Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Gov Says New Home Sec Will Have Powers To Ban End-to-end Encryption (theregister.co.uk)

Posted by msmash on from the embrace-the-future dept.

An anonymous reader writes: During a committee stage debate in the UK's House of Lords yesterday, the government revealed that the Investigatory Powers Bill will provide any Secretary of State with the ability to force communication service providers (CSPs) to remove or disable end-to-end encryption. Earl Howe, a Minister of State for Defence and the British government's Deputy Leader in the House of Lords, gave the first explicit admission that the new legislation would provide the government with the ability to force CSPs to "develop and maintain a technical capability to remove encryption that has been applied to communications or data".

This power, if applied, would be imposed upon domestic CSPs by the new Home Secretary, Amber Rudd, who was formerly the secretary of state for Energy and Climate Change. Rudd is now only the fifth woman to hold one of the great offices of state in the UK. As she was only appointed on Wednesday evening, she has yet to offer her thoughts on the matter.

9 of 282 comments (clear)

  1. 1984 by Anonymous Coward · · Score: 5, Insightful

    Just checked the calendar. It is 1984.

    1. Re:1984 by fustakrakich · · Score: 5, Funny

      Just checked the bathroom mirror. No it ain't!

      --
      “He’s not deformed, he’s just drunk!”
  2. no end-to-end no streaming media by Anonymous Coward · · Score: 5, Insightful

    So how will things like netflix work without end to end encryption?
    Does this mean the end of https and secure transactions?

    Looks like, as usual, the politicians do not understand the technology.

    1. Re:no end-to-end no streaming media by Anonymous Coward · · Score: 5, Informative

      Internet security is not an illusion, but if the threat you care about is powerful enough, the CA system is just about the worst possible way to establish a basis of trust. Any CA can sign certs for any domain. If you have a powerful adversary that can co-opt a CA, you have a completely false sense of security. It's really easy to get users to trust rogue certs signed by real CAs, because it happens automatically with no user input!

      Even worse, a less powerful adversary, like a browser maker or computer maker can undermine your system by installing trusted fraudulent root CA certs which should not be trusted to man-in-the-middle your TLS connections. Opera, Lenovo and Dell have all done this to name a few.

      I work at a university, and to connect to the wireless, you need to "trust" a self-signed certificate. In some operating systems, you have to specifically follow some installation instructions for installing a cert manually, but on Windows and OS X, I think you just click "trust this certificate" and it pins the cert. I work in computer security (but in research, not IT). I have to explain this decision to many people who say it's insecure. Actually, it's more secure, because it forces even dumb users to pin a certificate that doesn't chain up to an public CA. Once you install the self-signed cert, it will warn you if it changes (I actually, don't know what the OS would say). This converts the certificate from the CA model to a trust-on-first-use (TOFU) model. Clearly the Uni's IT are no dummies.

      TL;DR: I learned how terrible the CA system actually is in undergrad over 15 years ago. Only recently, however, has it become clear that powerful adversaries are seeming exploiting this weakness. I have no idea why there isn't more interest to actually change it, rather than just a lot of talk.

  3. Idioits by ITRambo · · Score: 5, Informative

    Again, idiots in government finds new ways to turn law abiding citizens into criminals, or even terrorists.

  4. My illusions have been shattered by wcrowe · · Score: 5, Funny

    This is so disappointing for an American. We Americans have always been a little insecure about our accents, our education level, etc, and we look at the British, with their smart-sounding accents, and their large vocabularies, and we just intrinsically KNOW that they are smarter than us. And then something like this happens that shatters our illusions, and tells us that British people can be just as dumb as anyone else.

    --
    Proverbs 21:19
    1. Re:My illusions have been shattered by 110010001000 · · Score: 5, Insightful

      Stop blaming racism for every decision that voters make you don't like. Idiots.

  5. Not possible by SmilingBoy · · Score: 5, Insightful

    If someone like an ISP can remove an encryption, it is not end-to-end encryption in the first place.

  6. No changes wrt. RIPA 2000 by doru · · Score: 5, Informative

    The government also says (on page 39) that the new law provides nothing more than what is already present in the Regulation of Investigatory Powers Act (2000). It specifically refers to "the ability to remove any encryption applied by the CSP to whom the notice relates" (my emphasis), and not to end-to-end encryption.