nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
UK ministers to push anti-encryption laws after election

Silver badge

Re: thoughts on future regulation of encryption

"Otherwise, it'll simply improve over time."

By what metric? The benefit of a computer playing Go, Chess, etc is that while the game is famously complex with incredible numbers of permutations, the rules are clearly defined, the objective that must be achieved to win is also fairly clearly defined (take/trap the King, etc). All a learning machine needs is to have a sufficient number of games to figure out the best way to get from a known starting position to a desired winning end when playing an opponent whose exact moves cannot be entirely predicted in advance. That's the skill, responding to a "random" behaviour of the human player to keep the best advantage (which probably requires tracking player moves to work out what the human is attempting to do).

Now let's turn our attention to a learning system for spotting terrorists. There's no defined starting situation. There's no defined end game. There's no defined list of behaviours that may occur in a message in order to indicate terrorist activity. "Don't forget to put the cake in to bake at three o'clock this evening" posted on Mumsnet could be a message from one scumbag to another - they're hardly going to say "Westminster, 3pm, bang" are they? So... We don't exactly have a start or an end or even a middle. Good luck getting a machine to "learn" that.

4
0

Re: thoughts on future regulation of encryption

Even if they can't decode it, if they can just detect it in a world where unsanctioned encryption and/or steganography is outlawed

It would be possible to hide the data - all data is just a stream of ones and zeros. The interpretation of said data stream is done by the application.

Do you really think that we have the resources to scan all data streams in real time?

If steganography were outlawed, I do not imagine for a second that bad actors would actually obey this law.

2
0

I'm reminded of that scene in Blazing Saddles where The Governor demands a "huurumph" from those in the room to protect their phoney-baloney jobs.

https://www.youtube.com/watch?v=uTmfwklFM-M

I wrote my MP about this and received a "stock" answer.

The problem (as stated many times above) is politicians do NOT understand the world we all live within and they don't want to either.

8
0
Anonymous Coward

Well..

People with good memories may see some disclosure here. It can't be helped - this matter is too important to leave lying on the floor as it will continue to be revived by the both clueless and the deceptive. Can't locate my login right now, but my name is clearly in the article.

As I said in multiple articles, we have already seen the consequences of weak crypto, or backdoors into the mechanisms that are supposed to protect us - as a matter of fact, one of these examples is even still raging around the world as we speak. So, let me repeat myself from just one of the publications*:

WannaCry is a government backdoor case study

As irony would have it, we now have a near perfect case study of what would happen if government mandated backdoors were to become law and criminals subsequently gained access to it. Current events demonstrate with precision the risk security professionals warn against:

1 - The NSA developed such a backdoor (generously funded by the US tax payer);

2 - There are so many people working for such an agency with different political views and motivations that leaking was all but inevitable;

3 - Once leaked, it provided a handy framework for criminals to tack on some malware.

And presto, pandemonium ensued. At the time of writing, the problem has reached 150+ countries and in the UK it knocked healthcare for six**.

It is also worth noting that this particular backdoor was kept at what one would assume to be the best protected government facility in the country, and it still leaked.

QED, methinks..

Peter Houppermans

* I just realised I sinned against my standard of avoiding expressions that only have meaning in certain regions. For those who do not understand cricket, "knocking for six" is best explained here. My apologies :).

14
0
Anonymous Coward

Re: Well..

"It is also worth noting that this particular backdoor was kept at what one would assume to be the best protected government facility in the country, and it still leaked."

Assuming, of course, it wasn't intentionally leaked, given we didn't hear much about pandemonium within the US government. If secrets were to have been stolen from say the US military, THEN I'd be more inclined to believe it was an accident.

5
2
Silver badge

Re: Well..

The company I work for didn't get affected by Wannacrypt, at all.

Obviously we were the ones behind it... (not)

2
0
Silver badge

King Canute can legislate for the tide to stay out, but his feet will still get wet...

What these idiots are asking for is technologically impossible without breaking the way the internet works for anything practical (i.e. SSL). Trying to unilaterally impose your own ideas on a global structure like the internet, by the means for nationally-scoped legislation is also doomed to failure, for pretty obvious reasons.

12
0
Anonymous Coward

"King Canute can legislate for the tide to stay out, but his feet will still get wet..."

Which was precisely the point he was making for his sycophantic courtiers who told him he could do anything.

15
0
Silver badge

Which was precisely the point he was making for his sycophantic courtiers who told him he could do anything.

A point well made. He is remembered as the idiot who tried to control the tides, rather than the guy using a metaphor to explain that there are things you cannot control.

Sadly, morons don't understand metaphor, but they still get a vote.

16
0
Anonymous Coward

"Sadly, morons don't understand metaphor, but they still get a vote."

More of them might read the story if headline called him Cnut, though?

(Yes, I know probably should be a K', etc etc)

2
0
Silver badge
Joke

Bloody Vikings

Coming over here, colonising Norfolk.

2
0
Silver badge

Re: Bloody Vikings

Coming over here, colonising Norfolk.

Actually, that was mostly the Angles, Saxons and Jutes. Cnut got his job as cyngge of Englalnd largely because he managed to get together a big enough fleet[1] to invade[2] (landing in Wessex) which proceeded up the east side of England, crossed over to Northumberland and then came back down the eastern side to beseige London.

There were various battles, treacheries and quiet murders[3] and Cnut became king.

[1] He was supposed to become king of the Danlaw (ie the bits of Northern England that the Vikings had conquered but the English Witanegemot decided that would rather have a Saxon king of all England. So Cnut ran away back to Denmark. He then formed alliances with a number of kings & Dukes (including the Duke of Poland) and invaded England.

[2] He did visit Sandwich, but left and eventually invaded via the mouth of the River Frome, in Somerset. He quickly took Wessex, persuaded Mercia to join him as well as the Jarl of Yorvik.

[3] Including (probably) the guy (Edmond Ironside) who the eldest son of the guy that the Witanegemot had eventually settled on as king.After which, Cnut was offered the kingship

Can you tell I like history?

1
0
Silver badge

Re: Bloody Vikings

"Can you tell I like history?"

Yes but I think you mean he proceeded up the west side of England and also I think Norfolk was also part of the Danelaw - at least as originally constituted. Didn't Alfred cede more or less everything NE of Watling St?

0
1
Anonymous Coward

couldn't get a better excuse, eh?

think of the children, and all that :/

3
0
Anonymous Coward

no place for terrorists to hide

as usual, first they came for the terrorists

6
0
Silver badge
FAIL

Re: no place for terrorists to hide

Yes, but then I was not speaking up for the terrorists through deliberate choice not apathy!

5
1
Anonymous Coward

Re: no place for terrorists to hide

well the point of that poem was that its wording was deliberately vague to include those that turned their gaze away - for whatever reason, indifference, fear, opposition. This is the whole point, as the noose tightens, the terms of what is "terrorism" are re-written by those tightening the noose, ironically, terrorising those left out of the noose to keep shtum. Until their turn.

5
0

Have no problem with this at al IF . . . .

Cant see any problem with this as long as everyone who votes for this in parliament also agree to open their comunications to anyone who wants to look, they can have the ability to block secret government comms etc but that needs to be agrred first by a citizen council of those opposed to the law.

Otherwise they can go and stick their law where the sun don't shine.

These people really need to be told that a back door will be broken into by the bad guys and their data etc will also be available to all so vote for this and start following the law and dump the lovers etc . . .

5
0
Anonymous Coward

Re: Have no problem with this at al IF . . . .

IIRC Didn't MPs insert a clause that says their internet access is excluded from surveillance?

10
0
Silver badge

Re: Have no problem with this at al IF . . . .

"IIRC Didn't MPs insert a clause that says their internet access is excluded from surveillance?"

They did indeed.

Source: http://www.independent.co.uk/life-style/gadgets-and-tech/news/investigatory-powers-bill-a7447781.html

They also promised us that they had no interest in the content of communications, merely the meta-data. Interestingly, there was also a "sunset clause" intended to deregulate at the end of 2016. Instead, all we actually see is more data harvesting and greater surveillance week by week.

Source: http://www.bbc.co.uk/news/technology-28245589

7
0
Anonymous Coward

once this legislation is in place...

it will only be necessary to make it illegal to download, possess and install such terrorist software, and the children are safe!

4
0
Go

Vote: El Reg

Is it too late to form the El Reg party before the upcoming General Election? A lot of eminently sensible and intelligent comments here and, I sense, a desire to genuinely improve the lot of the country.

I'd vote for you!

10
0
Silver badge
Devil

Re: She is watching you

And you expect me to click on that link? How do I know that Windows gif libraries haven't been already been backdoored?

And I'm fresh out of tinfoil, too.

4
0
Anonymous Coward

Re: She is watching you

If you're THAT paranoid, what's to say there isn't a secret backdoor hidden in NOTEPAD that lets them pwn you with a TEXT FILE? Or that there isn't some secret backdoor in your CPU that no one's capable of defeating or even blocking because it's down to the damned silicon?

If you're THAT paranoid, you might as well go all-Luddite and hide out in a cabin in the mountains...oh wait, there's the satellites to worry about now...

2
4
Silver badge

Re: She is watching you

"And you expect me to click on that link?"

I did it on an old phone.

It's the Big Screen bit from 1984 edited so that Big Brother's face changes to become May, then back to Big Brother.

It's surprisingly effective.

1
0

Unfortunately Rudd 'n' May just don't understand encryption.

So let's assume the law is passed, backdoors inserted, and messages decrypted. Your freshly exposed cleartext message reads "Just off to the shops, I've got the list, I'll pick up a curry on the way back, anything else you want?"

You tell me if that's an innocent probationary co-hab off to Asda, or a coded message meaning something a lot more sinister.

13
0
Silver badge

"You tell me if that's an innocent probationary co-hab off to Asda, or a coded message meaning something a lot more sinister."

That will depend entirely on whether the Government want to get you or not.

11
0
Anonymous Coward

Also, to make a code like that work, you'd have to have MET first (First Contact Problem). Think about all the CAMERAS.

UNLESS you can demonstrate an effective ZERO-KNOWLEDGE code?

0
1
Silver badge

You tell me if that's an innocent probationary co-hab off to Asda, or a coded message meaning something a lot more sinister.

Indeed. People have been using things like codewords and one-time-pad encryption for a lot longer than computers have been around..

2
0
Silver badge

"UNLESS you can demonstrate an effective ZERO-KNOWLEDGE code?"

A twice solved problem. Diffie-Helman. Public key encryption.

1
1
Silver badge

Nope, not in terms of a "hidden in plain sight" zero-knowledge system. Can you come up with a code-word system that doesn't require the other side to know what it is yet can be hidden in plain sight, not necessarily in steganography but like a message that looks like any other innocuous message (In other words, can you use a "Happy Birthday" message to tell others what to do even though they've never met before to establish a common code yet?).

0
1

Pure nonsense. UK is heading into disaster.

8
0
Anonymous Coward

Only if we dont vote the Tory out on June 8th

8
1
ni!

Do they get the difference between encrypted data and encrypted communications? Still not sure how I feel about this subject, but they don't need to backdoor https as an example - this is just a tunnel that ends at the web tier. Surely they can just provide access to the data in the back end without breaking anything. It's just a systems design change to store pictures of cats unencryped. We effective do this all the time on layer7 firewalls with https termination.

None of this will however stop pier to pier encryption as pointed out by an earlier poster

3
0
TRT
Silver badge

pier to pier encryption

So all you have to do is focus your hunt for terrorists to places like Brighton, Southend, Blackpool etc.

24
0
Silver badge

"None of this will however stop pier to pier encryption as pointed out by an earlier poster"

But it could make it easier to detect, especially combined with steganography countermeasures like image mangling and text sanitizing.

0
3

All this a week after the NHS was crippled by a cyber attack. Obviously "wannacry" is not connected directly to the use of encryption or otherwise, but anything that weakens encryption for storage of data, credentials, etc, expands the attack surface for bad guys to exploit.

4
0
Silver badge

"Obviously "wannacry" is not connected directly to the use of encryption or otherwise"

What it is directly connected to is the inability of TPTB to keep things secret and things they'd need to keep secret include the backdoor key.

2
1
TRT
Silver badge

There's a lot of chatter on here about weakening encryption...

but, thinking it through out loud here, I suspect that any legislation will be along the lines of:

It will be prohibited for any software, hardware or other digital computer mechanism to be supplied for use within the UK (excepting where such sale or supply has taken place under a contract approved by the home secretary) whereby such mechanism is either i) designed to prevent or ii) coincidentally through the manner of its operation prevent, compliance with requests from the security services of the UK, made under warrant, for the supply of human readable information processed, transmitted or otherwise handled by said mechanism.

The practical upshot of this will be some means of having the software return whatever key can be used to decrypt any message or transaction, probably itself in an encrypted form, along with that transaction, to be stripped off and stored at whatever intermediary server it passes through before it is relayed to the end point. Of course, due to territorial limitations on statutes, an asymmetric key used to encrypt a reply to an actor outside the UK would not necessarily have the corresponding private key sent with the reply, so presumably the client end would have to be designed to create a second, encrypted using the vendor's public key or the now known keys of the sender, version of the message to leave at the interception point.

Next would be a test case brought where software was bought or obtained overseas and brought in on a phone purchased outside the UK's legislative territory. So the legislation would be rewritten to prohibit the USE of a mechanism falling under that definition.

Then there would be a test case of a company that only triggered the "key leaking" routines of their software AFTER a surveillance warrant was issued for a subject. Packet inspection of the transmitted messages would then reveal the extra payload and flag up that the surveilled was on a warranted watch list.

The legislation would then mutate again such that either the storage of and supply of the data was warehoused until a warrant was issued, OR that the mechanism employed to ensure compliance with the act was undetectable to the sender or recipient, so dummy padding out of the payload.

And then it all becomes so messy that people will just hang up the lot of it, get fed up and ... do what? Anyway, it's ALL WRONG, May. Just forget it.

8
0
Gold badge
Gimp

" I suspect that any legislation will be along the lines of:"

The legislation already exists. It's called RIPA. However it needs a "Technical Capability Notice" to be approved by Parliament. As described here The text of the draft is here

IOW a form of "Statutory Instrument," much beloved tool of the Dark Lord Mandelscum.

Note. Both house of Parliament have to approve it. Since it requires critical thinking skills (not something you see a lot of in politicians) to realize what errant BS.

5
0
Silver badge

Re: " I suspect that any legislation will be along the lines of:"

Note. Both house of Parliament have to approve it. Since it requires critical thinking skills (not something you see a lot of in politicians) to realize what errant BS.

Just possible in Their Lordships' house. But the most likely place to find it is in the EU Parliament, perhaps due in some measure to the much lesser importance of party politics.

4
0
TRT
Silver badge

Re: "Technical Capability Notice" to be approved by Parliament

Oh yes, so it does. The bastards. Utterly, utterly ludicrous.

0
0
Anonymous Coward

Re: " I suspect that any legislation will be along the lines of:"

Which us why we have to leave the evil EU immediately, to stop them meddling in the new order, whete people like Suzanne Evans will be free to go on national television and suggest that just because someone's parents are immigrants, their son should have been watched at all times.

Wait, she did that yesterday, and while there were obviously a lot of other reasons why that should have been done, but she focussed purely on the fact that his parents are from somewhere else.

1
0
Silver badge

Why, Britain... from an outside perspective it starts to look like you're getting ready to give fascism a try at last, after you've missed out in the 1930ies.

Don't. Not worth it.

17
0
M7S
Coat

"after you've missed out in the 1930ies."

As with the plague, renaissance and remodelling the road network in our capital city we've always been a bit behind in following those continental fads.

Surely trying this would prove to the Shoreditch luvvies that in fact we've reconsidered and are now terribly cosmopolitan remainers at heart?

The long black one. Yes, its leather. No, I'm not sure from which particular mammal.

2
0

Yay; no more DRM

"The requirement for companies to remove "electronic protection applied to ... any communications or data" was written into the Investigatory Powers Act last year"

Excellent: that should make all those DVDs so much easier to, uh, 'back up', not to mention the output from my Sky Q box. Oh, and the pesky encryption on the Sports and Movie channels too...

6
0

Am I the only one wondering what a Japanese commuter train (looks like the Saikyo line in Tokyo, if anyone's taking notes) has got to do with encryption back doors?

4
0
Silver badge

Looks like

I'm off to jail for writing a program that uses public/private key encryption, then sharing it with a a friend

We put up with the the IRA without this level of intrusion, hell we even fought off a bunch of facist nutters for 6 years then dumped all the regulations involved the day after we won....

A few extremist nutters are not goign to be that much of a threat... especially if they are ALREADY known to the security services......

And I'm not going to mention the guys who sent tip offs to the police hotline saying "Hey this guy is a nutter"

12
0
Anonymous Coward

Re: Looks like

"A few extremist nutters are not goign to be that much of a threat... especially if they are ALREADY known to the security services......"

You sure about that? Are you sure one man can't ruin civilization all by himself at this point? At least the IRA only had one country in mind; they weren't omnicidal maniacs like some people.

0
3

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing