nefarious act over the Internet would never us an encryption application if it was outlawed as that would potentially get them in real trouble.
Until WhatsApp counter with a decentralised network.
Events like the one in France in 1789, or in Russia in 1917, etc. happen from time to time. And sociologists still do not know why. There are several conflicting theories, but nobody knows why exactly, and how to prevent it. Louis XVI, the king of France, even wrote in his diary on July 14, 1789: "Rien", what means in English "Nothing". And the storming of Bastille came from the blue sky on this very day.
Such events bring countless tragedies to millions or even billions. And it is all about trying to understand nature of such events, what causes them, and how to avoid, or at least mitgate them.
All these companies have legal presences inside of major foreign countries. They would just threaten to put the local executives in jail or apply legal pressure to the company and/or its assets. Facebook would either have to comply to avoid the sanctions or they would have to wind down their local operations and continue to make the app available. Depending on how UK laws work and what is permitted by the courts, the UK government may then just try to have the application filtered somehow (make it unavailable to download, have a DNS blockade on their websites, and etc.). A further extreme would be to make possession of unauthorized applications a crime for the end-user. Again, that depends on what UK courts allow and what laws may exist.
I doubt that such legislation is being brought in to protect us against the terrorists, more to do with the government being scared of their own citizens being able to organize and engage in political activism. One way to suppress activity is to demonize online activism with the 'terrorism' label. I suspect her majesty government is fully aware just who the real terrorists are.
It is perhaps worth remembering that we still have no real idea exactly what this proposed legislation is going to say other than a fairly clear indication that ISPs will be required to keep some sort of record of web sites visited. There are also a couple of other reasons to think positively:
1) The recent government sponsored report into this matter came out very clearly against suggestions that encryption should be controlled. But, governments are good at ignoring reports which don't say what they want even when they asked for them in the first place.
2) The goverment has a very small majority and a number of their more rebelious members are hot on personal liberty and privacy. Not a huge number, but enough to cause a problem. The majority opposition labour party may well have some sympathy with the aims of the legislation but would far rather have the political gain of seeing the goverment lose. Before the recent election the now governing conservative party were keen on the idea of withdrawing the UK from the European Convention on Human Rights. Now they are in government the idea has been quietly moved well down the priority list presumably because of the same liberty loving trouble makers in their ranks. The bottom line is that the government may well remove some more controversial ideas from their proposal to maximise the chances of trouble free progress for what is left.
Which they won't do. They'll either comply (probably by just disabling the encryption layer,) or pull out completely.
Remember, WhatsApp (and other such companies) aren't in the business of social reform. They're in the business of making money. The only way they would go to the effort of decentralizing their software (or any significant change) is if they thought it would provide a reasonable ROI (which may be in the form of stifling losses as opposed to producing profits.)
I have significant doubts that a single country would provide those incentives, especially for something like decentralizing which would make it much more difficult to monetize the product in the first place.
http://balder.org/judea/Hate-Speech-Laws-Immigration-Jewish-Influence-Britain.php
Some will comply. Some won't. It's not just the UK that poses such an issue for them - if the UK starts, every repressive country in the world will be hurrying to copy, starting with China and followed quickly by Russia. It's not practical to comply with many different laws in different countries, and the inability to promise confidentiality means a loss of business contracts - not a big deal for WhatsApp, but a big problem for Skype.
UK are just NSA followers. Ban the entire Internet while you're at it! LOL Good luck with that.
By suggesting the Snooper's Charter, the government admits they read my communication. Hence from this point on, ALL of my communication is encrypted.
I have reason to believe that the proposed charter is inconstitutional, hence if they don't like me protecting my rights*, they can come after me and see their petty little charter be annulled.
* Universal Declaration of Human Rights was signed by the UK. UDHR art 12 states, " No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."
This is a long shot from "Everyone shall be subjected to such interference and/or attacks" as proposed.
It is not just WhatsApp. Apple's entire ecosystem uses encryption. Supposedly even Apple cannot read the content of your messages. If they pass this as it is stated all current Apple's will become illegal. Or am I wrong in that?
privacy is dead. We, as a society have lost. It's over.
It's time to adapt and change how we think and act. We cannot win against such sustained attacks of this magnitude.
It's only a matter of time before it's law that each and every household will have govt cameras and microphones to ensure we are not a threat to society.
Absolutely, which is why "pull out" is another option if they feel they can't comply. My real point is that attempting to subvert the law is probably not going to be the choice they make. Taking that tack is a lot of risk for very little payoff, which may be worthwhile for political reformists but less so for businesses.
Though that brings up a more interesting issue -- what happens if they decide to comply in some way other than "no encryption?" Do they now have to figure out ways to generate separate key sets for every government? What happens when the UK decides that they don't want China being able to snoop on their communications, but China demands this same kind of back dooring that they're demanding? Encryption keys don't give two craps about the global political situation.. never mind figuring out how to later add or revoke keys as that political situation changes.
As for complying with laws in different countries.. its not THAT hard -- for communication that's purely within the one country. It becomes extremely difficult for communication that leaves the country (and then the whole issue of messages that just happen to bounce to a foreign router even though both the source and the destination are local -- an issue we have great interest in here in Canada since most of our traffic still goes through US routers. We have no control over what they do and they have no interest in protecting non-American rights, so we get the worst of both worlds and essentially have no digital privacy rights at all thanks to that border hop.)
choose it's poison
It's ?? It's !! After all the grammar police comments in hundreds of threads, how can people STILL not get this right !?!?! If you see an apostrophe (it's) you substitute it as "it is". If it sounds wrong, IT IS!!!
.
Do you really think China gives a shit what the UK does? I will be honest and say that I do not know. It just seems unlikely. China already has laws covering anything they want to declare as being illegal. They are, albeit a better one today, a repressive regime. They really do not care much about things like legal procedures and actually needing a law in order to monitor traffic. They already have The Great Firewall of China. I should also add that they have the fastest super computer, that we know about, that has ever been built on this planet. China ain't never scared!
In other words, I really do not think China gives one iota of poop of concern when deciding how to monitor their citizen's internet activities. They care, and I am only suspecting - I do not know, one wit about the UK's silly security policies.
That was a strange claim to make. What makes you think China would give a shit and copy the UK instead of just doing it on their own if they wanted?
"So long and thanks for all the fish."
I suspect the changes will just strengthen the existing provisions for demanding encryption keys.
It's unlikely that this will work particularly effectively, but to me this seems the most likely plan from the government, in that the law itself could be passed without breaking the internet.
The UK government are chasing their TAILS.
Think you mean repressive regimes. You have to have advanced at one point, in order to regress.
Definitively incorrect.
[The Prime Minister,] Mr Cameron? Sure.
David Cameron [, the Prime Minster]? Fine.
The Prime Minister? No problem.
That sh*t, Cameron? If you insist. (Variations on that theme are, inevitably,very popular with some portions of the UK electorate.)
"Prime Minister", though, is not a title, and is not used as one. Nor, technically, is it an official post; Cameron is First Lord of the Treasury and Minister for the Civil Service.