Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Government Proposes 'License To Hack' As Encryption Proves Hard To Defeat (thetimes.co.uk)

Posted by Soulskill on from the if-you-can't-beat-'em,-dream-up-some-silly-legislation dept.

An anonymous reader writes: The Times reports (paywalled) that the Investigatory Powers Bill promised by the UK government over the summer is likely to be presented to parliament next month, and that it will contain 'dizzying' powers for MI5, MI6 and GCHQ to hack the devices of individuals under investigation, with the permission of the home secretary. An implementation of the Wilson Doctrine will mean that British MPs will not be subject to these powers in the same way as other citizens. According to a digital evidence expert that the Times interviewed, the bill addresses the difficulty that the UK government is sharing with other nations in defeating encryption effectively. "Hacking is different from interception because it allows hackers to take control of the device, using it for surveillance and accessing data from the source, rather than simply intercepting them, which is becoming increasingly difficult."

51 of 80 comments (clear)

  1. This Is Very Important by Anonymous Coward · · Score: 2, Insightful

    This is very important. If you do not assume that they are already doing this, and have been for years, then you are delusional.

    See Edward Snowden for the most recent proof.

    1. Re:This Is Very Important by Joce640k · · Score: 1

      Yep. Why do you think all those stupid apps you download need so many permissions?

      They can probably turn on your microphone/camera at will (among other things).

      --
      No sig today...
    2. Re:This Is Very Important by WorBlux · · Score: 2

      Hmm, I think Allow?/Deny? isn't suffecient for security. You should be able to Allow?/Deny?/Fake? where fake redirects the API's to fake or random data. The webcam or mike when faked might just be able to access the Rick Roll or Trr La La music or music videos. Contacts might redirect for a list of Congressmen etc.

    3. Re:This Is Very Important by samantha · · Score: 1

      Then why bother to draw attention to themselves by declaring outright that they will do it? Or is the point to make it after the fact legal? Or is it more of a trial balloon as to their progress in selling the BIG LIE that anything and everything the government does is for our own good to "keep us safe".

  2. So... the ones who need it most won't get it. by Anonymous Coward · · Score: 5, Insightful

    So if I understand this correctly, the corrupt powers-that-be will be immune to that which is needed the most to clean up their actions that, if they were a common citizen would be criminal?

    hmmm...

    1. Re: So... the ones who need it most won't get it. by Anonymous Coward · · Score: 3, Insightful

      Sedition wasn't abolished, it was simply folded into the all-encompassing definition of terrorism.

    2. Re:So... the ones who need it most won't get it. by MightyDrunken · · Score: 4, Interesting

      Don't be silly. Of course GCHQ etc won't officially hack British MP's but I'm sure the NSA and friends can lend a helping hand, and vice versa.

      --
      The most dangerous drug
    3. Re: So... the ones who need it most won't get it. by ai4px · · Score: 1

      WIsh I had mod points today for the parent.

    4. Re:So... the ones who need it most won't get it. by Opportunist · · Score: 1

      If a country's laws do not protect its citizens anymore, it is probably more sensibly by the government to expect its citizens to oppose those laws and assume that they will break it at the first chance. Which is coincidentally what they do.

      So I guess they know about it. And I only say that because I have no proof that these laws are actually aiming against the population to prop up the powers that are for as long as it is feasible.

      History repeats itself. It's just like East Block around 1980. In other words, give it 10 years or so and we're over it.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    5. Re:So... the ones who need it most won't get it. by Hotawa+Hawk-eye · · Score: 1

      Ah yes, I saw this before in Sneakers.

      "I cannot spy on my friends."

      [turns to NSA]

      "Spy on my friends."

    6. Re:So... the ones who need it most won't get it. by Gravis+Zero · · Score: 1

      Don't be silly. Of course GCHQ etc won't officially hack British MP's but I'm sure the NSA and friends can lend a helping hand, and vice versa.

      wait... so the British are going to invade our networks?!

      THE BRITISH ARE COMING! THE BRITISH ARE COMING! SECOND AMENDMENT TIME, MOTHERFUCKERS!

      --
      Anons need not reply. Questions end with a question mark.
    7. Re:So... the ones who need it most won't get it. by KGIII · · Score: 1

      One if by ARP two if TCP
      And I on the opposite hub will be
      Ready to boot to Intel or ARM
      Encrypting my data so no server farm ...

      I have no shame.

      --
      "So long and thanks for all the fish."
    8. Re:So... the ones who need it most won't get it. by andymadigan · · Score: 2

      If these powers start to be used routinely in criminal investigations then the very idea of the "rights of the accused" will be a joke. This is about intelligence, not law enforcement, though I realize the line is getting blurrier by the day. Intelligence and law enforcement officers that cross that line should be getting jailed.

      The idea of the Wilson doctrine is that if intelligence started spying on MPs they could find embarrassing information and use it to blackmail parliament, thus subverting democracy. It's an incredibly important protection, but it's not getting enforced properly.

      If I started spraying my lawn with a pesticide, and it turned out that kids walking on the grass absorbed the pesticide through their skin became deathly ill, I'd be ordered to stop immediately. Even if breaking the law is an unintentional side-effect, once the effect becomes clear the behavior has to stop. Instead, even though we know GCHQ and the NSA are collecting data that they cannot legally acquire, they're being allowed to continue because it's "unintentional". Absolutely ridiculous, jail them, all of them.

      --
      The right to protest the State is more sacred than the State.
    9. Re:So... the ones who need it most won't get it. by andymadigan · · Score: 1

      Hi APK, do you think I have thin skin or something?

      --
      The right to protest the State is more sacred than the State.
    10. Re:So... the ones who need it most won't get it. by andymadigan · · Score: 1

      Nope, sorry, no reaction at all. Accusing someone of being gay doesn't really work if they actually are gay, and pretty much nobody enjoys prison.

      I will make sure to leave that pride flag on your grave though.

      --
      The right to protest the State is more sacred than the State.
  3. Not as thrilling... by Junta · · Score: 1

    I don't think this would be as thrilling of a James Bond movie as License to Kill....

    --
    XML is like violence. If it doesn't solve the problem, use more.
    1. Re:Not as thrilling... by Fire_Wraith · · Score: 1

      It raises some interesting questions though.

      What would he drink? Vodka Redbull, shaken, not stirred?
      Would he go to Q branch to get the latest case mods and Metasploit modules?

    2. Re:Not as thrilling... by PPH · · Score: 2

      That would be license to kill -SIGHUP <pid>

      --
      Have gnu, will travel.
  4. Hmmm .... by gstoddart · · Score: 5, Insightful

    So if governments around the world are giving themselves license to hack into our stuff, do anything they please, and share this with other governments ... then it almost seems like a moral duty that every government server is now fair game.

    Just sayin'. If governments are declaring war on our rights, they have no expectation people won't do this to them.

    Sorry, but governments who are claiming to be defending our rights while taking those rights away have lost an awful lot of moral authority here.

    Especially when they take the stuff they said they'd only use to fight terrorism, and now apply it to every day things.

    Fuck you, Big Brother. Fuck you.

    --
    Lost at C:>. Found at C.
    1. Re:Hmmm .... by Anonymous Coward · · Score: 1

      That's ok, I feel that also gives me the right to create new encryption and counter hacking tools and programme to make your life harder and freely distribute the programme's on servers outside your jurisdiction.

      Enjoying hacking my benign messages about my cat and the need for milk, until you understand that privacy is something that a lot of people value and have no malicious intent, and you cannot take it away without a fight.

    2. Re:Hmmm .... by TFlan91 · · Score: 2

      Right? Oh you're prodding my servers? What was that phrase again...

      "Treat others the way they treat you"... Was that it?

      Sounds good to me!

    3. Re:Hmmm .... by rastos1 · · Score: 1

      Right? Oh you're prodding my servers? What was that phrase again...

      "Treat others the way they treat you"... Was that it?

      Actually,no. It was Quod licet Iovi, non licet bovi.

    4. Re: Hmmm .... by epyT-R · · Score: 1

      So what? we should all bow down? It's people with your attitude that allows governments to get away with this shit.

    5. Re:Hmmm .... by ras · · Score: 1

      So if governments around the world are giving themselves license to hack into our stuff, do anything they please, and share this with other governments ... then it almost seems like a moral duty that every government server is now fair game.

      The people in power always have always read, listened to, or saw pretty much whatever they wanted, although possibly they had to pause to spin the reason into a "so the terrorists don't win" or "think of the children" meme. And with "people in power" I don't just mean the politicians, or the spooks. Judges assume they can extract information by just issuing an writ to hand over documents, and its almost considered "due diligence" now for employers to launch MITM attacks on in https connections their employees make (although not the CEO's, obviously). Collectively one of or other of them can (and on occasion do) open every letter, listen to every phone call, and read every SMS sent by a person. As soon at the technology became available they used radio mics to listen to every word uttered at a place or by a person in real time, later they blanketed cities with cameras. So there is nothing new in this - they just want the abilities they had in 20th century back.

      What is utterly beyond explanation is they apparently think they can do it. It is true that every man has his price. As we found out, even a large corporation like AT&T had its price, a price the NSA was prepared to pay. But this time they are dealing with physics and maths, and they apparently think they can force physics and maths to change if they throw the law at it, or man power at it, or money at it.

      To them I say: it's time to move on old men. You're tilting at windmills, and don't even know it.

  5. Ultraviolet Clearance, Citizen by Anonymous Coward · · Score: 1

    If knowing programming without being one of the High Programmers is illegal, how do you become one of the High Programmers without it being treason?

  6. What's next, privateers? by swb · · Score: 3, Insightful

    It's like the UK is reliving it's past, minus the part about the Magna Carta.

    1. Re:What's next, privateers? by gstoddart · · Score: 1

      Exactly ... take out all those pesky things which limit their powers, and it will allow them to do so much more.

      What government wants to have its hands tied by protecting the rights of its citizens? That just creates extra paperwork and legal hurdles.

      With a scared citizenry who knows their rights are what you tell them, you can accomplish much more.

      --
      Lost at C:>. Found at C.
  7. Not as cool as a 007 "license to kill" by willworkforbeer · · Score: 1

    Mainly because the code number are in hexadecimal.

    --
    Pretending this is my office full of bitter coworkers..
    1. Re:Not as cool as a 007 "license to kill" by Bing+Tsher+E · · Score: 1

      Hey, octal is far cooler.

      12 bit CPUs are just like that.

    2. Re:Not as cool as a 007 "license to kill" by PRMan · · Score: 1

      I'm Agent 0x0A! I have a License to Hack (TM)!

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
    3. Re:Not as cool as a 007 "license to kill" by wonkey_monkey · · Score: 1

      0x07.

      --
      systemd is Roko's Basilisk.
  8. Re:Crazy just crazy. by Anonymous Coward · · Score: 1

    What really amused me was the UK, a country that jails people for failing to disclose a password, thinks it has some kind of high ground to lecture China on human rights.

  9. Agent 00101 reporting, 0xD by dywolf · · Score: 1

    Agent 00101 reporting, 0xD.

    --
    The guy who said the election was rigged won the presidency with the second-most votes.
  10. And you can place compromising data too! by gweihir · · Score: 3, Insightful

    Like certain pictures that will land the person hacked in jail for a long time. No need to find anything actually bad anymore, you can just easily get rid of anybody you do not like. That is how it is done in any self-respecting police-state or fascist state!

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  11. Theresa May is not Parliament by Anonymous Coward · · Score: 2, Interesting

    Theresa May has tried to pass Snoopers charter and withdrawn. Now she tries this shit, but Snowden two weeks ago revealed GCHQ can hack every phone. We get it. You can see her group, but this isn't a coup. Britain is still a Parliamentary democracy. We can see she's trying to legalize what you lot are already doing, and she's doing the same pedo terrorists shit that was used to attack Parliament recently.

    Remember Tom Watsons "Parliament pedo killers ring"? This is an attempt to use an idiot (Tom Watson) to make claims of a massive pedo ring in Parliament, so that no MP dare challenge the latest push by Theresa May's group to get mass surveillance because of "PEDOS IN PARLIAMENT!"

    But you didn't get Snoopers charter, so Karma Police mass surveillance is illegal, and you don't have legal cover to hack smartphones, so your Smurf hacks are illegal. Are you GCHQ lot part of the democracy run by Parliament or part of this slow motion coup?

  12. Re:Crazy just crazy. by Anonymous Coward · · Score: 2, Interesting

    Yes, because the UK executes thousands every year and sends thousands for "re-education", and has no independent judiciary and is a one-party state, just like China.

    Here's a clue retard, virtually all states have some repressive characteristics. But some are still *much, much much* worse than others. See?

    Actually you're probably one of the China-bots who does the 'ooo look a squirrel' thing every time China's truly abysmal human rights record is mentioned. Nobody's fooled you know.

    (And for what it's worth the UK password disclosure stuff has barely been used and is full of holes and would fall apart if anyone took it to the European court of human rights, but yes, it is still repressive).

  13. Who controls the device? by Atmchicago · · Score: 2

    If the government takes over a device and starts masquerading as the owner, how do we know? Could they hack your phone, use it to view a forbidden website, and then land you in jail because of it? Conversely, does this give people plausible deniability for actions performed on their digital equipment?

    --

    You can lead a horse to water, but you can't make it dissolve.

    1. Re:Who controls the device? by WillAffleckUW · · Score: 1

      They already control your tea kettle, using an IoT backdoor.

      You're being spied on right now.

      In your home.

      Without a warrant.

      --
      -- Tigger warning: This post may contain tiggers! --
    2. Re:Who controls the device? by ItsJustAPseudonym · · Score: 1

      Here's how that would work out:

      1. They come after you
      2. You claim that the government did it.
      3. They say "you have no evidence that we did it, and we won't disclose any actions we may or may not have taken because of national security. By the way, anything that you think is evidence is now classified.
      4. You lose.

      This is analogous to those situations in which someone sues the government for running an illegal dragnet, and they counter by saying you have no standing because you don't know that you were actually involved. P.S. the records are classified.

      IANAL.

    3. Re:Who controls the device? by AHuxley · · Score: 1

      It depends on where the person of interest was found. On IM chat, IRC, a forum, web 2.0 social media, some new phone only social media app.
      Re "how do we know?"
      A honey trap? Disinformation? No more access? would be a slow rolling in of online hints.
      To understand the traditional outcome consider the classic methods used on Irish human rights campaigners, UK trade unions or any other political or social issues going back many decades.

      --
      Domestic spying is now "Benign Information Gathering"
  14. Here's a tip, fuckstick. by Anonymous Coward · · Score: 1

    "Baaaw, X is so much worse!" isn't a fucking excuse.

    Or is it okay for someone to fuck you in the ass without your consent, because hey, you were asking for it, and at least nobody murdered you, amirite?

  15. Got to get me one of those by Foundryman · · Score: 1

    It will look really nice hanging on the wall next to my "License to ill"

  16. Violation of EU rights and treaties by WillAffleckUW · · Score: 1

    Illegal on the face of it.

    This is why the UK will break up if London greedmeisters persist.

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:Violation of EU rights and treaties by Anonymous Coward · · Score: 1

      Illegal on the face of it.

      This is why the UK will break up if London greedmeisters persist.

      Not just the UK: England itself will also break up; there's already regional assemblies being planned for various sections of the country.

  17. In other words they want to pant evidence by Anonymous Coward · · Score: 1

    Even if they don't plant evidence they will be contaminating any evidence. There is a reason that police are required to 'pull the plug' on devices when they seize equipment. Anything else risks contaminating it and making in unusable in court. Once a drive is in the hands of the police it gets handed over to forensics which while a big joke IMHO has the tools to clone the disk and make an image of it using tools that prevent write commands from being issued to the original drive. This combined with a strict chain of command of the drive ensures that any evidence obtained from said device is genuine, not contaminated, etc.

    Now in the real world forensics experts can't be trusted. They utilize tools which enable them to essentially fabricate evidence from things like corrupted memory which may or may not be linked to the purported criminal/defendant in the cast. As an example a search for 'how to kill a mocking bird' can become 'how to kill'. Then we leave off the fact we can't actually confirm that the person who owned the computer was the one who conducted the search for a variety of reasons. Just because a forensics expert looks at the system doesn't necessarily mean that they've been able to identify, can identify, or have even tried to identify to person who made that search. In many cases it may be a malicious piece of code that ran temporarily an no evidence of it even got written to disk. In other cases it might be a neighbour, friend, employee, or even a corrupt police officer. And when you read these stories about '20 illegal pictures' do you really believe that the police are that effective at rooting out illicit imagery? If you were told those images all had an identical time stamp and there was no evidence that the user downloaded would you still believe they weren't planted? Because that is *exactly* the kind of evidence that is used to convict. If it were 'real evidence' its almost certainly there would have been more evidence, different time stamps, and evidence in other places (ie browser history, etc).

  18. Choose your words by barbariccow · · Score: 1

    A license to hack? You need that now in Britain! What a police state. I've been hacking for decades. I honestly don't know if this is scarier than if they offered a "License to crack" people's systems as well..

  19. well that is the point. by samantha · · Score: 1

    The entire point of using encryption is to keep snoops of all kinds out of your information as much as possible. Just because the snoop works for the government does not mean they get carte blanche or are any less criminal if the hack into a device.

    1. Re:well that is the point. by AHuxley · · Score: 1

      A keylogger will be waiting for every message created or displayed.
      The idea is to get to the plain text as seen or created before any user installed encryption application or user installed/commercial alternative operating system.

      --
      Domestic spying is now "Benign Information Gathering"
  20. Good news. by tomthepom · · Score: 1

    Before the advent of digital communications, if the government wanted to covertly know what you were up to, they would have to break into and bug your home, tamper with your telephone, physically follow you around. It was difficult and expensive, so out of necessity limited to the most interesting targets. Yes the definition of 'interesting' varied from country to country and time to time, from criminals to political dissidents to inconvenient minorities, but the majority of people were generally safe from being watched.

    Now, and for the first time in history, it has became economically possible to surveil the large majority of the population. And governments around the world have gleefully taken advantage of this, expanding the definition of 'interesting' to cover, literally, everyone; metadata is scooped up en masse, and communication content is available at the press of a button - constrained only by self imposed and often flimsy legal limits.

    But, post Snowden, with the increasing implementation of end to end and zero knowledge encryption, the pendulum is starting to swing back again. Unless they force manufacturers to backdoor every phone and computer, governments will have to go back to the old ways of doing things, by physically hacking individual devices.

    The article doesn't seem to indicate an increase in surveillance powers, but rather a realization by the security services that the glory days of embarrassingly easy mass snooping are beginning to end, and now they're going to have to actually work for their information.

    If this gets us back to an era limited, targeted and suspicion led surveillance then this is a good thing, no?

    1. Re:Good news. by awol · · Score: 1

      It's a complicated question that presents me with difficulties. Let us assume that we live in a country with separate Executive, Judicial and Legislative powers. Despite failings, this is largely true of the UK. If the executive (police etc) want to spy on someone they need a legislative authority and I would like them to have a second, independent, step by which someone evaluates if the purpose of their spying is within the legislative authority. That would be a judge. I am not convinced that the Home Secretary (which is an Executive position) is the right institution to be conducting this evaluation. A judicial oversight would be more comforting methinks.

      I don't have a problem with the state hacking for the purposes of investigation. Placing the existence of this capability into the public domain certainly impacts the probative value of information found on a device (the planting of false evidence becoming likewise easier). This is akin to weight of the finding of physical evidence with the probability of the planting of false physical evidence with the warranted access to a suspect's property or person. Corruption is the problem here, not the means by which it is effected.

      What concerns me most of all is the creation of legal processes which are not subject to the scrutiny of public view. It is this issue that should be at the top of all the agitation about the progress of these courses of action. Secret courts or injunctions, the existence of which cannot be mentioned are frightening and indeed so Kafkaesque as to be worthy of new round of parable fiction.

      --
      "The first thing to do when you find yourself in a hole is stop digging."
  21. Wilson Doctrine by Namarrgon · · Score: 1

    Despite regular assurances about the Wilson Doctrine for the last 60 years, British MPs were recently dismayed to find out that they are, in fact, being spied upon - just like any other citizen. The Wilson Doctrine was finally admitted (after a legal challenge) to be nothing more than a vague platitude with "no legal force".

    Goes to show that politicians lie to each other as regularly as they do to the rest of us. The only notable part is that some of them appeared genuinely surprised by this.

    --
    Why would anyone engrave "Elbereth"?