Five Eyes nations stare menacingly at tech biz and its encryption Officials from the United States, the United Kingdom, Canada, Australia and New Zealand will discuss next month plans to force tech companies to break encryption on their products. The so-called Five Eyes nations have a long-standing agreement to gather and share intelligence from across the globe. They will meet in Canada …
It makes sense, you just have to look at it the right way. A rational point of view is that mass surveillance is a sickness, a disease that will kill the 5-eyes hosts. Attempting to control encryption is just one more pox on us all. However, from a mass surveillance point of view encryption gets in the way of big data and that is a problem. For data mining and mass surveillance it increases the cost of what is already a worthless endeavour. If mass surveillance is ever to be proved useful we must all stand naked before it just like the scanners at the airports.
It might be appropriate to ask whether Apple, Microsoft, or any other provider who signs software can keep their secret keys safe. We certainly have seen a number of cases in which certificate authorities have been unable to do so, and there is no bigger back door to privacy protection than the capability to sign a boot loader and put it into the download area for updates.
An excellent way to drive all communications activity offshore and/or underground, beyond the jurisdiction of the five (or any) eyes.
What then, genius?
Is the supposedly "free world" destined to become just another North Korea: fenced in, watched and herded like a flock of sheep, all in the name of supposedly "protecting our Freedumb®", because I really don't see how else our totalitarian rulers could prevent the extrajurisdictional circumvention of their cunning plan?
"How many companies do you suppose are under contract to keep their data encrypted to protect their customers?"
Extraordinary communications taps. Think tap subs. No matter how far you try to drive communications underground, some State actors are determined enough to FOLLOW you. Remember, even bin Laden's inner circle got snooped (which then directly led to his death), and al Queda was pretty insistent on Sneakernet. What Man can do, Man can REdo.
Private companies would be wise not to play ball with "The Powers That Be" regarding an intrusion of privacy, it would mean their demise, I don't use Google or Windows 10 for that very reason. I think it's a bad idea to make a deal with the Devil out of convenience or because you like his app.
It doesn't work like that. It's going something like the following:
Governments have been asking for cooperation, the companies have chosen not to. Governments are losing patience, and are moving to take the matter out of the hands of the companies.
The companies then won't have a choice - the laws in various countries will become very explicit about what is expected. The "deal" will be made by Governments using law and it will be on terms chosen by Governments, not negotiated by the companies.
Breaking the new laws will result in huge fines, and possibly prison for individual company officers. That's the choice that people like Zuckerberg, Schmidt, Cook, etc will personally face.
Inevitable
Like it or loathe, this situation is an inevitable consequence of the companies' more or less total failure to engage. They’ve forgotten what it is that motivates voters, and hence politicians.
Practically the only universal belief shared by all politicians everywhere is that law and order really, really matters, that their own personal future (employment as an MP, cushy number as an elected leader) depends on being seen to be effective at dealing with crime. Falling short on law and order, doing nothing about a string of attacks, is an absolute guarantee of being voted out of office. Terrorism, unchecked paedophilia, unbridled hate videos, really do all have a political effect.
In matters like this one has to calculate where the corporate risk, profit lies. The companies have, I think, miscalculated. When this first became an issue (not even a political issue) they could have chosen to lead the debate on how content should be policed.
However they chose not to debate at all, and effectively said that content policing won't happen at all. And they have been repeatedly caught out having not policed content themselves and have also been ineffective and obstructive about removing it.
I cannot think up a company - government interaction that's going to irritate a politician more than that.
I think their profit risk calculation went something like this, in California. "If we're seen to cave in at all, our freetard ad funded business model is toast". And they looked no further than that.
This all took place when the companies started using https:// post Snowden.
Fault
The cause of all this is a failure of legislators to see early enough that OTT services like Facebook, YouTube, etc would need regulation (like phone networks are). They remain unregulated, and putting the genie back in the bottle is going to cause a huge row.
The companies are also at fault for not working out that regulation is going to play a long term role in their networks' operations. The fact that their business models rely on a lack of regulation is what has made them short sighted.
One way out of it would be proof of legal ID at user registration. That'd drive their business model away from freetard data slurping ad funded towards paid for ad free services. Might be refreshing...
WRONG. The companies have all the "negotiating" power of a bunny rabbit "negotiating" what's for dinner when invited over to the big bad wolf. At most they could tweak the specific timeline - the destination remains unchanged, and The Powers That Be will not stop pushing until they can read everything they want at any time (which is simply everything all the time). How exactly they will go about it in a technical sense is irrelevant, therefore so is any "negotiating power" attributed to the tech sector. The rabbit stew is non-negotiable, everything else is irrelevant.
RIGHT - phones Whitehouse, "Mr President can you pass the phone to your bosses from Goldman Sachs sitting opposite you?"
Hi this is Facebook/Apple/Amazon/Google, we represent 45% of the stock market, we are moving to Canada. Hope you enjoy being a 3rd world country - bye
"I hope you enjoy all their irksome regulations while you're there. We also know the bulk of your money isn't really in the US anyway. Oh, you'll also be required to pay some exit taxes on the way out, so you may be forced to repatriate some of that money to pay the bills. Meanwhile, the remaining FIFTY-five percent of the market will endure while new entrants come in to try their luck."
IOW, don't let the door hit you on the way out.
It'll never happen, because no company is going to sacrifice the world's biggest market in pursuit of some ideological cause.
The best we can hope for is that US tech firms reluctantly capitulate to this new totalitarian regime, then lose all their customers due to unpopular government-mandated privacy violations, forcing the government to choose between Draconian "national security" policies or a healthy economy.
In practice I suspect that, sadly, those companies won't actually lose many customers, most of whom will be completely oblivious to the aforementioned government-mandated privacy violations, or worse will be too apathetic to care.
"It'll never happen, because no company is going to sacrifice the world's biggest market in pursuit of some ideological cause."
Corporations are legally not allowed to make an altruistic decision that threatens profitability. A corporation is mandated to peruse profit for it's shareholders. If it is found to be doing otherwise, the shareholders can sue and remove the board of directors and/or any corporate officer.
I'm not saying it couldn't happen, but I am saying getting an activist hedge fund that holds 15% of your shares to agree would probably be well near impossible.
"Breaking the new laws will result in huge fines, and possibly prison for individual company officers. That's the choice that people like Zuckerberg, Schmidt, Cook, etc will personally face."
And eventually US govts will wish for the old days when they had tech businesses resident there.
"They’ve forgotten what it is that motivates voters, and hence politicians."
I think they know very well what motivates their users and also that their users are voters. They also have very good communications with their users. It could turn out to be the politicians who've forgotten something. When it comes to being warned about terrorism, that's a relatively remote threat*. Being warned about your finances being at risk, that's personal.
*I lived in N Ireland for many years in the '60s to the '80s so, yes, I do know a little about that.
In the United States, we have the 2nd amendment
to guarantee the 1st amendment and ANY government
in America that tries the above will face possibly up to
300 MILLION GUNS ALL LOCKED and LOADED......
in order to make WE THE PEOPLE'S points
and displeasures WELL KNOWN
to said government!
In Europe, Canada, Australia, New Zealand, people generally do.
In the USA, people generally don't. Even people who work for the government don't trust it (I've met several...).
Sure, that's a generalisation, there's differences in opinion everywhere, but the dislike of the Federal government in the US is on a whole different level to what you'll experience in other countries.
From anywhere and everywhere on the planet.
The black hats.
The ad slingers.
The bitcoin miners.
Those seeking to run covert web sites for anything and everything.
There really is no logical explanation to the politicians f**kwitted ignorance of this except
a) They cannot must the 5-10 whole minutes needed to understand why what they ask for is rubbish
b) They have that infantile faith that if they just keep asking for something long enough someone will supply it. Bit like kiddies nagging parents for latest toy.
"They have that infantile faith that if they just keep asking for something long enough someone will supply it. Bit like kiddies nagging parents for latest toy."
But what happens when the kiddie goes into "extreme tantrum" mode? Now you're forced to intervene before the kid or your house gets trashed.
If we are rightly determined that terrorism should not change our way of life that should include not weakening protections we have to defend our privacy. Let alone what government messing about with encryption standards and backdoors may do to global commerce - sounds to me like the terrorists are winning if we hand over our privacy and every thing else enabled by encryption technology so easily. Yes, I know the original article was about forcing companies to break their encryption for special cases but it's a short step from there to permanent backdoors.
You listen to them and read what they say and it all makes some sort of sense until they talk about something you actually know about and then suddenly you realise what imbeciles they are - attracted only to the sound of their own voice (El Reg except of course ;-) )
Politicians are used to a world where there is no such thing as a real binary choice: true or false and nothing in between. They come up against someone of a different opinion and argue, push, cajole, entice, bribe, blackmail, ... and a 'no, never' will turn into a 'maybe'.
They don't really accept that there no such thing as a safe back-door in encryption, or anything else.
Their reasons for doing this do not add up: they will catch a few low level crooks/terrorists/bogey-men but not the competent ones, IsisSoft Inc will not put back-doors in their code. So what is their true motivation ? It is appearing to me as increasingly totalitarian.
If they do push ahead with then we need a mass revolt by techies - all at once. They can pick us off one by one, but not by the thousand.
.
This comment alone probably puts me on the terrorist watch-list - the idea that normally meek geeks will stand up is one that politicians must find terrifying.
Not at all.
They don't think you have any power and they are sure they can find anyone who could cause them trouble and lock them up on something or other.
Which actually translates as they have people who work for them who tell them that you can cause them no trouble and if you do they have other people who can deal with it.
The average politician has very little understanding of the technology they use or how vulnerable it is. Most of this agenda is being pushed by career spookocrats, not the front line officers who know what bul***it this is. The real life equivalent of Jon Voight's character in "Enemy of the State," made 3 years before 9/11/01.
What is most ironic is the very privacy they want to strip from everyone (in the name of "security") is the very thing that lets them keep their secrets.
The only effective object lesson for such people would be if this came into force and someone used it to publish all such dirty laundry, from all parties.
After all, if you have nothing to hide you have nothing to fear, right?
the genii of encryption has been out of the bottle for DECADES.
PGP and its various incarnations is there for anyone who wants to use it.
OR, you can roll your own method, NOT tell anyone else, and just hand the program to whoever you want to decrypt it via snail-mail or some other "untraceable" means [including sneakernet].
It's like "gun control" laws, which are intended to PUNISH THE LAW ABIDING, while doing NOTHING to stop gun violence and gun crimes. After all, if you're a CRIMINAL, you don't OBEY laws. So they don't do SQUAT.
Captain Obvious on pretty much everything implied here. Gummint idiots are just knee-jerk reacting to the FUD, without ANY understanding of the tech, the implications, or the likely results.
"OR, you can roll your own method, NOT tell anyone else, and just hand the program to whoever you want to decrypt it via snail-mail or some other "untraceable" means [including sneakernet]."
Except any form of transit can be snooped. Dead drops can be watched, mail intercepted, and so on. And anything that the State cannot decrypt will likely stick out like a sore thumb, either because the MERE USE of encryption is a red flag or any attempt to use steganography beyond simple yes/no things that require prior establishment of a code (meaning it could've been moled) will cause it to stand out, too.
And yes, I think the Panopticon is closer than anyone thinks.
Except any form of transit can be snooped. Dead drops can be watched, mail intercepted, and so on.
You are talking about Traffic analysis, this is very different from breaking encryption; it is an important tool as it gives clues on who fellow terrorists/crooks/... may be. By nobbling encryption those being watched will use different communications, some of which will not be so easy for traffic analysis.
"It's like "gun control" laws, which are intended to PUNISH THE LAW ABIDING, while doing NOTHING to stop gun violence and gun crimes. After all, if you're a CRIMINAL, you don't OBEY laws. So they don't do SQUAT."
Erm....
Trust some gun-toting American to find an opportunity to bring control into a totally unrelated debate !
Everyone apart from the Americans can see that gun control laws work. Only the Americans continue the Wild West routine of shooting each other in substantial numbers on an almost daily basis. Meanwhile, in more civilised countries where gun control HAS been implemented, shootings are a rarity.
Gun control works. The facts are there to prove it.
Encryption control cannot work. The facts are there to prove it.
"Gun control works. The facts are there to prove it."
You're confusing correlation with causation. Ask yourself. Are Americans shooting each other because there are more guns or are there more guns because Americans are shooting each other? What about defensive gun use? What about black market guns? Plans for building your own zip guns off the Internet. The fact there are several major gun manufacturers on American soil? What about violence in general, not just gun violence since two inches of steel from behind is as effective as a bullet?
If new laws come to pass enforcing that which goes against the advice of all the experts on the topic, what is to be done / blamed / politicised against / axe ground upon when, inevitably, there's another "terror" attack?
Will the five-eyes governments guarantee that these democracy-threatening, privacy-invading, human-rights eroding laws will banish the spectre of terrorism from western civilisation for as long as these laws are in effect? If not, then the risk is not worth the reward. I wouldn't sacrifice the very core of my being for a (slight lead in the polls) "somewhat likelihood of a reduction in terror-related events". But maybe that's just what separates politicians from worthwhile members of society.
Looks like most politicians would.
The UK figures bear repeating.
36 dead due to terrorist incidents since 7/7/05. IE 3 extra deaths a year over a 12 year period.
Equal to the number of people who died of smoking related illnesses in NHS hospitals over 4 hrs.
Or about the number of deaths on UK roads for about 7.6 days in 2015.
36 deaths is 0.0068% of all UK deaths in 2015
Sacrifice that much freedom and privacy for that little increase in safety. I think not.
Backdoored pseudo-encryption is great at monitoring the 99% who will accept -- without thinking -- any nonsense spewed by a politician who happens to be ranting in the aftermath of the latest (convenient) terror attack or kidnapping or paedophilia incident or whatever frightens the chickens these days.
More insidious, though, will be the _next_ level of action, which will make it illegal to use any genuine form of encryption. This law will be enforced so rarely that you smug tech-heads will think you're being awfully clever, even while you provide the spooks with a perfectly legal pretext for a midnight visit any time they choose to rattle your cage and compel you to do whatever they fancy.
A police state is inevitable when everybody is a criminal and enforcement is subject to the whims of individuals.
A/C - for all the good it will do me.
"More insidious, though, will be the _next_ level of action, which will make it illegal to use any genuine form of encryption."
That's what I think will be next. If you make the MERE USE of encryption (outside of State-sanctioned schemes) a criminal act, then you reduce the possible outs to steganography, which can still be severely limited (as in you can only watch so many cat videos a day before it becomes suspicious, nonsense or outlandish posts will raise red flags, plus images, videos, and text can be mangled, bleached, and so on to reduce their steganographic usefulness).
Indeed, and the privacy of an innocent person should never be violated - never.
Those two statements just mean that you must identify the terrorists first before you violate their privacy. I suggest old-fashioned police work for that bit.
But I guess not. And when the key to the backdoor is inevitably linked, the TLA's will use the resulting cyber-mayhem to ask for even more unreasonable security tools that only work for the "good guys", and wash their hands of the damage that they are doing the now vulnerable citizenry.
Australia is lurching further and further to the right. Brandis is a dangerous idiot. He has no clue what he's talking about and yet the mainstream media don't even bother to ask pertinent questions. They just parrot what he and Turnbull say without any analysis or questioning of it. I've been banging on for years about privacy invasion such as metadata retention and back doored encryption and you know, nobody is interested. People's eyes glaze over when I even mention it. As long as they can access Facebook and text their friends, they're happy.
If official back doors do become reality, we should probably just unplug the Internet and call it a failed experiment.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
