back to article Berners-Lee: 'Appalling and foolish' NSA spying HELPS CRIMINALS

Sir Tim Berners-Lee, granddaddy of the internet, has attacked the NSA and GCHQ for their "appalling and foolish" cracking of online encryption. He warned that spooks' attempts to break encryption standards played into the hands of cyber-criminals and rival states, saying spies were "naive" to think their own techniques would …

COMMENTS

This topic is closed for new posts.
  1. Spiracle

    'Granddaddy of the World Wide Web' might have been more accurate.

  2. doronron

    It's not a negotiation

    It's not a negotiation!

    It's not that we discuss this 'right to privacy/right to judicial process', thing with the spooks and agree some sort of compromise that they're prepared to offer as a concession.

    No, they need to get back within the law and the limits of democracy. They're not the boss in a democracy, the voters are the boss. If they want their way, go stand for election and see if you can get people to vote for you.

    It's no good trying to shut down discussion by claiming we're terrorists.

    It's no good trying to shut down discussion by suggesting we're pedos.

    The mere fact the spooks are trying to attack the press and shut down discussion shows we are not a democracy.

    Because you GCHQ lot, discussed stuff with the US NSA that you hid from Parliament and Ministers, it shows we are not a democracy. It shows you are traitors to your f**ing country.

    1. Rukario

      Re: It's not a negotiation

      Once in, though, you can't get rid of them. If e-petitions have any merit, here's one to look at:

      http://epetitions.direct.gov.uk/petitions/56449

      Of course, the chances that anything worthwhile will happen are pretty much nil, as it means getting the turkeys to vote for Christmas, Thanksgiving, and Easter.

    2. JCitizen
      Thumb Up

      Re: It's not a negotiation

      Flipping a tweetie! Doronron!! TOTALLY!

  3. william 10

    I have no issue with the NSA & GCHQ trying to break encryption, my issue is when they endeavour to provided back doors into to security systems (like it seems the NSA did with RSA's BSAFE security product) by doing this it enables Terrorists and unfriendly Governments to access our systems.

    I have issues with the deployment of virus like stuxnet that provide the Crim's, Terrorists and unfriendly governments with detailed information on how to break the security of various systems.

    Another issue I have is that all spying by UK or Foreign governments(American, German etc...) on U.K. citizens should be done in accordance to UK Law and under UK Government over-site. There should never be the case where Foreign governments have greater access to UK citizens private data than that available to our own security services.

    1. tom dial Silver badge
      Stop

      The problem with Dual_EC_DRBG in BSAFE was public knowledge (in Wired) in 2007, including the possibility it was inserted by NSA. Shame on RSA if they left it the default for 6 years, but one would have hoped professional users of cryptographic libraries would have taken notice and avoided it.

      Criminals and terrorists may find the techniques of Stuxnet somewhat useful, but (a) lack of such knowledge didn't, as such, appear to impede them much before it became available, and (b) the authors, whoever they might be, might well have prepared to defend against it.

      Spying on UK citizens by UK agencies certainly should be done in accord with UK law. It is quite silly, though, to expect a foreign intelligence agency to follow local laws. They're spies, after all.

      As for relative access by foreigh/home grown security services to UK citizens' private data: that could be taken two ways, the likelier of which in practice would be to give the UK security agencies unfettered access, because that's what the foreigners have, constrained only by their consciences and the probability of being caught.

    2. Lapun Mankimasta

      Google got rich on metadata

      Now you have the GCHQ and the NSA scarfing down as much info on as many people as they can, storing it up for I don't know how long. Now you have them breaking the cryptographic security systems' integrity. And you also have them provoking big powerful neighbours.

      Google got rich on metadata. It seems to me that the GCHQ and NSA and GCSB and ASIO and the rest are setting up for a bloodless transfer of power - in military terms known as an unconditional surrender - to nations they have provoked. Because the powers that pwn the above alphabet soup will also pwn the host nations' economies.

      If it walks like a duck, sounds like a duck, swims like a duck, well it's not. It's a genetically modified Politician.

  4. Yes Me Silver badge

    More to the point, let's fix the code

    Signals intelligence agencies have been breaking codes for a hundred years now, and they aren't going to stop because TimBL says so. So the constructive approach is to fix the problem, by making the Internet surveillance-resistant. The IETF decided to do that for the protocols it specifies just yesterday, in Vancouver. What's the W3C doing to help?

    http://www.ietf.org/media/2013-11-07-internet-privacy-and-security

    1. DJO Silver badge

      Re: More to the point, let's fix the code

      Err, did you read it, that's not what TimBL is saying, what he is concerned about is the deliberate insertion of back doors which weaken encryption not just for the spooks who demanded it but for unfriendly spooks and criminals, and he is 100% correct.

      These will always be efforts made to crack encryption and that is all well and good and in turn leads to stronger encryption but if there are back doors or deliberate weaknesses then it's all a waste of time.

      1. Yes Me Silver badge
        Black Helicopters

        Re: More to the point, let's fix the code

        Yes, people in the IETF are *very* aware of the risk of crypto algorithms and implementations that have been suborned, but that is only one issue among many, and *all* the issues need to be dealt with. What we now know with great clarity is that if any attack on privacy is possible, it will be exploited, so every single one of them needs to be fixed. The risk of backdoors being exploited by bad actors was pointed out years ago:

        " What this boils down to is that if effective tools for wiretapping exist, it is likely that they will be used as designed, for purposes legal in their jurisdiction, and also in ways they were not intended for, in ways that are not legal in that jurisdiction." (RFC2804, May 2000)

    2. streaky

      Re: More to the point, let's fix the code

      "Signals intelligence agencies have been breaking codes for a hundred years now"

      They wouldn't be able to break them without flaws introduced into the system (see how Snowdon said just use PGP and you'll be fine) - at least not with conventional computing and quantum computers aren't actually useful to this degree yet (and we have other crypto schemes ready to go when they do which banks/governments/militaries etc are already using).

      The flaws they introduce into the systems are precisely the problem. If you look at the history of cyphers and hashing systems you see all kinds of issues with predictability of algo's - people find this stuff not by accident and it's highly possible that a) they were introduced intentionally and b) criminal orgs and other state intel agencies found them *before* security researchers did.

  5. WalterAlter
    Megaphone

    Yah, but who are they slipping notes to?

    All assumptions are that the NSA data is used for "national security" or, at worst, to throttle political opponents of whatever regime has the reigns of the NSA Sun Chariot. What should get our hackles in an uproar is the fascinating list of "back channel" "invisible hand" private recipients of NSA data analyses. I wonder how, um, little neighborhood businesses like Bechtel, Bunge, Cargil, Continental, Dreyfus, Nestles and a rash of obscure quasi legal holding companies that may include a drug financier or two, might alter their chess pieces after a magic phone call from NSA employee #666?

  6. Mad Mike

    Copying from the BBC

    Not another copy from the BBC? They don't know their facts, so a copy is going to have problems. So, who are MI6 exactly? Or, do you really mean SIS (Secret Intelligence Service). MI6 is largely an invention of literature and doesn't exist. It is commonly, but wrongly, used to mean SIS. The BBC should know better and so should those who copy the error from them.

    1. Mad Mike

      Re: Copying from the BBC

      Interesting. Downvotes, but no comments. Perhaps people would like to comment on exactly what is factually wrong with what I've said. We need the news to be facts and to be correct. Go to WWW.MI6.GOV.UK and it redirects to WWW.SIS.GOV.UK. Yes, they've even vaguely started referring to themselves using MI6, but it isn't the name of the organisation. BBC journalists need to get their facts right and they get them wrong all the time. And I quote from their 'About' section

      "The Secret Intelligence Service (SIS), often known as MI6"

      Often known as, but wrongly known as. Look at the history of the military intelligence sections and you'll see MI-6 doesn't exist these days.

    2. localzuk Silver badge

      Re: Copying from the BBC

      You're being downvoted because you're wrong.

      The MI title came from back during WW1, when the different intelligence agencies were divisions of the Directorate of Military Intelligence. MI6 was the liaison between SiS and the Foreign Office. Whereas MI5 was counter-intelligence and MI4 were cartographers.

      So, while SiS is the official name of the agency, they are still referred to as MI6. They even have MI6 in their logo.

      1. Mad Mike

        Re: Copying from the BBC

        Err. So, you've said I'm wrong, but then admitted I'm right. To quote you:-

        "while SiS is the official name of the agency"

        That's all I've been saying. The organisation in question is called SIS, not MI-6. SIS is their title. MI-6 is simply what people know them as, largely due to literature and films, such as the Bond films. Sir John Sawyers is not the head of MI-6, but the head of SIS. I would have hoped people in IT would appreciate the importance of being precise.

        Presumably, as your information appears to come from here http://en.wikipedia.org/wiki/Directorate_of_Military_Intelligence, you would appreciate that it says MI-6 is the liaison with SIS. Therefore, even back then, SIS was never actually MI-6. They were different. One was SIS, one was the liaison. The article doesn't say that MI-6 became SIS, largely because it didn't!! So, SIS has never been officially known and titled MI-6.

        It is quite amusing however, that SIS has even started referring to itself by using names other than the correct one!! One of those circumstances where fiction is affecting real life.

        1. Mad Mike

          Re: Copying from the BBC

          Amazing. Downvoted for being precise and factually correct. No wonder the whole country is falling apart. If we accept being fed inaccuracies all the time and this is the norm, no wonder politicians and the spooks can do anything they like!!

          1. Trevor_Pott Gold badge

            Re: Copying from the BBC

            You can be factually correct and still a douchebag. You're like one of them whiny little bitches whinging that "ain't is not a word" despite the fact that it's entry into common parlance has been accepted for decades.

            I'm on your goddamned lawn, sir, and my dog's taking a shit. That rocking chair and shaken broom impress me not at all.

            1. Michael Wojcik Silver badge

              Re: Copying from the BBC

              despite the fact that it's entry into common parlance

              Right, that's two canes now. We'll get you yet, my pretty, and your little dog too.

              (I knew someone who claimed to have been offered a job at MIπ, but he turned them down, as he found their reasoning circular and irrational. And another chap who said he'd worked at MIi, but I'm sure they're imaginary.)

              1. Trevor_Pott Gold badge

                Re: Copying from the BBC

                Sometimes you have to put deliberate mistakes in. I may be all writery now, but I'm still an internet troll at heart...and its/it's is the one that seems to irritate everyone the most. (Followed very closely by your/you're.)

                Now I want a survey; which grammar mistakes cause the most angst amongst commenttards?

  7. DrStrangeLug

    Won't somebody think of the children?

    Do you really think we'll get anywhere near a reasonable debate in this country?

    The day we get anywhere near that some terrorist activity will occur and news media will spend days days pandering to it demanding that more be done to stop them. I didn't think it a coincidence that that army drummer died just after the communications bill was shelved.

    1. Anonymous Coward
      Anonymous Coward

      Re: Won't somebody think of the children?

      "Do you really think we'll get anywhere near a reasonable debate in this country?"

      I tried watching a bit of the committee "grilling" which seemd more like a staged Q&A and the more I watched the more angry and frustrated I became. Whenever anything contentious s mentioned the old "we're complying with the law" chestnnust ends the discussion. No challenge to the open fact that the concept of citizens' privacy has been ended apparently for our own good, because they've detected 10, or 50, or 100, or 1000 "terrorist plots". And no challenge to get them to prove that wholesale data infiltration had anything to do with the alleged detection. Honestly, it's pure theatre.

      1. Anonymous Coward
        Anonymous Coward

        Re: Won't somebody think of the children?

        what would anyone expect with Rifkind as its chair?

        1. DF118

          Re: Won't somebody think of the children?

          what would anyone expect with Rifkind as its chair?

          R4 this morning: "some people say Rifkind is perhaps not the best person to be chairing the ISC".

          Understatement of the week.

  8. Anonymous Coward
    Anonymous Coward

    Nepotism?

    "Starting at 2pm, Sir John Sawers, MI6 chief, Sir Iain Lobban, director of GCHQ, and Andrew Parker, director general of MI5, will appear in front of Parliament's Intelligence and Security Committee (ISC)"

    So, being interviewed by their own people (as usual). I guess everything will be OK and nobody done anything wrong.

    As to the BBC's reporting, it is dire. Today there was a thing about some guy filming dolphins, and "he didn't use an oxygen tank least it scared them". Well, anybody knows SCUBA divers use air tanks...

    1. Anonymous Coward
      Anonymous Coward

      Re: Nepotism?

      Maybe he used an air line? SCUBA mouthpieces have a very distinctive noise as they go from inhale to exhale, detectable by some commercial port security systems from a surprising range- so a dolphin would have no trouble hearing it and getting startled by it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Nepotism?

        Sorry, you fail - the key word here is OXYGEN. The 'demand value' is what you are talking about, and exhaled gases under water do make noise, same as farting in the bath does.

        1. Anonymous Coward
          Anonymous Coward

          Re: Nepotism?

          @linicks: "same as farting in the bath does."

          Not if you bite the bubbles.

      2. Anonymous Coward
        Anonymous Coward

        Re: Nepotism?

        "Maybe he used an air line? SCUBA mouthpieces have a very distinctive noise as they go from inhale to exhale, detectable by some commercial port security systems from a surprising range- so a dolphin would have no trouble hearing it and getting startled by it."

        Maybe he was using a rebreather, which would also reduce the amount of expelled air? Do rebreather mouthpieces make the same kinds of noises in breath transitions?

    2. Vic

      Re: Nepotism?

      > Well, anybody knows SCUBA divers use air tanks...

      Some of us use oxygen cylinders as well. I would, if I were filming cetaceans[1].

      Vic.

      [1] RBs are quite a bit quieter...

  9. Flocke Kroes Silver badge

    Anyone got the names of the 28 MPs?

    I just wondered which ones the Security Services have the most dirt on.

  10. Anonymous Coward
    Anonymous Coward

    Berners-Lee? Oh yeah, he's the guy that wants DRM in your HTML5

  11. bernhard.fellgiebel

    Will They Care ?

    Certainly not. Proper software and hardware is unhackable (see the L4 operating system). There is even unbreakable crypto (OTP) and contrary to Bruce Schneier's claim it is actually feasible.

    Modern computers give every single person potentially something like the SIGABA machine, which is still secure to the present day (for something like SMS messages). Every single person who can afford a computer !

    So how can they continue to have nice jobs ? How do they continue to be powerful ? Subvert everything. Mr Berners-Lee is obviously very naive indeed.

  12. Mr Fuzzy

    Are they high?

    I'm pretty sure I just heard the term "junior clerk," used to describe a sysadmin. No wonder they have trouble - treating a chap with dominion over essential systems as a tea boy is likely to go poorly.

    1. Rukario
      Unhappy

      Re: Are they high?

      > treating a chap with dominion over essential systems as a tea boy

      Nah, the tea boys get more respect.

  13. Denarius
    Unhappy

    you miss the history

    Of course it was theater. Remember Sir Humphries remark about inquiries ? The political issue is that Divine Right of Kings has come back under guise of security granted by unfettered spooks, demanding the same blind submission. The more things change the more they stay the same etc. The fear to be feared is not the spooks, but how long and bloody the battle was to establish citizens at the center of power, not a self-selected elite. The second sane fear is that not enough citizens care. For once, the merkins are ahead of poms here. The USA republic founders were wise in their comments about the illusion of trading freedom for security.

  14. silent_count

    Writing letters

    "A group of 28 Tory MPs have written to the Guardian to protest against its continued publication of Snowden's revelations."

    And to sew up reelection, all they needed to do was pen a letter to Her Majesty requesting that she bestow knighthood upon Mr Snowden for his services towards protecting the rights of Her people.

    I wonder if they're towing a party line or if they really believe what they're saying.

This topic is closed for new posts.

Other stories you might like