back to article Who's right on crypto: An American prosecutor or a Lebanese coder?

The debate over encryption has become particularly intense following the deadly attacks in Paris. Politicians, police, and government agents insist the encryption in our software and gadgets be limited. Tech companies and programmers insist the encryption be implemented fully securely. This past week, there have been two …

Page:

  1. Andy Tunnah

    Nope, don't care

    I find the examples given deplorable, as I expect (hope?) everyone else does, but I just will never support broken encryption.

    You can tell me all the horror stories you want, but at the end of the day it will just never be worth it, because while crimes and examples are something ready to display the power of the "for" argument, the power of encryption means we don't have any examples of the "against" column, and that's what I'll always be rooting for. The day where someone can show "but dissident was tracked, his phone hacked, and now is strung up in the gallows" is a day we've failed.

    People suck, crime sucks, but it isn't just a phone that makes a case, and I truly believe more harm than good will come out of broken encryption.

    1. LucreLout

      Re: Nope, don't care

      @Andy Tunnah

      I find the examples given deplorable, as I expect (hope?) everyone else does, but I just will never support broken encryption.

      Broken encryption isn't encryption.

      People suck, crime sucks, but it isn't just a phone that makes a case, and I truly believe more harm than good will come out of broken encryption.

      As do I. However, I don't see it as being required at all.

      You can secure your home against unwanted entry, but you cannot refuse to comply with a search warrant. Why then can the same not be held true for encrypted data? If the authorities can persuade a judge to grant them lawful access to your data, then they have the right to access it. If you decline to co-operate and open your devices, then you can stay in jail until you abide by the warrant. It removes the benefits of encryption accruing to criminals without harming the rest of us.

      Obviously, careful oversight and monitoring would be required, but being innocent of that of which you are suspected and having your data searched is not radically different from being innocent and having your home searched. Fixing the law does not require breaking encryption.

      Terrorists obviously won't comply, but you can't change our whole society and way of life to handle such edge cases.

      1. Joseph Eoff

        Re: Nope, don't care

        Certainly you can secure your home against unwanted entry, and the police have to have a warrent to search it.

        The analogy to cryptography falls apart, though, because the police have to have a warrant and they still have to come in the door to get in your house.

        In the case of cryptography, they are basically saying that every house has to have an additional entrance with a master key. The master key is only supposed to be in the hands of those with auhorization, but how long do you think the master key will stay there? I estimate the master keys will stay in authorized hands for approximately 0.01 milliseconds, thereafter every no-good sumbitch on the planet will have a copy and be making plans to make mose effective use of said keys.

        So, no back doors in encrypted systems - EVER.

        1. LucreLout

          Re: Nope, don't care

          @Joeseph Eoff

          The analogy to cryptography falls apart, though, because the police have to have a warrant and they still have to come in the door to get in your house.

          That's the point I was making - having them come to your device and have you unlock it is the same thing. Don't comply, then go to jail until you do. It removes the protection criminals enjoy without violating anyone else's right to privacy.

          n the case of cryptography, they are basically saying that every house has to have an additional entrance with a master key.

          Master keys are broken cryptography, which as I've said, is no cryptography.

          1. Andy Davies

            Re: Nope, don't care

            That's the point I was making - having them come to your device and have you unlock it is the same thing. Don't comply, then go to jail until you do. It removes the protection criminals enjoy without violating anyone else's right to privacy.

            I have an encrypted file on my computer, I made it years ago, it contains nothing of any interest - but - I have absolutely no idea what key I used. So would jail time be appropriate?

            1. LucreLout

              Re: Nope, don't care

              I have an encrypted file on my computer, I made it years ago, it contains nothing of any interest - but - I have absolutely no idea what key I used. So would jail time be appropriate?

              It's not about what is appropriate, it is about what is.

              You could already find yourself in jail for several years for that file. Given your apparent inability to open it, maybe deleting it would be the smart move, no?

        2. teancum144

          Re: Nope, don't care

          Except if you lock your door; with a legal warrant, they can break down your door. How is this accomplished with encryption?

          1. LucreLout

            Re: Nope, don't care

            Except if you lock your door; with a legal warrant, they can break down your door. How is this accomplished with encryption?

            It can't be, because broken encryption isn't encryption. There can never be any back door permitted. So what they'd do instead is assume the worst and jail you until you unlock the device. It's much liek they do now, but it takes away the benefits of reduced tariffs for nonces etc and simultaneously closes down the governments encryption that isn't encryption magical circle-jerk.

          2. Anonymous Coward
            Anonymous Coward

            Re: Nope, don't care

            brute force still works but they want timely access

          3. Anonymous Coward
            Anonymous Coward

            @teancum144 - breaking down the door

            And what if you have a windowless house built from concrete with a steel door they can't break down? What amount of resources will they invest in trying to saw through the concrete until they hit stainless steel rebar, then deciding it is easier to get a torch to cut through the hinges on the door and find the door is made with some special steel alloy they make bank vaults from that resists normal cutting torches?

            As far as I know, it isn't illegal to make a really secure house that the police can't get into even with a legal warrant. Can they jail you if you refuse to let them in and they're unable to break down the door?

            1. LucreLout

              Re: @teancum144 - breaking down the door

              @DougS

              Can they jail you if you refuse to let them in and they're unable to break down the door?

              Do they need to? you've just put yourself under house arrest. All they do now is turn off your utilities and wait for you to emerge. Until then you stay under house arrest. I'm surprised you don't recognize that as being identical to what I described....

              1. Anonymous Coward
                Anonymous Coward

                @LucreLout

                Who says you're home when the police are trying to get in? If you have the resources to do what I suggest, and the police willing to serve a warrant on you, you're probably one of those criminals who has multiple houses. You're living it up elsewhere!

      2. AndrewDu

        Re: Nope, don't care

        " It removes the benefits of encryption accruing to criminals without harming the rest of us."

        Until the definition of "criminals" is expanded by the elites to include something you didn't expect, and then you're toast.

        1. Anonymous Coward
          Anonymous Coward

          Re: Nope, don't care

          Until the definition of "criminals" is expanded by the elites to include something you didn't expect... or the miscreants and script kiddies suss it out - as the keep doing with the TLA's backdoors... or some plod leaves his keys in some brothel... or some fucktard "OEM" distributes the "private" keys on some piece of shit they're selling... or... etc... and then you're toast.

          PS Downvote wasn't from me. Looks like Mattie B has breezed through.

          1. Roland6 Silver badge

            Re: Nope, don't care

            Until the definition of "criminals" is expanded by the elites to include something you didn't expect...

            Well an obvious group of "criminals" are dead criminals!

            Using the analogy, the police can still search the person's home but not their smartphone if it is encrypted.

            Not saying that devices should or shouldn't be encrypted, only pointing out a problem area..

            1. Anonymous Coward
              Anonymous Coward

              Re: Nope, don't care

              Well an obvious group of "criminals" are dead criminals!

              Using the analogy, the police can still search the person's home but not their smartphone if it is encrypted.

              Can't say I lose a great deal of sleep over the insidious menace of dead criminals. Perhaps you can learn to live with letting dead criminals (and their mobes) RIP?

              1. Roland6 Silver badge

                Re: Nope, don't care

                >Can't say I lose a great deal of sleep over the insidious menace of dead criminals.

                I suspect the mobile phone of a dead terrorist might contain useful information as would the mobile phone dropped by a terrorist - ask the French police for their opinion...

                But then from the viewpoint expressed by Nadim Kobeissi, permitting this style of access isn't without repercussions...

        2. Anonymous Coward
          Anonymous Coward

          Re: Nope, don't care

          > Until the definition of "criminals" is expanded by the elites to include something you didn't expect, and then you're toast.

          Whoever has downvoted that comment is living a very sheltered life.

        3. alain williams Silver badge

          Re: Nope, don't care

          There are plenty of stories of corrupt government and of the rich being prepared to do anything to stay rich. There seems to be a lot of evidence, I am not a historian or journalist so it is hard for me to verify things like: JFK - 9/11 except to say that much of it I have heard before.

          Something worth reading is this: Shock Doctrine and also Shock Doctrine.

          It is easy to label as conspiracy theory, but there are plenty of unanswered questions.

          1. LucreLout

            Re: Nope, don't care

            @alain williams

            I grow increasingly weary of the tinfoil hatters nonsense, for that is what it ALL is, around the events of 9/11. The one thing they all have in common is that none of them were there that day; it's just regurgitated rubbish based on shakey video footage and imperfect knowledge as the the precise cause of each little sub-event.

            Some terrorists hijacked some planes and flew them into some buildings. Lots of innocent people died. It's no more complicated than that. It wasn't the government, it wasn't the Jews, it wasn't Elvis flamin' Presley either. The person to blame was Osama Bin Laden, and he paid for that with his life.

            The conspiracy theorists are all just a little bit sick, and they all do a disservice to those who died that day.

            1. Anonymous Coward
              Anonymous Coward

              Re: Nope, don't care

              RE: Events of 9/11 etc, the "security services" had full access at that time and yet 9/11 still happened, either they are incompetent or they allowed it to happen.

              So the real question is simple, if the people demanding access to the public privacy "do not"/"fail to" stop events such as 9/11 then why should we give up our freedoms.

              The all the arguments against normal people being allowed to have some privacy fail to convince me that the people watching me in the shower are more interested in the "baddies" than me.

              1. LucreLout

                Re: Nope, don't care

                @Ac

                RE: Events of 9/11 etc, the "security services" had full access at that time and yet 9/11 still happened, either they are incompetent or they allowed it to happen.

                If you don't know that you're talking rubbish then you probably need to speak to a doctor.

                What is it you think they had full access to exactly? 9/11 was planned in a cave in Afghanistan. Unless you think the security services are omnipresent then your hypothesis is terminally flawed.

                So the real question is simple, if the people demanding access to the public privacy "do not"/"fail to" stop events such as 9/11 then why should we give up our freedoms.

                What freedom precisely is it you feel you're giving up?

                You've never had a right to privacy from criminal investigation by the state, and in general terms you're not giving up your privacy except where a judge can be convinced that you need to do so - which is exactly how search warrants work.

                Regardless, scope creep (which we're definitely seeing) with regard to state surveillance powers has NOTHING to do with the disgusting and empty-headed conspiracy theories around 9/11.

                That you don't understand you've conflated two wholly separate issues leads me to suspect term time may have ended early where you live?

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Nope, don't care

                  @ LucreLout

                  LucreLout, you're acting like a troll. Why do you attack authors who makes reference to the 911 disaster? Is this some sort of "hot button" for you? This discussion has little to do with 911, except that that event is a textbook example of protective force malfeasance. The Japanese attack on Pearl Harbor (USA) at the start of the second world war is an equally valid example of malfeasance, but is less relevant to a discussion on cryptography.

                  1. LucreLout

                    Re: Nope, don't care

                    @AC

                    Why do you attack authors who makes reference to the 911 disaster

                    What you're doing isn't making reference to it. You're trying to leverage the dead to make some demented David Ike style political point, which is frankly disgusting.

                    And I'm not attacking you, simply pointing out that 9/11 had NOTHING to do with the tinfoil hat paranoid shite you would like it to have. Did I miss the lizard people from the list of things that didn't cause 9/11?

                    Cowardly terrorists + planes + buildings = 9/11. Nothing more, nothing less.

                    Is this some sort of "hot button" for you?

                    That would be a fair assessment, yes. You'll find that most people living in New York at that time have very little time or patience for people like you abusing that day for your own ends or amusement.

                    except that that event is a textbook example of protective force malfeasance.

                    Neither I nor Google have any clue what you think that term to mean. I know what protective force means, and I know what malfeasance means, but the term you've used seemingly means nothing. Is it something that's leaked out of your conspiracy theorist echo chamber?

        4. nijam Silver badge

          Re: Nope, don't care

          " It removes the benefits of encryption accruing to criminals without harming the rest of us."

          Whereas Snowden's (and others') revelations have shown that it is dodgy governement agencies who are the criminals. And that harms everybody.

          1. Sir Runcible Spoon
            Paris Hilton

            Is a compromise possible?

            (Hypothetical question)..

            If the data were to be stored at rest UN-encrypted, but only accessible via an 'encryption' gate at the hardware level, this would prevent remote access to the data if you don't have the key.

            However, using a physical switch inside the device to bypass the encryption gate would give access to the data without a key, but only if you have the device.

            Alternatively, you could set up a second encryption gate where the fuzz have the other key, but the interface to this second gate is only accessible physically.

            I'm not sure if this is possible, or even advisable, I'm just thinking out loud about a possible compromise that doesn't open up everyone's full details to remote scrutiny, yet does allow for law enforcement to properly investigate a crime.

            If no compromise is found, the powers that will be will just stomp all over device-end encryption with their jack-boots to the point where even owning a device capable of running an app on it that performs that function could become a crime.

            1. Ben Tasker

              Re: Is a compromise possible?

              If the data were to be stored at rest UN-encrypted, but only accessible via an 'encryption' gate at the hardware level, this would prevent remote access to the data if you don't have the key.

              However, using a physical switch inside the device to bypass the encryption gate would give access to the data without a key, but only if you have the device.

              Unfortunately, the random mugger who nicks your phone would also have access to this switch

              Alternatively, you could set up a second encryption gate where the fuzz have the other key, but the interface to this second gate is only accessible physically.

              Sounds good on paper, except as the data is stored un-encrypted all "you" need to do is to figure out a means to bypass the gate (whether consumer facing or LEO facing) to introduce a plaintext gate.

              Certainly more of a challenge than simply nicking a phone and having all the data there ready, but it still massively undermines the point in encrypting the data at rest.

              If no compromise is found, the powers that will be will just stomp all over device-end encryption with their jack-boots to the point where even owning a device capable of running an app on it that performs that function could become a crime.

              There's arguably a good chance they'll try to do that any way. If we look at your gated example, the next thing to come would be "Criminals have learnt how to nobble the LEO access point".

              On the upside, given an app can be written anywhere, whilst it might be a crime to have that app they're going to have a hard time actually stopping it. The harder they (visibily) push against law-abiding citizens, the more their motives come into question. There's a balance they have to keep as well, it takes a lot, but beyond a certain point people's apathy goes away and they start questioning things (and, given how easy it is, installing apps to "protect" themselves).

            2. Graham Cobb Silver badge

              Re: Is a compromise possible?

              Alternatively, you could set up a second encryption gate where the fuzz have the other key, but the interface to this second gate is only accessible physically.

              But which fuzz? If I am a UK citizen, in the UK, I am subject to UK laws. Why should US or Chinese or Saudi Arabian or Indian or Russian fuzz be able to access my data (particularly if it is important to the economic wellbeing or security of the UK)? It isn't possible to have a system where law enforcement access can be permitted for some countries and not others. It is either physically possible to legally compel access or it isn't -- and not all legal systems are, in reality, equal.

              If no compromise is found, the powers that will be will just stomp all over device-end encryption with their jack-boots to the point where even owning a device capable of running an app on it that performs that function could become a crime.

              No, they won't. Major IT countries (including the US and Western Europe) won't because (as described in the article) it will sign the death warrants for their economically important major IT companies (users will go elsewhere). Other countries, with a less developed IT industry may try it but they will find massive bypassing of the rules.

              1. Stork Silver badge

                Re: Is a compromise possible?

                Totally agree. A couple of related thoughts:

                - In the UK, "economic wellbeing" is part of the spies' work. Sounds like it covers spying on non-uk businesses too. If you have "nothing to hide", it means you don't have an important position in any organisation.

                - What about rough insiders, selling info? Snowden went public, but I would be surprised if he was the only of the 850000 with Top Secret*) clearance that siphoned off info.

                *) Top Secret is a bit of a joke here. As my dad once said, if more than 2 people know it, it is not a secret any more.

            3. John Stoffel

              Re: Is a compromise possible?

              If the data is un-encrypted at rest, what is to stop the bad person/goverment/corporation from just pulling the data off by shutting down the system at rest and hoovering up the data that way? Or from backups? Or just making a copy at the operating system level?

              And how would you know if that happened?

            4. PsiAC

              Re: Is a compromise possible?

              Not having any encryption at rest means the device itself is entirely unencrypted. If it were to encode your data every time you entered your password, then decrypt it for the device to run, that would simply defeat the entire purpose of having the encryption in the first place.

              unencrypted data -> encryption gate -> nonsense -> decryption gate -> operating system

              This redundant encryption only ensures the sanctity of your data while it is being transmitted between the hardware and the OS. As far as I'm concerned, if your data is being snaffled there, you've already lost, since it tends to be difficult to insert something between the hardware and the OS without someone noticing.

              And why bother if it's already available at both the hardware and OS level anyways?

            5. stanimir

              Re: Is a compromise possible?

              only accessible via an 'encryption' gate at the hardware level, this would prevent remote access to the data if you don't have the key.

              Hardware and software are not that different in terms of Mathematics (and physics). People use(d) to reverse engineer chips via microscopes.

              The information is there (stored in some way) and if you need some 'master key' to "unlock" the hardware, it's no different than "just" software.

          2. Cynic_999

            Re: Nope, don't care

            UK police already have the option under RIPA of demanding that a suspect give the police whatever is needed to access their data, with up to 5 years jail time if they refuse. So where is the evidence that that power is insufficient in all but the most exceptional and rare cases?

            The big problem for me is that I do not trust the police to use any power appropriately or proportionately, and nor do I trust the government not to pass immoral and repressive laws. The temptation to have a trawl through a suspect's phone just to see what it might turn up is great - and a suspect is anyone who the police believe *might* have committed an illegal act, no matter how trivial. Such as drinking in a pub after closing hours (phone data may well be able to prove that). Councils will be keen to get evidence to fine people for putting rubbish in the wrong bin, or sending their children to a school that is not full of drug-addicted juvenile delinquents (with the pupils being almost as bad).

            IIRC the very first prosecution that resulted from the first roll-out of government operated CCTV cameras was that of a pub landlord of a village who was overly generous with the drinking-up time he allowed. Which was not at all the sort of crime the locals who had welcomed the camera had wanted it to be used against. I certainly would not be surprised if any powers the government has to seize phone data is used to prosecute parking offenders.

        5. LucreLout

          Re: Nope, don't care

          @AndrewDu

          Until the definition of "criminals" is expanded by the elites to include something you didn't expect, and then you're toast.

          Elite is a computer game.

          If the state arbitrarily decide the law doesn't apply to it, then it can just lock you up for anything or nothing anyway, thus it is no more of a risk.

        6. Anonymous Coward
          Anonymous Coward

          Re: Nope, don't care

          RE; AndrewDu " " It removes the benefits of encryption accruing to criminals without harming the rest of us."

          Until the definition of "criminals" is expanded by the elites to include something you didn't expect, and then you're toast. "

          Speaking of 'toast'.. and the world of 'political economy' and why we do what we do and how we go about doing it.

          Far and away the largest chunk of terrorism and general anarchy is rooted in the sense of hopelessness generated by a total distrust in the validity of the philosophies and logic upon which 'modern economics' rests and upon which the increasingly small proportion of mankind which benefits from it relies for its 'moral authority' to keep things arranged as they are and to brook no dissent whilst at the same time engaging in sweet words and rhetoric as a Machiavellian exercise in good governance.

          Remove the hopelessness by aligning the goals and actions of all the institutions of state and commerce, everywhere, to the enlightened moral precepts of the 21st century, which everyone claims to subscribe to, then you will remove 99% of terrorism and the need for this debate. We can all have our privacy, subject to 'probable cause' and limited to physical access and search of living space. Everybody would be able to live and do the real jobs they expected to do, with the freedom and the security they expect.

          In the respected world of serious study and analyses, the Georgian and Victorian precepts of morality that provide the inescapable context of the logic underpinning the whole of neoclassical 'modern economics', as well as Marx's Communism and Liberal Socialism and Social Democracy, is well recognised to be 'houses of cards' al built on the same invalid and inappropriate idealised model of an 'economic man'. For us today, the imagined 'free markets' through which they exchange and distribute the products of their particular specialisations to their mutual and fairly distributed individual advantage have been shown not to exist. Not then and not now, and not likely to. Without a complete rethink and rebuild/redirection of the plethora of political and commercial institutions which have been built on those archaic and naive premises.

          Unfortunately for us all those same institutions that have grown up to support a system which concentrates wealth and power to an increasingly small fraction of people are the realm of those same people. Their moral super-hero is the idealised 'economic man' exercising rationality and self-interest in all his unfettered and minimally controlled activities. Be they activities involving production, exchange and distribution, or consumption.

          Both sides of this crypto debate are in the same camp. It is logical and rational for app and device makers to protect their own commercial interests and not compromise security demanded by you and I. In their role of being agents of a power hegemony fully convinced by the benefits of its own self-righteousness, our security forces must see their need for ubiquitously broken crypto products as logical and rational in their self-interest to be seen to be defending successfully those that reward them for doing so.

          The real question is not the short-term one of 'Which is right?' but the long-term question of 'Are either of them right?' and if not 'Should not both them be actively seeking to bring their moral precepts into line with those of the 21st Century and seeking to modify our social, commercial and political institutions to achieve, support the and develop the universal and global application of those goals of equality, brotherhood and liberty which once were conceived as applying in practice to only an educated and commercially successful, largely hereditary, elite?'.

          If we cannot expect such an introspection and 'epiphanal' conviction of spirit and the actions to demonstrate it from those who are the receptacles of the accruing concentrations of the wealth and power that are needed to make those changes in an evolutionary but rapid and deterministic way, then there will inevitably be those whose lives are so dire and hopeless that there will be those who, struck by empathy and a sense of injustice and convinced of their own ability to challenge its causes by publicising to the iniquitous the iniquity seen. They will seek to chip away at their comfortable self-righteousness using whatever misguided, misconceived and desperate ways as would seem proportional to the scale of the stasis amongst those that can and should be the ones acting positively to facilitate real change.

          Whether or not broken crypto? It is a mere sideshow. It has no logical resolution and has no moral precepts to choose between for the most powerful protagonists share the same 17th Century philosophical foundation. It can only be resolved by paradigm shift and an update of governance and commercial practices in governments and boardrooms to be in line with the rhetoric expressed in the hustings and by corporate spin doctors.

          Rather tie your elected 'representatives' in knots of inescapable logic than entangle hexcodes and electron spins. Rather find ways of creating a democracy that controls governance in the interests and for the well-being of every person and not primarily in the interests of the few people who seek to influence and control 'our' representatives by feeding their personal senses of well-being with candy and cake.

          1. Anonymous Coward
            Anonymous Coward

            Re: Nope, don't care

            thats a bit long - howabout some bullet points for those of us without the time to read it all

      3. Woodnag

        Re: Nope, don't care

        "If the authorities can persuade a judge to grant them lawful access to your data, then they have the right to access it. If you decline to co-operate and open your devices, then you can stay in jail until you abide by the warrant."

        Sorry, too many compliant judges, too many warrant issued without genuine PC. You need to have the right to challenge the warrant before cooperating.

        1. LucreLout

          Re: Nope, don't care

          @Woodnag

          Sorry, too many compliant judges, too many warrant issued without genuine PC. You need to have the right to challenge the warrant before cooperating.

          You can't challenge a search warrant for your home before it is issued, so sorry, you're out of luck here too.

        2. Michael Wojcik Silver badge

          Re: Nope, don't care

          You need to have the right to challenge the warrant before cooperating.

          And the warrants have to be public. Secret warrants are nearly as bad as no warrants at all. Get rid of the gag orders and the National Security Letters and the rest of the cloak-and-dagger bullshit.

          Does that compromise investigations? Yes, and too fucking bad. The police state can't be trusted; it's demonstrated that time and time again.

      4. matchbx
        Big Brother

        Re: Nope, don't care

        "Obviously, careful oversight and monitoring would be required, but being innocent of that of which you are suspected and having your data searched is not radically different from being innocent and having your home searched."

        the main problem here is at some point in the future some government agency will circumvent the "careful oversight". and they will have a really good reason for doing so.

      5. Justicesays

        Re: Nope, don't care

        "If the authorities can persuade a judge to grant them lawful access to your data, then they have the right to access it. If you decline to co-operate and open your devices, then you can stay in jail until you abide by the warrant. It removes the benefits of encryption accruing to criminals without harming the rest of us."

        Police: We found this (old) smartphone in your kitchen drawer, looks like it's encrypted.

        Tell us the password.

        You: Erm, I stopped using that phone 3 years ago, I don't remember the password.

        Police: Likely story, this is your jihadi/drug/pedo phone, right? Off to the nick with you until you give us the goods.

        Plus issues around old people, people being set up with phones posted to them in the mail, random phones at a scene being associated with you. Police willing to perjure themselves who *think* you are a danger to society getting you indefinitely imprisoned without trial by claiming a random phone is yours and having the whole justice system back that imprisonment.

        I don't think it's a great plan personally.

        1. LucreLout

          Re: Nope, don't care

          I don't think it's a great plan personally.

          As opposed to having encryption banned for public use, which is very much the way the wind is blowing, I think it sounds bloody marvelous.

          All I'd have to do was factory reset any phone I was finished with and I'm free and clear, quite aside from the phone not having contacted a network in forever, having no incoming or outgoing calls or data - which could be verified by the networks.

          Same for mailing someone a phone and dobbing them in - it'd be easy to verify it's not their phone, just as mailing someone a kilo of coke isn't going to see them jailed.

          1. Vic

            Re: Nope, don't care

            As opposed to having encryption banned for public use, which is very much the way the wind is blowing

            That won't happen.

            They'll make lots of noise about it, then someone will point out that such measures would entirely destroy the Digital Economy. Politicians love the Digital Economy.

            This will all blow over. It is magical thinking, and eventually the pollies will be shown that what they want is impossible, and attempting to achieve it will not only fail miserably, but will cause such fall-out that they will never get another Executive Directorship as long as they live.

            Vic.

            1. LucreLout

              Re: Nope, don't care

              @Vic

              That won't happen.

              I agree, it won't.

              It is magical thinking

              Certainly, it is magical, but I'm not sure how much thinking of any kind they've done.

              eventually the pollies will be shown that what they want is impossible, and attempting to achieve it will not only fail miserably, but will cause such fall-out that they will never get another Executive Directorship as long as they live.

              Yup. which is when some devious bastard will cotton on to what I've suggested and change the law such that they achieve most of what they want but without the broken encryption. The UK already has enacted the law as I've proposed it, only with a few years penalty rather than indefinite detention. It'll come, sooner or later, it'll come.

              While I WILL continue to use strong encryption in spite of any ban, I would also, when given a straight choice of unlocking the device/vob or sitting in a cell until I do.... well, I'd unlock the device. Why? I actually don't have anything to hide form the law but I do have things I'd prefer to keep private from public knowledge.... like my savings account balance/numbers, or photos of my kids.

        2. Anonymous Coward
          Anonymous Coward

          Re: Nope, don't care

          As an 'old person' I can attest to the fact that I frequently lose 'sight' of my cellphone/tablet/glasses/wallet/toothbrush/Banking PIN/..... You name it I have forgotten it. I could easily get jailed and I do not even have Alzheimer's!

          The upside is that I believe 'white-collar' places of detention are run to a much higher standard than are required of those run by the 'old age care industry'!!! And.. they don't make you sell your house to pay for your upkeep!!!

      6. king_tut

        Re: Nope, don't care

        > You can secure your home against unwanted entry, but you cannot refuse to comply with a search warrant. Why then can the same not be held true for encrypted data?

        You're referring to a RIPA part 3 warrant. Which is and has been used. While it has been used to put some child-porn people in jail IIRC (as the maximum sentence under RIPA part 3 is less than that from kiddie porn), there's also claims that some of the people affected were innocent of anything other than being tinfoil-hat wearing paranoids.

      7. Anonymous Coward
        Windows

        Re: Nope, don't care

        @LucreLout I'm very much a non-terrorist but if you are making over my cryptographic systems and their keys, good luck with that. I do not, emphatically not, with access to notes, conjectures, or systems in the hands of any government official. Ever. Fortunately, my government has shown itself and I won't be making a mistake of there.

        Yep, lock me up. It won't bother me at all. Might even extend my life span having medical care close to hand. Oh yes, forgot solitary. Who knows what I might pass someone.

        /sarcasw ??? Perhaps. I got a good chuckle out of four digit PIN code. Treat me nice and I can show ya sum neet trix. On second thought, you won't see that either.

    2. Anonymous Coward
      Anonymous Coward

      Re: Nope, don't care

      I truly believe more harm than good comes out of broken encryption.

      FTFY

      It's the green eyed monster making all this fuss.

      The fix is in. Certain governments and their agencies already broke the public capto - at spec and at source. The police services of those governments are well aware of this, not least because they're fed a stream of intelligence gleaned from the TLA's wholesale subversion of the publicly disseminated cryptography. To their obvious and festering chagrin, the police, courts, etc are not permitted direct access to these "intelligence" sources. One might perhaps suppose that someone, somewhere, is trying to suppress widespread knowledge of the surveillance. But the police services know it exists. FBI, DEA, etc even indulge in programs of fit-ups which they call "parallel construction" whereby they frame suspects with falsified "evidence" to secure convictions based on those "intelligence" rumours. It is not unreasonable to conclude that the directors of these police services would rather have their own feeds of mass surveillance, and all this shouting from those very people would appear to support that conclusion.

      Since this sort of comment seems to invariably attract vigorous downvoting and heckling from the apologist/ostrich/fuckwit types, I'll throw in a handful of links for their enjoyment:

      http://www.theregister.co.uk/2013/09/05/nsa_gchq_ssl_reports/

      http://www.theregister.co.uk/2015/01/14/nsa_sorry_we_borked_nist_encryption_well_sorry_we_got_caught/

      http://www.theregister.co.uk/2014/06/05/how_the_interenet_was_broken/

      http://www.theregister.co.uk/2014/02/27/qa_schneier_on_trust_nsa_spying_and_the_end_of_us_internet_hegemony/

      https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html

      http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?_r=1&

      http://www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE97409R20130805#y8DElyerFGTHMluq.97

      https://theintercept.com/2014/08/25/icreach-nsa-cia-secret-google-crisscross-proton/

    3. Anonymous Coward
      Anonymous Coward

      That list of "horror stories"

      Do we want a terrorist, child abuser or murderer to go free because the authorities lacked access to someone's phone? No, of course not. Is it worth opening up our devices to hackers to do so? Or even if they could create a "perfect" back door, to potential (virtually certain, IMHO) unauthorized access by the government outside search warrants? After all, the US at least has proven it doesn't care about the limitations the Constitution is supposed to place on such things.

      The entire argument is a strawman. Let's say as an experiment a Constitutional amendment was passed where in the month of December every person on American soil had to have a personal spy (lets say it was possible to do with robots, since hiring 350 million Chinese to do this might be slightly impractical) with them 24x7 observing all their activities looking for things they are doing that are against the law. Imagine the long list of murders prevented, child abusers caught and perhaps even terrorist plots foiled! So why won't we pass such a law, since it will keep us so much safer?

      Does anyone think that if such a law existed, it would be limited to looking for only "bad" crimes like terrorism and child porn? Even if it was at first, the scope would creep so it would eventually be looking for small time drug dealers or public urinators. Likely it would be further abused by those in power to maintain their power - imagine the dirt a President could dig up on those running against him? Even Putin doesn't have that level of power!

      1. Michael Wojcik Silver badge

        Re: That list of "horror stories"

        Do we want a terrorist, child abuser or murderer to go free because the authorities lacked access to someone's phone? No, of course not.

        There's no "of course" about it. I'd argue Blackstone's Ratio applies here too. I think there should be quite a high bar to prying into people's personal effects, and I'm quite happy to see the occasional J. Random Hypothetical Baddie escape justice if that means civil rights are preserved for the rest of us.

        I find these prosecutorial "think of the criminals" arguments woefully uncompelling. Kieren called Vance's list of bugbears "harrowing"; I think that description is hyperbolic to the point of stupidity. Yes, these are examples of people who, if they did what they are accused of, deserve punishment, and I have sympathy for the victims. But squealing with dismay and collapsing on our settees at the thought of the evildoers in our midst, from whom our only defense is smartphone data, greatly overstates the virtues of the surveillance state.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like