back to article Privacy is for paedophiles, UK government seems to be saying while spending £500k demonising online chat encryption

The British government's PR campaign to destroy popular support for end-to-end encryption on messaging platforms has kicked off, under the handle "No Place To Hide", and it's as broad as any previous attack on the safety-guaranteeing technology. Reported by us well in advance last year, the £500k campaign aims to destroy …

Page:

  1. Anonymous Coward
    Anonymous Coward

    Inrage and outrage

    I am outraged. Of course I do not want e2e when communicating with my accountant, lawyer, significant other, business partners, bank, or anybody else in my life. I am gagging for any and every shady little hacker to help themselves, and I trust the police, Google, Facebook, online stalkers, agents provocateurs and organised crime implicitly, not to abuse the absence of it. How can these e2e activists possibly imagine otherwise? The government should be told!

    Pip pip!

    pp. Lord GNU Object Model Environment (no relation)

    1. TimMaher Silver badge
      Coat

      Re: Lord GNU

      Sure you are not Lord Gnome?

      Mine's the one with the latest Private Eye in the pocket.

    2. JimboSmith Silver badge

      Re: Inrage and outrage

      I asked someone at a party at Christmas (everyone had to test negative to gain entry) what he had against end to end encryption. He said something similar to the Banardo’s tweet and that people can use it to hide their dodgy financial dealings etc. “I have nothing to hide” I asked him if he had curtains in his house and he said “obviously” so I said he therefore did have something to hide.

      Did he bank online yes he did and seemed oblivious to the fact that used it, until I told him. Did he shop online, yes and again was amazed that this too used e2ee. Oddly though he thought email did and I told him the oft repeated phrase Don’t write anything in an email that you wouldn’t write and send on a postcard. He had no idea and sent his card details CVV address and all via email.

      People need education because yes you can get rid of e2ee but you also get rid of so many other things that rely on it.

      1. ThatOne Silver badge
        Big Brother

        Re: Inrage and outrage

        > People need education

        Definitely, but what people really get is propaganda, because that makes them more docile and easier to handle. Really educated people are critical, rebellious and demanding, not easy to push around or keep silent.

        Luckily, since you start out with an utterly naive and uncritical mass, you just have to classify propaganda as education, and if the pill is hard to swallow you sugarcoat it with some pseudo-ethical glaze. And "Think of the children!" is the favorite flavor worldwide, because nobody, of no political/religious persuasion, can possibly argue with that, not to mention it has the added bonus of stamping any naysayer automatically as a disgusting pervert. No wonder it gets thrown around so much.

    3. druck Silver badge

      Re: Inrage and outrage

      You don't actually want end to end encryption when communicating with someone from your bank, because I assume you trust your bank. With end to end encryption your bank would not have access to the communication, and if their employee advised you badly, there would be no record of it. What you want is the traffic encrypted between you and the bank, and the bank and their employee, but for the bank to be able to access that communication in case any advice is disputed.

      1. Anonymous Coward
        Anonymous Coward

        Re: Inrage and outrage

        lol that is not accurate at all,,,, Either side, banker and banking DO have the messages or they wouldn't be communicating, Each can save the conversation if they want to. All End to End Encryption does is stop "others" from seeing the conversation between the two of you. Not sure what you were thinking of, but it's not this.

        1. druck Silver badge

          Re: Inrage and outrage

          End to end encryption is only needed when you do not trust the service provider of the communication. If you are using your bank's video communication (rather than Zoom or whatsapp) and you don't trust them, what are you doing with that bank?

          1. Anonymous Coward
            Anonymous Coward

            Re: Inrage and outrage

            wow, If you are text chatting with your bank, and giving them account numbers, your address, that you will be traveling, all that is gold to criminals. All (US) banks use encrypted Emails (and other methods that are regulated) for secure communication with members when account/PII is included (required by law). How do I know this, I am IT Security at an FI. You should talk to "your bank" about 'if there communications are secure" they should be eager to tell you how secure it is and what level of encryption is used.

            1. druck Silver badge

              Re: Inrage and outrage

              In your position I'm really surprised you don't know the difference between encryption and end to end encryption.

              1. Number 39

                Re: Inrage and outrage

                Doesn't this depend on whether you define end as arriving at the bank or arriving at the employee?

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Inrage and outrage

                  yes, and there is only "the bank". To clarify (for others) Banks (talking US, as thats the regulations I know) the only Chat app allowed is the banks app. There is no possibility of other chat apps being used. They are blocked by app, port, at the desktop, internal network and firewall. Just as if it was (and likely would be) malicious activity. Data going in and out is strictly monitored as it is expected that these apps would be used for exfiltration of customer data by malicious actors. There is zero possibility of chatting with bank staff on work equipment over any chat app other than the banks system, and just like all phone calls the content is recorded and or documented. Sadly not even employees are trusted due to the one in a 100,000 that would scam someone. There is always more to know, but I hope this clarifies a little just how serious financial places have to take access to data.

                  1. tip pc Silver badge

                    Re: Inrage and outrage

                    There is zero possibility of chatting with bank staff on work equipment over any chat app other than the banks system, and just like all phone calls the content is recorded and or documented. Sadly not even employees are trusted due to the one in a 100,000 that would scam someone. There is always more to know, but I hope this clarifies a little just how serious financial places have to take access to data.

                    What you describe is not end to end encryption.

                    End to end is like me sending you a WhatsApp or an iMessage or making a call or video over those systems. No one along the path would be able to decipher and replay the communications.

                    What you describe is like end to point encryption. My comms between my computer and your bank would be encrypted and safe from eves dropping but once at your bank your systems are free to do whatever including recording and monitoring. From your messaging server to your staff’s chat client would be encrypted too, that could be end to end, neither end being the customer who initiated the comms.

                    I don’t think traditional social media does e2ee otherwise I wouldn’t be able to read public posts from a Google search.

                    It seems like being pedantic and splitting hairs but it’s a hugely important distinction.

                    Apple is struggling with this for their iCloud photos where they want “true” end to end encryption where no one but the customer can read the data but also want to negate csam and have proposed scanning on the client to flag specific content for further analysis and reporting.

                    There is likely room for a halfway house where comms to trusted (large providers like Facebook, twitter etc) being encrypted in transit but the scanned at the other end. That would preclude iMessage, WhatsApp, telegram etc as the providers can’t scan the content in transit as only the sender and receiver can decrypt.

          2. Anonymous Coward
            Anonymous Coward

            Re: Inrage and outrage

            For fuck sake.

            1. Sub 20 Pilot

              Re: Inrage and outrage

              Possibly a bit like 'increment' and 'excrement'...

          3. Sub 20 Pilot

            Re: Inrage and outrage

            I sincerely hope that nobody relies on you for sensible advice on communication safety.

        2. NATTtrash
          Trollface

          Re: Inrage and outrage

          Either side, banker and banking DO have the messages or they wouldn't be communicating, Each can save the conversation if they want to.

          Indeed...

          Bring your own booze!

          Why is Martin encouraging a mass gathering in the garden?

          [...]

      2. midgepad

        Re: Inrage and outrage

        You may care to consider ehat the ends are in a conversation between me and my bank.

        I'm one, the bank is the other.

        1. druck Silver badge

          Re: Inrage and outrage

          No, with end to end encryption, you are one end, the bank employee (who may be working from home) is the other, the bank (as the service provider) does not have access - that's the entire point.

          1. Filippo Silver badge

            Re: Inrage and outrage

            I can't do public key cryptography in my head, and I don't think the bank employee can either, so neither of us are endpoints. My phone is an endpoint, and his computer is an endpoint, and his computer is very likely owned by the bank, or administered by the bank. He might be working from home, in which case it's fairly likely that communication is not E2EE, but rather two E2EE segments, with the bank in the middle.

            I would also argue that, even if it worked like you claim, I would still desire E2EE, because I'd rather trust the bank employee, than trust that nobody is tapping any of the several steps - some of which are physical broadcasts - between me and the bank.

            But nevermind all that! The article is mentioning mobile banking apps. Which are fully automated. There is no bank employee at all. The endpoint is indeed the bank's servers.

          2. ThatOne Silver badge
            Facepalm

            Re: Inrage and outrage

            > with end to end encryption, you are one end, the bank employee (who may be working from home) is the other

            Unless you communicate with your bank employee using WhatsApp, this is utter nonsense. Legally your communication is between you and your bank, the employee in question is merely one of the many faces of that bank. And the bank will make sure (for legal reasons) that whatever its employees are doing is duly documented and traceable. Do you really believe banks will let their employees do their own thing without leaving any legally binding trail?

            "Why don't you take a million or two home in cash, just in case someone wants to make a quick withdrawal?"...

          3. Precordial thump

            Re: Inrage and outrage

            If the employee is WFH and the communication is properly secured, you have e2ee with the bank AND the employee has e2ee with the bank.

      3. RegGuy1 Silver badge

        Re: Inrage and outrage

        Haha -- you are a brexit voter and I claim my 5 euros.

  2. MrBanana Silver badge

    What do you expect for £500,000?

    This is obviously not a serious attempt to do anything. If they really meant it, there would be £50 million in funds exclusively available to their mates, Tory party donors, and other, sundry criminals. Even that pub landlord next door, wouldn't get out of bed for £500,000.

    1. Blazde

      Re: What do you expect for £500,000?

      Are Barnardo's chipping in a few quid too maybe? Very disappointed to see them wading into such a far-reaching political argument.

      1. Dabooka Silver badge

        Re: What do you expect for £500,000?

        Reading the comments I do not think it's been received too well at all.

        1. ThatOne Silver badge
          Stop

          Re: What do you expect for £500,000?

          > Reading the comments

          If you mean the comments here, be careful: This here is a vanishingly tiny, special minority which (more or less) knows what encryption is. The vast majority out there only knows encryption is something you use to keep secrets, and secrets are necessarily evil ("nothing to hide").

          Reinforcing that ignorance and giving them arguments (no matter how fallacious) is worth the money, and I'm pretty sure that campaign will succeed in increasing the latent and diffuse hostility towards encryption. The opinions of a handful of privacy freaks is of no consequence at all.

      2. Evilgoat76

        Re: What do you expect for £500,000?

        You might want to look at their past. We aren't just talking little skeletons here....

      3. Anonymous Coward
        Anonymous Coward

        Re: What do you expect for £500,000?

        Any large charity has a vested interest in attracting the public to the "good" they are doing. Barnado's publicity in the 19th century used re-staged photographs of apparently destitute children.

    2. GruntyMcPugh

      Re: What do you expect for £500,000?

      Well, yeah, they spent £37Bn on 'Test and Trace' and didn't even manage to backdoor everyone's phones.

  3. Anonymous Coward
    Anonymous Coward

    Nothing to fear if you have nothing to hide....

    ...is a term used by the fascist state who want a Stasi level of monitoring into every aspect of your life.

    Welcome to Tory 'police state' Britain.

    1. alain williams Silver badge

      Re: Nothing to fear if you have nothing to hide....

      Maybe we should ask ministers to read this paper.

      Actually I suspect that they know the arguments and really hope that most of us do not read it.

      Further comments by Bruce Schneier

      1. Doctor Syntax Silver badge

        Re: Nothing to fear if you have nothing to hide....

        Just reading this article would be a good start.

      2. ShadowSystems

        At Alain Williams...

        It should be mandatory to print out those articles, laminate them for protection against the elements, & nail gun it to the forehead of every politician on the planet.

        *Hands you a pint in gratitude for providing the links*

        Cheers!

      3. Fred Flintstone Gold badge

        Re: Nothing to fear if you have nothing to hide....

        I must admit I kinda like the irony that the first thing that pops up when trying to read the Schneier article on Wired is a box that tells you that someone cares about your privacy and you should really, really allow them to track your every move (indicated by the fact that "accept" is one button and the other "show purposes" is phrased that way because it makes it appear you have no alternatives (whereas in reality they're hiding behind that button) - and, of course, there is no "f*ck off" button which allows you to reject it all, including the (il)legitimate purpose bypass. Oh, and the "neccesary-and-you-can't-switch-it-off" functionality encompasses fun things such as "Data from offline data sources can be combined with your online activity in support of one or more purposes".

        Bloody criminals - that's exactly why I use a locked down browser, it's really no longer optional.

        Privacy remains a fight :(.

        1. Antipode77

          Re: Nothing to fear if you have nothing to hide....

          Bruce Schneiers essay on this subject can be freely accessed through this link.

          https://www.schneier.com/essays/archives/2006/05/the_eternal_value_of.html

    2. John Sager

      Re: Nothing to fear if you have nothing to hide....

      Just to point out, Labour were as bad on this topic when it was their turn to make up the rules.

      1. sed gawk

        Re: Nothing to fear if you have nothing to hide....

        you can forget an improvement from Stamer's Labour - in the words of the newest MP

        Elected on a Conservative manifesto, Wakeford has voted consistently with the government and declared yesterday: “I was elected a moderate and a centrist, and I’m still a moderate and a centrist, I just wear a different rosette.”

        [1] https://inews.co.uk/opinion/christian-wakeford-defect-election-tory-labour-bury-south-1412892

        1. sed gawk

          Re: Nothing to fear if you have nothing to hide....

          This Tells a Story -Tory MP Christian Wakeford defected to Labour, voted for the Policing Bill, privatization of the NHS, cut in Universal Credit, cap on benefits, end of triple-lock; hike in tax & national insurance

          Jeremy Corbyn opposed all of the above - Labour whip withdrawn.

          https://twitter.com/premnsikka/status/1484122551706075136

          1. sabroni Silver badge
            Facepalm

            Re: Jeremy Corbyn opposed all of the above - Labour whip withdrawn.

            In the name of anti-semitism the labour party has purged itself of Jewish members who support the Palestinian people.

            Because nothing says "We're not antisemitic" like a jew purge.

        2. Sub 20 Pilot

          Re: Nothing to fear if you have nothing to hide....

          As we used to say in less politically correct and morally judgmental times - ''same c*nt, different tie.''

    3. Anonymous Coward
      Anonymous Coward

      Re: Nothing to fear if you have nothing to hide....

      @A/c

      This stuff has being going on for years. All governments want to know everything about us.

      Remind me again, which government was going to bring in I.D. cards?

      As an aside, I remember reading a year or so ago that most M.P's werel switching from WhatsApp to Signal. Indeed large parts of the American military have been ordered not to use it. What do our M.P's know that they are not telling us?

      Though in the U.K. none of this natters. If you are asked to give up your password and you refuse? I think it is a maximum of 2 years in prison. Been that way for decades now.

      You could always write to your M.P..

      https://www.theyworkforyou.com

      But very few will

      1. Wellyboot Silver badge

        Re: Nothing to fear if you have nothing to hide....

        No maximum for withholding (or forgetting), they can bring you back and ask again ad infinitum.

        Each one a repeat offence...

      2. MrBanana Silver badge

        Re: Nothing to fear if you have nothing to hide....

        "Remind me again, which government was going to bring in I.D. cards?"

        Given time, all of them.

        The UK populace are screwed. Voting in a different flavour political party will change nothing.

        1. sabroni Silver badge

          Re: Voting in a different flavour political party will change nothing.

          How do we vote in a decent electorate?

      3. Sub 20 Pilot

        Re: Nothing to fear if you have nothing to hide....

        They must have got that domain name because someone else had ''www.theylookafterthemselvesand cuckyou.com''

    4. Wellyboot Silver badge

      Re: Nothing to fear if you have nothing to hide....

      You're thinking of a Gestapo police state, The Stasi were anything but fascist.

      The unlucky Germans who suffered both will tell you there was zip difference in practise.

      It's governments fear of the masses, not political parties behind banning encryption.

      1. Doctor Syntax Silver badge

        Re: Nothing to fear if you have nothing to hide....

        Same thing, different coat of paint.

    5. Anonymous Coward
      Anonymous Coward

      Re: Nothing to fear if you have nothing to hide....

      To be honest, that should surprise no-one.

      When Boris Johnson is in favour of liberty, or described as having liberal tendencies, it just means that he believes in his own freedom to do whatever he likes. As soon as it applies to others he is decidedly authoritarian.

      https://borisjohnson.themaninquotes.com/tags/authoritarian/

      1. AlbertH
        Mushroom

        Re: Nothing to fear if you have nothing to hide....

        FFS stop calling that clown "Boris". That's just a cuddly affectation suggested by his PR people. His name is "Alexander Johnson". Sounds a lot less cuddly, doesn't it?

        Just remember - his ex-girlfriend is Ghislaine Maxwell...... That should tell you all you need to know about him.....

        1. Wellyboot Silver badge

          Re: Nothing to fear if you have nothing to hide....

          We'd need the full ex-girlfriend list to determine relevance...

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022