Slashdot Mirror
Internet Firms To Be Banned From Offering Unbreakable Encryption Under New UK Laws (telegraph.co.uk)
Retron writes: Despite statements from the minister for internet safety and security Baroness Shields last week that the UK government would not require software developers to build backdoors into their products, the Telegraph is reporting that the UK Government is going to ban companies from offering 'unbreakable' encryption, effectively requiring a backdoor in products from the likes of Google and Apple. The reasons given are that they don't want the likes of terrorists and paedophiles to communicate in places the Police can't reach. A Home Office spokesman said: “The Government is clear we need to find a way to work with industry as technology develops to ensure that, with clear oversight and a robust legal framework, the police and intelligence agencies can access the content of communications of terrorists and criminals in order to resolve police investigations and prevent criminal acts."
Is this the sort of thing that the EU could override?
I am sure the ones to oversee this is the Ministry of Truth.
Don't fight for your country, if your country does not fight for you.
it just might take a while ...
Everything else goes, right?
Replace "terrorists, paedophiles and criminals" with "people" and you get what this is really about: People must not be allowed a “safe space” online. Nobody wants that, except the rich elite in their mad power grab towards global tyranny.
Everyone should be aware that the majority of paedophile rings that have been busted were found to be passing material amongst themselves by sending encrypted DVDs (and originally VHS tapes and photographs etc.) using services such as USPS/Royal Mail signed for etc. Physical mail can't be interfered with without a court order, is secure, cheap and reliable. I would imagine terrorists do much the same.
This is plain and simply the gubberment desperately trying to keep all windows of the Panopticon open. Clueless old 19th century minds trying to legislate against the future and maintain their failed baboon style pyramid hierarchy.
It will be a total failure.
This gives Apple and Google the power to decide whether or not there will be a revolt in the UK.
I'm not sure the politicians have thought this one through all the way. But, good, from a meritocracy perspective.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
There was a Slashdot poll a few years ago, asking the question "What percentage of your traffic is encrypted?"
The answer that stuck in my mind was from a guy who said, "all of it. My WiFi has WPA2."
I knew I needed to stop reading Slashdot and finish my PhD when I started to miss articles by Bennett Haselton.
So basically, no encryption at all, since if it's breakable by one person it's breakable by anyone.
...of freedom as we know it. This is a pathetic excuse to remove simple fundamental rights.
Suggestion: Let's embrace our true nature, which is to NOT value human life the way we pretend to do today. Let eradicate the freedom of countries who's culture produces a CONSTANT stream of terrorists. (I'm looking generally in your direction, Islam!). Then we'll be working towards peace.
then only criminals will have privacy??? ask ed snowden your questions here on /. continues.... truth mercy justice universal spiritual axioms foolproof... thank mom,,
Encryption is only one way mathematical difficulty can be harnessed. There are others. Encryption is great for making large amounts of data unreadable in a way which is independent of the data. But procedures can be learned by rote, and executed in a human brain before deciding whether and how to interact with a machine. By compromising encryption, the government will stimulate criminals to both probe the detection network with false information, and to develop methods of using whatever legal encrypted communication exists so that messages go unnoticed. If two people agree a convention, such as using two spaces rather than one in a tweet, padding a 130 char tweet to 140, and have a mentally computable way of indicating whether the content has special meaning, and a dictionary of codewords, we are back where we were before the second world war, with cryptic crossword techniques being used. One shot conventions [ consider if I say that when I send messages on Twitter if you append 'FluffyBunny', md5sum the result, and then treat specially if the first three hex digits are 3f4, whilst trivially breakable if you know the scheme, and who will transmit with it, if you don't, brute force will swamp you with false positives, and what if this convention is only used once between people ]. Just as antibiotic use has bred superbugs, this action by the UK government has the potential to set off an evolutionary arms race, where many terrorists will be caught, but those who are not will have by chance have developed means of secrecy beyond the security services. Passing laws declaring the existence of unicorns, or banning gravity from acting, are foolish. We have, in digital technology, an enviroment which we as humans must adapt to, not try to adapt it to us. Laws like this do the latter, but such attempts will eventually succumb to the problems of computational inefficiency.
Is this from the chaps of the ministry of administrative affairs ?
A brand outside the UK and 5 eye nations offers an openvpn https://en.wikipedia.org/wiki/... file to user in the UK ensuring a less easy to log internet connection.
That hop is from within a domestic like network after the providers "modem" like product.
Will the UK ban, track, investigate and demand credit card payments to VPN providers be blocked in the UK?
With "no plans to ban encryption services" that will be very cheap and simple way around the most simple provider level logging.
Why is the UK not interested in the networking solution thats a way out of the UK thats simple and cheap?
"Revealed: how US and UK spy agencies defeat internet privacy and security" http://www.theguardian.com/wor... (6 September 2013)
Did Cheesy Name and Tempora advance to a level that the UK feels confident to trace the entry and exit of any VPN service?
Re 'a duty on companies to be able to access their customer data in law" will be interesting for any UK brand offering services. Who gets the keys and when can government officials make the request? The term "prevent criminal acts" sounds like realtime and collect it all even with any oversight.
Domestic spying is now "Benign Information Gathering"
If they bend the knee and make country-specific images for the UK, it's over for them. Every country will expect them to be able to do a custom build for them too. The other is that we need the federal government to take an openly nationalist position such things. If you ban our legal products from your country for stuff like this, we'll ban yours without a hesitation. For the UK, that would mean the feds could tell Google and Apple to blacklist all apps produced by UK-based corporations from their stores; for China their handsets from vendors like ZTE couldn't be legally sold here.
What the meaning of encryption is.
From my school days, encryption had the meaning of "unbreakeable", by definition, otherwise it is just encoding.
Internet Firms To Be Banned From Offering Unbreakable Encryption Under New UK Laws
The reasons given are that they don't want the likes of terrorists and paedophiles to communicate in places the Police can't reach.
Then in the great British tradition, they'll just Do It (Y)Themselves. It's not like "internet firms" - whatever that means - have a monopoly on mathematics.
systemd is Roko's Basilisk.
Free WiFi for everybody [[[who knows how to get it]]] in the UK!
American in the U.S. here.
Maybe these tech companies should boycott the U.K. I bet U.K. citizens wouldn't like it not having their latest iPhone and whatnot. Also, do those tech companies have the ability to update the firmware for said devices saying, "Due to recent law changes in the U.K., we will no longer be allowed to let you have access to this device." when turned on?
Both companies should just cease all official product sales and support in the UK. Neither company should be forced to make multiple products just because the UK demands this, but to be compliant that's exactly what they will have to do. There will be a "UK Model" IPhone, with pre broken encryption all ready to go. Of course this will horribly backfire once criminal ID theft people start exploiting this purposely weakened software. And no real criminals or terrorists will use any of these pre-cracked systems anyway, so the UK's main thrust here will do nothing but enable more ID theft. Good job, UK!
You are unworthy of living in a civilized world and you are a threat to the entire human civilization.
Nuke yourself (I mean literally) before you make it too late for others.
Well Apple is not an internet firm, so it wont apply to them. And if it did, Visitors from the USA and other countries would have a different firmware.
Never mind that meetings in the park and coffee shops will be under the radar, as will micro sd cards in the mail, or hyperlinks to something in a cloud not in an extradition country and paid with bitcoin after the most recent MIT exploits have been neutered and the 66 or so huge prime protocols abandoned to user generated keys.
I trust the same firms will have a red light or flag that comes on to indicate your privacy has been compromised.
What this will do is drive jailbreaking and custom firmware to new levels. There is a shitload of money to be made in 'Black' phones. What this DOES guarantee that UK or its Stasi GDR partners will never get and Apple or Google Hi Tech income, and run permanent trade deficits - killing employment.
Maybe they will get their wish. By then, somebody giving people what they want (tm) is going to make a fortune. Presently Mr DotCom is in poll position threatening something truly distributed.
If unbreakable encryption is outlawed, only outlaws will use unbreakable encryption.
Strong (not to say "unbreakable") encryption is out there. It will be used. The question is whether you want it to be a weapon used by all or only against you.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Currently it is fair to say 50% of people using TOR have something illegal to hide. The other 50% being paranoid.
But with such legislation they are pushing typical users to install TOR. And soon 99.9% of TOR traffic will be casual Internet browsing, yet undistinguishable from the 0.01% of illegal activity. Making TOR even a 'safer place' for 'terrorists, paedophiles and criminals'.
Congratulations politicians, you have yet again proven yourself complete idiots. Time to hang yourself. And I mean it. Or we will hang you.
So, if you are a terrorist or a paedophile, join the police. That is the only safe place for you. As a plus, you get enterprise grade access to other terrorists and paedophiles.
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
Please simply make a law that requires terrorists to register with the government and acquire a proper license before launching any attacks. Problem solved!!!1!
I believe the hearts are where the belong, but technologically, that ship has already sailed
The draft bill is expected to be published tomorrow.
If you are in the UK please write to your local MP. Even a one sentence letter.
It will be too sad if this happens and we did not even try.
Dear UKians: Please vote for BREXIT. At least until you fix your broken government.
After this, I'd welcome you back!
This is plain and simply the gubberment desperately trying to keep all windows of the Panopticon open. Clueless old 19th century minds trying to legislate against the future and maintain their failed baboon style pyramid hierarchy.
Indeed, this smells like government either not understanding technology and where it's moving, and/or conspiring with spy agencies to get (keep?) their fingers in everything - including where they shouldn't be.
Unfortunately for them, there is no middle ground here. If the plebs can use general-purpose computers, there will be ways to get strong encryption software on it. If it's agreed you should be able to have a strongly secured connection between you and your bank (or your webmail, or your doctor, or a business partner, etc, etc, etc), then you can have such a connection between you and say, some 3rd party outside the country. If there even were a way to 'allow what goes through the pipes' (other than a North Korea-like totalitarian regime), only allowing weak encryption would make a lot of present-day applications impossible, to the point where businesses would be forced to set up shop elsewhere. Of course we all know that even a government with a half a brain cell wouldn't let that happen.
Which simply leaves the other option: strong encryption in the hands of the public, possibly outside of the reach of government, law enforcement or spy agencies. Not to mention that if not allowed, technology together with the public will find ways around that.
Which would force those parties to either accept a more reasonable approach, attack encryption-using criminals through the legal system, social engineering and such, or attack implementations and endpoints of encryption use. Oh wait.. wasn't that the easiest method anyway? lol :-))
Morons ... seriously, I could write a bunch of things, on how backdoors are always found, on how taking a security by design and making it a security by secrecy is a dumb idea. How this can be abused. Police state. So many things.
All in all, I prefer the one word version.
The British government is filled with luddites. So those of us who have legitimate use for encryption have to put up with insecure tools while terrorists just use some software they get from their terrorist friends. Clueless government.
Doesn't that defeat the purpose of using encryption in the first place?
"they don't want the likes of terrorists and paedophiles to communicate in places the Police can't reach."
Considering that the majority of terrorist organizations and pedophile rings are linked directly to the ruling elite, this isn't really surprising.
Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
Why do no politician even think that a backdoor may be used by a terrorist or a paedophile? A paedophile may take advantage of any vulnerability on an underage person's connected device, and those politicians want to ensure there be at least one? The same can be said about a terrorist getting info about British nationals which may pose threats their security and to the country's as well. Criminals use backdoors too.
Linux is for people who don't mind RTFM.
With breakable encryption, criminals can edit your banking records and pedophiles can see all the "private" pics of your children. Do you really want breakable encryption?
It seems to me that by doing this, the people of the UK are literally trading security for security. Or perhaps trading BOTH freedom and security for security. Not a good deal.
So are all encryption software imported to Britain limited to using keys of 56 to 64 bits now? Or did they go for the cool 40?
If the broken text is another another language not in your electronic comparison dictionary, or even another, more simply-encrypted text (maybe even ROT13). then your brute force method will not produce an alert when it finally comes across, by random chance, the decrypted message.
What this will do is generating a list of ways to divide the communication systems in layers, and offer the ability to add plugins on each of them.
Which will mean, that the users will be able to add whatever they want on it.
The software doesn't offer any encryption at all, however, the user is able to add it if he wants.
The pandora box is already opened.
Did they specify a timeframe how long it has to take to break the crypto?
If not, well, any crypto is breakable given infinite amount of time.
Which makes the law effectively useless as nothing changes.
Atari rules... ermm... ruled.
it just takes 2,147,483,648 years to crack
First unbreakable is a vague term. Just how could the English government know that other spy agencies have not broken a code? So they must mean a code that they can not break that others may have broken. Then there is the issue of not being able to govern other nations. So what their government must really mean or want to do is punish any of their subjects for using an unbreakable code. Really what we are seeing is that no government wants to allow people to freely communicate. The US has gone so far as to declare that very strong codes are munitions and that if such a code gets into public hands it is a serious crime. What people need to know is that many encryption programs are probably put into public hands by our spy agencies. We can not trust encryption to convey messages at all. Codes that were secure five years ago are probably not secure at all with more modern computers and software testing them. One wonders just how many months or years a spy agency would run a super computer trying to crack one message. Such an effort might generate millions of dollars in expenses and in this twisted world dredge up nothing more than grandma's cookie recipe.
V for Vendetta, great comic, great movie and so very relevant to today's society.
but they can't stop people using GnuPG, LUKS, tomb, etc. Terrorists simply won't use insecure encryption, so what's the point? That law will only hurt legitimate use and businesses offering it.
What did they do prior to our current age of mobile phones?
Crimes must have been unsolvable up until a decade ago...
Look up "one time pad". British diplomacy actually used this concept. More specifically NZ and Canada did, until they got the TYPE X Cipher.
Call me a paranoid if you want, but this 'new law banning unbreakable crypto thing smells rotten
1. The very mention of unbreakable crypto might give people some false sense of security to think that they still have something that can stop NSA / GCHQ from prying into their files
2. The very word 'unbreakable' is misleading - as nothing, absolutely nothing - is unbreakable, in the tech scene
3. The entire thing could be an attempt by some one high up (even higher than the politicians) to instill the impression that the Western governments (including their respective spy agencies) are weak, useless and clueless - which we already know, is not the case
These companies need to simply remove encryption from their devices in these countries. It won't take long for the governing bodies to see the err in their ways when their constituents are being financially raped by the rest of the world.
if given an infinite amount of time.
...you could use a very strong cipher (up to OTP) and simply send a letter to GCHQ containing the key material. So they have access to your communications and you have a very strong cipher. Everybody be happy.
As an extension of this idea, GCHQ could post a Public Key PK to be used for encrypting keys EK, to be broadcasted along with cryptograms CG(EK, PLAINTEXT) using said key EK.
No dirty languages like C and C like C++ needed for government access anymore. Transparent security combined with government inspection capability.
Now replace GCHQ with the respective national intelligence agencies like BND, NSA, DSD, FSB, NDB and so on.
But this kind of rational solution is probably "too German" and what we will continue to see is half-a$$ed approaches like "C language to make everything penetrable". Mr Torvalds being a major cheerleader in this effort. I wonder how much he gets paid for this work...
You would transmit CG(EK,PLAINTEXT) and CG(PK,EK)
with A(B,C) being a cryptogramm A using the key B on plaintext C.
Looking at some of the powers in the Investigatory powers bill reminds me strongly of the GCHQ's Tempora project and other capabilities. Snowden's whistle blowing has created a lot of debate and the main response by politicians seems to be to codify these once secret programs into law with barely a nod to oversight.
The most dangerous drug
What are they going to do with all those Wifi devices, smartphones, routers, VPNs, etc..
This is ridiculous. Technology has already outpaced them. They cannot turn back the clock.
SO, what they are saying is that they do not want you to be able to protect your information from criminals, because if the Police have a way to break your encryption, than so do the criminals (including terrorists). And, what they are overlooking is that either no one has "unbreakable" encryption (for whatever value of unbreakable they are using), including the government, or the criminals will have access to "unbreakable" encryption, but not law abiding subjects. The end result is that criminals will have greater power.
The truth is that all men having power ought to be mistrusted. James Madison
If the government uses "unbreakable" encryption, does this mean they're terrorists and/or pedophiles?
Apple and Google or the UK when Apple and Google no longer sell their products there?
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
One Time Pad = unbreakable
Logistics for internet traffic...difficult.
Careful, you may not like what you get...
I truly suspect that what they really want is backdoors put in...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
So basically this article: http://dspace.mit.edu/bitstrea...
The cat is out of the bag, that train has left the station and other sayings.
You cannot mandate against an idea, encryption is out there, we all rely on it increasingly to manage our very existence. If you mandate that industry weakens the end-to-end secure model then bad things will happen, first the public will make losses, then industry will loose customers and finally the industry donations to the pocket books of politicians and come election time, they will loose.
Which means any politician who suggests this is either a) deluded, b) working for the criminals, c) using it as a false flag to cover something else, in all cases they are automatically unelectable.
Make this clear to your MP that any suggestions like this are an affront to a free and democratic society and will not be tolerated.
These people don't care about securing the INTERNET. It's becoming so obvious it's just a power grab. We've got SCADA systems on the net with embedded accounts, and some group of people who can't even spell cryptography and probably cannot do single variable calc telling us they know how to secure things. It's about control. It's up to us to create and defend a safe & free INTERNET for all. Redesign it from the ground up if we have to.
But at least someone is thinking of the children!
Just make it illegal for terrorists and pedophiles to use strong encryption.
I'm sure that will stop them.
I work for Google. I build strong encryption in Android. The possibility of laws mandating back doors creates an interesting dilemma for me. Supposing such a law were to exist, and were effectively enforced so there's no possibility of sneaking in a non-backdoored system, what would I do?
I see three options.
1. I could run away from the problem, changing jobs to let someone else deal with it.
2. I could accede, trying to build the tightest, narrowest, best-controlled backdoor possible, doing my best to ensure that only authorized government agencies could use it.
3. I could refuse to build strong security systems at all, making it clear to everyone that their data is unprotected.
What's the right thing to do? #1 is out, unless I have some reason to believe that someone else could make better decisions. #3 has some nose-thumbing appeal, but it means that everyone's data is accessible not only to government agencies, but to thieves, family members, spouses, etc. Also, this may be equivalent to #1, in that I'll be shuffled to another job and replaced by someone willing to build back doors.
So, frankly, it's actually not much of a dilemma at all. I would do #2 (choice of number was not accidental). Well, and I'd probably also contribute to open source, possibly underground strong crypto implementations in my free time, because I strongly believe that the ability of people to keep secrets is critical to individual freedom and to societal progress. But such systems would only be used by a handful, seriously reducing their value.
It's really, really important that we fight this sort of thing in the public, though. I've never been asked to build in back doors, and I never want to be.
Oh, and by the way: Those of you out there who complain that you don't want full device encryption because it's slow? The slowness may be annoying, but it's well worth it. Not so much to you, now, but to everyone, in the future. Have a little patience with it. It will get faster over time as hardware gets faster and perhaps dedicated encryption hardware is added, but if we don't get it in now, setting the precedent that it's normal to encrypt everything, all the time, with the strongest crypto we can find and no back doors, there's a much greater risk that we may not be allowed to do it later.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
"It's not a safe space for them to communicate on a fixed line telephone or a mobile phone, we shouldn't allow the internet to be a safe space for them to communicate and do bad things."
Is he saying that they can break mobile phone encryption?
after all they are in BOTH groups
This is exactly why we moved Invacio away from the UK, as the privacy rights were getting worse and worse, we only this week went in to open beta on Invmail (Zero-Knowledge, 3 way encrypted, digital communications platform, allowing secure email communication inc meta data), and are shortly launching our Voice/Video conference capabilities as well as messaging over Invmail in the coming months as we come out of beta, And then the UK go and pull a stunt like this....
They mention only companies, assuming power over them if they sell products in the UK. The capitalist status quo. So open source software or free software developed outside the UK can just ignore that law. Blocking services might be an option (Signal / TextSecure) or not (SMSSecure, pgp/GnuPG).
Apple and Google I think won't mind this too much. I suspect they wanted to force the issue that the government has to come out and say, we will search e-mails rather than putting the squeeze on apple privately to sell out their customers with secret deals. If they get caught like AT&T did, it makes them look like crap and it doesn't hurt their competitors equally. Now if apple turns over a message they can just say every does it because its the law, and that's a fact. The "unbreakable" encryption part was probably inconvenient for gathering data. Apple I suspect still wants data, to make siri smarter, and searches more relevant. Google wants data because using it to sell improved advertising is their bussiness.
Some drink at the fountain of knowledge. Others just gargle.
The summery was very surprising to me, I didn't know terrorists and pedophiles were working together.
I do not live in the UK, but let me be very clear; If Apple and Google cave to this demand, I will not buy or use any of their products going forward. I will end the use of said products across my entire company as well, as they've demonstrated a complete willingness to ship broken security which I must rely upon.
I haven't seen any mention that they have to STORE all web traffic or other data, only that it can be decrypted (potentially in real time), so I don't know that they have to retroactively decrypt it.
If they wanted to be able to decrypt it, that's easy enough. the browser contain a list of trusted root certificates which are allowed to sign https certificates. They could add their own cert, or the government's cert, as a trusted root. That would allow the government to impersonate the bank or other https site. The browser (or ISP) would also be set to us the government's system as a proxy, so that the government would receive the connection, claim to be Bank.com (proved by their cert), and then forward traffic to the real bank.com. Easy enough.
A more courageous and simpler option would be to simply remove support for https in the UK model. When you try to use https, the browser instead displays the message "secure connections are banned in the UK. Contact your Minister of Parliament _here_ for more information."
It's all for the sake of "National Security" of course. OMG terrrrrrists. It's the government's duty to protect the people.
How about some fact based governing to make the country safer? Perhaps starting by leading cause of premature death, rather than with the 26 people in total who died of terrorism related issues?
Perhaps tackle anus cancer before eroding people's basic human rights in the name of fighting terrorism?
for companies like Google, Apple etc to make their communication software accept plug-ins that perform end-to-end encryption on the emails or whatever.
For example, plug-ins that implement one-time-pad encryption or some other currently non-known-breakable encryption invented by any random "non-corporate" "amateur" with a PhD in comp sci. ?
Maybe that's what this law would encourage. The support for pluggable end-to-end encryption into common cloud/net apps.
Where are we going and why are we in a handbasket?
But if you had a reliable secure channel, you wouldn't need any encryption to begin with. You could send the actual data over that secure channel instead.
It appears several cryptosystems are designed to run over two channels: a reliable secure channel with low throughput, and a faster but insecure channel. This way, the parties run key exchange over the former and ciphertext over the latter. This is certainly true of quantum key exchange.
Where you see "UK constitution" read "Magna Carta". True, much of the Magna Carta has since been amended away in various SLRAs, but the same is true of the U.S. Constitution.
What a stupid move. What this does is send a message to terrorists and pedophiles that these spy agencies believe that can break most forms of encryption. All they need to do is move to the Vernam cipher. The technical design of one is trivial.
"Of all the methods of encryption ever devised, only one has been mathematically proved to be completely secure. It is called the Vernam cipher or one-time pad."
http://www.pro-technix.com/information/crypto/pages/vernam_base.html
As long as the VPN service provider complies with local data retention laws (of which there are none, they only apply to ISPs)
The idea would be to treat service providers offering VPN service to the public as Internet service providers, just using the customer's existing Internet connection as the last mile instead of DOCSIS or DSL.
When faced with a court order for information, apple can say "sure can do, just give us a quantum computer and 300 billion years"
That they are even declaring rules for "internet firms" holding customer data and facilitating communications and encryption means we have already failed. The network was intended to be a network of PEERS. Third parties should only be used for discovery they should not be relied upon to facilitate communication. The Internet will not "route around censorship" when the only thing left is a handful of content companies controlling everything.
Don't use third parties to facilitate communication. Communicate directly amoungst yourselves this way both parties to the communication always have a way to decrypt it.
It's not a safe space for them to communicate on a fixed line telephone or a mobile phone, we shouldn't allow the internet to be a safe space for them to communicate and do bad things
Since the dawn of civilization people have communicated in code to obscure their communications from others. This isn't a new phenomenon it is an ancient one. They did it on land line phones, they did it in hand delivered notes, they did it electronically with modems, they do it in the mail, on mobiles, telegraphs, in person. People leave hidden or obvious public messages which are only understandable by intended recipients. You can't prevent use of things like OTP codebooks even if you took everyone's computers away.
The difference is encryption today takes less manual effort to pull off than it has in the past and more people feel compelled to use it if for no other reason than to protect themselves from the hostile environment they find themselves.
I think it is absurd to suggest the police and the security services have a kind of casual desire to intrude on the privacy of the innocent
This is amusing governments grant themselves all kinds of powers to snoop around and spy on their own people then act surprised when nobody believe a damn thing they have to say. Enough people have access to the government codebook to know what the words "terrorist" and "children" really mean.
I don't know why you would want to work in a country like this if you are in the tech field.
I can't wait to infiltrate the police and get all the politico emails. Then sort through them for crimes, out them in the most embarrassing way possible, and link it back to the lack of encryption (I wonder just how much of a hit over the head it would take these guys - doesn't seem like there's much going on inside their skulls).
Yes Sir our code is breakable, you just have to brute force it for a few thousand years or have a REALLY fast collection of computers. Do you have that Minister? Oh, you don't? Well, it's still breakable, just not by YOU then :)
Maybe I'm missing something here... but why wouldn't a criminal just use easily obtained "illegal" unbreakable crypto obtained from a friend in the U.S. or anywhere else in the world?
Sorry UK, no iShits or Androidz for yous...
Sure, because if all 4 million Syrian refugees would come to Europe, the percentage of muslims in Europe would raise from 4% to 5% and that would so fucking clearly mean that Europe would inevitably become the unified nation of islam. Dumbass.
Wake me up when the King can kiss the bride on her wedding day.
Dear Britain,
Cameron is a xenophobe, a mystic crackpot , spies on Britain as well as the rest of the planet. He not only makes the UK look bad to the entire world but even makes Scots want to leave it.
UK used to be one of the good guys. Please get rid of him already and elect someone rational.
World.
Clearly the people making such a crazy request are technologically illiterate. I don't see how this could ever work. The criminals and the terrorists will know how to implement secure and encrypted communication that the regime can't intercept. Everyone else will suffer, and the government will be liable for the results.
If they compromise the security of my data, I will certainly by meeting with them in court.
Hopefully the EU will step in, and hit these mentally deficient right wing extremists with a clue bat. Even if they encryption, we can still implement our own. The time when abusive regimes can spy on whoever they like has passed. I don't believe that we should tolerate those who advocate Stasi or NSA like behaviour in our country. If they want to live in a totalitarian state, let them move to Saudi, Bahrain, or the United States. Not welcome here.
Since all encryption is breakable given enough time and compute (might take a few years), technically all are automatically in compliance with no change.
Kudos to this visionary mind. One wonders though if Cameron has the balls to be big brother.
âoeThe Government is clear we need to find a way to work with industry as technology develops to ensure that, with clear oversight and a robust legal framework, the police and intelligence agencies can access the content of communications of terrorists and criminals in order to resolve police investigations and prevent criminal acts."
I'll tell you what, you put a system in place with clear oversight and a robust legal framework then we'll talk.
"Grab them by the pussy" -- President of the United States of America
4. Ignore the law as being unenforceable, out of your job scope, jurisdictionally irrelevant, a security non-starter and worthy of subversion.
Oh right, you specified "...effectively enforced so there's no possibility of sneaking in a non-backdoored system...". Really? You see no way, at all, of getting around such a law? Pity.
Those of us with greater imagination see that Android is an international system from every perspective.
Wow london. You have done it. You have successfully used George Orwell's novel as a template to create the perfect surveillance state. I hope your prime minister is proud of himself.
UK Mommy instincts going haywire again.
"we can encrypt but you can't"
workaround: get a job with nanny state first.
"Let's write ourselves some new rights and right everybody else less rights".
etc.
Shit is stale already. This is in essence saying new software will all be spyware or easily compromised "by whoever-the-fuck-can". How does the public let people like this make decisions at all? Just memorize some curriculum for several years at a Uni and somehow you are brilliant?
How many "terrorists" are state sponsored and would be unaffected by "encryption rules" and how many non-terrorists would be affected by "easily compromised software"? Seriously. This type of shit is why people left England and went to America in the first place. Help people more, try to rule less. Succeed and be thanked. You are hired and paid by the masses to make wise decisions. Do your fucking jobs wisely or gtfo.
Notice how this story jibes with others? It's constantly hey hey it's just privacy guys. Nothing to see here, we need all your shit so we can help you more. How Facebook-conditioned are the sheep really though? Give companies and governments all your shit to prove you aren't a racist terrorist? Fucking-A. gtfo.
"One if by land, two if by sea."
The best encryption is still raw ambiguity.
You just might get it! The British govt. needs to be reminded that if they can break our encryption, then we can break theirs! But, don't worry, we won't do that unless there is an overriding reason to do so!
I think the UK needs Google and Apple a lot more than Apple and Google me the UK.
Until now the stories about the Investigatory Powers Bill have been hard to gauge as the bill was not published, but now it is.
The Slashdot title, "Internet Firms To Be Banned From Offering Unbreakable Encryption Under New UK Laws" looks to be wrong or at least misleading. The relevant part of the bill states:
So Communications Service Providers can have strong encryption, as long as they keep the key and hand it over when required as they are required already by the Regulation of Investigatory Powers Act 2000. The horse has already bolted.
The most dangerous drug
http://www.theguardian.com/politics/blog/live/2015/nov/04/surveillance-internet-snoopers-charter-may-plans-politics-live
>Theresa May secures backing of Labour and Lib Dems for surveillance plans
It really is just a one party system.
This is so veddy veddy British. They think they actually can decide for the world about encryption. I'm a not-very-good script kiddie and I sorta-kinda knew how to do (some) of the many methods outlined here. Anyone who wants can just encrypt whatever they want and mostly it's not at all breakable and the amount of effort if even 1% of internet traffic is encrypted by different ways becomes prohibitively tedious to do anything about.
OK, it's time we all get on board and start offering unbreakable encryption in every open source project, just to keep these assholes from fucking with the internet.
Will there be a 'lame special' model especially for the UK? If there is, how hard isn't it going to be to jailbreak it to the international version?
Fuck you! You're gonna see a lot more terrorism and other forms of destabilization too. You're the dumbass! Europe needs to shut those doors now! Or dark days are ahead. These people are death eaters, with their voodoo and witchcraft
Govt: "You're using unbreakable encryption." ISP: "No. We're not. We're pretty sure you can break it if you'd really want to." Govt: "We can't break it." ISP: "Don't believe you. You can break any thing with enough resources. What do you want us to do? Store data in plug Latin?"
Only boring people are ever bored.