UK ministers to push anti-encryption laws after election

I'm reminded of that scene in Blazing Saddles where The Governor demands a "huurumph" from those in the room to protect their phoney-baloney jobs.

https://www.youtube.com/watch?v=uTmfwklFM-M

I wrote my MP about this and received a "stock" answer.

The problem (as stated many times above) is politicians do NOT understand the world we all live within and they don't want to either.

Well..

People with good memories may see some disclosure here. It can't be helped - this matter is too important to leave lying on the floor as it will continue to be revived by the both clueless and the deceptive. Can't locate my login right now, but my name is clearly in the article.

As I said in multiple articles, we have already seen the consequences of weak crypto, or backdoors into the mechanisms that are supposed to protect us - as a matter of fact, one of these examples is even still raging around the world as we speak. So, let me repeat myself from just one of the publications*:

WannaCry is a government backdoor case study

Peter Houppermans

* _{I just realised I sinned against my standard of avoiding expressions that only have meaning in certain regions. For those who do not understand cricket, "knocking for six" is best explained here. My apologies :).}

King Canute can legislate for the tide to stay out, but his feet will still get wet...

What these idiots are asking for is technologically impossible without breaking the way the internet works for anything practical (i.e. SSL). Trying to unilaterally impose your own ideas on a global structure like the internet, by the means for nationally-scoped legislation is also doomed to failure, for pretty obvious reasons.

couldn't get a better excuse, eh?

think of the children, and all that :/

no place for terrorists to hide

as usual, first they came for the terrorists

Have no problem with this at al IF . . . .

Cant see any problem with this as long as everyone who votes for this in parliament also agree to open their comunications to anyone who wants to look, they can have the ability to block secret government comms etc but that needs to be agrred first by a citizen council of those opposed to the law.

Otherwise they can go and stick their law where the sun don't shine.

These people really need to be told that a back door will be broken into by the bad guys and their data etc will also be available to all so vote for this and start following the law and dump the lovers etc . . .

once this legislation is in place...

it will only be necessary to make it illegal to download, possess and install such terrorist software, and the children are safe!

Unfortunately Rudd 'n' May just don't understand encryption.

So let's assume the law is passed, backdoors inserted, and messages decrypted. Your freshly exposed cleartext message reads "Just off to the shops, I've got the list, I'll pick up a curry on the way back, anything else you want?"

You tell me if that's an innocent probationary co-hab off to Asda, or a coded message meaning something a lot more sinister.

Pure nonsense. UK is heading into disaster.

Do they get the difference between encrypted data and encrypted communications? Still not sure how I feel about this subject, but they don't need to backdoor https as an example - this is just a tunnel that ends at the web tier. Surely they can just provide access to the data in the back end without breaking anything. It's just a systems design change to store pictures of cats unencryped. We effective do this all the time on layer7 firewalls with https termination.

None of this will however stop pier to pier encryption as pointed out by an earlier poster

All this a week after the NHS was crippled by a cyber attack. Obviously "wannacry" is not connected directly to the use of encryption or otherwise, but anything that weakens encryption for storage of data, credentials, etc, expands the attack surface for bad guys to exploit.

There's a lot of chatter on here about weakening encryption...

but, thinking it through out loud here, I suspect that any legislation will be along the lines of:

It will be prohibited for any software, hardware or other digital computer mechanism to be supplied for use within the UK (excepting where such sale or supply has taken place under a contract approved by the home secretary) whereby such mechanism is either i) designed to prevent or ii) coincidentally through the manner of its operation prevent, compliance with requests from the security services of the UK, made under warrant, for the supply of human readable information processed, transmitted or otherwise handled by said mechanism.

The practical upshot of this will be some means of having the software return whatever key can be used to decrypt any message or transaction, probably itself in an encrypted form, along with that transaction, to be stripped off and stored at whatever intermediary server it passes through before it is relayed to the end point. Of course, due to territorial limitations on statutes, an asymmetric key used to encrypt a reply to an actor outside the UK would not necessarily have the corresponding private key sent with the reply, so presumably the client end would have to be designed to create a second, encrypted using the vendor's public key or the now known keys of the sender, version of the message to leave at the interception point.

Next would be a test case brought where software was bought or obtained overseas and brought in on a phone purchased outside the UK's legislative territory. So the legislation would be rewritten to prohibit the USE of a mechanism falling under that definition.

Then there would be a test case of a company that only triggered the "key leaking" routines of their software AFTER a surveillance warrant was issued for a subject. Packet inspection of the transmitted messages would then reveal the extra payload and flag up that the surveilled was on a warranted watch list.

The legislation would then mutate again such that either the storage of and supply of the data was warehoused until a warrant was issued, OR that the mechanism employed to ensure compliance with the act was undetectable to the sender or recipient, so dummy padding out of the payload.

And then it all becomes so messy that people will just hang up the lot of it, get fed up and ... do what? Anyway, it's ALL WRONG, May. Just forget it.

Why, Britain... from an outside perspective it starts to look like you're getting ready to give fascism a try at last, after you've missed out in the 1930ies.

Don't. Not worth it.

Yay; no more DRM

"The requirement for companies to remove "electronic protection applied to ... any communications or data" was written into the Investigatory Powers Act last year"

Excellent: that should make all those DVDs so much easier to, uh, 'back up', not to mention the output from my Sky Q box. Oh, and the pesky encryption on the Sports and Movie channels too...

Am I the only one wondering what a Japanese commuter train (looks like the Saikyo line in Tokyo, if anyone's taking notes) has got to do with encryption back doors?

Looks like

I'm off to jail for writing a program that uses public/private key encryption, then sharing it with a a friend

We put up with the the IRA without this level of intrusion, hell we even fought off a bunch of facist nutters for 6 years then dumped all the regulations involved the day after we won....

A few extremist nutters are not goign to be that much of a threat... especially if they are ALREADY known to the security services......

And I'm not going to mention the guys who sent tip offs to the police hotline saying "Hey this guy is a nutter"