No is the answer and it remains that way
The answer is no and it is going to remain that way. At least for me if I ever go into encryption programming (and just programming to start with).
UK Prime Minister Theresa May has reiterated calls for a special magic version of encryption to be developed by technologists so law enforcement can access everyone's communications on demand – and somehow engineer it so that no one else can abuse this backdoor. Speaking at the World Economic Forum (WEF) in Davos, Switzerland …
I don't know what you're talking about.
making secure crypto that is only breakable for lawful law enforcement is just as easy as staying in EU and exiting the EU at the same time. May does that flawlessly, so obviously that crypto stuff is just as flawless
Hence the requirement for vastly increasing funding for research in quantum technology. As we all know, this exciting field allows something to exist simultaneously in a number of apparently contradictory states at the same time.
Hence the requirement for vastly increasing funding for research in quantum technology. As we all know, this exciting field allows something to exist simultaneously in a number of apparently contradictory states at the same time. .... TRT
You might like to ask Jacob Rees-Mogg MP to share with you the "New Knowledge" missive, [sent to him on 16 November 2017 at 15:15] which contains the following lines amongst a whole host of other relevant and relative information ........
Does Conservative Leadership want to … Make a Quantum Communication Leap into Future Perfect Presentations with Augmented Virtual Reality Production Systems. ….. with Global Operating Devices.Such is that which is Presently Running Our Current Programs.
I Kid U Not.
..... or is all of that to be classified and presumed to be TS/SCI whenever it is in fact now more general knowledge to be exploited and expanded upon? Well, you now know of the message, don't you.
If Jacob refuses, what would that be telling you whenever he has every right to share everything shared freely.
making secure crypto that is only breakable for lawful law enforcement is just as easy as staying in EU and exiting the EU at the same time. May does that flawlessly, so obviously that crypto stuff is just as flawless
Actually, it is easy to think of several half-way credible ways of doing that. I mean the crypto breakable by good guys only, not the Schrödinger's Brexit. And politicians, aided by some intellectually dishonest experts, may well latch on one of those and make it mandatory.
I feel May seems to operate much like an Electronic Monk, especially the updated Mk-II version which has advanced illogic circuitry able to hold a huge number of mutually contradictory beliefs without throwing those annoying system errors. Many politicians share this kind of circuitry, it seems
Doffs hat (black fedora again) to the late, great Douglas Adams
"
Actually, it is easy to think of several half-way credible ways of doing that. I mean the crypto breakable by good guys only
"
I'd love to see an algorithm that only works if a "good guy" uses it. Even more, I'd like to see a method for determining who is "good" and who is "bad" (bonus if it can also predict which "good" guys will become "bad" in the future).
This post has been deleted by its author
I'd love to see an algorithm that only works if a "good guy" uses it.
Note I wrote "half-way credible", not "credible". For example, always make the crypto implementation store the user's key on the device or data stream but encrypted with a key known only to the good guys. This may well bamboozle people who forget to consider who all will have want to have these master keys (UK? US? China?), and can they be trusted to keep them secret. (And like you point out, will the custodians remain the good guys?).
Agree. It is rather odd that governments insist that spying on electronic communications is the only way to discover the bad guys.....but in the next breath claim that the proposed backdoor will only be used once they get a warrant. If they already have sufficient probable cause to get a warrant, they don't need a backdoor. They need a password. They already have the power to demand that, or hold the suspect in jail if he/she refuses to hand it over. I'm reminded of the FISA bit: Surveillance without true probable cause is enough to ask the suspect a question he might not fully answer. They he is, surprise, a perp. No thanks.
" it is easy to think of several half-way credible ways of doing that."
I don't think that it's easy at all. But if you really have a great idea, I encourage you to develop it. You'd be rich, and such a method would have many good and legitimate uses.
If the intellectual dishonesty means that a backdoor doesn't really exist then the scam won't last long, equally if the backdoor does exist it won't be much longer before it becomes known.
Either way, as Sir Humphrey would have said "I do think you are being awfully brave, Prime Minister, to bring in this much needed measure".
"At least for me if I ever go into encryption programming"
In order to produce crypto that is even remotely trustworthy, what you need isn't programming skills so much as advanced mathematical skills.
But you wouldn't need to invent new crypto. Just start using the strong crypto that is readily available right now, and stop relying on the default crypto your devices provide.
They're actually starting to sound like whiny brats and it's clear as crystal that this is their default approach to all shitty legislation - keep banging on until the public get bored and resistance fades. Only it isn't fading this time because they are actually asking for something that can't reasonably be done.
"They must focus their brightest and best on meeting these fundamental social responsibilities."
What, so the government can ignore all their advice when it doesn't fit with their own pre-conceived world view? (See drugs policy).
All they want is everything, all the time, no resistance and they will keep whining until they get it or the public wises up and sacks them. The moment someone tells them what they want to hear they'll be all over it, whether it's possible, sensible or legal - doesn't seem to matter.
"keep banging on until the public get bored and resistance fades. Only it isn't fading this time"
I'd like to share your optimism, but unfortunately actual evidence doesn't seem to support this: Beyond a little circle of people who a) understand the issue, *and* b) care about it (that's mostly Reg readers...), there is the vast crowd of people who just don't see what the problem might be.
I've asked a lot of people around me (Ph.D education level...) about this specific issue, and they all just shrug and went "Well, it's not like I have something to hide. And besides, who would be interested in pictures of my pet/my holiday?". That's their standard answer to both blanket surveillance and criminals getting to their information. Questions about losing sensitive information (financial, health, etc) are shrugged off as outliers. "Can't be worse than Facebook" is actually an excuse I heard, and it makes sense - People willing to give Facebook their most intimate life details clearly don't have the same assessment of what privacy is good for.
So beware, politicians' mantra-like repeating of stuff isn't a sign of some inability to accept reality, it's actually slow and steady brain washing. When the promised reductions in privacy eventually happen (in some technical way or another), the vast majority of people will only think "well, that was overdue, wasn't it".
I've asked a lot of people around me (Ph.D education level...) about this specific issue, and they all just shrug and went "Well, it's not like I have something to hide. And besides, who would be interested in pictures of my pet/my holiday?". That's their standard answer to both blanket surveillance and criminals getting to their information.
Tell them to read the ToS of their bank and any other online services. Then they'll discover that not only do they have something to hide but that they're contractually obliged to hide it.
"Well, it's not like I have something to hide. And besides, who would be interested in pictures of my pet/my holiday?""
Well I've not got anything to hide ( except financial stuff naturally) but I do always use ssh to access my systems at home from outside - this is to ensure security so my systems don't become a playground for spammers etc. My system is as secure as I can make it.
"Where does she expect her hairbrained idea of encryption to come from?"
Just wait until the politicians hear about quantum entangled photon pairs. Soon they'll be demanding physicists entangle a third photon for monitoring purposes...
I look at it like a "magic backdoor", however you can't create the back door without lubing it up and everyone taking one for the team. Maybe if someone explained it to her properly using the correct terminology then she might just get it as she's not been adverse to taking one for the team on many occasions. (DUP/Election/EU/Green/Johnson, the list goes on)
Disclaimer: For impartiality I'll say it a good job Corbyn isn't in power because I'm unsure if he's ever used a computer. The lib dems would probably just put in their manifesto that they won't ban encryption and then ban it.
Funny thing about this argument and all the BS flying about. I would think that the "security agencies" would know that any encryption with a backdoor is useless. Maybe the fightback is to insist that they use the same encryption they want us to use?
Then again, we've not heard from the grunts in the trenches in the agencies, only the political appointees who are mouthing the words they need to say to keep their jobs.
Exactly, GCHQ have some of the best cryptographers in the world, so they surely know that there's no way that they can have their own back door without some possibility of another country (or criminals etc.) finding a way to access it.
I guess this explains the focus on getting companies to do it, then if (for example) Whatsapp's magic backdoor was breached, the government doesn't look responsible.
"I would think that the "security agencies" would know that any encryption with a backdoor is useless"
It's the same in other areas. I lost count of the number of times I put together very detailed proposals for/against certain approaches to tackling a disease area, going to great lengths to research what was know, list the unknowns, explain the complexities, list the pros & cons and suggest a way forward only for a PHB+2 to dismiss ( or sometimes sanction ) the whole thing after a few moments consideration.
We should give them what they want and then carry on ignoring the useless fuckers. What are they going to do, write their own encryption programs? .... Sir Runcible Spoon
Isn't that the Current State of Status Quo Systems in Politicised Fields of Global Play, Sir? The Spaces and Places were they presume to be able to Provide Lead, and be failing miserably and spectacularly.
The crucial point that all these politicians seem to be missing is that the knowledge and technology to do end-to-end encryption now exists.
No matter what laws are passed, criminals and terrorists are, by their nature, not law abiding, and therefore will ignore those laws, and continue to use the technology.
It is not possible to remove the ability to create end-to-end encryption, now it exists, all you can do is disadvantage law-abiding citizens.
People tend to ascribe to others crimes they would commit themselves. For techies, this shows as an attempt to find sane intelligent motives consistent with other peoples' actions. This cannot work with Teresa May. Although ability at government is not a required attribute of a successful politician they do need to be better at politics ... than other politicians. She called for an election in June 2017. Now you know her level of competence at a core skill you have to base the motives behind her other activities consistent with determined ignorance and fly bashing against the closed half of a window level stupidity.
The only defence against such people is education - somehow we have to educate enough voters to prevent people like her getting elected again.
The technology exists, but time and time again, we hear that real-life terrorists used unencrypted communication. They weren't caught because nobody was looking. Criminals and terrorists are not law-abiding, but more to the point, most of them are not awfully bright.
If I were advising the security services, I'd be looking to put out messages calculated to encourage villains into using particular means of communication, where anything they might leak would be less needle-inna-haystack than the sum of all 'net traffic. One way to encourage that might be to have politicians and officials call for particular apps to be banned, thereby sending out the message that diabolical plots can be safely shared using precisely those apps. If any such app happened to have a backdoor, the calls to ban it (or force it to introduce a backdoor) would be loud and clear.
I will make encryption software such as encrypted video phones, fully encrypted instant message and custom encrypted web browsers as i see FIT !!!! I will release them FULLY OPEN SOURCE WITHOUT ANY BACKDOORS and ANY BAN will be USELESS because I simply will not LISTEN and will CONTINUE to release new versions when and where I see fit! I'm also in another country so you cannot touch me legally without some SERIOUS LEGAL FIREPOWER being brought in against you by me! I know some of the BEST lawyers in the business WORLDWIDE and the sheer weight of my legal opinions and legal paper deluge will obliterate any statutes you may wish to bring about!
So Tough Tootie Minister!
You can't disobey the laws of Math and Physics, they are COMPLETELY immutable!
AND FINALLY!!!! Get away from AES-256, Triple DES and Elliptic Curve-based encryption algorithms!
Modern supercomputers AND newer Quantum Computing-style (i.e. All States At Once Computing) WILL be able to break such systems.
YOU MUST HAVE POST-QUANTUM CRYPTOGRAPHY !!!!
You need Multivariate, Lattice, Code-based and other forms of "Post Quantum Cryptography" to be able to keep your data secrets from being ratted out by Shor's Algorithm!