Slashdot Mirror
UK Government Proposes 'License To Hack' As Encryption Proves Hard To Defeat (thetimes.co.uk)
An anonymous reader writes: The Times reports (paywalled) that the Investigatory Powers Bill promised by the UK government over the summer is likely to be presented to parliament next month, and that it will contain 'dizzying' powers for MI5, MI6 and GCHQ to hack the devices of individuals under investigation, with the permission of the home secretary. An implementation of the Wilson Doctrine will mean that British MPs will not be subject to these powers in the same way as other citizens. According to a digital evidence expert that the Times interviewed, the bill addresses the difficulty that the UK government is sharing with other nations in defeating encryption effectively. "Hacking is different from interception because it allows hackers to take control of the device, using it for surveillance and accessing data from the source, rather than simply intercepting them, which is becoming increasingly difficult."
This is very important. If you do not assume that they are already doing this, and have been for years, then you are delusional.
See Edward Snowden for the most recent proof.
When all shareholding and corporate ownership is made public, and even then I think protecting speech is too important....
So if I understand this correctly, the corrupt powers-that-be will be immune to that which is needed the most to clean up their actions that, if they were a common citizen would be criminal?
hmmm...
Looks like we'll have to implement an encrypted processing standard of some type, such that clients all share an encrypted connection with the OS.
These people are criminal to their core.
I don't think this would be as thrilling of a James Bond movie as License to Kill....
XML is like violence. If it doesn't solve the problem, use more.
So if governments around the world are giving themselves license to hack into our stuff, do anything they please, and share this with other governments ... then it almost seems like a moral duty that every government server is now fair game.
Just sayin'. If governments are declaring war on our rights, they have no expectation people won't do this to them.
Sorry, but governments who are claiming to be defending our rights while taking those rights away have lost an awful lot of moral authority here.
Especially when they take the stuff they said they'd only use to fight terrorism, and now apply it to every day things.
Fuck you, Big Brother. Fuck you.
Lost at C:>. Found at C.
Well, $SUBJECT says it all. That's the license that I, as sovereign and paying customer grant them.
If knowing programming without being one of the High Programmers is illegal, how do you become one of the High Programmers without it being treason?
It's like the UK is reliving it's past, minus the part about the Magna Carta.
Mainly because the code number are in hexadecimal.
Pretending this is my office full of bitter coworkers..
The U.K. is becoming a scary place. You poor people two world wars and you were eventually beaten by your own Secret Service in 2015. And in the meantime the U.K. is welcoming Chinese President Xi Jinping and the Queen as invited him to dinner. China, the country that shoots people in the head called public executions. And does this mean the U.K. can bring back the opium poppy trade. Hip hip hurray! We're in the money, We're in the money; We've got a lot of opium to sell! We're in the money, The sky is sunny; you took back Hong Kong You done us wrong! We're in the money, We're in the money; We've got a lot of opium to sell! Get off! please don't do that don't eat my corgi dog!
Agent 00101 reporting, 0xD.
The guy who said the election was rigged won the presidency with the second-most votes.
Like certain pictures that will land the person hacked in jail for a long time. No need to find anything actually bad anymore, you can just easily get rid of anybody you do not like. That is how it is done in any self-respecting police-state or fascist state!
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Theresa May has tried to pass Snoopers charter and withdrawn. Now she tries this shit, but Snowden two weeks ago revealed GCHQ can hack every phone. We get it. You can see her group, but this isn't a coup. Britain is still a Parliamentary democracy. We can see she's trying to legalize what you lot are already doing, and she's doing the same pedo terrorists shit that was used to attack Parliament recently.
Remember Tom Watsons "Parliament pedo killers ring"? This is an attempt to use an idiot (Tom Watson) to make claims of a massive pedo ring in Parliament, so that no MP dare challenge the latest push by Theresa May's group to get mass surveillance because of "PEDOS IN PARLIAMENT!"
But you didn't get Snoopers charter, so Karma Police mass surveillance is illegal, and you don't have legal cover to hack smartphones, so your Smurf hacks are illegal. Are you GCHQ lot part of the democracy run by Parliament or part of this slow motion coup?
If the government takes over a device and starts masquerading as the owner, how do we know? Could they hack your phone, use it to view a forbidden website, and then land you in jail because of it? Conversely, does this give people plausible deniability for actions performed on their digital equipment?
You can lead a horse to water, but you can't make it dissolve.
"Baaaw, X is so much worse!" isn't a fucking excuse.
Or is it okay for someone to fuck you in the ass without your consent, because hey, you were asking for it, and at least nobody murdered you, amirite?
Why should us MPs be subject to the same laws we foist on the lowly commoners!
It will look really nice hanging on the wall next to my "License to ill"
After reading the summary,I figured out they want to break and enter and spy.
Illegal on the face of it.
This is why the UK will break up if London greedmeisters persist.
-- Tigger warning: This post may contain tiggers! --
Even if they don't plant evidence they will be contaminating any evidence. There is a reason that police are required to 'pull the plug' on devices when they seize equipment. Anything else risks contaminating it and making in unusable in court. Once a drive is in the hands of the police it gets handed over to forensics which while a big joke IMHO has the tools to clone the disk and make an image of it using tools that prevent write commands from being issued to the original drive. This combined with a strict chain of command of the drive ensures that any evidence obtained from said device is genuine, not contaminated, etc.
Now in the real world forensics experts can't be trusted. They utilize tools which enable them to essentially fabricate evidence from things like corrupted memory which may or may not be linked to the purported criminal/defendant in the cast. As an example a search for 'how to kill a mocking bird' can become 'how to kill'. Then we leave off the fact we can't actually confirm that the person who owned the computer was the one who conducted the search for a variety of reasons. Just because a forensics expert looks at the system doesn't necessarily mean that they've been able to identify, can identify, or have even tried to identify to person who made that search. In many cases it may be a malicious piece of code that ran temporarily an no evidence of it even got written to disk. In other cases it might be a neighbour, friend, employee, or even a corrupt police officer. And when you read these stories about '20 illegal pictures' do you really believe that the police are that effective at rooting out illicit imagery? If you were told those images all had an identical time stamp and there was no evidence that the user downloaded would you still believe they weren't planted? Because that is *exactly* the kind of evidence that is used to convict. If it were 'real evidence' its almost certainly there would have been more evidence, different time stamps, and evidence in other places (ie browser history, etc).
A license to hack? You need that now in Britain! What a police state. I've been hacking for decades. I honestly don't know if this is scarier than if they offered a "License to crack" people's systems as well..
The thing that scares me is that this will be used to plant evidence. However we should *not* be making it easy for them to plant evidence via remote hacks. We should be focusing on hardening our operating systems and implementing more stringent controls. For instance do we really need support for scripting languages within PNG image libraries? Do we really need support for macros? Do we really need all the cruft that and bloat that has become the norm? We need to reduce the bloat significantly so that we can begin to audit code properly. We need access to the low-level proprietary bits in our hardware as well. Otherwise we'll all be vulnerable to attacks and never know it. Unfortunately we're nowhere near creating secure systems because we don't even have a complete set of components and chipsets that would enable us to review all the code.
MI5, MI6 and GCHQ don't already hack? Sure!
The Wilson Doctrine will be respected? Sure!
The 'License to Hack' means something? Sure!
Sure.
The entire point of using encryption is to keep snoops of all kinds out of your information as much as possible. Just because the snoop works for the government does not mean they get carte blanche or are any less criminal if the hack into a device.
Before the advent of digital communications, if the government wanted to covertly know what you were up to, they would have to break into and bug your home, tamper with your telephone, physically follow you around. It was difficult and expensive, so out of necessity limited to the most interesting targets. Yes the definition of 'interesting' varied from country to country and time to time, from criminals to political dissidents to inconvenient minorities, but the majority of people were generally safe from being watched.
Now, and for the first time in history, it has became economically possible to surveil the large majority of the population. And governments around the world have gleefully taken advantage of this, expanding the definition of 'interesting' to cover, literally, everyone; metadata is scooped up en masse, and communication content is available at the press of a button - constrained only by self imposed and often flimsy legal limits.
But, post Snowden, with the increasing implementation of end to end and zero knowledge encryption, the pendulum is starting to swing back again. Unless they force manufacturers to backdoor every phone and computer, governments will have to go back to the old ways of doing things, by physically hacking individual devices.
The article doesn't seem to indicate an increase in surveillance powers, but rather a realization by the security services that the glory days of embarrassingly easy mass snooping are beginning to end, and now they're going to have to actually work for their information.
If this gets us back to an era limited, targeted and suspicion led surveillance then this is a good thing, no?
Despite regular assurances about the Wilson Doctrine for the last 60 years, British MPs were recently dismayed to find out that they are, in fact, being spied upon - just like any other citizen. The Wilson Doctrine was finally admitted (after a legal challenge) to be nothing more than a vague platitude with "no legal force".
Goes to show that politicians lie to each other as regularly as they do to the rest of us. The only notable part is that some of them appeared genuinely surprised by this.
Why would anyone engrave "Elbereth"?