UK PM Wants To Speed Up Controversial Internet Bill After Paris Attacks

An anonymous reader writes: Less than three days after the attacks in Paris, UK prime minister David Cameron has suggested that the process of review for the controversial Draft Investigatory Powers Bill should be accelerated. The controversial proposal, which would require British ISPs to retain a subset of a user's internet history for a year and in effect outlaw zero-knowledge encryption in the UK, was intended for parliamentary review and ratification by the end of 2016, but at the weekend ex-terrorist watchdog Lord Carlile was in the vanguard of demands to speed the bill into law by the end of this year, implicitly criticizing ex-NSA whistleblower Edward Snowden for having 'shown terrorists ways to hide their electronic footprints'.

The bad guys

[ls671]

Worthless, the bad guys will use custom apps and custom encryption scheme to stay ahead. You will end up spying on joe six pack and stupid criminals. Really dangerous guys will find a way to stay ahead. The only way to win is to keep up and being able to decrypt their communications by any means we can. No bill can help that.

Sheeple

[whoever57]

Unfortunately, a lot of the press are going along with this proposal, despite its lack of support in any logic. Take the case of unbreakable encryption on phones. At the point that the phone is being held by the security services, what information can they not get? They can present a warrant to the app providers, email providers, etc. to get the information about the communications.

Who is the most likely target of abuse of these powers? Probably politicians. These politicians have to be either mind-numbingly arrogant, mind-numbingly stupid, or already being blackmailed to want this (arrogant because they think that no-one would ever dare to spy on them).

Re:Sheeple

[dgatwood]

As everyone with even the most peripheral ties to the tech industry knows, the average six-year-old is more tech literate than an average member of the news media. The only people less computer savvy are politicians.

As for the information they can't get, there's a lot. With end-to-end encryption as is used on services like Apple's iMessage, the data exists only on the devices at either end of the communication, and the keys exist only there. They can tell you who communicated with whom, but they can't tell you the contents of the communication.

But here's what the politicians don't seem to understand: The tech industry did all of this as a direct response to government abuse, mostly by major first-world governments like those in the U.S. and Britain, rather than by all the third-world governments that you might ordinarily imagine would be guilty of spying on their citizens. Those companies tried using encryption that could be broken upon subpoena; they tried that first, because it seemed like the best compromise between security and... well, security. But major governments abused that subpoena power massively, creating secret courts that they could use to perform data collection without public oversight. After those governments effectively took the "secure except with a subpoena" option off the table as a viable means of protecting privacy rights, the only remaining option available to the tech companies that could prevent those governments from massively overstepping their authority and abusing the rights of the public at large was to design systems in such a way that it was impossible to break into the data stream even with a court order to do so without the user becoming aware that their communication had been compromised.

This is the natural evolution of security. Bad people attack security and try to create back doors. Good people find ways to bolster the systems to prevent those bad people from doing so. Eventually, the systems become so robust that they are not vulnerable to most feasible attacks. The governments of the world had every opportunity to get these companies to build systems that could be monitored when necessary. All they had to do was act like responsible adults, and only use their subpoena power when it was absolutely necessary to save lives. Instead, they chose to abuse that power. Now, it is too late. Those in power should have shown restraint when they had the chance.

The thing is, the public has a fundamental right to have access to encryption that is as good as what the terrorists have. Anything less would be an unconscionable abrogation of the public's rights, without any real effect on terrorism. After all, it would take a decent software engineer all of a couple of days to write an end-to-end encrypted chat application in which the user must enter a passcode prior to decrypting any data stored on the device, and in which the data is always encrypted with the recipient's public key prior to transmission, so the bad guys will always have access to end-to-end encryption. The key exchange can be tricky, but trust is always a tricky issue in general, and is kind of a separate issue.

In the fight against terrorism, the trust policy is always going to be the weak point that can be exploited—government officials pretending to be potential terrorists so that they can infiltrate the organization, government officials creating honeypots that pretend to be terrorist recruiting sites so that they can prevent people from joining the real organizations by burying them in the noise, etc. Once trust is established—once terrorists have actually become part of such an organization, any hope of further interception of their communication is a hopeless cause, and anybody who says otherwise is kidding him/herself.

And before anyone brings it up, this isn't at all like gun control. Terrorists don't frequently steal their end-to-end encryption from other people; if it is not available legally, they can re-develop it themselves with only a modicum of effort. So fighting terrorism by banning encryption is more like fighting gang violence by banning the legal sale of bandanas, and makes exactly as much sense.

State based terrorism

[MrKaos]

Islamic terrorism is the excuse used to roll out state based terrorism. Bills introduced after the attacks in New York were the beginning and they have been consistently rolled out since then.

Generally covering up political incompetence appeared to be the core motivation, at first, but what better way to continue to roll out a campaign of harassing the populations of western democracies than by propping up and enhancing an ineffectual security theatre.

Having spent significant time reading these bills and writing to politicians to either stop or modify the wording of these laws it's pretty clear that ineptitude and general laziness has been behind the services inability to stop these attacks, most governments already have ample power to stop these attacks.

Most western countries passed effective terrorism laws back in the days of the IRA, ample powers were available to all these countries to stop terrorist attacks for decades. Not doing so allows our governments and controlled media to whip the populous into a frenzy that allows more state based terrorism to be rolled out in the form of laws none of us deserve.

Why? Because what the state is saying is you have no right to protect your rights and freedom and that it has a right to inspect the minutia of your life. In doing so it is also happy to expose you to organized crime, which has no impact on the state.

As distasteful as it sounds, the illusion of our freedom was over a long time ago. Orwell was an optimist in terms of what capabilities the state would have and, as usual, the moronic machinations of Islamic extremists give governments the excuse to drive us closer to a police state every day.

Politicians protecting themselves

[Laxator2]

The whole surveillance thing has only one purpose: prevent any more leaks of shady deals done by the politicians.

Whenever dirt is being dug on the politicians, it is released over the Internet.

If every single keystroke is spied on people releasing the dirt will be immediately identified, along with those reading it.

It's all about politicians protecting themselves.