David Cameron - The government must be able to access communications

28064212

http://arstechnica.com/tech-policy/2015/01/uk-prime-minister-wants-backdoors-into-messaging-apps-or-hell-ban-them/

"Are we going to allow a means of communications which it simply isn't possible to read?" Cameron said Monday while campaigning, in reference to apps such as WhatsApp, Snapchat, and other encrypted services. "My answer to that question is: 'No, we must not.'"

Hot-button topic, although it's going to be in a constant state of flux for years IMO. Lots of competing issues

• Is there an absolute right to have the ability to communicate privately?
• How do you reconcile that right with the need to investigate child pornographers and terrorists?
• How is any individual government going to prevent it? Is it going to be an offence to simply have, for example, an app like TextSecure on your phone? How would they prevent a browser-based SSL-secured chat client being used?
• How will the general public react to a government explicitly stating that they're going to have access to your "private" messages?

Blowfish

28064212 wrote: »

[*]How is any individual government going to prevent it? Is it going to be an offence to simply have, for example, an app like TextSecure on your phone? How would they prevent a browser-based SSL-secured chat client being used?

They can't and that's what this boils down to. It's a politician giving a soundbite without any idea of what the actual implications are if he were to try and implement it.

Pat Mustard

28064212 wrote: »

http://arstechnica.com/tech-policy/2015/01/uk-prime-minister-wants-backdoors-into-messaging-apps-or-hell-ban-them/


Hot-button topic, although it's going to be in a constant state of flux for years IMO. Lots of competing issues

• Is there an absolute right to have the ability to communicate privately?
• How do you reconcile that right with the need to investigate child pornographers and terrorists?
• How is any individual government going to prevent it? Is it going to be an offence to simply have, for example, an app like TextSecure on your phone? How would they prevent a browser-based SSL-secured chat client being used?
• How will the general public react to a government explicitly stating that they're going to have access to your "private" messages?

Good questions.

I don't see a practical way for them to enforce such a law. Is he going to ask google to make the relevant apps harder to download from the Playstore in the UK? Or will police ask people to show them their phones to make sure that illicit apps are not installed? I can imagine some of the responses there.

If Cameron really wanted a backdoor to access peoples' information, I wonder if he would have made a public announcement about it. Which makes me wonder if his soundbite isn't a smokescreen for something else.

bd0101

Why should they ask your password when they have a backdoor in the app code?

Why should they ask your permission when Android or iOS have built-in vulnerabilities or weak algorithms as defaults?

(...)

A (naïve) citizen: My personal files are protected by encryption.
Govt. Agency: Don't handle over your password, just enter it on that specially crafted prompt that will save it for a later use.

Khannie

Blowfish wrote: »

It's a politician giving a soundbite without any idea of what the actual implications are if he were to try and implement it.

It's actually idiotic, to be honest. As soon as you realise that there are some things that a government has no business having the ability to snoop (e.g. VPN tunnels for companies or HTTPS transactions for ecommerce) the whole thing falls apart.

The unfortunate cost of having technologies like this is that they can be abused. Ten years from now when the entire internet is encrypted (good on you, Mozilla) nonsense like this will be entirely moot.

They don't have the leverage to force whatsapp, snapchat, etc. to hand over private keys (even to a third party) and never will.

The thought that he thinks banning strong encryption is a possibility is quite frightening though.

FSL

I'd be a little more in favour if Cameron et al published cabinet papers the day after not thirty years later and then with more redactions than text.

Applying "if you've got nothing to hide you've got nothing to fear" to politicians must mean they are the most frightened species on the planet.

That's in addition to them singularly lacking the intelligence necessary to resolve inter-country differences without resorting to violence.

Manach

Legal rights are by their nature amorphous and subject to balancing with others. That is why the right to privacy is not absolute with commentators such as Posner pointing out there are about 130 rights of some type and counting. Thus the state holding forth an argument that the right to security trumps other rights, such as private communication data (both content and metadata), in a democratic society.
However it could be argued that the ability to talk freely and privately on politic matters, to discuss and criticise without fear of state repression is a key element of democratic governance.

AnCatDubh

Oh dear. Sounds very stasi-esque and that all ended well now didn't it.

(What do you mean it didn't end? )

syklops

The government in this case is on the losing side of an arms race. They ban WhatsApp tomorrow. Zuckerberg releases the source code under GPL and within hours there is a fork of it called WhatsUp. Governemt pushes through an amendment to the legislation specifically banning WhatsUp. A new fork is released. Rinse and repeat.

What then? They ban GitHub? They ban gcc?

Hotblack Desiato

You'd have thought they might have learned something about the almighty screw-up the US made attempting to ban export of strong encryption in the 90s. It ended up with t-shirts being classed as munitions.

https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States

Lots more stupidity to go around

https://en.wikipedia.org/wiki/Illegal_number

https://en.wikipedia.org/wiki/Illegal_prime

Cameron clearly hasn't the slightest clue, but then again I'm trying hard to think of a single issue where he does have one, and failing.

Mr. G

This makes no sense and is a clear illustration that politicians who know nothing about IT shouldn't be allowed legislate for IT related areas. Blocking encryption is impossible. It just wouldn't work. From a security prespective that would open more doors to criminals in doing so. Makes no sense.

So even a Government cannot decrypt data with the likes of WhatsApp.

It certainly questions what the purpose of their Government is. The moment they start infringing on the rights of it's citizens is the moment you know something's not right. How can he be supported by the UK? Do the majority of people in the UK care about not having encryption? Do people in Ireland feel encryption is more important?

Kur4mA

This could just be a snippet for Cameron so that when even more stuff comes out in the future in relation to what the GCHQ and NSA are doing, he can say "Well I warned you all in advance". Everyone on here saying that this makes no sense or is "impossible" needs to open their eyes a bit and read a bit more into a number of revelations we've gotten from Snowden so far.

I had to do a project on it in college which meant a LOT of reading and research into what's been going on and to be honest, my eyes have been opened in a massive way. When you have government agencies that are tapping into the internet backbone directly (circumventing ISP's when it suits them), setting up postage depots to intercept computer hardware coming into the country so that they can install their own chips that give them direct access to your machines, putting pressure on large multinational corporations and working covertly on quantum computing so that they can crack the majority of widespread encryption in use today... then let's be honest, anything is possible when ethics goes out the window.

Oh, and come on lads. All this talk of government can do this this and government can't possibly do that etc. You need to seriously use your imagination a little bit. I've started thinking of government in terms of Backend and Frontend. The likes of David Cameron and his ilk are the frontend boyos who can and cannot do certain things because of public pressure/image/votes etc.

The government backend lads are the ones you should all be focusing on as it's been made blatantly clear that they don't give a toss about votes/image/publicity or any of that. They basically want to have as much control as possible and seem to be able to break the law or ignore ethics and human rights to do so.

*EDIT*

Sorry, one more thing that just occurred to me is... WTF is Cameron actually on about? Playing the fool I reckon. Feigning ignorance to what his lads are already doing on a daily basis and acting like he hasn't been keeping up with the media. They are already accessing Communications on a constant basis, some of it real-time and a scary amount of it archived.

GarIT

syklops wrote: »

The government in this case is on the losing side of an arms race. They ban WhatsApp tomorrow. Zuckerberg releases the source code under GPL and within hours there is a fork of it called WhatsUp. Governemt pushes through an amendment to the legislation specifically banning WhatsUp. A new fork is released. Rinse and repeat.

What then? They ban GitHub? They ban gcc?

I used to agree with this argument but can't anymore. The usefulness of a communications service is largely proportional to its number of users. If users have to change service weekly to an unknown app it would drastically reduce users, the reduction in users would then make the service less worthwhile and it spirals down to nothing. You can take torrenting as an example, I thought torrenting would never end, that there would always be a new site but torrenting has taken a messive hit since torrent site had to start changing their domain every week. If you make the service difficult enough to use that enough people leave the service becomes useless.

Encrypted communications will never die though. You can encrypt a communication then send it over plain text, once only both communicating parties know the encryption it will work. The only people that a ban on them would affect is the users that would not be using it for any other purposes.

FSL

GarIT wrote: »

Encrypted communications will never die though. You can encrypt a communication then send it over plain text, once only both communicating parties know the encryption it will work. The only people that a ban on them would affect is the users that would not be using it for any other purposes.

Absolutely and if you use a key the same length as the message and never repeat the key then the chances of cracking it are remote.

AnCatDubh

On a similar vein of Anti Terror (albeit brief soundbite);

via Newstalk "But Mr Flanagan said data exchange between EU states has to improve for any plan to succeed."

At about 1m40s

https://www.youtube.com/watch?v=Qxd8QaToCbU

Mr. G

Hidden agendas?

edanto

Banning encryption would be as stupid as banning envelopes.

It's likely that encrpytion only gives 'paper envelope' protection to messages, thwarting blanket interception and plain text mining/storage of all messages and that is how it should be.

If the police suspect someone, they already have the resources to monitor all communications, encrypted or not. That is how it should be.

Encrpyting everything just prevents idle and malicious snooping.

Mr. G

edanto wrote: »

Banning encryption would be as stupid as banning envelopes.

It's likely that encrpytion only gives 'paper envelope' protection to messages, thwarting blanket interception and plain text mining/storage of all messages and that is how it should be.

If the police suspect someone, they already have the resources to monitor all communications, encrypted or not. That is how it should be.

Encrpyting everything just prevents idle and malicious snooping.

I'm a little confused as to whether or not you're in favour of encryption? (Either way I accept your opinion).

Technically, the police can't decode all communications out there.

The police shouldn't be allowed listen to ordinary citizens who are not breaking the law and not under investigation. I do feel that suspected terrorists etc. should be monitored of course.

Our problem is that phone tapping has gone on for years (e.g. Charles Haughey scandle, GSOC/Garda Stations etc). Listening in for political reasons is not right.

Even with encryption there are often security leaks and there are bigger ones to come that will open more cans of worms as they are created.

_Jumper_

This is 20 year old news. They've been talking about this since PGP.

Was anything snook through since the French attacks? They usually use them for their own gain.

Any thing leak out from the Transatlantic Trade and Investment Partnership talks lately?


Good breakthrough on Quantum Encrytption Storage/Entanglement a week or so back.

anu.edu.au/news/all-news/quantum-hard-drive-breakthrough

AnCatDubh

Mr. G wrote: »

The police shouldn't be allowed listen to ordinary citizens who are not breaking the law and not under investigation. I do feel that suspected terrorists etc. should be monitored of course.

Hitting the nail on the head here.

28064212

Mr. G wrote: »

The police shouldn't be allowed listen to ordinary citizens who are not breaking the law and not under investigation. I do feel that suspected terrorists etc. should be monitored of course.

In that case, aren't you agreeing with Cameron? That there should be no encryption that doesn't have a governmental back-door?

Mr. G

28064212 wrote: »

In that case, aren't you agreeing with Cameron? That there should be no encryption that doesn't have a governmental back-door?

There is a fine line.

If a Government can find a back door, someone else can. No encryption should have a back door end of story. I meant that the Government should only be allowed monitor terrorists by means of non-encrypted conversations (such as monitoring phone calls). It would be nearly impossible to decode messages sent through end-to-end encryption.

Who is to say that any Government would not use these advantages for other reasons that to stop terrorism?

Khannie

Mr. G wrote: »

I meant that the Government should only be allowed monitor terrorists by means of non-encrypted conversations (such as monitoring phone calls).

The problem with this, and the reason that Cameron is piping up now, is that we are moving towards a point where all things are encrypted and the security agencies see it coming. Only very old technologies are now not encrypted.

Anything new that's coming online is automatically encrypted because you look like an eejit if you don't bother with the very small level of effort required to safeguard your users traffic in transit.

The even bigger problem with using the "omg terrorists" line is that terrorists will just use some tool that doesn't have a back door (or make their own...they have the funding). Nobody seriously believes that these scumbags are using whatsapp or facebook messenger to wage war, so demanding a back door into them for terror reasons doesn't hold weight.

Mr. G

Khannie wrote: »

The problem with this, and the reason that Cameron is piping up now, is that we are moving towards a point where all things are encrypted and the security agencies see it coming. Only very old technologies are now not encrypted.

Anything new that's coming online is automatically encrypted because you look like an eejit if you don't bother with the very small level of effort required to safeguard your users traffic in transit.

The even bigger problem with using the "omg terrorists" line is that terrorists will just use some tool that doesn't have a back door (or make their own...they have the funding). Nobody seriously believes that these scumbags are using whatsapp or facebook messenger to wage war, so demanding a back door into them for terror reasons doesn't hold weight.

Which is another reason why the EU shouldn't go near forcing people to give up encryption keys.

_Jumper_

Khannie wrote: »

The problem with this, and the reason that Cameron is piping up now, is that we are moving towards a point where all things are encrypted and the security agencies see it coming. Only very old technologies are now not encrypted.

Anything new that's coming online is automatically encrypted because you look like an eejit if you don't bother with the very small level of effort required to safeguard your users traffic in transit.

The even bigger problem with using the "omg terrorists" line is that terrorists will just use some tool that doesn't have a back door (or make their own...they have the funding). Nobody seriously believes that these scumbags are using whatsapp or facebook messenger to wage war, so demanding a back door into them for terror reasons doesn't hold weight.

They used spam for years apparently to send messages. No encryption needed as people couldn't delete it fast enough.

To Avoid Detection, Terrorists Made Messages Seem Like Spam


How the US Helped Create Al Qaeda and ISIS


How right or wrong is that?

Hotblack Desiato

Khannie wrote: »

The even bigger problem with using the "omg terrorists" line is that terrorists will just use some tool that doesn't have a back door (or make their own...they have the funding). Nobody seriously believes that these scumbags are using whatsapp or facebook messenger to wage war, so demanding a back door into them for terror reasons doesn't hold weight.

Steganography is still pretty much undetectable, is it not? Any digital image will have noise in the least significant bits, you can easily manipulate that noise to carry a signal while still looking like noise.

So if the authorities cannot tell the difference between 999,999,999 boring holiday snaps, and the one in a billion that is using stego to hide something interesting, how can they even begin to attack the stego?

Things are going to get a bit more old-school (as Gutmann said, the easiest way to break crypto is just bypass it) so audio bugs planted in the homes of 'persons of interest', hardware keyloggers, bundestrojaners, etc. will be used to bypass encryption and capture information before it's encrypted - at least for known high-value targets. There's always a way if enough resources can be committed.

Impetus

Cameron seems to me to be another another Hitler type. In Hitler's time people with typewriters had to first take them to the local polezi and type a QWERTYUIOP etc on a sheet of paper so that they could put a fingerprint for that typewriter in their files. Each character on a typewriter is ever so slightly different to that created on another machine.

They (Hitlers of 2015) are using a similar technology today, by looking at the browser version, o/s, screen size and resolution, IP number, etc.