Five Eyes nations stare menacingly at tech biz and its encryption

Re: Privacy of a Trrrst?

I think he may have made a double negative.

Millions died in wars to allow capitalism to continue. Where did the money come from to fight those wars? It was a land grab by the Germans, nothing to do with privacy or freedom, the subsequent removal of freedoms by the east Germans was to do with communism which in it's purist form works for everyone however it has never been applied in that sense because there are greedy people that enjoy the capitalist trough.

Anyway, enough sarcasm aside, the fight against the removal of privacy will only begin when it affects everyone and then it will probably be too late because like the DFS sale, once it's gone, it's gone.

Re: Privacy of a Trrrst?

Exactly.

Terrorists don't deserve privacy - but this is not the same as the removal of privacy from all, to see who's a terrorist.

As a realist, I fully accept that this isn't easy - what I'd like to see is simply some openness. Maybe if your government looks at your email or browser history - they drop you a note to say you're in the clear?

Re: Privacy of a Trrrst?

Unfortunately given the great and desperate lengths that our western democracies are going to in order to monitor every aspect of our communications, it would seem that now everyone is an "alleged trrrrst" and makes me wonder who they are talking about when they say they are doing it "to keep us safe".

Don't worry. We've got Senator "metadata" Brandis to ensure that the public are protected from extra-territorial abuse of such a process.

CONTENT CAUTION: The linked transcript has been known to induce the following symptoms: crying, hysterical laughing, nausea, confusion, despair, anxiety, bewilderment, and total agreement with Walkley Award judgement criteria. Reader discretion is advised.

Re: Just the spies?

In all fairness, they weren't "leaked" so much as "stolen and then leaked", but the end result is the same. Imagine how much more numerous and sophisticated the attempts will be to obtain these backdoor keys when the payoff isn't some old, mostly-patched vulnerabilities with the odd zero-day thrown in but the ability to compromise the very fabric of electronic commerce.

Re: Open source?

Good point. I still have my perl munitions t-shirt from 20 years ago (e.g. http://www.cypherspace.org/adam/shirt/uk-front2.jpg) must dig it out and wear it in public again 8-)

Re: Open source?

"Wow, nice software son. It sure would be a shame if the IRS decided to audit you every year for eternity from now on. And if the EPA took an interest. And if the FCC decided it was worth investigating in case it was 'commerce'. Yep, sure would be a shame. If only there was a way that sort of thing didn't happen. Right?"

Re: I need educating

You're not missing anything; it's the powers that be. In addition to the "mathematically impossible" part of the argument against, they also fail to grasp the idea that mandating a backdoor in all encrypted systems won't preclude the creation of new systems without one or the use of existing systems unaffected by their mandate.

Re: I need educating

Don't kid yourself: if a government with appropriate legal authority shows up and demands access, ProtonMail will have to make a choice: go to prison, or push a software update that compromises the security of their system. Any form of software that readily accepts updates from the vendor is inherently insecure. Lavabit shutdown their entire business rather than give in to the government. But how do you decide which vendors your trust to make that decision?

Re: This is bad for business.

Add violating various privacy laws because the encryption can be easily broken.

Re: This is bad for business.

"How many companies do you suppose are under contract to keep their data encrypted to protect their customers?"

It goes the other way as well. If you have log-in access to any online service take a good look at the T&Cs. You're obliged to keep those confidential. How do you do that if you don't have secure encryption while you use it?

There's a simple rule to apply here. If you want to advocate breaking online security you should be obliged to put all your online credentials - bank, Amazon, Tesco, whatever in the public domain for a year before implementing everything. If, at the end of the year, it still seems like a good idea then go ahead.

Re: This is bad for business.

How many companies do you suppose are under contract to keep their data encrypted to protect their customers?

While not quite 'under contract', the new data protection regulations in Europe are certainly pushing companies towards encrypting all customer data. While this alone won't protect you from data theft, in the event this happens it will be important to show that you considered data security, and encrypting it would be an obvious thing to do. Pretty soon I'd expect encrypted data to be the default, and it's not a particular leap to suggest that this might include communications, as well as databases and the like.

Re: Whatsapp favourite for plotting

That's the thing. If politicians are using such a tool, their own communications will be open to interception. I wonder how quickly the law would be changed after their messages were made public ?

Re: Does Not Make Sense

That's just the thing - there's no more reliable way to get Authority to chain you up until you can't even wiggle your pinky, regardless how inconvenient that makes everything for everyone, than telling it that it can't do something. Red flag, bull, china shop to ex-china shop...