UK PM Wants To Speed Up Controversial Internet Bill After Paris Attacks

An anonymous reader writes: Less than three days after the attacks in Paris, UK prime minister David Cameron has suggested that the process of review for the controversial Draft Investigatory Powers Bill should be accelerated. The controversial proposal, which would require British ISPs to retain a subset of a user's internet history for a year and in effect outlaw zero-knowledge encryption in the UK, was intended for parliamentary review and ratification by the end of 2016, but at the weekend ex-terrorist watchdog Lord Carlile was in the vanguard of demands to speed the bill into law by the end of this year, implicitly criticizing ex-NSA whistleblower Edward Snowden for having 'shown terrorists ways to hide their electronic footprints'.

apparently

[kelemvor4]

evil begets evil.

The bad guys

[ls671]

Worthless, the bad guys will use custom apps and custom encryption scheme to stay ahead. You will end up spying on joe six pack and stupid criminals. Really dangerous guys will find a way to stay ahead. The only way to win is to keep up and being able to decrypt their communications by any means we can. No bill can help that.

Re:The bad guys

[rtb61]

The only way to stay ahead is to use properly trained field agents and communicate with the general public. Creating endless lazy lard arse donut munching machines staring at computers for the answer is a complete waste of time. Highly profitable for the corporations feeding the bullshit but a complete waste of time, but then hey, if you actually solve the war on terror how can you continue to generate billions in profits pretending to fight it.

Then of course we all know it has nothing to do with war lords and organised crime gangs and everything to do with peace activist terrorists, union terrorists, environmental activist terrorist, fringe political party terrorists and any and all other political activist terrorist, anybody who threatens the unlimited greed and power of corporations and of course completely corrupted sham elections.

Re:Let's just skip right to 1984

[Squiddie]

It's as they say: Never let a good tragedy go to waste. As soon as I heard about this incident, I knew they were going to try and use it. The first thing they were talking about was the "going dark" problem, before the bodies were even cold. These people will scale a mountain of corpses to make themselves heard. These are the politics of fear.

Re:Let's just skip right to 1984

It's as they say: Never let a good tragedy go to waste. As soon as I heard about this incident, I knew they were going to try and use it. The first thing they were talking about was the "going dark" problem, before the bodies were even cold. These people will scale a mountain of corpses to make themselves heard. These are the politics of fear.

And the fucked up part is, it doesn't even work. France has had draconian anti-cryptography laws (relative to Britain) for decades. They're not one of the Five Eyes; NSA has probably completely infiltrated and pwn3d every packet transmitted to and from France.

And with all this surveillance, the bad guys still carried out their attack.

I can come to only one of two conclusions. Either the good guys knew about the attack in advance, and let it happen in order to avoid tipping their hands about their surveillance capabilities (in which case, what the fuck are they protecting us from?), or the good guys had the data but couldn't sort the wheat from the chaff (in which case, laws to further expand the dragnet of surveillance against the general population will reduce our security, not enhance it, by enlarging the haystack of data through which they're trying to search for the terorist needle.)

Re:Sheeple

[dgatwood]

As everyone with even the most peripheral ties to the tech industry knows, the average six-year-old is more tech literate than an average member of the news media. The only people less computer savvy are politicians.

As for the information they can't get, there's a lot. With end-to-end encryption as is used on services like Apple's iMessage, the data exists only on the devices at either end of the communication, and the keys exist only there. They can tell you who communicated with whom, but they can't tell you the contents of the communication.

But here's what the politicians don't seem to understand: The tech industry did all of this as a direct response to government abuse, mostly by major first-world governments like those in the U.S. and Britain, rather than by all the third-world governments that you might ordinarily imagine would be guilty of spying on their citizens. Those companies tried using encryption that could be broken upon subpoena; they tried that first, because it seemed like the best compromise between security and... well, security. But major governments abused that subpoena power massively, creating secret courts that they could use to perform data collection without public oversight. After those governments effectively took the "secure except with a subpoena" option off the table as a viable means of protecting privacy rights, the only remaining option available to the tech companies that could prevent those governments from massively overstepping their authority and abusing the rights of the public at large was to design systems in such a way that it was impossible to break into the data stream even with a court order to do so without the user becoming aware that their communication had been compromised.

This is the natural evolution of security. Bad people attack security and try to create back doors. Good people find ways to bolster the systems to prevent those bad people from doing so. Eventually, the systems become so robust that they are not vulnerable to most feasible attacks. The governments of the world had every opportunity to get these companies to build systems that could be monitored when necessary. All they had to do was act like responsible adults, and only use their subpoena power when it was absolutely necessary to save lives. Instead, they chose to abuse that power. Now, it is too late. Those in power should have shown restraint when they had the chance.

The thing is, the public has a fundamental right to have access to encryption that is as good as what the terrorists have. Anything less would be an unconscionable abrogation of the public's rights, without any real effect on terrorism. After all, it would take a decent software engineer all of a couple of days to write an end-to-end encrypted chat application in which the user must enter a passcode prior to decrypting any data stored on the device, and in which the data is always encrypted with the recipient's public key prior to transmission, so the bad guys will always have access to end-to-end encryption. The key exchange can be tricky, but trust is always a tricky issue in general, and is kind of a separate issue.

In the fight against terrorism, the trust policy is always going to be the weak point that can be exploited—government officials pretending to be potential terrorists so that they can infiltrate the organization, government officials creating honeypots that pretend to be terrorist recruiting sites so that they can prevent people from joining the real organizations by burying them in the noise, etc. Once trust is established—once terrorists have actually become part of such an organization, any hope of further interception of their communication is a hopeless cause, and anybody who says otherwise is kidding him/herself.

And before anyone brings it up, this isn't at all like gun control. Terrorists don't frequently steal their end-to-end encryption from other people; if it is not available legally, they can re-develop it themselves with only a modicum of effort. So fighting terrorism by banning encryption is more like fighting gang violence by banning the legal sale of bandanas, and makes exactly as much sense.

Leave it to Cameron

[Opportunist]

You can say about him what you want (like "why does he have such a big mouth?" "Well, duh, have you seen his feet? How you think he should get it in there?"), but he's reliable.

David, one question: You are aware that the Frenchies already have pretty much outlawed encryption, right? They had that for ages.

I don't expect you to know anything about technology. If anything, your governing style makes me wonder whether you know anything about anything at all. But even you can't be so dumb. So, is it that you think your voters are dumb enough to swallow this attack as a good reason to push legislation that would not even remotely, in no scenario possible, have avoided even a tiny bit of what went down in Paris?

David, until now I just had you pegged as someone who enjoys sucking his toes, considering how much you put your foot in your mouth. Maybe a bit on the uneducated side, because I shy away from calling someone dumb until I can actually identify mental deficits, you just come across as someone who isn't weighed down in his decisions with too much knowledge.

But abusing an atrocity where hundreds died at the hands of some assholes into a tool to push your agenda makes you a despicable, utterly horrific person. Until now I only had you down as inept. But now, you're on my asshole list.

Re:Pointless

[AmiMoJo]

Actually it's not quite a s stupid as it first seems. If they outlaw encryption and apps that don't give them a backdoor, then they can arrest anyone who uses those things. Such encrypted traffic, or traffic to and from the servers of such apps will be tagged as illegal and followed up by automated systems that ISPs and mobile service providers are required to install.

Once the infrastructure is in place the BPI will go to court demanding that ISPs block BitTorrent and consumer VPN services. Once the concept that a protocol or app can be illegal is established the government and large corporations will have powerful weapons to use against us.