UKC

Cameron wants to ban encrypted messaging

New Topic
This topic has been archived, and won't accept reply postings.
OP Thrudge 13 Jan 2015
In reply to moffatross:

When they do, I'll get a few ex-Stasi lads round to search their house. We'll do the search while they're at work, so as not to cause any inconvenience
moffatross 13 Jan 2015
In reply to Tony Naylor:

That was weird. Editing for grammar and I've been deleted. I smell a conspiracy.
 Shani 13 Jan 2015
In reply to Tony Naylor:

grbg trny kdiw mmso pfkr jwhg vpcu ncuw alzx jcuc owlk aapo jewe cjwa jgne nncjf nffo swwo nwmf nwpo qazm neos gfre sfav blpu poui mhjk fhgg mmyj kvje!
OP Thrudge 13 Jan 2015
In reply to Shani:

:-O I'm phoning the police!
JMGLondon 13 Jan 2015
In reply to Tony Naylor:

Indeed. Lets use an attack on freedom of speech to, well, attack freedom of speech!

Well played Dave, well played.
 wintertree 13 Jan 2015
In reply to Tony Naylor:

Gurl jvyy unir gb cevfr gur ahzore guvegrra sebz zl pbyq, qrnq unaqf.

More seriously, it increasingly seems that it is unwise to rely on any encryption used by personal computers, so perhaps this would just ben the illusion of privacy. I also see it hard to understand how a legally recognised line could be drawn that permits encryption for online banking and outlaws it for email - somewhere in the middle there will be a very grey area. For example I could share my bank login details with someone else and communicate with them by making transfers between two accounts and encoding information in the numbers transferred, the time of day and the "payee reference" etc. Add in the ability to rename accounts etc. I'm sure someone could come up with a much better grey area.

In reply to Tony Naylor:

The sort of stupidity one comes to expect from PPE graduates with no knowledge of the area they intend to regulate.

What the cretin fails to understand is that the security services are not the only people who wish to read or tamper with communications. If the government makes it easy for GCHQ to decrypt everyone's communications by weakening the cryptography or providing a backdoor which is accessible to many state agencies they will also make it far easier for every other country's intelligence service, organised criminal hacking gangs, terrorists, hackers with a political agenda, journalists, blackmailers and kiddies looking to have fun with nasty software they can download from the internet to decrypt or tamper with our communications.

If they bring this in within 5 years there will be a massive scandal as using the backdoor some company is hacked for sensitive commercial information about a takeover or secret technology, a doctor is hacked to find out that some celebrity/politician/royal has an embarrassing disease or some legally privileged documents are hacked from a lawyer.
 RomTheBear 13 Jan 2015
In reply to Tony Naylor:

This is saddening... the first reaction to radical terrorists who want to curb our freedoms, is to curb our freedoms... they are winning...
 d_b 13 Jan 2015
In reply to wintertree:

In principle a personal computer is perfectly capable of giving you secure encryption, given the right software. That's why the government want to make the software illegal.

If I was paranoid I would say the legistation is more a reaction to the finding and patching of security holes in OpenSSL as much as anything else.
 wintertree 13 Jan 2015
In reply to davidbeynon:
> In principle a personal computer is perfectly capable of giving you secure encryption, given the right software. That's why the government want to make the software illegal.

Of that I have no doubts. Edit - actually even here I do. Given just how long GCHQ had known about asymmetric key algorithms before they were "discovered" and publicised in the USA, and given how many mathematical discoveries they managed to keep very quiet, it's entirely possible that they've made one of the speculated breakthroughs in prime number theory. If they had it would be rarely used, and by few people, because if they gave the game away it would cease to be useful.

However I don't trust the rest of that personal computer one iota. There's a long tradition going way back of simply compromising the electrical or mechanical system between the human being and the encryption tool.
Post edited at 12:47
 hamsforlegs 13 Jan 2015
In reply to tom_in_edinburgh:

> The sort of stupidity one comes to expect from PPE graduates with no knowledge of the area they intend to regulate.

Well I'm a PPE graduate and you're not saying anything that I don't think is obvious (I'm sure most arts graduates would think the same - scientists I've no idea... weirdos).

I suspect that DC also has a good understanding of what you've just outlined. He probably just doesn't care, in particular because he knows that the whole thing will be impossible to implement for a range of reasons and so will never get off the drawing board.
 hamsforlegs 13 Jan 2015
In reply to wintertree:

At the level of individual security, I've always assumed (on the basis of nothing much) that local/physical/human security compromises are the major risk.

I suppose it's the need for the harvesting of large amounts of communications data that has led to the calls for banning systematic encryption. How on earth they would define and properly enforce against encryption methods of the sort targeted I've no idea. Presumably banning retail public key systems would make things quite a bit more complicated for lots of consumers?
KevinD 13 Jan 2015
In reply to hamsforlegs:

Would be somewhat inconvenient for online shopping and also for all those businesses which use VPN.
Still it makes it sound tough.
OP Thrudge 13 Jan 2015
In reply to RomTheBear:
> This is saddening... the first reaction to radical terrorists who want to curb our freedoms, is to curb our freedoms... they are winning...

Very neatly put.
In reply to hamsforlegs:

> I suspect that DC also has a good understanding of what you've just outlined. He probably just doesn't care, in particular because he knows that the whole thing will be impossible to implement for a range of reasons and so will never get off the drawing board.

Proposing something you don't believe in the hope it will prove unworkable is an even worse form of stupidity and arguably even more typical of the PPE mindset.

In reply to tom_in_edinburgh:

Jesus! What is your beef with PPE?!
 Clarence 13 Jan 2015
In reply to wintertree:

> Gurl jvyy unir gb cevfr gur ahzore guvegrra sebz zl pbyq, qrnq unaqf.

Irav ivqv ivpv chax!
 Wingnut 13 Jan 2015
In reply to wintertree:

>>Gurl jvyy unir gb cevfr gur ahzore guvegrra sebz zl pbyq, qrnq unaqf.

Naq zvar!

(Naq nyfb ona obbxf bhgevtug ... vs n tebhc bs crbcyr jnag gb uvqr fbzrguvat qbqtl, n obbx gurl nyy unir n pbcl bs jbexf nf n bar-gvzr-cnq.)
 jkarran 13 Jan 2015
In reply to tom_in_edinburgh:

> Proposing something you don't believe in the hope it will prove unworkable is an even worse form of stupidity and arguably even more typical of the PPE mindset.

Why? Be seen to be reacting robustly to a perceived (if poorly understood) threat at a time of heightened fear... Pretty much perfectly appealing to his key voters.

Achieve nothing in practice... Who cares, it's only public money and if he's not gone by the time it becomes a minor scandal some civil servants, IT contractors or a junior minister can be thrown on their swords and a department rearranged, the shit won't stick to him.

Achieve the goal and thwart an attack (or at least uncover some plotting... Claim the credit and publicise some hazy but broadly correct details of the uncovered plot to whip up more fear thus greasing through the next piece of unpopular legislation that's been stalled on civil liberty grounds.

Achieve the goal but with terrible unintended consequences... Blame it on poor implementation by contractors or throw a senior minister under the bus to appease the mob.

jk
Post edited at 14:21
 winhill 13 Jan 2015
In reply to Tony Naylor:

This has been the case in the US for decades now hasn't it?

That companies had to make their keys available to authorities, so that no-one ever had an encryption method that was unsnoopable.

The coding and the surveilance are two separate issues here.
 wintertree 13 Jan 2015
In reply to Wingnut:
> (Naq nyfb ona obbxf bhgevtug ... vs n tebhc bs crbcyr jnag gb uvqr fbzrguvat qbqtl, n obbx gurl nyy unir n pbcl bs jbexf nf n bar-gvzr-cnq.)

Indeed, the bar-gvzr-cnq is the rather large elephant in the room. Pretty much every proposal I've ever seen with regards online encryption would be totally and utterly useless against a technologically literate foe. Given the UKs contribution to creating a two-way real time voice encryption system using one time pads in 1942 you'd hope the current crop of PPE wonks had advisers who are well informed on the issue...
Post edited at 14:57
 elsewhere 13 Jan 2015
In reply to winhill:
Post Snowden privacy is a commercial advantage so there's an interest in services where only the customer has the encyption key.

That means the service provider can market their product by saying they can't supply anybody with the encyption key.

http://www.dailymail.co.uk/sciencetech/article-2760660/Apple-s-iOS-8-secure...
Post edited at 15:48
In reply to nickinscottishmountains:

> Jesus! What is your beef with PPE?!

Look how many cabinet ministers got there via public school -> Oxford PPE -> family connections with no actual experience of any real world job.

If we had an ex-teacher running education, an ex-doctor running the NHS, an ex-soldier running the MOD and so on our government would make much better decisions but they get pushed out by people whose interest is perception and popularity rather than problem solving.
 Indy 13 Jan 2015
In reply to davidbeynon:
> In principle a personal computer is perfectly capable of giving you secure encryption, given the right software. That's why the government want to make the software illegal.

> If I was paranoid I would say the legistation is more a reaction to the finding and patching of security holes in OpenSSL as much as anything else.

Rubbish..... PGP has been available and downloadable for years I have keys that I created in 1996.

Your very naive (my word for the day) There are lots of ways that encryption can be compromised i.e how do you know that the encryption software that you're using hasn't been messed with? how do you know that the OS your using can't detect you creating keys and mess with the 'randomness' As Snowden has shown us the pervasiveness of the Govt. digital surveillance effort is astounding.

Then there's RIPA that makes it illegal to not provide plain txt of any encrypted message.

Here's a message sent in 1997ish if anyone feels they'd like to have a go at cracking it!

-----BEGIN PGP MESSAGE-----
Version: PGPfreeware 5.5.3i for non-commercial use

qANQR1DBw04DY2mKDfjtLaEQD/9o0SbqdvZM4dOIOWtZu4pjld9gMjy5nJ8OhLLg
hFUJ4NoV58YxNaYQZipRs7P2TFeMcIwSkIIGbtM4Rc1e0fGljjAvW6+scE92ELjP
ZNte3Bi4Fmq0XBj80i27eLVW1O4g2xZWxbBAmhVyxT8bhXie0JdzPirqCipo3Znb
hxPPa2xS1BLBNCejwFa9OEB4M1KxyVduVjQPa3Qi+28QGA0Q7d/f5ILHWGrgZzT/
vWuYRESDx4Jvj5fAPt7ekblZtYDP/q2qkz+OCCwVketfjPrWFhII3tlxHJtll5TI
ELJxOWuQ2Rd2f+S2XbVn7gMcLcESAEzBrmX4YoaXYgjC4Qo9qYdmz3yIJR7E0Azx
3/tt/HbS34gY5uAJnFU8R58/z1DUXTiCeekVYpZx4TcJbMdvwtqhFCFpDKJ45DC/
r9v0WuCuoKuMFpB6YjDXc7cvdgyyq3cBvR1QxVMxT5wu0CPBnOox/VuV/sriPQhO
xjzAhoRbjJjD4GnNGAlF7yQX+3Blf2JaX+Lkmk99jrZgYfUnAqOpnSmmG0+M3neg
F1oFkYdfP7xC4AlVdyyG9YFQqh3+ZmH3OtCtd8LxsvpWvFe9yzUrEpcNR9eeWetI
n2BDqE19rET/gPJF5+QZYD77rKA1wwhqeXkjHk8Fj6Q8Conljs23k+29wpnTY4Fy
P8LBDxAAqCU2slSfHtfzfKzWqO7CzK8RCsflwsSbyWDA6NEpdj8Pk8MIMvrb/84u
UQie2RXAYr/FSNjRq1d8S3CJ17V9oVKIFO4oq2BoRN82r2Xxo6waAbOVgg4Rs7NE
fK1IrjP7L9QsJf7KmsbBLfe3AKOpbefYzDLz248mvvxCAJaPaxTvsNDuPgg326NL
WDHEbR3uxwanglwJitXNsuCS4JAwJKIZKl5wBSiEYdHb7txo7WBo9nK9acLpeAQb
n8xpNhZxu+BfxHHt6qe4N2yP99Rz7WKExEwtDkGD5EaJos82XO9/OPfhTdC8b+0z
W+CSnOknOxPlgbKym9KqCtDi/ce42uA/rguab5+Ecn7EO2+jBiBnsWlSdfhKUoSf
1JbDtOHLVTkEFv/hbygumfuYGWVpWNYU8nFE7Q6XJV4KmLZN9qTK2GrvPkjwXfVL
qznznCBRLCUFCXrbTkgyw7dz/f0FppIV2jT9kbVCrcSt7But1xoEMl9wAKkNW6+n
e7xrw468uQKnw3ICTwPdfSAL7DZaw9SwOf0vrOYh2cUdzD0CocgA466eIMpgL9Qt
KSctZHK6ftDi5giOB7aYj/+iWAXfiP9RBVjGD1djh2CR1SDr9nK/AZ+oAcpiTsCR
WGCtqhMb4e5fVmEGmwPn3DeqdzZ00yFt1rUB2O4aSv4WhQ6jMcTJnlIamLj6ry6Q
g6Fa0f3hiLAZCGzJHB6jzRdoFrPc/AtX32nBLo0zT9On0pHi19dZyyp3z/R/eeOB
3IRVo6i8sZGhb1BQmDg7HmhV/JqzKLI6HYBopD66Bmmt6lCLfFDabw9I+q7e1cfi
NqbwL34+Psjz/TMUDAGYSe66EyFrvaED/F7PTKyJiSOMiVOvxe4Ag9b/Iee+I2ay
C9DRi8hV
=6TFZ
-----END PGP MESSAGE-----

Clue is its a couple of sentences on what a sh1t I was having.
Post edited at 18:14
 d_b 13 Jan 2015
In reply to Indy:

I am very happy for you. How many of your correspondents use it?

If you really want to make a difference then strong encryption needs to be ubiquitous. If it isn't then people who do use it will get nailed by traffic analysis.
KevinD 13 Jan 2015
In reply to Indy:

Didnt take long.
"So what have you done on grit"
 MG 14 Jan 2015
In reply to tom_in_edinburgh:

You don't think politics is a "real world job?"

How many doctors have done any other job? Far fewer than politicians.
 Shani 14 Jan 2015
In reply to Tony Naylor:

We'd all do well to remember a few things about the Charlie Hebdo matter and Cameron's "citing [of] the Charlie Hebdo attacks in Paris to bolster his argument":

1) Charlie Hebdo jpournalists were standing up against censorship, NOT terrorism.
2) There is no evidence that I am aware of that the attackers in Paris were using encrypted messages to communicate. This policy would therefore have had no effect on the outcome.
3) ThereAreMany smlipe wyas 2 0bfusc4t3 couicamtimonns. That is before we get to encrytpion, code words etc... Much better to put the 'intelligence' back in to Intelligence.
In reply to MG:

> You don't think politics is a "real world job?"
> How many doctors have done any other job? Far fewer than politicians.

The point is people with absolutely no domain knowledge are being put in charge and making bad decisions based on personal prejudice, 'common sense' and what they think people want to hear rather than knowledge and experience. The system in the US where the President appoints political supporters who are leaders in the relevant area rather than career politicians to run departments so for example you get an actual scientist running Energy policy is far more likely to produce good decisions.

 MG 14 Jan 2015
In reply to tom_in_edinburgh:

You think that US politics us more effective than here!? The US system shut down and nearly defaulted on national debt due to political game playing recently. Good decisions?

Also when we do have "knowledgeable" people as cabinet ministers I don't see obviously better decisions. Andrew Lansley? Vince Cable?
 Urban5teve 14 Jan 2015
In reply to RomTheBear:

> This is saddening... the first reaction to radical terrorists who want to curb our freedoms, is to curb our freedoms... they are winning...

Right Wing thinking prefers to control the population as a solution. The further right you go the more control you see.

This type of thing is a slippery slope!
In reply to MG:

> You think that US politics us more effective than here!? The US system shut down and nearly defaulted on national debt due to political game playing recently. Good decisions?

What I said was that choosing people with domain knowledge to run departments was better than the Landowning Family -> Public School -> Oxford PPE -> City or Thinktank -> Tory MP career path. I didn't say anything about the other aspects of the US system relative to the UK. Although a second chamber representing the states seems like a better idea than the House of Lords which is packed with the establishment and therefore mainly represents London.

> Also when we do have "knowledgeable" people as cabinet ministers I don't see obviously better decisions. Andrew Lansley? Vince Cable?

Do you really think having no knowledge or experience could possibly be an advantage when it comes to making decisions? It may well be an advantage in making decisions which are well received at the point in time when they are made but four or five years down the line when the actual outcomes are clear I very much doubt it.


OP Thrudge 14 Jan 2015
In reply to UrbanSteve:
> Right Wing thinking prefers to control the population as a solution.

Much as I dislike the right wing, I'd have to say the left are equally culpable here.

OP Thrudge 14 Jan 2015
In reply to Shani:
> 1) Charlie Hebdo jpournalists were standing up against censorship, NOT terrorism.

> 2) There is no evidence that I am aware of that the attackers in Paris were using encrypted messages to communicate. This policy would therefore have had no effect on the outcome.

Excellent points. I think Cameron is being particularly cynical and exploiting these murders for political benefit.
 Shani 14 Jan 2015
In reply to Tony Naylor:

> Excellent points. I think Cameron is being particularly cynical and exploiting these murders for political benefit.

Agreed.

I think that formualting policy in the heady days, hours and minutes after a significant event such as this, plays well to our immediate demand that 'somebody do something'.

But response to a 'serious' event requires serious thought; calm, cool and rational thought, which is not forthcoming so soon after a trauma.

We should be careful to let the State have further powers to intrude in to our lives. Whilst it is nice to think that the government is democratic, its policies are FAR from democratic, shaped coercively by vested interest and lobbying groups from finance, pharma, agriculture and so forth. There are also furtive collectives based upon money, power and societal status both in government or with influence on those in government. History shows that policy must be considered in terms of the wider incentives it creates.
 RomTheBear 14 Jan 2015
In reply to Tony Naylor:
> Excellent points. I think Cameron is being particularly cynical and exploiting these murders for political benefit.

Anyway this is a completely inept policy.
If companies are not able to secure their communication and data they'll just leave the UK. I can tell you already that most companies I work with, whic are running critical systems hosting very personal data for customer around the world, would just feck off somewhere else...
Post edited at 22:18
Shearwater 15 Jan 2015
In reply to winhill:

> This has been the case in the US for decades now hasn't it?

> That companies had to make their keys available to authorities, so that no-one ever had an encryption method that was unsnoopable.

No. They tried to swing this in the past, and were shot down. They even tried to mandate a government approved bit of encryption hardware that the authorities would easily be able to extract keys from (see http://en.wikipedia.org/wiki/Clipper_chip ) but that didn't take off either (and just as well, because it was deeply flawed). I think there's also some case law that suggests that being forced to hand over keys if you're a suspect in a criminal investigation is illegal, but I don't have any references handy for that.

In the UK on the other hand, the police can simply ask you for your encryption keys and if you don't hand em over you're comitting a criminal offense. Exactly what happens if you're using software that makes use of http://en.wikipedia.org/wiki/Forward_secrecy I've no idea, and possibly this is the sort of technology that the government is most concerned about, or would be if they understood anything about what they are trying to ban, which isn't clear right now.

New Topic
This topic has been archived, and won't accept reply postings.
Loading Notifications...