nav search
Data Center Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
UK ministers to push anti-encryption laws after election

Indeed. And now, the UK Gov indicated that they will stop sharing Intel with USA Gov Agencies, over concerns of UK Gov intel being "Leaked to the Press". Really? Guess they don't want anyone to know how they're using this Terror Attack as an excuse to attempt to force USA based Social Media firms to create Encryption Back Doors. Why doesn't the UK Gov just talk to their NSA buddies, who have a back door into the Internet Backbone, itself? The NSA has had that back door into the Internet Backbone since 9/11. It's a bit too coincidental that as soon as a Terror Attack happens, suddenly, the Gov calls for Encryption Backdoors that wouldn't have prevented this from happening. Internet Backbone Tap, from the NSA to Your Gov negates the need for an encryption backdoor. By the way, once that backdoor exists, the Gov's won't be the only ones able to access it, which is the point of not doing it, in the first place.

1
0
FAIL

Can't say I'm surprised

Terrorist attack? Followed within days by idiotic government reaction, with the implication that if you just shut up and do what they say then they can prevent this ever happening again. As night follows day.

I'd call it a kneejerk reaction, if it was. What it in fact is is the habit of governments to use anything, whatever it might be, as an excuse to ram through more, unjustified increases in their power.

5
0

Re: Can't say I'm surprised

"I'd call it a kneejerk reaction"

Might i suggest that "knee" is not needed here?

3
0
Anonymous Coward

Morrissey is Right!

By this time, most of us are familiar with the Manchester terrorist attack at a concert. But here is something: "Manchester Attack: What They’re NOT Telling You".

<https://youtu.be/v4vWR5BpDdQ>

Excerpt: “Which do we value more? Protecting the feelings of Muslims or protecting our children from being blown up?”

0
3

This post has been deleted by its author

Silver badge

Typical Home Office

They have a whole bunch of proposals waiting for the necessary atrocity so they can be rammed through the Commons 'to protect the kiddies'. No matter that there's zero evidence that encryption played any part in the Manchester atrocity.

3
0
Anonymous Coward

In regards to Manchester...

I couldn't help notice all those snooping laws the government passed over the last year really paid off.

4
0

A Level Chemistry

To build that bomb, A Level Chemistry is enough. TATP is nasty stuff, easy to make, more difficult to make in quantity and stably. If you tried to make the stuff alone, sufficient for a big bomb, you'd slip up quickly and make a small fatal explosion; your neighbours would hopefully be alive, looking for a new house. A team of diligent people could make enough for a bomb.

A Level Physics or a bit of electronics messing around provides enough education to make a detonator and trigger.

** I've just explained how a bomb might be built in 1992, before politicians even thought about the internet and encryption. **

Add a bit of project management -- easier if you have motivated people -- and this bunch pulled it off. It required many people, however.

** But they could have planned it privately. No need for internet. **

To buy bomb supplies without looking like a bomb maker takes planning; you don't sign up for an account at the local chemical supplies firm with an order for concentrated peroxide and acetone for your family beauticians shop. It was a lot easier to buy bomb making material in 1992; the IRA didn't mess around with nasty TATP.

This is a serious problem which does not need a knee jerk response.

There should be no response. That man didn't need the internet to make the weapon which killed so many.

3
0

Wondered how long it would be before they started trying to really push that through!

1
0
Silver badge
FAIL

Politicians - technically ignorant at best.

The loss of life at the hands of Freedom Fighters/Terrorists is to be regretted and this last weeks tragic loss of life is made all the worse due to the victims young ages.

Encrypted communications would have done little to prevent this from happening, especially since it appears the man had just returned from his ancestral country of Libya. The device was TRIGGERED BY HAND.

The fact is that notwithstanding pouring BILLIONS OF POUNDS into to MI5, GCHQ and the Plod, all we have to show for it is some historical video tape and a list of To Visit addresses. The head of MI5, the prime minister (former Home Secretary for years) and the present loon who calls herself Home Secretary should RESIGN. The explosion is testimony to their abject failure.

Why, pray tell, did the Plod go calling AFTER the event? Other jurisdictions go a-calling on a regular basis just to let their potential clients know they are under observation.

And most anything the government proposes will fail - which, again, the incident attests to.

I work for a company who designs military equipment for non-aligned (read not American) countries and I can attest to how easy it is to make IEDs, triggers, etc. The average supermarket has all I need to make a loud bang.

Triacetone Triperoxide (TATP), made from explosive forms of acetone peroxide, belong to the few high explosives that do not contain nitrogen (think fertilizer), and so can pass undetected through most sniffer devices. TATP is easily made, with extreme care, following visits to your local chemist/drug store/pharmacy, and the ironmongers/hardware store.

When I was in the British military, we were taught how to make explosive mixtures from common household chemicals (cleansers, polishes, etc). I know how to make anyone in a decent sized room with a lamp (one of those things with a filament) and a common fuel imitate John Clease's famous parrot.

The much vaunted British security services haven't progressed much since 2005 July 7. Stopping encryption is not the answer, as the first explosion after such a ban will prove.

6
1

Re: Politicians - technically ignorant at best.

It is significant that whilst "The device was TRIGGERED BY HAND", the bunch who made the bomb ensured that the bomber didn't burn his hand.

He didn't get burned on his fingers. He might have let go after an electric shock, so the bombers added an electronic switch.

"Triacetone Triperoxide (TATP), made from explosive forms of acetone peroxide, belong to the few high explosives that do not contain nitrogen (think fertilizer), and so can pass undetected through most sniffer devices."

Owing to chemical purchase difficulties, TATP made in the UK is always impure. Airport scanners can spot TATP bombs from a distance. They stink of ammonia. When TATP reacts with the air, bombers become smelly.

It is hard to create a detonator for an airport bomb which does not leak nitrogen. Thankfully, that makes it possible for traditional airport scanners to work.

"TATP is easily made, with extreme care, following visits to your local chemist/drug store/pharmacy, and the ironmongers/hardware store."

Easier than MDMA but really stupid.

1
1

This post has been deleted by its author

Silver badge

Re: Politicians - technically ignorant at best.

That seems somewhat uncalled for. Jaitch has a reputation here and doesn't hide behind an Anonymous username. On first inspection his English is better than yours, certainly more erudite; although criticising someone for not speaking English as a first language​ does make you seem a little racist.

6
1

Re: Politicians - technically ignorant at best.

Why, pray tell, did the Plod go calling AFTER the event? Other jurisdictions go a-calling on a regular basis just to let their potential clients know they are under observation.

Because this Government has slashed their numbers by 16,000 and cut probationer pay by over £4,000/year in the last few years. In many forces a probationer police officer earns less than the manager of a branch of McDonalds yet (with respect to all McDonalds managers) the former is hugely more demanding. Dialled 999 for police in an emergency recently? Just how long did you have to wait for someone to arrive? Ever wondered why?

About 10 years ago, Home Office ministers in England and Wales set up the "Senior Careers Advisory Service" because they were concerned that the brightest police officers in the superintending ranks weren't applying for Chief Offer posts and they wanted to know why not. It didn't occur to them that those very officers were the ones who could plainly see that political interference with policing made those roles far less attractive than being Captain on the Titanic, and they were voting with their feet. Now, the situation is desperate, and so few serving officers are interested in trying to run a half-decent policing service with nearly half of the revenue budget of ten years ago - but with huge increases in policig demands - that Chief Officer posts are being advertised overseas to poor sods who don't know any better and might be daft enough to apply.

The technical term for such HR policies is "desperation".

3
0
Anonymous Coward

Re: Politicians - technically ignorant at best.

Thank you Adam 52.

1
0

This post has been deleted by a moderator

Anonymous Coward

Re: Politicians - technically ignorant at best.

The loss of life at the hands of Freedom Fighters/Terrorists is to be regretted and this last weeks tragic loss of life is made all the worse due to the victims young ages.

JaitcH - why are you defending the attack that just killed 22 people??

"Freedom Fighters" makes them seem justified, and using passive voice is trying to make it sound neutral.

0
5
Silver badge
Big Brother

Re: Politicians - technically ignorant at best.

Stopping encryption is not the answer, as the first explosion after such a ban will prove.

Look for lots of "Police acting under new anti-terror laws foil yet another terrorist plot. Officers in London were able to foil yet another ISIS plot intended to destroy the British way of life. This is the 3 millionth time that the police have been able to prevent terrorism since the act was passed into law last Thursday..."

You get the idea...

Not that I have any doubts about articles on how many terrorist plots have been stopped. No, I'm sure the details leaked to the press is plenty enough proof that such events really did happen!

0
0
Bronze badge

repeat after me: "there's only two choices, secure for everybody, or insecure for everybody"

3
0

This post has been deleted by its author

Anonymous Coward

This is a.....

Really, Really REALLY FUCKING STUPID IDEA.

let’s make us ALL much less safer by creating legislation that would have done FUCK ALL to prevent what happened.

Knee-jerk, uneducated, technically-backward WANKERS!!!

7
0

This post has been deleted by its author

Trollface

V

I suppose he's started on his prep.

1
0
Anonymous Coward

LOL

Here's what needs to happen...

UK passes said laws...

The next day, Facebook says... "hmm, ok so we can't service the UK without breaking their encryption laws..."

All UK citizens wake up to a big blue page when they try to visit Facebook that says something to the effect of "UK Citizens, you're government has decided that we can't protect our services without breaking UK laws. This means we can no longer provide you service. Maybe you should discuss this with your governors."

<Disconnected>

How long do you think it would take to either see all involved law makers impeached OR to see the H.o.P. on fire on CNN?

I bet it wouldn't even take a day (and I doubt any law makers would attempt something so idiotic again).

You're welcome,

Merica!

5
1
Boffin

Banning encryption is unenforceable

Data = information + meaning.

Even when there is a known encoding / file format / encryption algo, the data itself can still be meaningless / random. Unless they make it illegal to store or transmit meaningless / random data, how can you enforce a law banning encryption? How can they prove that your data must have a hidden meaning and is not just random?

1
0
Silver badge

Re: Banning encryption is unenforceable

https://en.m.wikipedia.org/wiki/Steganalysis

0
0
Silver badge
Facepalm

Re: Banning encryption is unenforceable

information = Data + meaning, surely?

Data: 2,3,5

Meaning: You've just been insulted 3 times, in American, British and Roman fashion

1
0
Anonymous Coward

Re: Banning encryption is unenforceable

Agree entirely with main points, although as with previous commentator, would question first part slightly?

Information = data + (context, meaning, lookup table/crib sheet/one time pad, etc)

What 'they' need to do is prove the information links you to a crime, which means finding the crib sheet, or deducing/decoding it. If decided, that may involve "sources and methods" not suitable for open court, but the UK already has a mechanism for that - no new laws needed.

Where new laws are needed is if the politicians think that the power to issue surveillance warrants is too important to be left to a semi-independent judiciary, who might ask awkward questions such as "why do you want to do this, on what evidence?" and who won't simply issue blanket warrants in the wake of an incident, a 'newspaper' headline, or a slip in the polls. If 'they', in fact, regard the legal system, with its pesky checks and balances, as part of the problem.

0
0
tfb
Silver badge
Alert

Plugins

So when the inevitable happens and they make encrypted messaging apps illegal, this is what someone should do:

Write a simple unencrypted messaging app. Something like IRC, but with much better support for phones and other modern devices than IRC clients typically have. Such a thing is clearly legal.

Provide it with a plugin API which lets you write extensions for it in, say, JavaScript or (better) Python, with an embedded JS/Python interpreter & runtime. This is already done by several apps (I have at least a couple) and is clearly both legal and satisfies the various App Store limitations. It should be possible to install these plugins from uncontrolled locations or write your own: again, this is already done by several apps and is clearly just fine.

Sit back and wait. Oh, look, someone has written a plugin which supports end-to-end encryption over the app's connections, how odd, no-one could have predicted such a thing, right?

2
0
Silver badge

Re: Plugins

Simple answer: forbid unsanctioned add-ons under penalty of not being allowed to operate in the country: regulating apps and industries ARE within the government's remit; see the Uber controversy.

2
2
tfb
Silver badge

Re: Plugins

So what you're actually saying is that the answer is to forbid general-purpose programmable computers.

That's right: that is the answer.

2
0
Silver badge

Re: Plugins

You may actually be onto something. Why else do the movie companies NOT allow 4K BluRays to be played on computers, ONLY on purpose-built, secured-from-end-to-end dedicated players?

Perhaps the next step is that all computers will be considered dangerous devices requiring registration the same way cars are. And all software firms and programmers will likely have to sign legal oaths and probably even post surety bonds.

0
3
tfb
Silver badge
Boffin

Re: Plugins

It does worry me that this is the sort of answer we are heading for. Yes, there will be no bad terrorists talking secretly to each other, but on the other hand we'll be living in some kind of medieval world of mud, pigshit and lice, dying of the flux while the politicians live in their castles surrounded by groves of impaled serfs. I am looking forward to this.

(Actually, what really worries me is that, quite clearly, we are now living in a world which our politicians simply are not equipped to understand and, worse, which they don't understand they don't understand). I don't mean Trump, who clearly would have been out of his depth in the stone age, but superficially well-educated people: people with PPE degrees from good universities. We live in a world where science, engineering and in this case maths, are critical, and they not only don't have the background or facility to make sense of these things, they *don't know they haven't got it*. So they propose laws which amount to declaring that pi is 3 or something, and we're all fucked as a result. I'm not suggesting a revolution by scientists, engineers and mathematicians (I'm two of these things and I would be a profoundly terrible politician), but we need to get to a state where the people we elect are at least competent to deal with the world we live in, and we are not in that state now.)

2
0
Silver badge

Re: Plugins

Two problems:

One, the qualifications for being a politician are essentially at odds with the qualifications for being in the sciences. The latter requires a relatively objective look at things while the former is almost entirely SUBjective, owing to the fact politicians essentially are playing with other people. Essentially, in general, great scientists make poor politicians and vice versa.

Two, it goes to the general population. The average person doesn't want to know this stuff. They just want to get through their day, enjoy themselves afterward, have the occasional day off, and repeat ad nauseum. Worse, any attempt to install an academic or some other meritocratic qualification for being an actual citizen WILL (not may) get corrupted in some way.

Frankly, you have to wonder if the human race really is cut out for this kind of civilization.

1
0

Re: Plugins

>> Perhaps the next step is that all computers will be considered dangerous devices requiring registration the same way cars are. And all software firms and programmers will likely have to sign legal oaths and probably even post surety bonds. <<

What about electronics engineers? Some of us still know how computers actually work, and can build our own.

2
0

And just as I suspected would happen as soon as the future was threatened by a clueless Government, work is progressing quickly on a decentralised internet using Blockchain tech. Snoop on that UK Gov, when you stop playing fair - people will just take your tools away.

2
0

Out of purely hypothetical interest -

If someone created an online shop or forum, and stored all user data in plain text and had no HTTPS on the website and some 10K records were stolen from it by hackers, then presumably when the ICO tried to fine you for data breaches you could simply say - sorry - it was not possible to comply with any your rules because the Government made it illegal, so feel free to pass the bill on to them.

6
0
Unhappy

you just can't have it both ways

These people in power are moronic.

You can't have it both ways. You can't have your failing health system not get compromised by ransomware because there are , flaws, bugs or back doors in code that runs that.

And by the same token have a back door or no encryption on all other data transmission

The two are mutually exclusive. The IT industry is wasting it's time securing systems, if the idiots in bower come along and demand that they be insecure

Do we need a "if your a terrorist please download this insecure version of whatsapp, but if your a white christian please download this secure version"

6
0
Silver badge

Neither Facebook nor Google is the NSA. If I put stuff on my Facebook page, obviously Facebook has to be able to display it on that page in a decrypted manner. A smartphone needs a backdoor for the government to read everything in it. A social media site doesn't.

Of course, that's probably just my failure to understand the issues discussed in this article.

I think it is reasonable for the government to prohibit Internet businesses from making it convenient for jihadis to communicate covertly, at least if they're handling messages in cleartext. Of course banning people from encrypting their own communications is intrusive legislation to be avoided; but it's not clear that anyone is actually proposing that all E-mail services scan every E-mail to ensure no encrypted text has been cut and pasted into E-mails, or anything like that.

Facebook doesn't supply encryption products, even if it might encrypt data for other people. Anyone who expects a third party that encrypts data for others to keep it secret from police investigations - or even for them to insist on a warrant before handing it over - is not only unrealistic, but wrongheaded. Companies, as good citizens, should be eager to help find terrorists or pedophiles or whatever.

1
4
Anonymous Coward

"A smartphone needs a backdoor for the government to read everything in it. "

No, it really doesn't. There are these things called courts, they have judges, who issue warrants when there is evidence. Unless you believe judges are the Enemies of the People.

5
0
Bronze badge

Mate, you're on a loser with common sense like that.

This place is full of people more concerned about the feelings of the "community" where terrorism is allowed to thrive then the feelings of the 22 sets of parents and families burying their dead after the wake of Manchester.

Look at Andy Burnham, saying "nothing to do with Islam", despite all the evidence contrary. He's more concerned about getting their votes than young children being shredded with shrapnel because they follow a religion borne from bloodshed.

The narrative that "islam is peaceful" when it was started by a murderous slave owning paedophile to raise an army to conquer Mecca is fucking disgraceful. Maybe you Guardian readers should read an actual history books for once in your life, rather than listen to propaganda of the Marxist echo chamber who are using Islam to destroy the idea of the nation state so they can seize control. Maybe if you read enough history, you'd realise this isn't nonsense talk. But alas, you're doomed to repeat the same mistakes that history should have taught you.

Of course you're not allowed to speak about historical facts like that. They couldn't call it Blasphemy as that would be too fucking obvious, instead they pretend it's "racism", or "Islamaphobia".

It's tragic when you're more concerned with not insulting a made up God rather than protecting innocent children from being slaughtered in the name of that made up God.

If you wan to protect the terrorists, I challenge you to explain to the grieving families from Manchester exactly why they should listen to sanctimonious twat virtue signal their moral fucking superiority.

Good luck with that.

3
4
Anonymous Coward

"The narrative that "islam is peaceful" when it was started by a murderous slave owning paedophile to raise an army to conquer Mecca is fucking disgraceful."

And the Torah talks about the time the Israelites stormed and fell the city of Jericho. We're talking the "an eye for an eye, a tooth for a tooth" God of the Jews, remember?

Heck, not even Jesus was immune to the odd tantrum. Recall the moneychangers?

3
3
Silver badge
Big Brother

Companies, as good citizens, should be eager to uphold the rule of law.

FTFY.

A good citizen generally obeys the law (unless some greater law is at work, eg those hiding Jews during WWII - law was "turn them over" but good citizens protected them). So a company being a "good citizen" would not hand over data unless there is an appropriate warrant that in itself complies with the rule of law (because of police/prosecutors don't uphold the law, why should any one else?). When Mr Plod hands a warrant over to a company for someone's data, that company should check first that the warrant is legitimate, and refuse to honour it if it isn't. Refusing to take part in illegal activities (even if done with best intentions and honest mistake) by plod/prosecutor is an act of a "good citizen", corporate or fleshy.

(El Reg, can we get the V icon available for us non-AC posters please? Would prefer that to BB)

0
0
Silver badge
FAIL

When encryption is outlawed...

...only outlaws will have encryption. By definition.

Good luck wi' dat!

I thought you guys on the right side of the Pond were not quite as stupid as we Colonist have recently become. I guess I was wrong about that.

6
0
Anonymous Coward

Re: When encryption is outlawed...

Which will then start making them stick out like sore thumbs, especially combined with a panopticon and stego mangling.

1
2

Encryption is a cancer on society

This is the Central Scrutinizer. It is my responsibility to collect all your passwords and data.

To that end, from June 9 2017 we are outlawing mathematics, err encryption. Encryption is a cancer on society that allows people to have private conversations and messages via the Interwebz that the government cannot listen to. It also allows people to do their online banking in total privacy! This is clearly unacceptable.

From June 9, we are rolling out a worldwide system to counter mathematics, err encryption. We are starting small, with a rollout on a little island off the west coast of Europe. Theresa, the Supreme Leader of this island, is terrific, she really is. She has already shown the right fascist tendencies and we are very excited to be helping her implement our new system of surveillance, err safety.

Our staff from Central Services will be visiting every home and business in order to register all your computing devices in our Central Database. They will also be installing black boxes on all your devices in order to ensure that you can't use encryption. They only weigh a couple of kilograms each and are therefore barely noticeable. These tamper proof boxes are terrific too, they really are. Theresa came up with the idea and so, in her honour, we've christened them Theresa's Boxes. Now all your communications will be routed through Theresa's Boxes. Rental only costs a few shillings per month per device.

From June 9, anyone caught using mathematics, err encryption, will be sent to our correctional facility north of the Arctic Circle, where they will be re-educated, using the Central Re-adjustment of Attitude Program, or CRAP. It is not known at this point how long this CRAP might take to work, but we suspect it won't be a brief stay at the facility. Dress warmly.

We will keep you informed of any updates to this new system via Central Television.

A world without encryption.

You'll love it......it's a way of life.

6
0
Anonymous Coward

So you won't give us your password eh?

https://xkcd.com/538

(for Western governments substitute leaning against a wall on your fingertips, wearing a hood and listening to white noise for the wrench)

1
0
Bronze badge

Good.

There'll come a time when traitors to this land are held responsible for their actions.

0
4
Silver badge

Are you sure about that? Treason, like most other things human, is relative. City-saver or kingslayer?

3
0
Silver badge
Big Brother

@william 3

I assume you're talking about the nimrod who would propose such ridiculousness, yes? No? Then you must be talking about yourself.

3
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing