We ain't afraid of no 'ghost user': Infosec world tells GCHQ to GTFO over privacy-busting proposals Bruce Schneier, Richard Stallman and a host of western tech companies including Microsoft and WhatsApp are pushing back hard against GCHQ proposals that to add a "ghost user" to encrypted messaging services. The point of that "ghost user", as we reported back in 2018 when this was first floated in its current form, is to apply …
"We welcome this response to our request for thoughts on exceptional access to data – for example to stop terrorists."
Or check what people are putting in their wheelie bins. Or whether their dog left a mess somewhere. Or whether you're a furry. RIPA powers were supposed to be used in "exceptional" cases too and now look where we are.
Am I being stupid, why does the list of "exceptional terrorist activities" require senior officers at the "Food standards agency Scotland" being able to backdoor my WhatsApp? Frankly I am under no pretense anything in WhatsApp is truly encrypted, but I expect plod and gchq only...
'..Am I being stupid, why does the list of "exceptional terrorist activities" require senior officers at the "Food standards agency Scotland" being able to backdoor my WhatsApp?'
In case y'ur plannin' tae mak the explodin haggis?
I assume one of the points of having so many organisations in the allowed-to-snoop list is the old 'plausible deniability' gambit...so when questioned in the old courts of law a spook can put his hand on where a heart should be and truthfully state about any dubious surveillance activities, as they say up here, ' it wisnae me, a big boy did it an' ran awa..'
Of course, added benefit is that it's easier to hide their activities within the 'noise' generated by the activities of this distributed bunch of nuStazi fsckwits, as they merrily abuse the powers gifted unto them (now, who'd have possibly thought they'd go and do something like that then?).
If you think that constitutional amendments would put and end to these attempts, you need to get out more. Human nature is not like that.
This is the LEO equivalent of, "If we can put a man on the moon...". It's going to take a couple of generations at least for these people to be seen as flat-earthers enough to get them to shut up.
True (voted up). In reality, I'm really not that optimistic, however much weight a constitutional amendment carries. There's plenty of constitutional territory that gets challenged all the time. It simply will never end; and they'd find a way to do things in secret either way. Still, I'd rather have that constitutional weight than not.
> for example to stop terrorists
How can this mouthpiece (a) be so naive as to think that's what it will actually be used for,
(b) be so naive as to believe that non-CGA crooks won't be the first to exploit it, and (c) be so naive as to think any informed person will believe him anyway.
It's so depressing that terrorism now seems to encompass expressing any opinion - or indeed fact - that someone in some government department finds inconvenient.
How can this mouthpiece sheeple (a) be so naive as to think that's what it will actually be used for [...]
FTFY. I doubt the mouthpiece believes it. The target audience is John and Jane Public, who certainly don't want to be blown up by terrorists. "Surely we should give the proper authorities the tools they need to keep us safe. If you've done nothing wrong, then you have nothing to fear."
Right?
The key to stopping this is to turn around the argument "if you've done nothing wrong, then you have nothing to fear.". If law enforcement and spies want to set up surveillance of public places, let them, but only if that surveillance is made available to the public who pay for it (and I mean just as available as it is to LE and spies). If LE and spies wants to spend taxpayer's money to backdoor encryption by being added to the conversation, then the general public should be able to backdoor encryption and be added to the LE and spies' conversations.
Of course, they're going to whinge and claim they should be held to a different standard. When they do, ask them to prove it and don't accept "because terrorism", "because national security", "because official secrets", ore even "think of the children" without making them produce evidence. In reality, the majority of classification, secrets, emails, and conversations are not, in fact, about such things.
and all supported by MPs, AMs and MSPs who will bleat "doing nothing isn't an option, we have to do something" "nothing to hide nothing to fear" "the safety of children is at stake" "I've spoken to the families of those who died during xxx and I won't let that happen to anyone else" (even if their demands are wholly unreasonable and implausible) and use polite words to infer your a "climate change denier" "terrorist sympathiser" "unhinged" etc.......
> Has no-one thought of the safety of children yet?
A bit like the porn viewer blackmailers charter.
Let's put these rules in place so everyone who wants to perv at porn has to prove they are an adult... Oh and now we've got a regulations coming that will ban things like "Likes" for kids on social media. OK, prove you're not a kid. Oh look we've already got an age verification system in place. Before we know it you'll need to be using AV to access anything online and suddenly they got a system of digital ID cards in place without needing to do it through parliament.
https://news.sky.com/story/sky-views-the-government-is-quietly-creating-a-digital-id-card-without-us-noticing-11726548
All by claiming they were thinking of the kids
Basically the colours change but the tune stays the same. Civil service dictate the agenda and when the public revolts, they just bide their time, modify their orwellian ideas a touch and try and shove it through again.
See - Welfare reform / cuts and UnumProvident see how many names flit between them and the DWP and back (a conference on "malingering" attended by various civil servants and govt bods and set an agenda we are still on and the public were kept in the dark) "Being sick is a role people choose" "work is good for you / therapeutic [sounding not unlike Arbeit Macht Frei] - wonder how many had relations in the NSDAP or simply are cutting and pasting ideas, the PIP reforms seem to have been a watered down AktionT4, road charging. now ID cards.
DWP will be right on that - using whatsapp, clearly not disabled and clearly committing serious fraud, which of course will be supported by the bench, nearly off whom no matter their age are technologically illiterate, biased towards the govt, see anyone on disability as "on the scrounge" and "fakers abound" and therefore instead of the state proving you committed fraud, the accussed is left to prove their innocence without legal advice (legal aid cuts and all)
Case in point disabled woman did a skydive for charity that the skydive company owner stated in court was suitable for disabled people, even severely disabled, was prosecuted, convicted and required to pay back years of diability living allowance and ESA because the bench concurred with the DWP that no disabled person would do a skydive (likely as in their head "disabled people" are those pale sickly types being wheeled around in wicker bath chairs on sunny days from the institution) and ignored all the defence witnesses
Exactly, it is just another backdoor.
No matter how you dress it up, a "ghost user" is still a means of decrypting without being one of the original parties based on some supposedly secret user-key, and so is subject to all of the same fundamental weakness as knobbling the cryptographic function directly.
Local MSP tried to tell me that facial recognition was no different to first generation biometrics such as fingerprints. He's gone all silent after I pointed out his fallacy. He's also now gone from personal emails back to the MPs favourite - pre printed blurb written by whoever and ignoring all the points highlighted in correspondence.
SNP - Another party off the list for that reason, along with this "climate emergency" pandering to an unwashed rabble.
Now if the libretarian party were not against the NHS then I might consider voting for them. However since they are against it then stuck for a party.
Labour - rather not end up in the 1970s with closed shops all over the place.
Tories - no chance in hell, not after them going after the disabled and the snoopers charter
Lib dems - who will they whore themselves out to next
ChangeUK - more nulabour nonsense likely including keeping this "give the sick and disabled a continued kicking"
Greens - none of them have any experience living in a rural area where buses are 1 an hour or less, nor do I fancy living in a marxist commune (citizens assemblies sounds just like communism)
UKIP/Brexit - definetely not
"Dalek dung - smells really good though."
I thought the Daleks were once a proud intelligent race, they put their brains inside those metal containers but were later on brainwashed into being the mindless drones we know and love. So if there is still organic material in there, there must be waste, so it's not so far fetched.
They're attempting to weasel around the terminology a bit.
What they're asking for isn't *technically* breaking the encryption. They want the ability to insert an unauthorised (by the victim... sorry, target) user into a conversation so that the software on the devices of the parties encrypts a second copy of the message using the public key of the eavesdropper and sends it on to them.
No encryption has been broken there. So technically they're not breaking encryption and (they hope) can wave away such foolish things as maths which might be used to argue against them.
But, at the same time they're completely ignoring the issues with that:
- I'd not use any application which had the ability to do that.
- You need the end-users device to "know" about (but not display) the ghost user, so that it knows to encrypt for the peeler. Which means someone will figure out a way to detect the presence of the eavesdropper
- The people they claim to care about catching will move onto a technology that isn't affected whilst we all get digitally raped by the rampant privacy abuse of our Government and it's organs
- Eventually, it'll leak just how much the ability was misused, the industry will refuse to co-operate and we'll be back where we are now, having fucked up a lot of lives along the way
They *are* though, going to keep pushing until they get what they want. They don't need 100% coverage, just to take a few big scalps so that most of the population are using at least one affected app.
Howdy, BT
I'd not use any application which had the ability to do that. .... Ben Tasker
The bigger question is how on Earth would you Stop such an Ability ...... Fully Ready and Worthy of the Most Noble of Facilities :-)?
It would need to be heavenly to be allowed to proceed, methinks. You can thank Global Operating Devices for that Hosting in Postings.
* Show a Lone Wolf Cat Houses is in any language an Extremely Engaging and Immensely Satisfying Passion to Server in Supply and Service with Insatiable Desire, whenever and wherever they may be needed to be found.
How does one cope with such an engaging and enraging morsel, BT ....... How We Do IT ..... with AI Leading Trails and Tales to Follow ‽ .
just to take a few big scalps so that most of the population are using at least one affected app.
...and that's why I only use open source applications if the data is any more valuable than the latest game save on a Nintendo. No open source application available, or TiVoised mobile? Maybe I really didn't need whatever it was in the first place even though Silicon Valley thinks I did.
Not that I've done anything intentionally wrong or criminal mind you, but let's stop pretending anyone that thinks they haven't done anything wrong isn't actually a technical criminal due to our dizzying array of laws and regulations. In the immortal words of Cardinal Richelieu, "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." Even the politicians calling for this have probably committed some offense or other in the past, it's just that the more connected you are and the more resources you have the easier it is to hide the indiscretions (more to the point, people tend look the other way on purpose around such individuals, drawn like moths to a flame to the perceived power of the person).
Yes, I'm aware that this may mean not using mobiles. Or only carrying a candy bar phone for safety when going out, and treating it as the electronic bug, spy, leash, and tracker it is. And yes I'm also aware we may end up like China where you are legally forced to carry one. At that point Blighty is, quite candidly, fucked and some other country will be taking over in a few generations -- not to govern its people, mind you, but to thoroughly subjugate them and take whatever resources are left from the remaining subsistence farmers.
Ah, Karma. Sometimes it operates on scales of centuries. No less sweet.
UK.gov will solve that reluctance - social credit. Want heat, light or running water then do as your told and carry what we tell you tu and use the apps we require you to.
Already we're heading for a privatised firewall of britain.
Is anyone surprised though? With all those govt bods at all levels (inc county councils) on fact finding missions to china for years on end, it wasn't trade they were interested in, its the controlling the populace and how to silence those "irritating" voices who cause disruption to your harmonious society......
"You can't break encryption "a little bit". You break it or you don't."
They are not breaking encryption. Messages will still be encrypted end to end, just the security services will be one of those ends, the ghost bit, and will see all your messages too. Whats app etc will still be blind to your messages, the authorities won't.
"Whats app etc will still be blind to your messages"
This is not true, I'm afraid. WhatsApp generates the keys; which means one of the ends is Facebook. The "end-to-end encryption" is solely to protect THEIR data from competitors and a marketing buzzword to reassure users.
You didn't think a company like Facebook paid $19 billion for WhatsApp for altruistic purposes, did you?
"Are GCHQ that dense? Yes, yes they are."
No they're not. They just hope they can get away with it anyway.
They'll brain-wash the Home Sec to let them do it. And heaven help us if the current Home Sec. in the HO gets into No 10. The current Home Sec in 10 has been bad enough but the current Home Sec. in the HO actually wrote an article in the times describing himself going through the process without even being aware of what he was actually describing.
+1+1+1...
As I have said before, all Home Secretaries as borderline sociopaths (mostly on the wrong side of the border at that!). Take a sociopath Home Sec, make them PM and you end up with the autocracy that we have suffered with the Maybot.
It took Maggie and Bliar 3 terms to become convinced of their immortality, May was like it from the start and I hate to think what Javid would be like
I'm not sure Home Secretaries all start out that way. Some seem almost human (eg Blunkett) before they get to the post.
Then, something happens to them.
Perhaps they get indoctrinated. Perhaps they get lobotomised. Perhaps they find out just how much dirt there is recorded on them. But nobody ever comes out of there that can be trusted.
What happens ?
I'm not sure Home Secretaries all start out that way. Some seem almost human (eg Blunkett) before they get to the post.
Blunkett is and always was a slimeball. He's a self-confessed adulterer and fraudster and a borderline fascist. I never understood why he wasn't sent to prison for his misdeeds. You get these people on the left and the right - convinced of their own righteousness while simultaneously shovelling money down their trousers.
I'm too old and tired but I do hope the younger generation wise up sometime and kick them all out. Greta Thunberg gives me a bit of hope at least.
'Greta Thunberg gives me a bit of hope at least.'
Eh?,
I'm old and tired too, but still remember the 'Gretas' of my youth, and those of my student days, and the ones I ran into while working, and so on...they were all just as passionate about the same subjects this Greta is, just as idealistic, and where are they all now?
The only difference between those 'Gretas' and this one is that she has media savvy 'connected' parents (c/w publicists) and, thanks to the collective efforts of all us old buggers, she has a global platform to perform on...I'm afraid, with age, my cynicism has deepened, I'd be following the money here...however genuine she is, the circus surrounding the lass has 'that' spoor...
All this reminds me of a cartoon strip I once saw in an anarchist rag, it ended on the frame with the earth being destroyed by the antics of humanity and the words (paraphrased) 'Come and see the Spectacle of the demise of The Society of the Spectacle'
It took Maggie and Bliar 3 terms to become convinced of their immortality, May was like it from the start and I hate to think what Javid would be like
I read this a little too quickly as immorality and giggled. May was part of a long line of Home Secs who went native and lost any principles they might have had.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
