Slashdot Mirror


UK PM Wants To Speed Up Controversial Internet Bill After Paris Attacks (thestack.com)

An anonymous reader writes: Less than three days after the attacks in Paris, UK prime minister David Cameron has suggested that the process of review for the controversial Draft Investigatory Powers Bill should be accelerated. The controversial proposal, which would require British ISPs to retain a subset of a user's internet history for a year and in effect outlaw zero-knowledge encryption in the UK, was intended for parliamentary review and ratification by the end of 2016, but at the weekend ex-terrorist watchdog Lord Carlile was in the vanguard of demands to speed the bill into law by the end of this year, implicitly criticizing ex-NSA whistleblower Edward Snowden for having 'shown terrorists ways to hide their electronic footprints'.

2 of 167 comments (clear)

  1. The bad guys by ls671 · · Score: 4, Interesting

    Worthless, the bad guys will use custom apps and custom encryption scheme to stay ahead. You will end up spying on joe six pack and stupid criminals. Really dangerous guys will find a way to stay ahead. The only way to win is to keep up and being able to decrypt their communications by any means we can. No bill can help that.

    --
    Everything I write is lies, read between the lines.
  2. Re:Sheeple by dgatwood · · Score: 4, Interesting

    As everyone with even the most peripheral ties to the tech industry knows, the average six-year-old is more tech literate than an average member of the news media. The only people less computer savvy are politicians.

    As for the information they can't get, there's a lot. With end-to-end encryption as is used on services like Apple's iMessage, the data exists only on the devices at either end of the communication, and the keys exist only there. They can tell you who communicated with whom, but they can't tell you the contents of the communication.

    But here's what the politicians don't seem to understand: The tech industry did all of this as a direct response to government abuse, mostly by major first-world governments like those in the U.S. and Britain, rather than by all the third-world governments that you might ordinarily imagine would be guilty of spying on their citizens. Those companies tried using encryption that could be broken upon subpoena; they tried that first, because it seemed like the best compromise between security and... well, security. But major governments abused that subpoena power massively, creating secret courts that they could use to perform data collection without public oversight. After those governments effectively took the "secure except with a subpoena" option off the table as a viable means of protecting privacy rights, the only remaining option available to the tech companies that could prevent those governments from massively overstepping their authority and abusing the rights of the public at large was to design systems in such a way that it was impossible to break into the data stream even with a court order to do so without the user becoming aware that their communication had been compromised.

    This is the natural evolution of security. Bad people attack security and try to create back doors. Good people find ways to bolster the systems to prevent those bad people from doing so. Eventually, the systems become so robust that they are not vulnerable to most feasible attacks. The governments of the world had every opportunity to get these companies to build systems that could be monitored when necessary. All they had to do was act like responsible adults, and only use their subpoena power when it was absolutely necessary to save lives. Instead, they chose to abuse that power. Now, it is too late. Those in power should have shown restraint when they had the chance.

    The thing is, the public has a fundamental right to have access to encryption that is as good as what the terrorists have. Anything less would be an unconscionable abrogation of the public's rights, without any real effect on terrorism. After all, it would take a decent software engineer all of a couple of days to write an end-to-end encrypted chat application in which the user must enter a passcode prior to decrypting any data stored on the device, and in which the data is always encrypted with the recipient's public key prior to transmission, so the bad guys will always have access to end-to-end encryption. The key exchange can be tricky, but trust is always a tricky issue in general, and is kind of a separate issue.

    In the fight against terrorism, the trust policy is always going to be the weak point that can be exploited—government officials pretending to be potential terrorists so that they can infiltrate the organization, government officials creating honeypots that pretend to be terrorist recruiting sites so that they can prevent people from joining the real organizations by burying them in the noise, etc. Once trust is established—once terrorists have actually become part of such an organization, any hope of further interception of their communication is a hopeless cause, and anybody who says otherwise is kidding him/herself.

    And before anyone brings it up, this isn't at all like gun control. Terrorists don't frequently steal their end-to-end encryption from other people; if it is not available legally, they can re-develop it themselves with only a modicum of effort. So fighting terrorism by banning encryption is more like fighting gang violence by banning the legal sale of bandanas, and makes exactly as much sense.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.