Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Firms To Be Banned From Offering Unbreakable Encryption Under New UK Laws (telegraph.co.uk)

Posted by samzenpus on from the let-us-in dept.

Retron writes: Despite statements from the minister for internet safety and security Baroness Shields last week that the UK government would not require software developers to build backdoors into their products, the Telegraph is reporting that the UK Government is going to ban companies from offering 'unbreakable' encryption, effectively requiring a backdoor in products from the likes of Google and Apple. The reasons given are that they don't want the likes of terrorists and paedophiles to communicate in places the Police can't reach. A Home Office spokesman said: “The Government is clear we need to find a way to work with industry as technology develops to ensure that, with clear oversight and a robust legal framework, the police and intelligence agencies can access the content of communications of terrorists and criminals in order to resolve police investigations and prevent criminal acts."

7 of 418 comments (clear)

  1. Re:Sigh by JaredOfEuropa · · Score: 5, Informative

    They could. It depends on who wins. The industry lobbyists (extremely influential in Brussels) who don't give a rodent's behind for your privacy but do not want the risk and hassle that comes with a ban on crypto. Or the hawkish commissioners and their backers in national governments, who do not give a rodent's behind for your privacy and who would absolutely abhor "clear oversight and a robust legal framework" around surveillance.

    And don't think for a second that this is about terrorists and paedophiles. There are enough crypto products for them to choose from already.

    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
  2. Re:Sigh by gweihir · · Score: 4, Informative

    Also, by definition, no encryption is unbreakable, you just need a few thousand years to crack it.

    Untrue. Encryption may be "Information-Theoretically secure". These cannot be broken with just enough computing power. For example, for ordinary text, this is even true for the venerable Enigma if less than 4000 Bits (if I remember things correctly) of ciphertext are available and the key was chosen at random. One-time pad based encryptions are never breakable, the only information you get is the maximum number of Entropy in the message, nothing else.

    You wrong statement is one of the often-repeated untruths about encryption.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  3. Re:Sigh by Anonymous Coward · · Score: 3, Informative

    The existing UK laws assume guilty if you do not hand over your key when law enforcement ask for it. It's been like this since the late 1980s.

  4. Re:All encryotions is "breakable" by serviscope_minor · · Score: 4, Informative

    It's simply 100% mathematically wrong.

    One time pad is information theoretic secure. It is impossible to break.

    --
    SJW n. One who posts facts.
  5. Re:Sigh by flowerp · · Score: 4, Informative

    Excuse me, you get ANY desired message by trying all possible one time pads.

    The Bible
    Hamlet
    Andy Weir's The Martian

    --
    --- Eat my sig.
  6. Re:Sigh by aaaaaaargh! · · Score: 3, Informative

    I'm assuming you're joking, but just in case you're not, allow me to explain.

    You cannot brute-force an OTP without the key (or at least strong statistical cues for it), because every plaintext message of the same length is equally likely. If the OTP length is n that includes any part of that length of the works of Shakespeare, the Bible, the UK's constitution (if it still has one), and all texts or other messages of length n that have ever been written and will ever be written or transmitted. Likewise, any sequence of length n of the alphabet (e.g. 26 letters, 256 chars, or UTF16) is a valid key, so they cannot "ask" you for the key in any meaningful sense of the word.

    Unfortunately, OTPs are of limited value in practice, since they key must be at least as long as the message.

  7. Re:Sigh by Xest · · Score: 3, Informative

    Of course it's about mass surveillance, if it was about individual surveillance then they'd just get a warrant to MITM or similar a particular suspects PC exactly like they always have with physical mail and phone calls. They already have the powers to do that type of attack to get a target of a warrant.

    They might argue that it's about retaining data so if they come back to someone they can investigate their communications retroactively, but that doesn't explain why they aren't getting all phone calls logged, and all physical mail photocopied and stored. They already can't get historical data of other communication mediums so there's no reason to think they suddenly need it for investigations using digital communications.

    So the only thing this possibly can be about is mass surveillance given that they have all the tools they need for individual surveillance already.