nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Five Eyes nations stare menacingly at tech biz and its encryption

Silver badge

Privacy of a Trrrst?

Turnbull told Parliament: "The privacy of a terrorist can never be more important than public safety – never."

I don't think anyone is suggesting that, although there may be a different view about the privacy of an alleged trrrrst. But even more importantly I think a lot of people would say that the privacy of everyone in a country and their freedoms under the law are more important than limited public safety. Millions died in wars to make that point.

50
0
Anonymous Coward

Re: Privacy of a Trrrst?

I think he may have made a double negative.

Millions died in wars to allow capitalism to continue. Where did the money come from to fight those wars? It was a land grab by the Germans, nothing to do with privacy or freedom, the subsequent removal of freedoms by the east Germans was to do with communism which in it's purist form works for everyone however it has never been applied in that sense because there are greedy people that enjoy the capitalist trough.

Anyway, enough sarcasm aside, the fight against the removal of privacy will only begin when it affects everyone and then it will probably be too late because like the DFS sale, once it's gone, it's gone.

5
13
Silver badge

Re: Privacy of a Trrrst?

"nothing to do with privacy or freedom,"

If you had said that to my father when he was alive, he would have called you a twat and possibly have given you a slap.

He lied about his age and faked his work documents to show he was 2 years older than he was, so that he could join the RAF to fight as he was concerned about the German threat to his freedom and that of Europe and the World, his father who also fought in the first war also joined up immediately as did his 3 brothers, all for the same reasons.

The Nazis were a totalitarian government who would brook no disagreement or criticism of their beliefs and government. As such privacy was as much at risk as liberty.

You are however partly right in my opinion as the older I get the more I think the US looked upon WWII as a business oppurtunity at least as much as a fight for their freedom, for the rest of us it was very much an Idealistic war

40
3
Silver badge
Big Brother

Re: Privacy of a Trrrst?

I don't think anyone is suggesting that

You are trying to find meaning in a stament that is meant to confuse and dissemble.

You have already lost the game.

Let's have a framework here:

Gaslighting: State Mind Control and Abusive Narcissism

0
0
Anonymous Coward

Re: Privacy of a Trrrst?

"[...] as the older I get the more I think the US looked upon WWII as a business oppurtunity at least as much as a fight for their freedom, [..]"

That attitude probably changed to some extent in December 1941.

6
0
Anonymous Coward

Re: Privacy of a Trrrst?

My granddad also fought in world war 2 for the RAF. Sadly he died before I ever got to know him.

Don't confuse world war one with world war two. They are two different beasts.

The Nazi's weren't a totalitarian government they were a populist government, they didn't need control as they used the sheep herd mentality.

How could you take privacy away from someone in the 1930's? Read their letters? Technology wasn't about back then therefore what exactly could you do?

Edit: OP btw

4
8
Silver badge

Re: Privacy of a Trrrst?

Exactly.

Terrorists don't deserve privacy - but this is not the same as the removal of privacy from all, to see who's a terrorist.

As a realist, I fully accept that this isn't easy - what I'd like to see is simply some openness. Maybe if your government looks at your email or browser history - they drop you a note to say you're in the clear?

4
0
JLV
Silver badge

Re: Privacy of a Trrrst?

>which in it's purist form works for everyone however it has never been applied in that sense because there are greedy people that enjoy the capitalist trough.

Always the same refrain with Communists (and, no, not falling for US fallacy that socialism==communism): give us another chance cuz Mao, Pol Pot, NK, Stalin, Chavez were "not the real thing".

About the only less than toxic implementation to date has been Cuba's and even that's hardly been an unmitigated success story though at least they only imprison people and avoid shooting them. And have enviable social metrics, by some measures.

If it's so great how come they never submit to a ballot after coming to power, eh?

Tosser.

4
4
Alert

Re: Privacy of a Trrrst?

" there may be a different view about the privacy of an alleged trrrrst."

I think this deserves a little more discussion. AFAIK western common law is built on several pillars, one of which is "the presumption of innocence until proven guilty". I'm enough of a grown up to know that achieving this requires evidence, but I'm profoundly disturbed by the implications behind the words of our illustrious PM..

Does he similarly think that the privacy of his law abiding citizens isn't as important as public safety? Or is he somehow suggesting that only terrorists will have their privacy impacted by the use of these tools? (Note: I very deliberately didn't indicate who would be operating the tools).

It seems to me that terrorism is about spreading an agenda through fear and violence, and if this sort of push from our governments is the result, then it's pretty clear that they're having an effect.

11
0
Silver badge

Re: Privacy of a Trrrst?

"as the older I get the more I think the US looked upon WWII as a business oppurtunity at least as much as a fight for their freedom"

The US's view on WW2 is rather different to ours in the UK - a visit to the Nation War Museum in NOLA brought that home to me. To the left pond mob, the war against Japan was rather more personal to the homeland than the war in Europe/Africa etc. The US military came over here in vast numbers and helped us and the other Allies out across rather a large swathe of the world whilst the vast majority of the war in the Pacific was US vs Japan.

You may be thinking of Lend-Lease which we only finished paying off quite recently (2002ish?) That is simply the way of things in war time. As far as I am concerned, some rather good mates turned up in the nick of time when the shit hit the airconn. I should obviously point out that there were many other countries who chucked their men and women at the effort that might not have bothered.

I will also point out that Tom Hanks was not there, despite "Saving Pt Ryan" and the NOLA exhibitions 8)

4
0
Anonymous Coward

Re: Privacy of a Trrrst?

All wars are banker's wars, and now we live under the boot of the American empire, and all the cancerous multinationals it has spawned. Your dad was a tool.

2
15
Anonymous Coward

@Chris G - Re: Privacy of a Trrrst?

This is where propaganda really kicks in. To convince those young men they are fighting for the freedom of their Motherland. Germans did it, Soviets did it, Japanese did it, what makes you believe US and British were different ?

As a German war criminal was saying, nobody likes to go to war but the governments will always find a way to make people go for it.

For your information, the quantity of propaganda I had to swallow when I was living under a communist regime made me allergic so now I can detect it even in small doses as provided by what we call here in the West "public relations".

4
1
Silver badge

Re: Privacy of a Trrrst?

Some in the US were well ahead of December 7, 1941 in opposing the German launch of war and supporting defense of Britain. As evidence I suggest my parents who, as memvers of the American Hospital in Britain at Park Prewett Hospital near Basingstoke left New York for Britain in late August, 1940. They lacked certainty about whether they would be received by the British or their German conquerors, and arrived in London in early September during the Blitz, returning to the US in mid or late 1941. They, the other members of the hospital staff, and the Allied Relief Fund that provided part of their support certainly were not paying a lot of attention to any business opportunity.

7
0
Anonymous Coward

Re: Privacy of a Trrrst?

Unfortunately given the great and desperate lengths that our western democracies are going to in order to monitor every aspect of our communications, it would seem that now everyone is an "alleged trrrrst" and makes me wonder who they are talking about when they say they are doing it "to keep us safe".

2
0
Anonymous Coward

Re: Privacy of a Trrrst?

There isn't much privacy in a camp; ask half of Europe, the far east, the Jews and Gypsies among others. Then read some history before you have to repeat it. Remember too that you may not be on the winning side or you may even be considered to be one of the mentally defective and sent to a camp for processing. Look up how the Nazis were able to do such a thorough job of destroying whole populations, they used technology which isn't too far distant from what is available today, though they didn't have an app for it then it was still very effective. Luckily the Allies were able to use technology to better effect to deal with these animals. One could argue we are still paying the price for this.

AC because I can't believe the drivel some people believe and have no desire to argue about it or read any more.

PS I've met men who fought in both wars and on different sides and have heard some stories about the control. It is a shame you didn't meet your grandfather, I'll wager he would find it hard to find the difference between the two wars or any others for that matter. Try meeting some survivors while you still can.

3
0

Re: Trade deals with the EU

> If it's so great how come they never submit to a ballot after coming to power, eh?

Like the democratically elected Communist governments in West Bengal and Kerala you mean? Tosser.

0
3
JLV
Silver badge

Re: Trade deals with the EU

Fairly specious example. They don't have much of a choice, as states, in India, do they? Can't do any better?

Surely there must be one case, somewhere, sometime, when fair independent multiparty elections were held in a fully independent Communist nation state. Can't think of one, but...

Maybe Nicaragua, not sure how that went.

0
0
Bronze badge

Hmm, isn't the meta data supposed to be more useful than the messages itself?

9
0
Silver badge

Don't worry. We've got Senator "metadata" Brandis to ensure that the public are protected from extra-territorial abuse of such a process.

CONTENT CAUTION: The linked transcript has been known to induce the following symptoms: crying, hysterical laughing, nausea, confusion, despair, anxiety, bewilderment, and total agreement with Walkley Award judgement criteria. Reader discretion is advised.

2
0
Silver badge

Just the spies?

create a piece of software that could be sent to an individual's phone that would allow spies and russian and chinese criminals direct access to the device and so enable them to bypass encryption protection.

FTFY.

Would this be the famous NSA that has never ever ever leaked any of it's code, exploits and data to the wide world?

25
0
vir
Bronze badge

Re: Just the spies?

In all fairness, they weren't "leaked" so much as "stolen and then leaked", but the end result is the same. Imagine how much more numerous and sophisticated the attempts will be to obtain these backdoor keys when the payoff isn't some old, mostly-patched vulnerabilities with the odd zero-day thrown in but the ability to compromise the very fabric of electronic commerce.

10
0
Silver badge

Open source?

The other big question is how do they mandate that in any open source project? Are they going to actually make it illegal to have any properly implemented encryption? Can we ask how this might act in terms of business insurance when systems are in use for protecting IP and account details, etc, are known to be vulnerable?

Seems like the 1990's are back and want to discuss those flaws and key-size limits that bit system security a couple of decades later.

13
1
Anonymous Coward

Re: Open source?

Good point. I still have my perl munitions t-shirt from 20 years ago (e.g. http://www.cypherspace.org/adam/shirt/uk-front2.jpg) must dig it out and wear it in public again 8-)

4
0
Silver badge

t-shirts

Hmm...I need to see if I still have the old t-shirt back from Clipper days. The front had '1984 "We're behind schedule" NSA' graphic and Wired's anti-clipper graphic.

Fair few graphics from that era in that directory.

2
0
Bronze badge

Re: Open source?

"Wow, nice software son. It sure would be a shame if the IRS decided to audit you every year for eternity from now on. And if the EPA took an interest. And if the FCC decided it was worth investigating in case it was 'commerce'. Yep, sure would be a shame. If only there was a way that sort of thing didn't happen. Right?"

1
1
Anonymous Coward

@GrumpyKiwi - Re: Open source?

It is sure that governments will have a look at this angle but the horses have already left the barn. So they will tell banks and military to stop using this open source software until they can come out with a backdoored solution. Oh and the terrorists will keep enjoying good quality encryption software they already have.

3
0
Silver badge

Re: @GrumpyKiwi - Open source?

"Oh and the terrorists will keep enjoying good quality encryption software they already have."

Which will thus stick out like sore thumbs since the State can't read them. AND there are ways to stymie steganography to make even that risky. The thing about encryption in the past was that it wasn't a risk back then to talk in code. Now the mere use of encryption can be very risky, possible to detect in flight (and thus trace), and so on. The trouble with "hiding in plain sight" comes when plain sight severely limits your options.

1
5

Re: Open source?

Ha ha ha! Awesome!

What will happen is FOSS projects that don't want back doors will have to move to hosting solutions outside US/Five Eyes control. NSA will inevitably set up honeypots with signatures in the encryption code for tracking. Anyone who really does navigate to a FOSS project will be red-flagged for further tracking. Torr is of limited usefulness when dealing with entities that can monitor ALL input and output from Torr hosts.

Welcome to the new world order.

0
0

I need educating

What am I missing about this encryption jamboree? If I happened to be involved in any nefarious activities then I guess I'd only use a properly (I think!) encrypted email service like ProtonMail, which the ISP wouldn't/couldn't provide any way of decrypting (though maybe GCHQ could via brute force etc). What more is there to understand?

3
0
vir
Bronze badge

Re: I need educating

You're not missing anything; it's the powers that be. In addition to the "mathematically impossible" part of the argument against, they also fail to grasp the idea that mandating a backdoor in all encrypted systems won't preclude the creation of new systems without one or the use of existing systems unaffected by their mandate.

14
0

Re: I need educating

Don't kid yourself: if a government with appropriate legal authority shows up and demands access, ProtonMail will have to make a choice: go to prison, or push a software update that compromises the security of their system. Any form of software that readily accepts updates from the vendor is inherently insecure. Lavabit shutdown their entire business rather than give in to the government. But how do you decide which vendors your trust to make that decision?

6
0
Silver badge

Re: I need educating

The thing with services like ProtonMail is that in theory even the operators can't decrypt.

In practice - as we saw with JAP - the courts may order that the client is compromised to facilitate interception.

3
0
Silver badge

Re: I need educating

"if a government with appropriate legal authority shows up and demands access, ProtonMail will have to make a choice"

What's all this about "a" government. ProtonMail are based in Switzerland. I don't think Switzerland are going to take kindly to any old government rolling up. The only legal authority that stands there is Swiss.

6
0

Re: I need educating

I don't claim to have any expertise in Swiss politics. But it's not clear to me that there's no chance of the Swiss government deciding that they'd like a peek at your email. Are you confident that there isn't a certificate authority that won't hand over a private key to the NSA and allow them to man-in-the-middle your load of the web app? Are you confident that the US government can't exert enough pressure on Google or Apple to put a compromised version of the app into their respective stores? The structure of software businesses and distribution channels leave a lot of attack surface for a government to poke at.

1
0
Anonymous Coward

Re: I need educating

"ProtonMail are based in Switzerland."

Which has meant nothing since the US compelled Switzerland (through threats of sanctions) to break their vaunted bank account anonymity.

2
0
Silver badge

Re: I need educating

Use end-to-end encryption, make your software completely open source and charge only for server access, publish both on Google Play, F-droid and as standalone apk - this could only be compromised if the code lacked scrutiny or if your device was itself compromised...

0
0
Silver badge

Re: I need educating

"Which has meant nothing since the US compelled Switzerland ... to break their vaunted bank account anonymity."

I thought someone would come up with that. AFAICS that's left the Swiss hopping mad and consequently I'd expect them to be even less willing to countenance anything else that goes against their take on privacy.

0
0

Re: I need educating

"Which has meant nothing since the US compelled Switzerland (through threats of sanctions) to break their vaunted bank account anonymity."

The Cayman Islands started working with the US in the last 5 years as well. It's actually pressure on the banks, not the country that causes it. The US says: If you don't play nice we will put you on the no-no list and anyone within US influence is not allowed to do business with you.

It all inevitably comes down to money. Software companies are no different.

0
0
FAIL

Re: I need educating

ANDROID IS A TRACKING SERVICE FROM GOOGLE - A US BASED COMPANY.

There are so many security vulnerabilities in Android, it will never ever ever be safe. The simple fact that Google Apps is on your phone will prevent you from ever being a private citizen again. Did you know that your phone is telling google about ALL the wifi access points you come into range of?

You DID know that they are tracking your every single movement to provide you with "more acurate information" and you can't actually turn that off because it's part of the PROPRIETARY Google Apps?

Moreover, 80% of phones can be rooted in a few minutes from instructions on the internet written by a teenager. If that's too hard for the NSA, look at the laundry list of vulnerabilities in the last patch. Android has been around for many years now and you can still be compromised by someone sending you a text that you don't even respond to!!!

More again, the baseband on all phones is intrinsically insecure. All drivers live in the kernel space and have full access to, well everything. Many, many of the drivers your phone relies on are proprietary and are only available as binary blobs and are written by companies that (surprise!) are based in the US.

More again, the radio in your phone usually has a small "operating system" running the chip. Once again, binary blobs from companies based in the US, or even better, China.

Until an entire open source hardware and software solution that is NOT based on GNU/Linux (or any other monolithic kernel) is developed, you will always be at the mercy of those that understand all the things you didn't even know were a problem.

2
1
Anonymous Coward

Re: "giving the police and the authorities the powers they need to keep our country safe."

Who says they're going to limit it to software?

They might as well just bring in Jack Bauer. For your safety, of course :/

1
0
Anonymous Coward

This is bad for business.

How many companies do you suppose are under contract to keep their data encrypted to protect their customers? Are these governments even aware that they themselves have existing contracts with vendors that force encryption compliance?

I'm one of those cases. I personally have to run BitLocker on my work laptop because I have no other choice. And both Android and iOS are running encrypted by default these days.

Why would we even use encryption in the first place if it has known backdoors? The whole point is make it prohibitively expensive to break into other peoples' devices, which has the nice side effect of forcing governments to use brute force sparingly, such as in high profile cases of terrorism. It needs to be an expensive procedure, otherwise you're opening yourself up to potential attacks from small time crackers and script kiddies in addition to state actors.

It's like locking the front door to your house before you leave. Nobody will dispute that the door can be rammed or destroyed by any number of large tools/vehicles, but the lock will still be effective against all the hundreds of potential dumb criminals that forgot to bring a crowbar. If you leave the back door unlocked, however, you're fucked as soon as any criminal decides they want to try ALL the doors to the house, not just the front.

How many times do we have to go over this? Security through obscurity is a danger to everyone.

17
0
Silver badge

Re: This is bad for business.

Add violating various privacy laws because the encryption can be easily broken.

3
1
Silver badge

Re: This is bad for business.

"How many companies do you suppose are under contract to keep their data encrypted to protect their customers?"

It goes the other way as well. If you have log-in access to any online service take a good look at the T&Cs. You're obliged to keep those confidential. How do you do that if you don't have secure encryption while you use it?

There's a simple rule to apply here. If you want to advocate breaking online security you should be obliged to put all your online credentials - bank, Amazon, Tesco, whatever in the public domain for a year before implementing everything. If, at the end of the year, it still seems like a good idea then go ahead.

0
0
Silver badge

Re: This is bad for business.

"How many companies do you suppose are under contract to keep their data encrypted to protect their customers?"

Simple. No one's above THE LAW. If the law compels you to break the contract and takes precedence over contract law, guess who wins.

0
2

Re: This is bad for business.

How many companies do you suppose are under contract to keep their data encrypted to protect their customers?

While not quite 'under contract', the new data protection regulations in Europe are certainly pushing companies towards encrypting all customer data. While this alone won't protect you from data theft, in the event this happens it will be important to show that you considered data security, and encrypting it would be an obvious thing to do. Pretty soon I'd expect encrypted data to be the default, and it's not a particular leap to suggest that this might include communications, as well as databases and the like.

1
0
Silver badge

Re: This is bad for business.

"Simple. No one's above THE LAW. If the law compels you to break the contract and takes precedence over contract law, guess who wins."

And what if THE LAW (to adopt your caps) says you've got to keep things confidential.

Take, for instance, my daughter's job. She works from home managing clinical trials for a pharma company based some distance away. By using a VPN she can log onto the office system, video-conference etc. as if she was in their office. Now consider what's likely to and what will certainly be exchanged over the link. Patient data is likely and is going to have various regulatory protocols governing it, from basic DPA stuff upwards. And certainly trials results will be involved; those are share price sensitive so they're governed by financial regulation.

TL;DR The law may or not be an ass; legislators are and whenever they stick their noses into whatever they don't understand they'll contradict themselves.

3
0

Whatsapp favourite for plotting

And all the while, Whatsapp groups remain the favourite vehicle for plotting politicians to secretly discuss business in private

5
0

Re: Whatsapp favourite for plotting

That's the thing. If politicians are using such a tool, their own communications will be open to interception. I wonder how quickly the law would be changed after their messages were made public ?

5
0
Bronze badge

Does Not Make Sense

Hi,

Regarding "Turnbull's comments reflect a more vague but similar response from UK prime minister Theresa May earlier this week in which she said she was focused on "giving the police and the authorities the powers they need to keep our country safe." And the UK authorities have already put in a legislative placeholder for breaking encryption into the Investigatory Powers Act."

The code for AES, and other later algorithms is already available and someone can easily write an application to encrypt messages end to end, without the requirement for a server in the middle.

So what is to stop someone providing this application to all and sundry ?.

What is to stop people using this or similar application - does everyone that needs to encrypt have to use a "government approved application" only?.

If the governments weaken encryption, they weaken it for the criminals and rogue nations to easily decrypt too.

As others have stated in this thread, and so many times elsewhere, you cannot weaken encryption without serious side effects which will cause more problems that it will ever solve. I am astounded this rhetoric still continues.

Regards,

Shadmeister.

7
0
Silver badge

Re: Does Not Make Sense

That's just the thing - there's no more reliable way to get Authority to chain you up until you can't even wiggle your pinky, regardless how inconvenient that makes everything for everyone, than telling it that it can't do something. Red flag, bull, china shop to ex-china shop...

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing