UK ministers to push anti-encryption laws after election The UK government will push through orders next month to force all communications companies including Google and Facebook to break data encryption. That's according to the Sun newspaper, which quotes a government minister as saying "we will do this as soon as we can after the election, as long as we get back in. The level of …
"Ehh??? Have you forgotten who was Home Secretary? Kim Jong-May. Snoopers Charter, etc etc..."
Short attention span eh? You are the reason politics is now made up of PR people and media sound-bites. Push a misleading sound-bite often enough and eventually the masses will come to believe it's true.
If every home secretary for the past 20 years or so ends up crossing over to the dark side, I can only conclude that it's the civil servants that are pushing it.
Got it in one. My theory is that the only things they allow the Home Secretary to read are the worst crime statistics and Judge Dredd stories. (Blunkett presumably got audio books.)
Note also that there's now talk of having to prove your identity when voting. Given that not everybody has a driving license or a passport we obviously need another solution. In a Sir Humphrey voice: "Well Minister, how about introducing identity cards? Think how much easier it would make things - it could be used by the NHS and HMRC as well, which would cut costs."
My theory is that the only things they allow the Home Secretary to read are the worst crime statistics and Judge Dredd stories.
If this were the case, then why did May cut funding to the police when Home Sec? There have been a number of Dredd storylines recently concerned with understaffing and lack of resources for the Judges. Add to that, if they read 2000AD, it would have been banned by now as a subversive publication, given its propensity for sometimes not-so-subtle parody of the British government.
"If this were the case, then why did May cut funding to the police when Home Sec"
Because May wants the Police to be (a) employees not independent Crown servants [and therefore able to tell her to eff off] and (b) privatised [ideally to her husband's company].
Well said. Unfortunately, with police (officer) numbers down 16,000 over the last few years, and still plummetting (Google "Laura Beal" if you don't recognise the name), and a round a quarter of police forces in England and Wales struggling to respond promptly to 999 calls, it's probably now too late. I think we might now have passed the tipping point.
What they are proposing is worse.
A fake "walled garden" where encryption seems to work but is actually over rideable on demand.
Most people will barely consider that "on demand" part.
But any foreign business thinking about buying UK software will be thinking "WTF should I buy something I know will insert a big f**king hole in my security?"
Until one of the army of bad guys (actual bad guys, not the roughly 1 in 4333 UK subjects who MI5 said was a terrorist "suspect") reverse engineers this BS (you can smell the whiff of "security by obscurity" already) and does for real what a character in a William Gibson short story (burning Chrome?) is described to have done and guts a whole (African ?) countries economy.
To be very fair - the goal isn't to ban encryption. It is to ban end to end encryption between users. Which is fairly new actually. It would require new privacy policies and the removal of advanced features for UK customers (the secret chat modes), but it wouldn't be the technical disaster we would like to think for users. Of mainstream apps, only WhatsApp would be completely banned (instead of just having secret chats disabled).
It would be a disaster for British companies. We are already seen as being too close to the Americans. Like people are starting to avoid American tech in privacy-conscious applications, they'd do the same for British tech. Brexit alone may inspire this.
I don't support an end to end encryption ban. But let's be clear it isn't a ban on things like online banking.
"Of mainstream apps, only WhatsApp would be completely banned"
Did you join up today to astro-turf on behalf of the Home Office?
Lets look at what you forgot:
Online banking.
Placing orders online with Amazon, eBay, Tesco etc etc.
Paying for anything via PayPal
Securely sending your password to your email provider to get your mail
Logging into pretty well any other service.
All these things require end-to-end encryption between one user (the customer) and another (the service provider) in order to work securely. If you don't thing this security is important then I challenge you to post all the IDs and passwords that you use for such services here in public.
But first, have a look at the T&Cs of these services. You'll find every one requires you to keep this information confidential. Your government wants to make it impossible for you to abide by those.
And for what? For nothing as far as the stated purpose is concerned. Because any organisation that wants to use encryption to facilitate law breaking is concerned will source encrypted communications from outside the government's remit. The only ones to suffer will be law-abiding citizens.
"Did you join up today to astro-turf on behalf of the Home Office?
Lets look at what you forgot:"
No, you are missing the subtlety here. They are not bothered about end-to-end encryption between customer and service, ie me -> Google, because Google is able to decrypt the information and simply pass it to the goverment. As they do already.
What they are bothered about is end-to-end encryption directly between users. Because then the only people that can decrypt it are the two users. And as it was previously pointed out, this type of encryption is fairly rare.
So:
Online banking.
Placing orders online with Amazon, eBay, Tesco etc etc.
Paying for anything via PayPal
Securely sending your password to your email provider to get your mail
Logging into pretty well any other service.
Are all perfectly safe. At least in theory. Unless the government change their mind....
@Sloth77
You are completely erroneous in the assumption that user to user encryption is rare. It is not. The majority of my communications with other persons is end-to-end user-to-user encrypted. It is inherent in an Apple eco-system.
I don't care which fanboi side of the fence you sit on, you cannot call the use of Apple devices 'rare'.
I don't support an end to end encryption ban. But let's be clear it isn't a ban on things like online banking.
No, it just means all your online banking activity (and everything else) is visible to the government.
If they wrote the law properly, they could require a backdoor into the https protocol.
@The Allie Cat
So, after this is in effect use of all iPhones becomes illegal? I use iMessages and FaceTime far more than I use cell calls. They both use end-to-end and full disk encryption. Most of the people I am in contact with on a regular basis are covered by them.
Even if Apple 'withdrew' from the country the devices would still be there.
This post has been deleted by its author
I went to a focus group on banking communications recently set up by my bank. The person leading the discussion was suggesting ways we could be contacted and what we thought of them. When email came up I explained that if you wouldn't write it on the back of a postcard then sending it on an email was a distinct no no. After some more input we were told to ignore the security issues with the method of transmission. I said great send me everything on the back of a postcard then because if in this virtual world we're saying security is perfect then that's just a secure and I don't have to go to the bother of opening an envelope. As I'd singled myself out I was then asked whether I was concerned about my use of internet banking and I said I don't use it.
"No encryption means no use of the internet to fill in tax returns, VAT forms, "
Ooh we won't get that because HMRC are pushing for Making Tax Digital and the Clusterf*ck that's going to be. When those below the VAT threshold were going to be included from next year (it's 2019 now) I phoned HMRC and asked what information would need to be provided digitally by me (or to be more accurate my accountants) on a quarterly basis. To be told "we can't tell you unless you are part of the trial" was a bit of a shock. I still don't know and to be honest I'm past caring.
I'll save a fair bit if the ban hits Amazon and Ebay because the amount of cr*p I've bought on Ebay and vis Amazon Prime is disturbing.
I wish I could upvote you a billion times, such a shame you hid behind the AC tag - although that wont work if Comrade May gets her way.
For the first time in my life, I am voting Labour - even if Corbyn IS a gimp; this government deserves to die even more than the bastards behind the attack.
It has got to the point where I trust them so little, my first thought after the Manchester attack was "Isnt that convenient - 2 weeks before the election. It's almost as if they've done an Erdogan".
Except Corbyn wants to bannish Umbrella companies and he hates contractors with a passion. I have no idea who to vote for tbh. They're all pants. Might even go UKIP if they have anything interesting. Is Screaming Lord Sutch still about?
The tories will kill any investment in the UK with this. What foreign company in their right mind would come here with a ban on encryption? Taxes can be as low as you like but no security? Forget it.
"Seriously? Taking away your encryption is worse then massacring children?"
What do terrorists want to do? They want to remove our freedom under the law. So when a government decides to remove some of that freedom anyway then the terrorists have won a substantial victory. Is that what you want?
"Isnt that convenient - 2 weeks before the election. It's almost as if they've done an Erdogan".
One of the aims of terrorist groups is to alienate more people from the government - that makes for richer recruitment grounds for them. Daesh/ISIS want the Government to react with repressive measures - and Theresa may has the mentality to walk into their trap.
Unfortunately Labour will be no different from the Tories. They have not opposed May's measures in the past.
Don't trust Labour either. Remember ID cards?
It may have escaped your attention, but those who were in power and responsible for that sort of thing around a decade ago are substantively not the same people in charge of the Labour Party now. If you concentrate really hard, you might remember a leadership election, where the red Tories got voted out, and replaced by a leftie vegetarian bloke with a beard, and then a couple of failed coups where they tried to get rid of him again.
Many of the people who now support the Labour Party share my opinions of those who were at the head of the party under Blair, and those opinions are not kind. This is why the membership of the party fell while Labour were last in power, and then grew massively once the Blairites were toppled.
Add to this the suggestion that Home Secretaries are usually not well qualified for the job (I can't recall one who has actually ever worked in policing, for example), then they will be getting their opinions from the senior civil servants who feed them to them. You have to ask yourself who the 'Sir Humphrey' is, because the coordinated drive towards authoritarianism across a number of successive governments could only plausibly be coming from Whitehall.
For the first time in my life, I am voting Labour
Speaking as someone who in my youth was an enthusiastic supporter of Thatcher, I may very well be with you there. Though I shall look at the full list of candidates before a final decision.
It's almost as if they've done an Erdogan
I think that comparison is unduly harsh on Erdogan. He had an actual referendum about giving himself more powers, whereas only a select few in Maidenhead get to vote for or against our Leader. And above all, with Syria and Iraq on his borders, Erdogan has very real and major problems to deal with.
Not to mention several 'terrorist bombings' over the past few years allegedly orchestrated by 'Kurdish separatists', and very convenient for a religious-right wanna-be dictator who might wish to further marginalise and demonise the on-the-whole secular and democratic Kurdish peoples.
I think the remark about Erdogan refers to the botched "coup" last year. Which was very convenient for him
Yes, I realise that's a strong parallel. And history gives us many more such: we still have some residual effects from the 1605 plot, in that for example the monarch can't marry a Catholic (and Northern Ireland bears more serious scars).
Where the parallel ends is in the timing. As far as I know, the Turkish coup could have happened a year earlier or later and still served Erdogan's agenda equally well. Insofar as it served an existing agenda, as opposed to creating a new agenda, which is a question for historians.
But what happens if essential liberty is the thing that keeps you from being safe FULL STOP? Then it becomes a matter of whether or not liberty and safety are really compatible with each other. IOW, it becomes a stark choice between two naturally-attracting regimes. Pick your poison: the police state or anarchy.
A classic rhetorical method.
It's BS. IRL there is a trade off between freedom and risk. Raod accidents kill about 3 000 subjects in the UK every year, but no one in their right mind is talking about banning private cars.
It was estimated that in 2014 smoking caused 78 000 deaths in the UK. Yet no one is talking about an outright ban, because it makes too much money and would be as stupid as Prohibition was in the US.
This particular "cunning plan" trades off the slight risk IE 22 deaths in 12 years Vs the guaranteed hole put in everybodies personal data security.
@John Smith 19
It is BS now but will it remain so long term.
People's personal power, the individual's ability to destroy or create becomes greater with every passing moment. Bigger guns, better explosives, transport, training. Let alone access to new technologies like CRISPR. Every year we get more deadly to ourselves.
We are almost at the point (almost?) where an individual could destroy us all.
So either every one 'has to' be happy -OR-
Everyone 'has to' be controlled.
Is that, ultimately what we are looking at? Because I would die before making either of those choices.
As several people have already pointed out, it's not banning encryption, it's forcing the large companies to give UK gov a backdoor.
The idea is flawed not because it will make encryption illegal, but because keeping a backdoor secret is impossible. Once it is leaked, and it will leak, everybody will have to change their encryption. How disruptive has been replacing insecure SSL/TLS. Backdoors leaking would be much worse than this!
The government will try to make using encryption that does not include a backdoor illegal, and will demonize anybody found using such a system, probably by adding laws to the statute book so that anybody found using encryption that is not readable by the intelligence service will be deemed a terrorist, but even that idea is flawed.
This is because, if they find a data stream or data set on a computer that they don't understand, they will immediately assume that it is obscured by a type of encryption that they've not seen before.
"Hey, I can't make any sense of the data in this /dev/urandom file on your computer. Tell us how to decrypt it or we'll throw you in jail for three months for not revealing the key, and then consider a longer jail sentence for using an encryption method that we can't read"
This is obviously a case to illustrate stupidity, and could be easily challenged in court. By what about seemingly random observation data from things like radio astronomy or applied physics, and if there are rules to allow this type of data to even exist on a computer, how do you prevent steganography - hiding data inside the image or other data.
At some point, people wanting to hide things will resort to book ciphers using unpublished or even published books, which will only be decryptable by knowing the exact book that is being used, or by cataloging all texts ever written. Fortunately, despite Google's best efforts, this is something that will remain impractical for some time.
It's a real minefield that there are no good or consistent ways of regulating.
Better post ac for this one.
"This is obviously a case to illustrate stupidity, and could be easily challenged in court."
<Hypothetical situation to illustrate the race to stupid>
Or..if you have sensitive information in your posession and they don't want it encrypted, perhaps those of us with access could just store all our working data in the cloud in the clear.
Considering some of the information that would contain it wouldn't be long before I was in jail, were I stupid enough to try and prove a point, but I would then be a political prisoner and the costs of fixing all the stuff that leaked would run to a pretty penny.
</Hypothetical situation to illustrate the race to stupid>
"The idea is flawed not because it will make encryption illegal, but because keeping a backdoor secret is impossible. "
The NSA couldn't keep their attacks against Windows secret, and that almost took the NHS down. So at the very least I'd expect for example a backdoor that can be removed by Google, Apple, Microsoft permanently by the press of a button.
Leak? Leak?
You don't think knowing there is a guaranteed back door into every encrypted data stream in the UK might be a bit of an incentive for, IDK every Black hat hacking crew on the whole f**king planet?
If any Conservative candidate comes calling for your vote ask them if they've published all their banking, ecommerce, farcebook, twatter and other log-in credentials. When they ask why explain to them that this will be the net effect of removing encryption and you don't see why you should be asked to vote for someone who hasn't tested such a stupid policy on themselves.
Or simply explain that forcing HMG to abandon the centuries-long presumption of innocence is a major win for terrorists who wish to destroy British values. (Make that English values dependent on your assessment of the candidate's degree of rabidness.)
Or simply explain that forcing HMG to abandon the centuries-long presumption of innocence
Such a thing does not exist any more in English law. Courtesy of Tony Blair. The sole place where it exists is the ECHR and this is one of the most prominent reasons for Kim Jong May wanting to remove us from it.
"They are requiring an ability to access the keys / data."
What's the difference?
Oh,. look, some bloke accidentally left a USB stick on the train. I wonder what's on it?
Bah! It's a just a plain text file with lists of company names, URLs and some gobbledygook strings!
PS, quite surprised to find my spell checker included gobbledygook!
"If any Conservative candidate comes calling for your vote ask them if they've published all their banking, ecommerce, farcebook, twatter and other log-in credentials"
Or any Labour candidate, they tried this crap too, and it is the same party - same MP for Islington as under Blair and Brown, same MP for Hayes, same MP for Hackney, etc, etc.
Perhaps Corbyn would be a better bet for me if he hadn't hung around with Seamus Milne ("sure Stalin did a few bad things, but look at the good things too"), or if he had behaved vaguely democratically on a key recent issue (instead of 'my constituents voted this way on the issue, but screw them, I want this instead, and am using the party whip I frequently ignored in the past to make sure my MPs don't do what their constituents want either')
Plague on both their houses. As previous commentary nearly said, where's the likes of Screaming Lord Sutch when they're needed .....
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
