Sir Tim versus Amber Rudd
Either a high-minded debate on BBC1 or a cage fight.
Sir Tim Berners-Lee has criticised plans to weaken encryption or extend surveillance in the wake of recent terrorist attacks. Days after the attack on Westminster that claimed the lives of three pedestrians and a police officer, Home Secretary Amber Rudd said there should be no safe space for terrorists to communicate online. …
This post has been deleted by its author
> You can't legislate against maths
Well, yes and no...
https://en.wikipedia.org/wiki/Illegal_number
Note, I'm not commenting about the effectiveness of doing so...
This post has been deleted by its author
Yes, use weak, therefore useless encryption standards that aren't so hard to crack. At which point you may as well have handed cybercriminals, including Terrorists(tm) and state sponsored bad dudes at which point you have just handed a loaded nation-state size gun to China, Russia and the rest with an instruction that your financial and critical infrastructure is not wearing kevlar today.
You cannot insert a "back door" into mathematics, which is what Crypto is, essentially. Any politician who tells you otherwise needs to step the fuck away from the TV, this isn't crime fiction.
Also: Technical problem? Really? The simplest way would be for the NSA/GCHQ to SSL middleman the in-and-out pipes to the various POPs and done.
"Re: a technical solution surely exists "
Putting aside the technical solution for now, what is the actual justification? So the Westminter bridge nutter (I refuse to use the "t"-word, that's NOT what he was) "checked What's App" moments before he drove into the crowd? So what? What would the police / security services have done even if they DID have unfettered access to everyone's data?
Definitely, as computer experts, we have a duty to proclaim the reality that backdoors "only for those with legitimate access" simply cannot exist. However when talking to / trying to convince non-technical people, I wouldn't go for a technical explanation. Rather, I would challenge the possibility of getting any useful INFORMATION from unfettered access to DATA (which is not just needle-in-a-haystack but something-I'm-not-quite-sure-of-in-a-million-stacks-of-random-junk). After all, it turns out pretty much every time that perps are "known to the police", and the police already have plenty of data (eg 9-11 attackers). When police already have enough data available, and the problem is getting useful information from the available data, then getting more data is simply going to make the problem bigger.
The solution is to have more police / security officers trained to make connections, and working "in the field" and undercover. But politicians who will happily blow a few billions on a fancy IT system (that will be 5 years late, 5 times over budget and unfit for purpose), refuse to spend a few hundred million on hiring, training and retaining skilled officers.
@ pccobbler
Was that a well-crafted satire or a load of old cobblers?
For avoidance of doubt, you don't dissuade people who are or are intending to break laws by providing them with more laws to break.
In other words those who intend to use strong encryption as an aid to breaking the law will source it from somewhere - the algorithms are not a big secret. So the people who'll be affected are the law-abiding people who you were trying to protect and those you were trying to deter will shrug it off.
You do not make the public more secure by weakening encryption, you make them less secure.
"For avoidance of doubt, you don't dissuade people who are or are intending to break laws by providing them with more laws to break."
Yes you do. It's why, for example, the UK has historically had very low gun crime; we used to punish it harshly. Don't forget it's also how Peter Sutcliffe (false numberplate) got caught and severely restricted Al Capone's activities.
"In other words those who intend to use strong encryption as an aid to breaking the law will source it from somewhere - the algorithms are not a big secret."
And - if you have total surveillance - they will then stick out like a big sore thumb. Making them very easy to arrest and prosecute. Also making it dramatically easier to prosecute for *something*. To reuse Phil Zimmerman's metaphor, if everyone uses postcards then anyone with a envelope is suspicious, especially if you ban envelopes.
So the debate shouldn't be about whether this will work, it will, but whether it will have massive downsides and is morally corrupt. That would be an adult debate, not that you'll find much here.
"You do not make the public more secure by weakening encryption, you make them less secure"
You change the balance. You make them marginally more secure against terrorists and people the state doesn't like. You make them dramatically less secure against the state, white collar criminals, corporations, tabloid journalists and other states.
Bleating on about you can't change the maths is stupid. Nobody wants to change the maths. They want to weaken protections whatever the cost.
I don't know if I'm giving you too much credit, but you are very much conflating issues here. 1) The security of the people as a whole against bad actors who use e2ee in the commission of their crimes, and 2) the security of the people as a whole as they use e2ee to protect themselves against bad actors wanting to snoop on, or interfere with, their online communications.
To clarify your use of Zimmerman's metaphor, the envelope exists to prevent people from reading the letter who should not. It also servers as a guarantor that the letter really is coming from whom it says.
In particular, MITM attacks on financial transactions rely on strong encryption. With weak encryption, they entire online marketplace (to include online banking) becomes intractable. E2EE is not required for this only because we assume that the people at the ISPs are good actors who have not been compromised in any way. This has always been a dubious assumption, and is becoming moreso with time.
Moreover, if you have strong crypto, then e2ee is straightforward to implement. And it does NOT particularly stand out, because many streams are of already encrypted data. This last move in the US to explicitly allow ISP commercialization of our online activity driving more of this.
Finally, the issue with the key under the doormat is, well, key. If some form of backdoor were implemented, its existence would be known for months or even years before implementation. The details, including the master keys, then become target #1 for every cracking operation on the planet. Most notably foreign intelligence services. Is there ANYONE that would make a bet that the system would remain intact for five years?
"It's why, for example, the UK has historically had very low gun crime; we used to punish it harshly."
I didn't notice that back in my time in N Ireland. That could have been to do with the fact that both sides had a well organised gun-running operation which got round the restrictions in supply.
"Don't forget it's also how Peter Sutcliffe (false numberplate) got caught" may be true but since the local crime reporter found, at the time of his arrest, that even his neighbours thought he was the "Ripper" and had repeatedly reported him to the police only to be rejected because he did not have Geordie accent. My point being that good detective work could have caught him much earlier without any reliance on technology which is the answer to all this nonsense about banning encryption.
@Adam52:
"It's why, for example, the UK has historically had very low gun crime; we used to punish it harshly."
Punishment to deter crime doesn't work; it has been used for centuries but still hasn't stopped crime. But that's an entirely different kettle of fish.
I'm strongly inclined to believe that the UK's relatively low gun-crime rate has been more due to both cultural differences (the majority of people don't want to live in a society where personal ownership of guns is seen as a necessity to personal safety) and the relatively low numbers of guns in circulation.
>> "For avoidance of doubt, you don't dissuade people who are or are intending to break laws by providing them with more laws to break."
> "Yes you do. It's why, for example, the UK has historically had very low gun crime; we used to punish it harshly. Don't forget it's also how Peter Sutcliffe (false numberplate) got caught and severely restricted Al Capone's activities."
You make a great point backed up with convincing data - the specific examples you give were both outstanding pillars of the community, who might have gone astray were it not for the numerous laws keeping them on the straight and narrow.
Sir Tim needs to assist with finding a way to allow law enforcement authorities to monitor Islamists and child porn purveyors.
First off, I reject the idea that people need to be "monitored." People should be assumed to be innocent unless you have reason to suspect otherwise. And the Government should not be allowed to go fishing for terrorists. But once you reasonably suspect that someone is a kiddie-fiddler or a terrorist, just infiltrate their end-points.
End-to-end encryption only protects the data in transit; once it arrives it's generally saved as plaintext. Surely the Government have RATs (Remote Access Trojan/Toolkit) which they can deploy to paedos and terr'sts' computers, after obtaining the proper warrant, either by social engineering or technical exploits.
We shouldn't allow the NSA to monitor everyone around the world in real-time, but this is a technical problem and a technical solution surely exists.
Knives must be sharp in order to cut things - if you dull a knife so that it won't cut people then it also won't cut bread. So you can't legislate a knife that cuts bread but doesn't cut people because the sharpness of a knife is the defining quality that make it useful.
Weak or backdoor enabled encryption is the same as a dull knife; it just won't cut it.
Saved as plain text? Well thats a pretty poor system. Even on the old MS phones I did encryption for the only time anything was decrypted was at display time. After the display the unencrypted was destroyed. Of course there is a time when it exists decrypted but if you have access to the device (by lookign over someones shoulder or mugging them) then there is not much that can be done
Amber Rudd sent this decisive tweet in response to TBL yesterday:
https://twitter.com/amberrudd_mp/status/848831684980219904
Showing her "Piers" - Tim Bernard Lee, her technical competence in use of Encryption/Steganography.
Decrypting the message, you can see it reads "YOU CAN SAVE ME".
Your MP may not have a good grasp of the technical issues. So (after watching it yourself to be sure what it is) email your MP this link: https://www.youtube.com/watch?v=VPBH1eW28mo
It's a simple, non-confrontational explanation of why weak crypto/backdoors is a really bad idea from a technical perspective. Most commentards here already understand these things, but their MP may not (especially if your MP is Amber Rudd).
Don't think to yourself that it will never happen. Unless your MP understands why this is such a stupid idea, it WILL happen.
You're right, only a few MPs would vote against their whip.
That leaves Labour and Lib Dems and a few others. Which would only need a few Tories to go against their whips.
But if enough Tories see it and realize it's true, they might have words with Amber behind the scenes. Point out to her what a truly stupid idea she has. Point out all the people who can be told of this video on youtube and realize what a stupid idea it is. Many of them her own constituents.
Still only a small chance of dissuading Rudd. But that's a lot better than doing nothing.
[sarcasm]After all, terrorists didn't exist before the interwebs allowed them to communicate in secret...[/sarcasm].
Most people are born under an astrology sign.
Would you enlighten us what rock you were born under.
Ever heard of the enigma machine the nazi's had?
Some of the best encryption, but the wizards at Bletchley Park [London] broke it
which contributed to the wend of WW2.
Don't remember which war, probably WW2, but the US military enlisted a bunch of native american Indians that spoke a really obscure tongue of one of the normal Indian languages.
They were then 2 end-point of all messages.
It was not broken, and if I remember correct it is still pretty secure.
Don't RTFA.....GRYH(tm) Go Read Your History.
...are literacy and mathematics. We just need to ban those, and stop offering general education in these subjects to the population. Education will be a perk limited to trustworthy, public-minded individuals such as the Royal Family, high Christian clergy, landowners swearing oaths of fealty to the Crown, and persons who have accumulated vast amounts of wealth (since God wouldn't allow an evil man to gain riches).
As a side effect, the population will be easier to control by the nobility and clergy. Due to their ignorance, for their own protection they will not be allowed rights or influence in government.
By taking the stand against literacy and mathematics, the country will enter a new golden age where terrorists can't communicate securely with each other and carry out their nefarious plans to reduce the nations of the free world back to the Muslim Dark Ages.
Just check the continued rants concerning STEM problems, the total absence of critical thinking in the educational curriculum and the rise and multiplication of "reality shows" and "social media" that suck out the collective IQ like leeches.
We're on the right path, nay - the path of righteousness. Amen, brother!
"carry out their nefarious plans to reduce the nations of the free world back to the Muslim Dark Ages."
Ah, yes. The Dark Ages, when Islam did so much to carry the learning of antiquity through to a period when the West could pick it up again. "Algebra" and "algorithm" don't sound a bit like Arabic words by chance nor is it chance that we use Arabic numbers.