Surveillance forestalls more 'draconian' police powers – William Hague Lord Hague has predicted that Western societies will enact laws and regulations against unbreakable encryption – while conceding that the technology has always existed. The former UK foreign secretary, who is also a historian and author of a biography of Prime Minister William Pitt the Younger, told delegates at the Infosec …
This post has been deleted by its author
Instead of 'Privacy and Security' I wish they'd just call a spade a spade and say 'Privacy and Knowing everything about you whenever they want'
Security isn't about being able to read people's data, ironically in a digital context it's actually about preventing people reading your data and getting access to your stuff.
@NoneSuch
The alternative is anarchy.
At the end of WW1 and of WW2, Eastern Europe was in sheer chaos. Twice in a lifetime for many people. Even communism might seem less worse.
So Government, like so much else, is compromise. We argue where the compromise should be, but there will have to be some rules.
No its not. The result is that there will have to be a better way found to deal with the issue. The problem is that the average terrorist nowadays has already learned not to communicate using the standard (broken) channels. The attackers in Brussels for instance had been pretty much silent on social media and communication accounts. Which means all this talk on breaking or banning crypto achieves is reduce privacy for the average citizen!
Which means all this talk on breaking or banning crypto achieves is reduce privacy for the average citizen!
Which is what the rules are actually intended for. Illberal toerag he may be, but Hague isn't completely stupid. And GCHQ may be incompetent, but they employ enough bright people. Theresa May may have been better off working for the state in the GDR, but again not wholly stupid. So on the basis that most of them are not total and utter idiots, the people awarding themselves these powers know that they will be of no help in tracking down terrorists. Given they know that, the only logical conclusion is that this is intentionally part of a strategy to spy on the population and control them.
Curiously enough, I think there is one member of the government who is sufficiently clueless and intellectually lightweight that he CAN claim that he believes this is about stopping paedodrugterrorists. You know the one, he can (in theory only) be contacted at number 10, Downing Street.
Given they know that, the only logical conclusion is that this is intentionally part of a strategy to spy on the population and control them.
I don't disagree, what I don't know is if the footsoldiers at GCHQ/NSA et al are actually telling their bosses they need huge mountains of data to do their jobs. Can't imagine why they would given it would seem to impede them in doing so.
I'm all for intrusive surveillance but it actually has to be targeted at individuals. All we're trying to do now is carpet bomb dresden rather than hit bin laden with a drone strike like we should be doing. Yes you have to find targets in the first place but very few people mouthing off on facebook are going to be actual threats, the way you'd tell is with actual old fashioned intelligence work and maybe less with the allowing people to piss off to Syria whenever they feel like and we might start making some headway.
They can try - they'll end the economic system they're supposed to protect if they do. Plus pitchforks are an option.
"Necessity was the plea for every infringement of human freedom. It was the argument of tyrants; it was the creed of slaves" -- Pitt the Younger.
Seemed relevant seeing as Hague brought him up.
CodeBook based ciphers and their analogues are unbreakable to this day. Nothing new there.
They, however, are feasible only for a prearranged communication, not for on-off messaging. There is no session secrecy. You break it once, it is broken forever and you read all past and future messages.
It also requires zero technology so it cannot be defeated technologically.
"concerns that if law enforcement could break into communications for one reason they’d be able to break it for another "
I don't think it is so much that concern that worries most informed users, although some law enforcement agencies have somewhat tarnished the collective reputations of their counterparts in this regard, but the fact that if they can break in, then ultimately so can someone else, perhaps with less benign intent.
Given that he then goes on about companies "leaving the doors unlocked" he clearly isn't aware, or has chosen to ignore, that he's just told them they can only secure it with a cable-tie rather than a decent padlock
Maybe the whole point of this is for organised crime to get the master keys first. When states get them, use them, etc. wouldn't matter to them. So pay the lobbyists and get the leaders justifying your agenda- it all could just pay off eventually. Global domination through realtime access to all data... Bwahahahahaaaa!
You *can* use book ciphers for one off messages with a bit of planning.
Get a message out of the blue ? Get the 56th bestselling book of that month (from the Times Literary supplement) - and hey presto (as long as "56th bestselling boon on this months list" was prearranged).
Could be used anytime after the initial planning. And (as VRH pointed out) is immune to whatever technology you care to throw at it.
Yes, of course you can do that sort of thing.
But no-one does. Well, I tell a lie. There's a very good chance that people like terrorists, who actually care about secrecy, do something like that. But they're not a significant voting bloc, so who cares about them? No-one who matters, does that.
Because encoding a message like that is a lot of work. For anything much more involved than "Hello, world!", it takes hours of tedious labour. Ain't no-one got time for that nowadays, they want a computer to do it for them.
And if a computer can encode it, another computer can break it.
Another computer can break it. Perhaps - but like quantum decryption how do you know you've decrypted it? For any random message you can apply a 'decryption' key that will product the message 'Bomb the capitalist pigs now!" but you dont know that is correct.
For anyone considering book cyphers, this is interesting; http://www.drdobbs.com/security/the-book-cipher-algorithm/210603676?pgno=1
The important thing though is not to leave what you have encrypted on the computer you have used to encrypt the message, or indeed any reference to the book and the start position or the recipient/s.
Some things are best kept in your head, if it comes down to being waterboarded then itis probably too late to get away with anything, even if it was only to say Happy Birthday to someone.
Fuck you Hague. If I encrypt something, that means that *I* decide who gets to see it. Not 'me and a self-invited list of law-enforcement and whoever else has bought their way into the club'. Me. Only. If asked to, I may or may not decrypt it, depending upon circumstances; but having a member of the hoi-polloi having some control over their own destiny really sticks in the craw of these power-crazed fuckers. The technology is already out there; and maths says you can't have an invite and still have security yourself. So fucking deal with it and stop whining for fucks sake.
"While there should be constraints to intrusion, there’s no absolute right to privacy either, he said."
Yes there is. There isn't a right however, for corrupt bastards to legislate themselves the right to read over your shoulder to make their jobs easier. More to the point, online tech companies are encrypting things AS A DIRECT RESULT of security services and law enforcement getting caught with their hands in the cookie jar breaking far more laws than I could ever aspire to.
Not quite the same subject matter but it seems round where I live the plod has been taking liberties doing just that-
http://www.bbc.co.uk/news/uk-england-south-yorkshire-36469945
I wondered what the police helicopter was doing hovering our house all that time the other night.
When they get more powers to slurp our communications data I wonder what other juicy stuff they'll dig up!
"What is an "absolute right to privacy"?"
Here you go, the laws that enshrine our legal right to privacy in the UK. Note how it specifically extends to our communications and further makes certain comments about the controls and limits of state surveillance.
https://www.liberty-human-rights.org.uk/human-rights/privacy
Also note that it is part of the Human Rights Act and is enforceable by the ECHR. You know, the EU. And the HRA, things that no one has recently been saying we should leave and be "self determined" about....
....oh...wait...
"The ECHR is not an EU thing"
All very true, but you can't deny that the PtB have been espousing a UK abandonment of the UDHR and the ECHR over the last few years alongside the idea of leaving the EU. They may not be linked legally, or in our estimations, but I believe our lords and masters see all of these issues as part of a grand plan to remove the UK from international oversight in a more general framework.
The amount of yelling the parents are doing about this leads me to believe that they have figured out that ubiquitous end to end encryption with PFS is inevitable and the world where they just had to stay ahead of the Moore's Law curve in order to have almost complete access to network traffic will soon indeed go dark.
If they are lucky the only thing that happens will be these huge multi-nationals will dump some tea in the harbor and tell them to piss off. Alternatively, the guillotine staffed by a mob.
The difference in what the oppressors use to subjugate their people is less significant than the act of subjugation and its end results are in a society that believes itself to be free.
That is true that the network traffic will soon indeed go dark. There was a very interesting keynote speech from the CISO of KPN Telecom a short while after Lord Hagues speech, and fortunately she had the polar opposite viewpoint that communications must be safe, secure and reliable. They are testing and rolling out quantum communications channels, and China already have large networks, where because they are quantum based any monitoring of the signal will inherently modify the content so the recipient will know the communication has been intercepted or monitored.
Trying to defeat private communication is an arms race that will never be won.
Instead of by what iactually has happened, basically a faceless, uneleceted group of data fetishists.
This is not the "voice of reason."
It's a (slightly) less hysterical version of the "We must hand over our right to privacy (enshrined in the ECHR) to protect our way of life" BS.
Is Mr Hague a leaver, or a starer in the EU referendum do you think?
I was recently watching a series of '24' (other similar shows are available) that featured a device that bypassed pretty much any firewall and network security. My mind rebelled against the proposition (though I persisted as otherwise the storyline and action was good) as the idea of such a device is ridiculous.
The whole 'breakable encryption' brigade is trying to lead us into a world where such a thing is not only feasible but likely inevitable.
Whilst an absolute bitch to configure, the Gauntlet firewalls back in the day were about as secure a firewall as you could ever hope for. The management let it down when compared to Cisco PIX's and the newcomer to the game with it's fancy GUI - Checkpoint - which was probably what led to its' demise.
However, what I noticed was that there were no *new* proxy-type firewalls coming along - all of the current crop of firewalls for Enterprise are pass-through type.
After going on a few courses with aforementioned vendors and meeting people who made me feel like a 3 year old chimp with brain damage in comparison, I discovered that there are ways to bypass pass-through type firewalls. Apart from the obvious back-doors that have been floating around recently I never did find out what that mechanism was, and it was proved to me on one occasion where I was asked to secure a laptop behind a firewall in a lab, and this chap (using another laptop outside the firewall) simply logged in to my laptop, using RDP (which was disabled) and used my webcam (which was disabled in the device manager) and took a photo of my astonished face as I watched my cursor wizz around my screen.
Now I think I know why there are no proxy-type firewalls left in the market :(
For those too young to have played with Gauntlet, it basically had a little bit of proxy code for each application you wanted to allow connectivity to. So there were FTP proxies, HTTP proxies etc. etc. The main point being was that if the incoming data stream didn't conform to the parameters of the proxy, it was filtered - so no buffer overruns - no SQL injections - it was pure whitelisted traffic and nothing else. This would probably be harder to do today since some of the protocols have developed and become a lot more complex, but it *could* be done - so why hasn't it?
I fear you may be unaware of modern firewall design.
Many modern firewalls implement integrated application layer proxies with policy based filtering alongside a stateful packet filter and have done for many years. I know that Checkpoint had limited support (covering http and ftp) at least since version four (released around the millennium), Microsoft's firewall also does it and with Palo-Alto it is very well integrated into the rules-base. I am sure that there are many other examples.
You talk of Checkpoint as being a brand new firewall at the time. If you are going that far back in the day, the other firewalls you were probably dealing with would have been little more than stateless filters, which were leaky as sieves as you had to open huge holes to allow 'return' traffic back from a server (packets travelling to a 'high' numbered TCP port). Checkpoint's big contribution to firewalls is not the friendly GUI but they claim to have invented the concept of a stateful firewall. Unlike the older filters, a stateful firewall monitors the state of connections thus eliminating the need for rules opening up huge holes. The stateful design is used by pretty much all firewalls now.
Are they genuinely stupid? or genuinely evil? or a bit of both? What is it about 'privacy' that they don't understand? The role of the citizen is not to make life easy for the government, whatever their reasons. Yes, technology can be used by criminals as well as the good people. That is no reason to ban the technology and stop good people from gaining the benefits. Dick Turpin used a horse to assist in his highway robberies. Did any MP in 1739 suggest banning horses?
Criminals will communicate. That's a fact of life, get over it. They will always be one step ahead of the goodies. If they need to make their plans and have a whispered conversation in a rowing boat 12 miles offshore, how will MI5 intercept that? Should we all be required to wear a continuous recorder, just on the off-chance that we might want to fiddle with a kiddie or BLOW UP a photograph? After all, it may help to prevent a serious crime, and please think of the children. Personally, I don't think it's a good idea, and I suspect a lot of other people might not think it a good idea, but it's no different in principle to government demands to provide encryption backdoors to russian mafia bosses.
There is another option. They are afraid, and while not stupid, lack the ability to correctly assess risk. All the spooks (or anyone else with an agenda) have to do is bombard them with scenarios that are highly unlikely until the point they believe they are going to happen, at which point the fear kicks in and overrides common sense. Make people afraid and they will do what you want when you offer a solution to their fear.
"If they need to make their plans and have a whispered conversation in a rowing boat 12 miles offshore, how will MI5 intercept that?"
Well, times being what they are it's reasonable to presume the "rowing boat" would actually have an engine and some sort of cabin. With glass windows. And once you have glass windows - look, man, what did you think all those sharks with lasers were for?!?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
