New UK Home Sec invokes infosec nerd rage by calling for an end to end-to-end encryption Priti Patel has declared war on encryption safeguards, demanding they be torn up for the convenience of police workers. Patel, the social conservative appointed Home Secretary by British Prime Minister Boris Johnson last week, used this morning's Daily Telegraph to call for end-to-end encryption to be broken with backdoors …
Careful. In the UK not handing over the key to anything the government thinks is encrypted gets you 5 years.
We did ask what happens to all Tb of background thermal noise in our data - which is indistinguishable from encrypted data - we were told not to worry because the law was only for use against criminals and terrorists.
As I keep saying to death sentence supporters, are YOU prepared to be the mistake.
Look at that paedo who got the Police investigating lots of other people including gay MPs, mititary people, death cults and the like.
He was the criminal but his victims were treated like them.
"Another useful ploy is the false accusation. First, create a situation where you are wrongly accused. Then, at a convenient moment, arrange for the false accusation to be shown to be false beyond all doubt. Those who have made accusations against both the company and its management become discredited. Further accusations will then be treated with great suspicion."
“The New Machiavelli: The Art of Politics in Business” by Lord McAlpine
On the subject of background thermal noise, we picked up a threat vector in the wild from a piece of malware crafted to bypass air-gapped networks. The malware deliberately altered the fan speed of a given piece of equipment akin to a flashlight being used for morse code. All you then need is a microphone (or laser interferometer) to pick up the changes in air pressure to recieve the message.
The bit rate of this approach is of course atrocious, but that might not matter for the right kind of information. And virtually every electronic gadget in circulation larger than a phone has a fan in it now...
Well, it is a race to the bottom between the Brits and the US. The hackers are the winners no matter who hits the bottom first. I fear that if this crap succeeds, the days of the Internet are over as basically every company, every bank, every person online will be at risk.
The latest US version of this demand exempts BIG COMPANIES - they are allowed to have encryption. Presumably this includes people communicating with big companies.
This elevates the corporation once more step further above the mere person. Not only are they people for purposes of free speech and donation of unlimited amounts to political campaigns (making bribes legal), they now can conduct their business - off-shoring money to tax shelters - without fear of police snooping (making tax cheating impossible to detect).
The dupes in the Five Eyes countries outside the US will all bobble head this. Australia has already made encryption illegal.
I hereby define the Murdoch law of Mass Media - the more Murdoch media there is in a country, the lower the intelligence of the elected politicians.
"Australia has already made encryption illegal."
Don't think so - they have legislation which would allow security operatives to require service providers to push 'encryption breaking code' into a targets communication devices - but last time I checked encryption services were still operational in AUS. They wanted to force WhatsApp etc. into Aus wide encryption breaking but I think they got a encrypted finger.
Are we already forgetting Australia’s contribution to this idiocy?
Former PM Malcolm Turnball: “The laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia."
Given her precious form, I fully expect Priti Patel to go one step further and try to revoke the laws of mathematics.
Let's say they could leave a backdoor for the police while making it just as resistant to hackers as full encryption is today (which is not 100%, there are constantly holes being found in the way encryption is applied i.e. MiTM attacks and so forth so encryption isn't proof against hackers anyway)
What I'd be worried about is abuse like hoovering up all communications, decrypting it, and doing word searches looking for things that fit their filters. Or some stalker cop forging the court approval (because you know it'll allow for stupid stuff like judges that don't believe in technology faxing an order with their all-too-easily-forged signature)
Or worse it'll be directly accessible to anyone anywhere who can claim to be law enforcement, like a part time sheriff in a tiny town, so hackers will simply phish him and then use his access to look up the encrypted comms of their target for e.g. corporate espionage. The hackers won't need to break the encryption through the backdoor like you are worried about, they'll just need to steal the credentials to the system from anyone who has access and walk right in through the front door.
No one should expect them to hand out a 2FA physical key to everyone, and audit all accesses, with no exceptions. That's how we would set it up, but they will want to make it "convenient" for its users.
So Mr Upstanding Police Chief has their back door.
Mr Evil Hacker puts on their black hat and steals it from Mr Upstanding. It takes them a few days to get it, perhaps by applying a brown envelope or rubber hose to Mr Upstanding or their staff.
Next, Mr Evil sells it to the highest few bidders. Who sell it on to the next-highest.
Within a few weeks, every script kiddy in the world has a copy of said back door, several criminal organisations have a new income stream and the body of Mr Upstanding's private secretary still hasn't been found.
Don't worry the politicians will invent magic unicorn encryption. It will be perfectly protect from all but the pure of heart. The wicked and sinful can't access your data
Unfortunately they will reject that coz clearly none of those corrupted sick fuckers would get near your stuff
A Foreign Secretary who confuses the Red Sea and the Irish Sea
https://www.indy100.com/article/dominic-raab-brexit-irish-sea-red-foreign-secretary-boris-johnson-9024901
https://www.irishpost.com/news/dominic-raab-irish-sea-169391
He is a moron, he think he just stares at things shouting Brexit and Raaaaaaaaaaaaaaaaaaaaaaaaaaab!
Bloody hell TWO Raab fans so far!
The Secretary of State for Scotland is Alister Jack, a born and bred Scot who's never left.
Robin Walker, who you're obviously thinking of, is Parliamentary Under Secretary of State in both the Scotland Office and the Northern Ireland Office. He's MP for Worcester, as was his father who was MP while I was growing up there. I remember him coming to my school.
I'm not in the "Pritti Patel is stupid" club, I'm firmly in the "Pritti Patel is an authoritarian nightmare" club. That capital punishment discussion on Question Time if you haven't seen it.
One odd thing about all the catastrophising over dimwits like Patels pronouncements, is the lack of any apparent initiative to actually provide end-to-end encryption. On the basis that I don't actually believe anyone currently does. I start with a distrust of iOS and Android and any app built thereon.
And as for the notion that Facebook is somehow the most secure platform around ? Are you having a giraffe ?
True end-to-end encryption is physically impossible without brains that can directly grok encrypted data. Anything else opens up the possibility of an Outside the Envelope Attack, where the data is obtained at the point where it MUST be decrypted so as to be typed by the Hand v1.0 or read by the Eyeball Mk I. Sadly, we're not at Ghost in the Shell levels of capability yet.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
