Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Government Says App Developers Won't Be Forced To Implement Backdoors (betanews.com)

Posted by samzenpus on from the keeping-it-secure dept.

Mark Wilson writes: The UK government is sending mixed messages about how it views privacy and security. Fears have been mounting since Prime Minister David Cameron wondered aloud 'in our country, do we want to allow a means of communication between people which we cannot read?' — his view obviously being that, no, we don't want to allow such a thing. Following the revelations about the spying activities of the NSA and GCHQ, public attention has been focused more than ever on privacy and encryption, Cameron having also suggested a desire to ban encryption. Today, some fears were allayed when it was announced that the government was not seeking to require software developers to build backdoors into their products. That said, the government said that companies should be able to decrypt 'targeted' data when required, and provide access to it.

86 comments

  1. So, almost like North Korea? by Anonymous Coward · · Score: 0

    That Cameron dude seems to have lost it completely.

    1. Re:So, almost like North Korea? by gweihir · · Score: 1

      I don't think he ever had it in the first place...

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  2. David Cameron is not very intelligent by Anonymous Coward · · Score: 5, Insightful

    Unfortunately, Mr Cameron lacks even basic knowledge of technology, so is unable to appreciate that his expectations of making encrypted data readable by the NSA/GCHQ/Stasi, are completely unrealistic. Cameron should keep his slimy far right persona out of areas that he can't understand - since that appears to include most areas of government, maybe he'd be better seeing employment that is more fitting for his level of ability - perhaps as a clown or jester.
    And, to answer Mr Cameron's question as to whether we want to allow means of communication between people which can't be read by the secret police - I think anyone supporting of democracy will be screaming 'yes - of course we do'. This is fundamental to any democratic society. Cameron might want some kind of despotic right wing regime, but most people here don't. Remember - Cameron was elected by a very small minority of the British people (~20%), because of the way the antiquated electoral system has failed. He most certainly has no democratic mandate to rule.

    1. Re:David Cameron is not very intelligent by Anonymous Coward · · Score: 0

      You do not understand what "far right" means or is supposed to be. Please keep out of any discussions about politics. The Overton window claims another victim.

    2. Re:David Cameron is not very intelligent by Kkloe · · Score: 1

      I think they are talking about getting data that passes the server of said company that would have master keys to unlock it

    3. Re:David Cameron is not very intelligent by 91degrees · · Score: 1

      Remember - Cameron was elected by a very small minority of the British people (~20%), because of the way the antiquated electoral system has failed. He most certainly has no democratic mandate to rule.

      What would you consider a mandate, and what British PM has ever achieved that sort of level of support?

    4. Re:David Cameron is not very intelligent by Anonymous Coward · · Score: 0

      Indeed, it's getting rather tedious every time people trot out the Conservatives only got 24% of the electorate voting for them.

      Conveniently forgetting that by the same measure, the previous Labour governments only got 21%

    5. Re:David Cameron is not very intelligent by Anonymous Coward · · Score: 0

      Please tell us what "far right" means and what "far left" is supposed to be!

      Overton Window diagram
      Look at the picture, where is right or left?

    6. Re:David Cameron is not very intelligent by Hognoxious · · Score: 1

      Your figures are off.

      http://www.bbc.com/news/electi...

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    7. Re:David Cameron is not very intelligent by Jamu · · Score: 2

      24% of the electorate voted for a Conservative candidate. 0.08% voted for David Cameron.

      --
      Who ordered that?
    8. Re:David Cameron is not very intelligent by AmiMoJo · · Score: 2

      Don't underestimate Cameron. The upper class twat persona is just a mask. He is extremely careful to be bland an inoffensive at all times, speaking only in generalities and vague benign sounding ideals.

      For example, on this issue he always talks about safety. No-one opposes safety, right? Safety is good. He avoids being too specific or saying anything too ideological.

      He is a dangerous opponent, because he turns people to apathy. They vote for him because he stands for nothing specific, so they fill in the blanks themselves and assume he agrees with them.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    9. Re:David Cameron is not very intelligent by Anonymous Coward · · Score: 0

      No state servant is for encryption amongst its subjects.

    10. Re:David Cameron is not very intelligent by 0123456 · · Score: 1

      Ha-ha. You think Cameron is 'far right'.

      He's at best a cuckservative, and even that is debatable.

    11. Re:David Cameron is not very intelligent by Shortguy881 · · Score: 1

      Clown or Jester is the perfect job description for the modern politician. Look at the U.S. They are about to elect Trump.

      --
      Brilliance without wisdom, power without conscience. Ours is a world of nuclear giants and ethical infants.
    12. Re:David Cameron is not very intelligent by Anonymous Coward · · Score: 0

      > Cameron might want some kind of despotic right wing regime, but most people here don't.

      Absolutely speak for yourself. I am leftist in almost every way, but the current level of immigration is going to wreck the UK and Europe generally. Not all cultures are equal (whether down to religion, luck, tendency to violence or even genes). Posting as AC because I fear what I should be allowed to say publicly.

    13. Re:David Cameron is not very intelligent by Anonymous Coward · · Score: 0

      You are most certainly wrong.
      Do you have any evidence for your claim?
      Why didn't you answer one of my questions?

      Now if you think that left means 'less freedom' you are an idiot.
      Don't you know the origin of those words? The left side wanted to kill the King to gain - more freedom.

    14. Re:David Cameron is not very intelligent by Anonymous Coward · · Score: 0

      Yep. I think they are saying "unlike earlier statements, encryption not to be banned. Just neutered."

    15. Re:David Cameron is not very intelligent by Anonymous Coward · · Score: 0

      Clement Atlee, on the grounds the returning working class soldiers wanted the better world they had been told they were fighting for. eg a national health service and the rest.

    16. Re:David Cameron is not very intelligent by Anonymous Coward · · Score: 0

      but they were tory to.

    17. Re:David Cameron is not very intelligent by BranMan · · Score: 1

      No state servant HAS subjects! W. T. F.

    18. Re:David Cameron is not very intelligent by 91degrees · · Score: 1

      He got less than 50% of the popular vote and only about 37% of the voting population picked him. And he's the most successful PM since the war.

  3. I thought NSA and GHQ had backdoors by invictusvoyd · · Score: 1

    in every major encryption algo. So why do they worry?

    1. Re:I thought NSA and GHQ had backdoors by Anonymous Coward · · Score: 0

      I don't know why you thought that. Remember how the NSA actually strengthened DES to resist differential cryptanalysis, 16 years before the technique was publicly known?

      The Clipper chip used key escrow, not any algorithmic weakness; the Skipjack cipher is still unbroken.
      Dual_EC_DRBG is the only algorithm anyone's even suspicious about.

    2. Re:I thought NSA and GHQ had backdoors by AHuxley · · Score: 1

      AC by shortening of the keysize. What one section of a gov gives away in public, another ensures will revert to plain text :)

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:I thought NSA and GHQ had backdoors by AHuxley · · Score: 1

      The US and UK have 3 areas to worry about.
      Open source efforts produce a good new method thats free, accepted and upgraded.
      Some neutral nation outside the US and UK direct academic influence sells, creates or offers good working encryption at a low price.
      A brand installs harder than average encryption responding to market forces that does not decode easily in realtime in consumer hardware or software.
      Most of the above are fixed with big cash offers, international treaties or a nice chat.

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:I thought NSA and GHQ had backdoors by Anonymous Coward · · Score: 0

      Save your clueless paranoid delusions for the Daily Mail. Crypto is a peer reviewed mathematical discipline, money doesn't factor into it beyond brute force attack resources.

    5. Re:I thought NSA and GHQ had backdoors by Anonymous Coward · · Score: 0

      in every major encryption algo. So why do they worry?

      They just need to make people think they can't snoop.

    6. Re:I thought NSA and GHQ had backdoors by gweihir · · Score: 1

      They do not. Really not. That would be a catastrophe waiting to happen. (Then, we still have enough nukes at the ready to destroy the planet several times over, so that may not be much of a deterrent.) But it seems highly unlikely that they can break modern crypto like AES or indeed any of the other finalists for a number of reasons. In addition, the continued failure to force companies to make their software more secure does deliver a host of vulnerabilities all the time. I am not sure this is an accident.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    7. Re: I thought NSA and GHQ had backdoors by Anonymous Coward · · Score: 0

      That's the charade they started with Apple over iOS 9.

  4. Reveal a plot so fiendish by AHuxley · · Score: 1

    Any data flow could be of interest to the UK gov at some time for some reason and UK staff will have to provide gov/mil access when demanded.
    A brand thinking their data sets will not be of interest and not build in UK ready traps doors or back doors would be offering a "means of communication between people which we cannot read".
    By default UK based brands will have to build in trapdoors, backdoors just to cover that UK gov request eventuality ie "companies must be able to provide targeted access"".

    Nobody Expects the targeted data request.

    --
    Domestic spying is now "Benign Information Gathering"
  5. Bottom line by 93+Escort+Wagon · · Score: 5, Insightful

    The politicians deciding these rules have no idea how this stuff works. "We're not asking for back doors. Back doors are bad. We just want a way to access the contents of encrypted messages when we deem it necessary."

    It'd be funny if the stakes weren't so high.

    --
    #DeleteChrome
    1. Re:Bottom line by Kkloe · · Score: 1

      ?, as a developer I cant see how you cant build so the cant be unencrypted if it passes the servers we have control over, like apple, they have encryption on the phone that apple cant crack but when that message\data is passed\synced through apples servers they can allow other access to it.
      this is what they probably are talking abou

    2. Re:Bottom line by drinkypoo · · Score: 1

      as a developer I cant see how you cant build so the cant be unencrypted if it passes the servers we have control over, like apple, they have encryption on the phone that apple cant crack but when that message\data is passed\synced through apples servers they can allow other access to it.
      this is what they probably are talking abou

      Please explain your rationale for believing that.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:Bottom line by Kkloe · · Score: 1
      http://mashable.com/2014/09/18...

      There's a catch, though: even if Apple is unable to hand over the data from your phone, it can (and will, if asked via a court order) hand over the data from your iTunes or iCloud account

      maybe

    4. Re: Bottom line by Anonymous Coward · · Score: 0

      You could maybe build stuff so that messages don't pass through servers at all. Skype used to do that until Microsoft bought it and made it spy-friendly.

      It's not just encryption, it's architecture. If you mean to actually want to comply with things, I'm sorry for you.

      Ultimately what fixes this is economics. The world already knows not to trust US cloud providers and comm hardware, and it will learn not to trust UK software as well.

    5. Re: Bottom line by Kkloe · · Score: 1

      so does it affect anyone in the end?, because beside some people that really wants to really avoid getting their info handed to the gov the general populace, businesses\organisations and governments will know about this and still use that software because there is no other option or is the best economic option vs security

    6. Re:Bottom line by drinkypoo · · Score: 1

      as a developer I cant see how you cant build so the cant be unencrypted if it passes the servers we have control over, like apple, they have encryption on the phone that apple cant crack but when that message\data is passed\synced through apples servers they can allow other access to it.
      this is what they probably are talking abou

      Please explain your rationale for believing that.

      "There's a catch, though: even if Apple is unable to hand over the data from your phone, it can (and will, if asked via a court order) hand over the data from your iTunes or iCloud account"

      The government can already get your unencrypted transmissions, because they have tapped all backbone links in the USA, and probably everywhere. But the only way that Apple can provide the data from your iTunes or iCloud account is if there's a back door in the encryption system.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    7. Re: Bottom line by Dog-Cow · · Score: 1

      I don't think you really understand this Internet thingy and how it works.

    8. Re:Bottom line by Kkloe · · Score: 1

      back door?, no they use their own keys to encrypt the stuff on *their* servers, thats not a back door, that is how it is

    9. Re:Bottom line by Lakitu · · Score: 1

      like apple, they have encryption on the phone that apple cant crack

      If Apple can't unencrypt it on the phones, then they can't unencrypt it ever.

      but when that message\data is passed\synced through apples servers they can allow other access to it

      When the phone owner unencrypts his unencryptable data and sends that in an unencrypted message through Apple's servers, then Apple has the unencrypted data.

    10. Re: Bottom line by mangobrain · · Score: 1

      Could you clarify? References to Skype may or may not be relevant, but direct end-to-end communications is most certainly not impossible. It may be difficult in practice with contemporary IPv4 deployments (most devices are not directly addressable from the public Internet due to NAT), but of course it can be done: as long as it is possible for two devices to connect (which evidently it is, or we couldn't have an Internet at all), there is no "magic" which mandates that one or other of those devices be a corporate-controlled central server.

      Central servers - effectively, brokers - do provide a lot of convenience: one place to publish & discover user presence, no need to bypass NAT at the endpoints because both connections are outbound, store & forward of messages for offline users, etc. But you *could* have a purely peer-to-peer network with offline exchange of contact details, or a central server used for nothing but storing details by which a user's device can be directly contacted.

      Unless you count "routers" as "servers" - but with suitably randomised addressing and strong encryption, all that router logs will tell you is "device A sent some data to device B", nothing about the *meaning* of the data or the people behind it.

    11. Re:Bottom line by dkasak · · Score: 2

      Your data passing through someone else's servers doesn't automatically imply they have means of decrypting that data. Clients can generate keys themselves (or negotiate them securely with each other, in the case of asymmetric encryption) and keep them secret. Data encrypted in such a way can be stored wherever you want without the party owning the infrastructure being able to read it.

    12. Re:Bottom line by mangobrain · · Score: 1

      That may be how it is, but it is not necessarily how it has to be. It is possible to build a system where the data is encrypted with per-user private keys, which never leave the user's device(s) - at least, not in the clear, and ideally only when being migrated/copied to other devices. Do all the crypto on the device, transmit & store it with private keys unknown to the owners of the infrastructure.

      For all I know, this might in fact already be how iTunes & iCloud work already; that certainly seems to be the implication in the statement that data is "placed under the protection of your passcode ... [therefore] it's not technically feasible for us to respond to government warrants for the extraction of this data" (from your mashable.com link). I'm pretty sure various online back-up services work this way.

      Of course, there has to be a certain level of plaintext metadata: the fact that you have an account is not secret, nor are the amount of data stored, the access times, and the network addresses of devices used to access it. But the data itself? A system in which the service provider doesn't have centralised private keys is absolutely, completely feasible.

    13. Re: Bottom line by Anonymous Coward · · Score: 0

      States and businesses are one. Yes, Chinese companies and Chinese state want Lockheed information. Yes, Five Eyes and Exxon want Gasprom emails.

    14. Re:Bottom line by echnaton192 · · Score: 1

      Not true. This Data is not encrypted by the users password or a separate encryption key. iMessage is encrypted end-to-end.

      Emails, calendar, notes, address book, photos, unencrypted backup are not encrypted with a key apple has no access to on the icloud. You could encrypt the backup with a special password, the other stuff is NSL-able.

      You could use posteo.de or similar services for emails, calendar and address book and encrypt the stored data with the password for login. That is easy because apple uses standards (IMAP, cardDAV, calDAV) for these services.

      Notes were stored with IMAP up until iOS 8, so you could rescue it from GCHQ and NSA. This no longer works with iOS 9, icloud is obligatory. So one could only switch the app for taking notes and store ist elsewere.

      There is no way to securely stream your photos automatically that I am aware of. Switch it off or make them freely available, because icloud is not secure.

      I would not trust the backup to be safe at apple even if it were enrypted, this encryption surely is one of the main targets for the NSA, I am shure.

    15. Re:Bottom line by gweihir · · Score: 1

      Probably the only real problem with democracy is that most voters are morons, but more so, most politicians are morons and with all shreds of personal honor, integrity or morality removed.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    16. Re:Bottom line by Anonymous Coward · · Score: 0

      Never attribute to stupidity that which can be adequately explained by malice.

  6. Because clearly that's dangerous by Anonymous Coward · · Score: 0

    "'in our country, do we want to allow a means of communication between people which we cannot read?"

    No, no of course not. You wouldn't. Secret terrorists would be communicating in secret anywhere. Can't have that.

    Something of a turnaround though, since the principles behind postal services were established.
    From wikipedia, on Secrecy of Correspondence (https://en.wikipedia.org/wiki/Secrecy_of_correspondence):
    "The secrecy of correspondence or literally translated as secrecy of letters, is a fundamental legal principle enshrined in the constitutions of several European countries. It guarantees that the content of sealed letters is never revealed and letters in transit are not opened by government officials or any other third party. It is thus the main legal basis for the assumption of privacy of correspondence."

    To think how many terrorist attacks, civilisations destroyed and governments toppling over we could have prevented back then, if only we're allowed officials to peer through our mail.

    1. Re:Because clearly that's dangerous by Anonymous Coward · · Score: 0

      "'in our country, do we want to allow a means of communication between people which we cannot read?"

      So, the freedom of speech is up for discussion then? Because speech is the main form of communication among illiterates. And there goes the telephone system too. :-(

  7. Analog storage crime nest by Anonymous Coward · · Score: 1

    It's high time the governments of the world started cracking down on the terrorist nests that are analog books. It's impossible to know if thought crimes are committed with ink and paper. Perhaps a mandatory legal waiver of ones human rights with each purchase of writing materials?

    It might be best to just proceed to the inevitable conclusion and burn every literate human being at the stake unless they agree to live with a government approved guardian overseeing their every action and thought.

    1. Re:Analog storage crime nest by gweihir · · Score: 1

      +1000000, insightful. Sorry, no mod points. (Time to start reading those classics again. They become more and more relevant, unfortunately.)

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  8. Remember 2015 by Anonymous Coward · · Score: 0

    ... said that companies should be able to decrypt 'targeted' data when required ...

    Of course internet companies won't be forced to implement back-doors: It will be totally voluntary, just like IRS audits and protection of corporate rights. The US national security industry has been there, done that. It will be interesting to see if Apple's improved security policies survive the 'encryption is evil' propaganda.

  9. Not a backdoor by Anonymous Coward · · Score: 0

    "...the government said that companies should be able to decrypt 'targeted' data when required..."

    In other words "We want a backdoor, but we don't want to call it that".

    1. Re:Not a backdoor by Anonymous Coward · · Score: 0

      In other words "We want a backdoor, but we don't want to call it that".

      Actually, no backdoor is needed, and the government already has the leverage it needs; as in:

      "Here is a search warrant. Hand over the encryption keys for this, or we arrest you right now."

      No warrant, no spying. Except through good old methods like planting a bug or parabolic microphone. Can't do that to everyone - but certainly possible for the few terrorists & "russian embassy staff" among us.

    2. Re:Not a backdoor by Anonymous Coward · · Score: 0

      Not something that's always possible though. Our company has a system that encrypts the user's data using a public key generated by the app on their device. We never store the data unencrypted. We could with some changes capture data on the fly (no such ability exists now), but there's absolutely no way we can decrypt the already stored data without the private key that only the users have.

    3. Re:Not a backdoor by Anonymous Coward · · Score: 0

      I want a backdoor too. In particular one belonging to a nubile girl.

  10. This has always been a big pile of hysteria. by 91degrees · · Score: 2

    David Cameron made a speech. He said the government wants it to be impossible for terrorists to hide from the security services.

    Tech media sites assumed that Cameron knew exactly what he was talking about while at the same time having no idea what he was talking about. They concluded that the only way this would be achievable would be to ban encryption. In fact, given that pretty much everyone who talked about it mentioned WhatsApp and Snapchat, and no other services, it makes it pretty obvious they were getting this from each other.

    Of course people took this speech as gospel and completely ignored other statements saying this was not going to happen, just like they'll ignore this

    Nobody thought that Cameron didn't have a clue what he was asking for. Nobody considered that he does actually have the option to compromise; Cameron's actually pretty good at that. Everyone assumed that this vague speech was explicit unwavering government policy to ban WhatsApp and Snapchat based on a stupid echo chamber and ridiculous assumptions.

    1. Re:This has always been a big pile of hysteria. by echnaton192 · · Score: 1

      How could this possibly be? How could we assume that he is an orwellian Big Brother, conpiring with the USA to build an orwellian, fascist surveillance scheme?

      Because of reports like this? https://theintercept.com/2015/...

      Because there is nothing holding back the GCHQ from intersepting everything including porn use to denounce any resistance? Because the GCHQ has already infiltrated legal NGOs to undermine and control those "terrorist" NGOs like Amnesty International?

      http://www.theguardian.com/uk-...

      Because after laying waste to the middle east he leaves the refugees to the other european countries?

      Because he already annnounced that if the european human right standards might hinder his orwellian fantasies, he considers abondoning these standards and replace them with his british version?

      http://www.huffingtonpost.co.u...

      Because he does not even think that UN human right standards might also apply to his government?
      http://www.welfareweekly.com/c...

      Under which rock have you lived since the release of the Snowden files?

      Every european country installed an orwellian surveillance scheme. But this government and his system to me as a foreigner seems to be by far the worst. They stop at nothing.

      That is why I highly doubt he will be able to really compromise. He uses 1984 as a how to manual, even going to war with changing coalitions to keep the system going. But even George Orwell was not foreseeing a time when people buy their bugging devices and waiting in line to get their bug.

    2. Re:This has always been a big pile of hysteria. by 91degrees · · Score: 1

      Well, yes... Most governments want to spy on their citizens. I am not defending this.

      I'm just pointing out the idiocy of people who infer specifics based on a wild interpretation of a speech.

    3. Re:This has always been a big pile of hysteria. by gweihir · · Score: 1

      David Cameron made a speech. He said the government wants it to be impossible for terrorists to hide from the security services.

      And that is the problem right there: The only environment where that even gets close to the truth is extreme Fascism. If there is even a bit of personal freedom left, terrorists can hide. Hence even extreme Fascism offers some possibilities for terrorists to hide, so you have to have things like concentration camps, wars and famines to keep them otherwise occupied. But remember all those people that hid Jews in the 3rd Reich? All these qualify as "terrorists" in the convoluted mind-set of Cameron and he wants such deeds to be made impossible.

      In the end, Cameron and his ilk want to remove all personal freedoms and have any action, and if possible, any thought by a citizen be subject to review by "the authorities".

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  11. Pointless by Anonymous Coward · · Score: 0

    That's functionally the same thing.

    "It's OK guys, GCHQ don't have the ability to remotely access all your data but they do have the ability to compel us to access all your data on their behalf."

    1. Re:Pointless by AHuxley · · Score: 1

      A company is compelled to do the decryption on their own product at their own site :)
      No outside legal advice over the warrant, staff are then doing the conversion back to plain text on their own private sector server.
      All the cooling, cpu time, staff hours, costs, network changes can be pushed back into the private sector as they have to be fully compliant.
      No more tricky private sector encoding ever again.
      The cleared defence team is told in closed court the presented evidence is pure and direct from the company. No leaking of further methods in any court or further questions.

      --
      Domestic spying is now "Benign Information Gathering"
  12. Libraries by Anonymous Coward · · Score: 0

    App developers just use the libraries with backdoors.

  13. How can you tell when a politician is lying? by Epeeist · · Score: 1

    Answer: "When you can see their lips moving".

    Cameron is an ex-PR flack who never lets truth get in the way of the message.

  14. Backdoors behind back doors by Anonymous Coward · · Score: 0

    That's not the situation. Publicly Cameron is distanced from the mass surveillance, Theresa May, is the front for that.

    She's trying to get Snoopers charter through AGAIN, behind backdoors. Since we don't know the details she's pushing behind the scenes, it will likely be an omnibus bill with all the themes thrown into one: backdoors, domestic mass surveillance, hacking rights,... the lot.

    http://www.theguardian.com/politics/2015/jun/13/snoopers-charter-theresa-may-refuse-to-share

    All the stuff that GCHQ are doing now, rolling into one 'make it legal because they're doing it now and they have all this shit on you' bill.

    Apparently Parliament can't be trusted with democracy.

  15. Not forced by Anonymous Coward · · Score: 2, Insightful

    NO developers were forced to add back doors to these apps, but most of them voluntarily chose to live peacefully with their families.

  16. "back door" and "front door" by Anonymous Coward · · Score: 0

    I'm reminded of the idiotic bogus distinction some such politicians (e.g. James Comey) try to make, saying they don't want a "back door" but a "front door".

    Comey: """
    There is a misconception that building a lawful intercept solution into a system requires a so-called "back door," one that foreign adversaries and hackers may try to exploit.

    But that isn't true. We aren't seeking a back-door approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law.
    """

    Bruce Schneier did a nice takedown of that stupidity: https://www.schneier.com/blog/archives/2014/10/more_crypto_war.html

    They may as well be saying "We don't want a triangle! We want a polygon with 3 sides" or "We don't want the number 2; we want an even prime number".

  17. Anything but 'Forced' by Anonymous Coward · · Score: 0

    Threatened, Coddled, Compelled, Menaced, Bribed, Made-to-comply-with-mandatory-regulations, 'Served', Subpoenaed, Conscripted, Coerced, Bound and Obligated.

    But not Forced.

  18. Re:This haiku's about another kind of backdoor by Dr_Barnowl · · Score: 4, Funny

    Clearly you don't follow the news about our PM.

    A better haiku would be

    The Turgid Member,
    Slipped into a dead pig's mouth,
    Like he fucks the poor

  19. contradictory statements by v1 · · Score: 1

    Today, some fears were allayed when it was announced that the government was not seeking to require software developers to build backdoors into their products. That said, the government said that companies should be able to decrypt 'targeted' data when required, and provide access to it.

    What's the difference here? Companies like Apple are designing their systems such that they never have the key to the data. They hold the data, but have no way to access it, by design. The UK is saying they're not going to require back-doors, (presumably this means "they won't be required to provide a way for us to decrypt the customer's data") but at the same time they're saying "we should have access to the data anyway".

    The only three ways I see to reconcile these two statements is to do one of:
    - not encrypt the data in the first place.
    - use worthless encryption
    - keep a copy of the key

    Apple's current method of "we use strong encryption and don't have your key" would seem to voilate their requirement. But since the government wants to have a way in, without a back door, it means the company itself is required to have a back-door of their own built into the system, that allows the company access to your data. From there, the government can issue an NSL or something to force you to hand over the data.

    So we're going from a back-door that lets only the government to have access to your data, to a "better model" that lets them have access to it, because the company also has access to it? How is this BETTER?

    I say NO to both!

    --
    I work for the Department of Redundancy Department.
    1. Re: contradictory statements by Anonymous Coward · · Score: 0

      Apple is the middle man when exchanging keys. The user has no way to load or verify keys, other than iOS saying so. And if gotofail taught us anything...
      So they can replace keys without user knowing.

  20. Not stupid by FrozenGeek · · Score: 2

    The majority of the public won't understand that "should be able to decrypt on demand" is the same thing as a back door. To them, what he said was good and fair. This is just another case of a politician playing with words in order to manipulate the electorate.

    --
    linquendum tondere
  21. You can keep your healthcare plan by Anonymous Coward · · Score: 0

    Never trust a politician's word. If the law allows them to do something they will do that thing.

  22. psht by sociocapitalist · · Score: 1

    Developers "Won't be forced" because they will otherwise be motivated (i.e. what just happened in the US where telcos get immunized against lawsuits in exchange for providing customers' private data to the Feds).

    --
    blindly antisocialist = antisocial
  23. David Cameron Rules!!!! by Anonymous Coward · · Score: 0

    I'm more concerned about North Korea because they didn't elect their dictator, but Britain elected Cameron and so deserve him. Let him do whatever he wants to them. They deserve no better. I've no patience for morons who vote against liberty. Fuck them.

    Benjamin Franklin said "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

    1. Re:David Cameron Rules!!!! by gweihir · · Score: 1

      While I agree on the sentiment, such a cancer can spread. Remember that Hitler was voted into office. (With a minority of votes, but still the largest share.)

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  24. The government wants systems to be secure by DickBreath · · Score: 2

    As long as they are insecurely secure.

    In classic government oxymoronic style. Governments are full of oxymorons.

    Some government "adult male" in their "arrogant humility" engaged in "a just war" wants us to "agree to disagree" to introduce "astronomically small" insecurities into our "insecurely secure" systems so that "military intelligence" can "read unreadable" messages.

    It all makes sense.

    --

    I'll see your senator, and I'll raise you two judges.
  25. smell the glvoe by PopeRatzo · · Score: 1

    UK Government Says App Developers Won't Be Forced To Implement Backdoors

    But if they know what's good for them...

    --
    You are welcome on my lawn.
  26. umm what? by phishybongwaters · · Score: 1

    So I'm confused. They won't make app developers put in a back door (to allow them to intercept communication) but will require them to have a method to intercept communication on demand. How exactly is that not a backdoor?

    1. Re:umm what? by gweihir · · Score: 1

      Something needs to be intentionally broken if they can intercept and decrypt communications. That is a "compromise" of the security of the app, but it is not a backdoor, which is a command and control interface into the app. Intercepting and decrypting communication can be done by weaknesses in the Architecture, design and implementation, but may not require contacting the app at all.

      The distinction is purely technical though, the result is the same: A broken product that endangers its users.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  27. Being able to decrypt the data is a backdoor by Anonymous Coward · · Score: 0

    The idea is that companies are not even leaving a backdoor for themselves to be able to decrypt the data.

    1. Re:Being able to decrypt the data is a backdoor by gweihir · · Score: 1

      Well, not really, although it has the same effect. Weak keys, weak crypto, etc. all serve that purpose. I also have a nagging suspicion that legal approaches to make companies write more secure code are delayed or squashed in order to allow the GCHQ (and others of the same fundamental evil disposition) to continue to indulge their peeping habits.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  28. But they will be forced to lie about it... by gweihir · · Score: 1

    This is really the best of both worlds: Force backdoors (which are insecure, of course) in there, but make it right again forcing the people involved to lie about it. Everybody that does not comply is obviously a terrorist and will go into an isolation cell in prison for his remaining lifetime.

    In particular the British administration is lying habitually and pathologically and nothing they say can be trusted.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  29. Means the same thing by Anonymous Coward · · Score: 0

    Today, some fears were allayed when it was announced that the government was not seeking to require software developers to build backdoors into their products. That said, the government said that companies should be able to decrypt 'targeted' data when required, and provide access to it.

    Requiring companies to have a backdoor to give data to the government is the same as requiring companies to have a government back door where the government can take the data themselves. This is just rhetoric and means absolutely nothing but typical political smoke and mirrors double-talk worthy of the US government.

    Anything that can be decrypted by someone other than the user is, by definition, not encryption.

  30. How can you run a country. by RalphOstrander · · Score: 1

    And not understand this cat is out of the bag and you will never be able to put it back in.