Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Gov Says New Home Sec Will Have Powers To Ban End-to-end Encryption (theregister.co.uk)

Posted by msmash on from the embrace-the-future dept.

An anonymous reader writes: During a committee stage debate in the UK's House of Lords yesterday, the government revealed that the Investigatory Powers Bill will provide any Secretary of State with the ability to force communication service providers (CSPs) to remove or disable end-to-end encryption. Earl Howe, a Minister of State for Defence and the British government's Deputy Leader in the House of Lords, gave the first explicit admission that the new legislation would provide the government with the ability to force CSPs to "develop and maintain a technical capability to remove encryption that has been applied to communications or data".

This power, if applied, would be imposed upon domestic CSPs by the new Home Secretary, Amber Rudd, who was formerly the secretary of state for Energy and Climate Change. Rudd is now only the fifth woman to hold one of the great offices of state in the UK. As she was only appointed on Wednesday evening, she has yet to offer her thoughts on the matter.

10 of 282 comments (clear)

  1. 1984 by Anonymous Coward · · Score: 5, Insightful

    Just checked the calendar. It is 1984.

    1. Re:1984 by sTERNKERN · · Score: 3, Insightful

      Wish I had mod points... First I thought of a +1 Funny but on second thought it should be +1 Informative.

  2. no end-to-end no streaming media by Anonymous Coward · · Score: 5, Insightful

    So how will things like netflix work without end to end encryption?
    Does this mean the end of https and secure transactions?

    Looks like, as usual, the politicians do not understand the technology.

  3. Not possible by SmilingBoy · · Score: 5, Insightful

    If someone like an ISP can remove an encryption, it is not end-to-end encryption in the first place.

    1. Re:Not possible by bluefoxlucid · · Score: 3, Insightful

      TLS has unique challenges in this regard.

      In theory, a hostile Government can pressure the CA to provide a signature for a MITM certificate, although this is transparent (it's easily discovered if that certificate is ever revoked, and identifiable if the old certificate is known).

      A hostile Government can pressure the end provider (e.g. Google) to submit their Private key, thus breaking TLS: the Client asks the Server for its Certificate, then uses that Certificate to dictate a session key (and client certificate) to the Server. A passive eavesdropper with the server's Private Key can decrypt this exchange.

      The best I can come up with is the Client sends the Server a random public key, and the Server sends the Client a session key; then the hostile Government must use a MITM to break it. A passive eavesdropper can be stopped, but an active MITM can't.

      Your endpoints have to be non-hostile for end-to-end encryption to work. If they're infiltrated, it doesn't work.

      --
      Support my political activism on Patreon.
  4. Re:My illusions have been shattered by 110010001000 · · Score: 5, Insightful

    Stop blaming racism for every decision that voters make you don't like. Idiots.

  5. Mindlessly unenforceable by RandCraw · · Score: 3, Insightful

    This law would require dispensations for credit cards, banks, point of sale software, (the government itself), and many more infrastructural e-orgs that cannot function without encryption.

    It would also require makers of cell phones that encrypt, Facebook (soon), and increasinly many e-firms to recognize any device/account as being ENGLISH so that it can selectively stomp all over those peoples' freedoms.

    It will also generate an *ungodfy* large amount of data that will swamp the GCHQ's resources and waste their time sifting through zottabytes of drivel, since BAD GUYS DON"T CHAT ON THE PHONE.

    This policy is so halfass and dumbass that it'll be impossible to enforce.

  6. Re:Idioits by Anonymous Coward · · Score: 0, Insightful

    Again, idiots in government finds new ways to turn law abiding citizens into criminals, or even terrorists.

    It's the Progressive way. Make everyday things illegal then enforce it with nuance. That way when the government doesn't like you for some reason, they can go after you.

  7. The power to ban mathematics? by mark-t · · Score: 4, Insightful

    Because truthfully, that us what they are proposing. The banning of any mathematics where the formulas involved are both unknown and cannot trivially be reverse engineered.

    --
    File under 'M' for 'Manic ranting'
  8. Re:Good luck with that? by Grishnakh · · Score: 3, Insightful

    What exactly do they think an ISP is going to be able to do if the data is already encrypted when it hits their network?

    Simple: they legislate that the ISP has to decrypt it.

    It's not much different than the US state government which legislated the Pi equals 3.