back to article UK Home Sec: Give us a snoop-around for WhatApp encryption. Don't worry, we won't go into the cloud

The UK government is once again suggesting encryption has no place in citizens' hands, in the wake of revelations that Westminster attacker Khalid Masood was using WhatsApp shortly before murdering pedestrians with his car, and stabbing a police officer to death. While she stopped short of threatening a Brazilian-style …

Page:

          1. tfb Silver badge

            Re: perhaps itself encrypted with a key known only to law enforcement

            Do you remember Snowdon? Perhaps that was too long ago: do you remember the CIA leaks that are currently being dribbled out?

            Here's the thing: information leaks from law enforcement agencies. And when this super-secret key leaks, which it will, *every bit of communication it protected is now plain text*.

            Seriously, you need to think a bit harder about this, because you are looking silly here.

          2. MMalik

            Re: perhaps itself encrypted with a key known only to law enforcement

            "I'll restate my point for clarity. Encrypted communication between two devices could be "backdoored" for law-enforcement without making it easier for a third-party who snoops on the traffic to decrypt."

            You can state "Two plus two make five." as frequently and clearly as you like, but that does not affect the fact that two plus two makes four.

            You are proposing a system with a master backdoor key that can be deliberately stolen or accidentally leaked. A system with a master backdoor key that can be deliberately stolen or accidentally leaked is less secure than a system without a master backdoor key that can be deliberately stolen or accidentally leaked. QED.

      1. MMalik

        Re: Colour me surprised

        Nonsense. This suggestion introduces a gaping hole in security -- all a hacker needs to do is get into the system where the private key is stored (or suborn one of the bureaucratic drones in charge of it) and he has unlimited access to everything.

        The correct solution is for governments to recognize that they'll have to adapt to the new environment and use techniques that aren't affected by end-to-end encryption (hack into suspects' phones and computers to access traffic outside the encryption envelope, plant shoulder-surf spycams to snoop suspects' passwords, good old-fashioned shoe-leather investigation, etc). The government desk jockeys don't like this idea because it means 1)doing actual work instead of just pushing a few buttons and 2)because it involves actual work, they're limited to monitoring actual suspicious characters instead of snooping on everybody. Too bad.

        1. Androgynous Cupboard Silver badge

          Re: Colour me surprised

          Vast numbers of comments on this thread presume that just because a desirable public key is in existence, it will leak. If this were the case the banking system would have crumbled years ago and your digital passports would all have long been cloned, yet mysteriously this isn't the case. "All a hacker needs to do is get into the system" comes from an absurdly simplified view that everything is stored online, no doubt on a Windows 95 box protected with "password" like you see on the telly. That's just not how it works, and (@MMalik et al) if you'd bothered to read my post you would see it's not what I described.

          Properly designed, properly implemented secure systems can and do exist, and the fact we're in the era of both the "Internet of Shit" and some very high profile recent data breaches doesn't negate that. Both Manning and Snowden walked away with data because it was available to download, and because they were trusted to do so; that was the problem. You need to first get that shit offline, and then start with a complete lack of trust between all parties to do this properly. If nothing else I think we can agree we have that already.

          Enough with the "what about the l33t hackerz" replies please. This isn't slashdot.

    1. Oh Homer
      Headmaster

      I wonder how...

      ... our totalitarian rulers propose to ban, circumvent or backdoor open source communication tools like Bitmessage and ChatSecure?

      The problem with such Draconian measures is, as with DRM, that they just inconvenience the law-abiding masses, while the actual criminals/terrorists carry on regardless.

      1. streaky

        Re: I wonder how...

        I'm already using bitmessage and I have the source backed up, so they can do what the f they like. On a technical level the things being discussed are absurd. Nothing said by Rudd passes the laugh test.

    2. This post has been deleted by its author

    3. Anonymous Coward
      Anonymous Coward

      Re: Colour me surprised

      Amber Rudd: Cheltenham Ladies' College, followed by History at Edinburgh.

      Andrew Marr: Loretto School (an independent school in Musselburgh, East Lothian), followed by English at Cambridge.

      And you're surprised that an interview between those two involved no coherent questioning and a total lack of understanding of encryption, secure messaging, and related subjects?

  1. SkippyBing Silver badge

    Presumably someone briefs her on these things. Obviously they hate her.

    1. gandalfcn

      " Obviously they hate her."

      And are aware she knows and understands less than a pissed galah.

      1. Adrian 4 Silver badge

        And are aware that the level of encryption now becoming widespread is a direct result of invasive government spying.

  2. Anonymous Coward
    Anonymous Coward

    Same script, different face

    This little speech was written in anticipation of this latest inevitable attack.

    1. allthecoolshortnamesweretaken

      Re: Same script, different face

      I think they have generic statements ready to be updated and used within minutes. Like news outlets have obituaries etc for A-celebrities etc ready (it always used to be the first job a new intern had to do, update those to keep them current). Or very much something like this.

      1. fidodogbreath Silver badge

        Re: Same script, different face

        I think they have generic statements ready to be updated and used within minutes.

        That's how the execrable USA PATRIOT act was rammed through. It was written far in advance, and saved until an appropriate crisis occurred.

        1. Bloodbeastterror

          Re: Same script, different face

          "It was written far in advance, and saved until an appropriate crisis occurred."

          Entirely correct.

          Once again I can't recommend highly enough that you read Naomi Klein's The Shock Doctrine. If you get to the end without your blood boiling, you haven't read it properly.

        2. Dan 55 Silver badge

          Re: Same script, different face

          Ex-cyber security chief says Government is 'using' Westminster attack to grab unnecessary spying powers

          Major General Jonathan Shaw said decrypting social media messages would see terrorists use other secure methods to communicate

    2. Voland's right hand Silver badge

      Re: Same script, different face

      So, if he used sms or a call before the act (like for example the Paris attackers) we would have banned SMS?

      Did they have a IQ 80 selection bar on this government or something?

      Also, even if the message was not encrypted - who cares. What would have been interesting would have been his communications if he was under instructions. That is clear - he was not.

      If he was under instruction from IS, Al Qaeda or another similar outfit, he would have chosen a different car. Modern consumer cars even if they look big and "brutal" have significant pedestrian protection as well several other features designed to minimize damage in an accident. It is extremely difficult to kill multiple persons with most of them "on purpose" (the results of the accident show that quite clearly too).

      So the fact that we cannot decrypt that ONE message which she is using a reason for pulling the speech her predecessor long prepared in the drawer for her is irrelevant. The maimed would have still been maimed. The dead would have still be dead regardless of us knowing the content.

      1. Steve the Cynic

        Re: Same script, different face

        "he would have chosen a different car"

        He would indeed. Of the type spelled "lorry". (Sounds facetious, but it's not.)

        1. Anonymous Coward
          Anonymous Coward

          Re: Same script, different face

          "He would indeed. Of the type spelled "lorry"."

          Simple solution for a government minister then - ban all cars and lorries. Even horses and carts can do real damage - so let's make it only pedal bicycles, rickshaws, and possibly put-puts are allowed to be used by the public.

          A useful by-product will be the saving of many of the 1,732 lives lost to Great Britain road accidents in 2015. Not to mention the 186,209 casualties of all severities.

  3. Len Goddard

    Excuses

    Anything serves as an excuse in this ridiculous debate. It is quite sickening.

  4. noddybollock
    Headmaster

    Not done any homework has she.

    1. Voland's right hand Silver badge

      She is just testiculating (talking bollocks while gesticulating wildly).

      I wish I could ignore her.

      Unfortunately, we live in a time when testiculating idiots like her set the rules under which normal people have to live.

  5. Carl Thomas

    Key Escrow

    Like the zombie that just keeps returning, key escrow is back on the radar.

    1. Anonymous Coward
      Anonymous Coward

      Re: Key Escrow

      They could probably persuade trump to throw in the Clipper chip with the trade deal they're cooking up. It'll be a good fit.

      1. gerdesj Silver badge
        Childcatcher

        Re: Key Escrow

        "They could probably persuade trump to throw in the Clipper chip with the trade deal they're cooking up. It'll be a good fit."

        So how do I load the driver for this Clipper chip thing into say OpenVPN? What happens if I don't?

        Times have moved on since Mr Clinton was running the show across the pond. Nowadays I look sideways at things like iDRAC and iLO. No need to fear the Clipper - those beasts are far more scary.

  6. fidodogbreath Silver badge

    “there should be no place for terrorists to hide”

    Which, unfortunately, also means there can be no place for passwords to hide during logins, no place for banking or health data to hide in transit, etc.

    Apparently the UK and US government position is that the sheeple have to accept the 100% chance of being cyber crime victims in trade for protection from the .0001% chance of being affected by a terrorist attack.

    1. Anonymous Coward
      Anonymous Coward

      Many wont accept it, get ready for a gov U Turn on this when they realise how impossible this will be, make good PR tho

      1. Anonymous Coward
        Anonymous Coward

        Many won't accept it - but not enough.

        This will be forced on us under the cover of protection from terrorists and paedophiles. Anyone resisting will be labelled a sympathiser. But the biggest problem is that most people won't care.

        1. Anonymous Coward
          Anonymous Coward

          Re: Many won't accept it - but not enough.

          Well many do care but also it would be next to impossible to enforce this type of law. The gov can try to force it on us but they dont even understand what they are doing in the first place so I see them backtracking soon.

        2. amanfromMars 1 Silver badge

          Many don't accept it - and enough is enough and no more nonsense will be tolerated ‽ .

          This will be forced on us under the cover of protection from terrorists and paedophiles. Anyone resisting will be labelled a sympathiser. But the biggest problem is that most people won't care..... Anonymous Coward

          Howdy, AC,

          Governments' bigger and rapidly expanding problem is that more than just a smarter few do care and would have both the inclination and the wherewithal to expose and deride the terrorist/paedophile justifications for such draconian self-preservationisms as all wannabe absolute emperor and glorious leader types profess and express to be vital for the greater general wellbeing, when it really revolves around everything staying very much the same in order to preserve the advantages and riches gained by that and those they take their orders from.

          It aint rocket science to see and understand the smoke and mirrors desperately employed by such oxymorons to maintain an elite exclusive executive class of austere day traders releasing debt into systems to confiscate assets and destroy prime novel futures with the creation of ignorant slaves to fiat paper production .... aka Quantitative Easing for all those Ponzis on Steroids.

          Please note there are no questions trailed there. Such things as are there mentioned, are as is. And they are as nectar of the gods to radical fundamentalists of every hue and cry, too.

      2. Loyal Commenter Silver badge

        get ready for a gov U Turn on this when they realise how impossible this will be

        *cough* brexit *cough*

      3. Toni the terrible

        "Many wont accept it, get ready for a gov U Turn on this when they realise how impossible this will be, make good PR tho"

        Ah, but it will take a while and a few banking scandals and even then they will never admit it was their fault

    2. Mark 85 Silver badge

      Apparently the UK and US government position is that the sheeple have to accept the 100% chance of being cyber crime victims in trade for protection from the .0001% chance of being affected by a terrorist attack.

      I think it's more like we're all suspected criminals and need to be watched. But then if the governments watch us will they have any time left to watch the criminals?

      1. LaeMing
        Go

        Watching the criminals is easy - just install a small shaving mirror on each minister's desk.

      2. mistersaxon

        Deadworld ahoy

        All crime isss committed by the living, therefore life itsself isss a crime. Prepare to be Judged!

        1. Loyal Commenter Silver badge

          Re: Deadworld ahoy

          All crime isss committed by the living, therefore life itsself isss a crime. Prepare to be Judged!

          Fooooolsss! You cannot kill what doesss not liiive!

          1. TRT Silver badge

            Re: Fooooolsss! You cannot kill what doesss not liiive!

            If it bleeds, we can kill it.

        2. Toni the terrible

          Re: Deadworld ahoy

          Now dont be daft there is Satan & all the devilish cohorts - not normally thought to be alive in our sense, then there are Zombies eating peoples Brains while the victim is alive (must be murder)

          1. LaeMing
            Headmaster

            Re: Deadworld ahoy

            A zombie can kill you, but it can't 'murder' you any more than a run-away trolley car can 'murder' you.

      3. Toni the terrible
        Trollface

        Sus Crims

        In a Police State there are only two types of citizen; criminals and criminals that havent yet been caught, so watching everyone is only reasonable.

    3. Mark 65

      Given she wants "no place for terrorists to hide", will she also be banning wardrobes?

      1. 's water music

        Given she wants "no place for terrorists to hide", will she also be banning wardrobes?

        Presumably the wardrobes could be dismantled and recycled as bed skirts. Double win.

      2. I am the liquor Bronze badge
        Big Brother

        "Given she wants "no place for terrorists to hide", will she also be banning wardrobes?"

        And curtains. You don't know what's going on behind drawn curtains. Could be terrorists. If you've nothing to hide, you've nothing to fear.

  7. cantankerous swineherd Silver badge

    so I write a letter in code, Rudd steams it open. sounds OK to me.

    incidentally, how the actual fuck do we know matey boy used WhatsApp before the attack? a copper went nudge nudge wink wink to a tame journo? they've got his phone and WhatsApp installed?

    1. Ogi

      > incidentally, how the actual fuck do we know matey boy used WhatsApp before the attack? a copper went nudge nudge wink wink to a tame journo? they've got his phone and WhatsApp installed?

      A far more interesting question, that few have asked so far. I asked myself the same question. From what I have gathered, the arrests in Birmingham happened directly because the attacker sent two whats-app messages to contacts at those addresses before he did his deed.

      This leads me to think that they probably had the "metadata" (i.e. they were doing real time scanning of the whatsapp network to see who is messaging who), but are unable to decipher the messages themselves.

      So now they want to decrypt the messages to find out if the people they arrested were in on the attack, or just unfortunate people who he texted last (maybe to say good bye or something).

      Unless they knew in advance an attack was going to happen, I can only assume they are constantly monitoring who is talking to who on whatsapp, and (for the moment at least) it seems they can't actually read the message contents. Facebook can provide them with access to the network, but the enctyption is still client side "end-to-end".

      Perhaps a future version of whatsapp will be crippled by fb, not unlike how MS crippled Skype after they purchased it.

      1. Anonymous Coward
        Anonymous Coward

        "Perhaps a future version of whatsapp will be crippled by fb, not unlike how MS crippled Skype after they purchased it."

        Wont people just move to Signal or Telegram?

        1. Mark 85 Silver badge

          Wont people just move to Signal or Telegram?

          No one would dare by government logic. If it's illegal to use these then by their standards, only crims will use them.

          1. Anonymous Coward
            Anonymous Coward

            I think its unlikely they will make them illegal.

      2. Nick Kew Bronze badge

        Upvote for the thinking, but I don't think constant monitoring is implied. The information more likely came from his phone network's and ISP's logs of his activity (which they'll have demanded and the companies won't have made any serious efforts to oppose), and anywhere that may have led.

        1. LDS Silver badge

          "he companies won't have made any serious efforts to oppose"

          In this case, why should they oppose?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020