Five Eyes nations plus Japan, India call for Big Tech to bake backdoors into everything The nations of the Five Eyes security alliance – Australia, Canada, New Zealand, the USA and the UK – plus Japan and India, have called on technology companies to design their products so they offer access to encrypted messages and content. A joint “International Statement” issued on Sunday frames the issue as a matter of …
So you don't like Kyle Rittenhouse ? Why, because he defended himself against at least 3 grown men who were also armed with items designed to hurt him or others? Go back and watch the video. Yes, he shouldn't have been there, but then again the police were there and NOT doing their job of stopping the rioters (and assaulters, etc.)
Some opinions and calls for prosecution in some instances which are secured against wilful and wanton persecution and thought reasonably safe against crazy misinterpretation may be clearly demented, and the result of a debilitating neurological disease, rather than simply flirting around in the company of evil. To imagine there being no backdoor access to all encrypted systems, both elite and common, politically correct and incorrect, in favour of a remotely decided subjective limited access to a select few which are threatening just a relatively small number of status quo stabilities, is always going to struggle to be thought wise and perfectly acceptable rather than exposed as being liable and immediately an object subjected to rampant abuse and self-serving criminal and ethical misuse. ...... for such is the obscene nature of the beast concocting the scene.
And such prosecutions and persecutions with demented solutions are not confined to encrypted services. Plain common free speech in the questions one asks, and in the answers in replies from others way beyond one's command and control, are also targets for pernicious attack in a mad manic and panic endemic world, and here be a current, present 0day sub-prime example of that particular abomination? ........ Lord Advocate Launches War on Twitter
All your thoughts belong to us ‽ ...... In your wet dreams maybe, but in any real world situation, no way, Jose. Capiche, Kemo Sabe?
Government through legislation can at best mandate open social media platforms to share their private keys for all users.
But terrorists do not hangout on WhatsApp, Facebook, WeChat to discuss their world domination plans. If they do, they have already proved their idiocy and they may not be as big a threat.
An avg IT dev (myself) may take less than a week to write a private app which can ensure end to end encryption and this is what any terrorist (who has any wits) will do. Sure the keys have to be shared across the two ends but there are n number of ways to do that out of band (without necessarily using Internet).
So the biggest purpose this legislation solves is to ensure that public dissent is caught early on. People make use of social media platform to connect to fellow citizens to whom they are not directly connected to voice opinions, raise dissents and governments will ensure that such dissent is caught early on and suppressed. Such legislation will become a tool for dictators.
Such legislation will make evil-minds think more about having a cyber-security cell within their outfits. In short, <read the title>.
Such legislation will make evil-minds think more about having a cyber-security cell within their outfits. In short, <read the title>. ..... rjed
Quite so, rjed, have an upvote for that informative post ...... however, nevertheless, such legislation will make greater powered minds think about having evil cyber-security cells within their outfits. In order to both attract and short circuit such dodgy virtual operations. It is only natural and therefore fully to be expected and accepted.
And the fact that so many may call such a situation, absolute nonsense, simply and clearly confirms the title premise and the notion that all are infinitely vulnerable to a greater power with greater powers ‽ .
The amanfromMars AI is being improved, now it makes sense and hands out upvotes. A few years from now The Register's parent company will hire it to write articles and lay off their writers. Judging by the articles I see elsewhere, some other sites may have already done so!
Good comment @rjed and, it should be pointed out that in full E2E only the public keys get shared.
If you wanted to make it really secure you would password or PIN protect the app in such a way that credential failure would wipe the message store and alert the rest of the crew that you have been compromised.
Just sayin, theoretically.
"""If you wanted to make it really secure you would password or PIN protect the app in such a way that credential failure would wipe the message store and alert the rest of the crew that you have been compromised."""
Thats another great idea - much like SSL cert revocation - before SSL was compromised.
@rjed
Quote: "....terrorists do not hangout on WhatsApp, Facebook...."
*
But even if they do, they can still use private ciphers. Even if they use the comments area in El Reg to pass messages, the spooks have the same problem. Namely, anyone using a private cipher BEFORE the message enters the channel gets real-time messaging. The spooks on the other hand may have to wait a while, maybe a long while, maybe never to find out what is being said. (See Beale Papers for an example of two message secure for over a century.)
*
So here's the procedure:
A) Encrypt message with private cipher
B) Avoid locations using CCTV
C) If using a burner phone, make sure that your "honest citizen" phone is switched off or located far away
D) Send the message using a hijacked WiFi access point (or an internet cafe, or a VPN, or a burner phone, or El Reg)
*
Result: Spooks using the legally mandated backdoor in an end-to-end encrypted public service get:
E) To examine the private cipher message.....
F) ....which came from an IP address which has either no personal identity, or the identity of the wrong person or business
*
051k0UC319e4083J17r90Nhb0U$80WZ40pps0UTd
1dsJ0ygw0zty0=T40PzU1VhF00$q0rEr0ALd0Ove
0y7W1m6n19ny0IIS0PCp0DLz18ab1g5q0pRY1L$W
0yo$0zsE08GH1cUw1Wvr11I50UIv1mfp0o0g0kho
0bCa18aW0ChM1mjC01oi1cSo0c=80UGR1LR$1j3o
0j=u1LBl1N7p1U5d1XUL16HF1Hrv0WwK0UgB0EYW
0W0u1KnM1hTL0E6l0wIe0DYm0StQ1Uvv1l4e1SbG
1WYO0$rb0Baw1mBH0inR0qIA0XS80Q1t1EL=005b
1dqs09Qp04J70lqC1RYt0A7u0mmv1Uan0z3d1c9E
0oG70TZH133g0L8l1kYt0kAz121305RG0oY015Om
1L2l0P3E112d1W$30yOr1f8l0ZEU0jPt1HGg0naI
0mWi0JN816X50kvp13lr1Kno11Uq0cKW031Z0nHQ
11$D0J6e0SON0=Rj1kmJ05Qu1Y$70tW30dk90SN6
1EoC1KNJ1PPH1ARc02gL
*
P.S. Like the Beale Papers example, this is a book cipher example. I know, I know....book ciphers are crap. But they might just be good enough to get the job done!
I know this is old hat but you don't really need to share a key, private or otherwise:
1) Alice encrypts her message and sends it to Bob.
2) Bob encrypts Alices's encrypted message and sends it back to Alice.
3) Alice decrypts the doubly-encrypted message and sends it back to Bob.
4) Bob decrypts the message to retrieve the plaintext.
Obviously you would need to involve Charlie and Diane (and possibly Edward and Felicity) to avoid the to obvious back-and-forth between Alice and Bob, but no keys have been exchanged.
Just sayin'
And who shall play the role of Madame Defarge, Tricoteuse extraordinaire? .... Anonymous Coward
Are DC [Washington and No 10 Chief Advisor Wizard] in the frame and in the running for that dubious honour, AC? :-) Who else do you think would contemplate and deserve such a booby prize and do it justice?
That's from US DOJ, aka Bill Barr's office. He's compromised already. It's no real surprise he's pushing to compromise allied security too. I assume you're smart enough not to do something so fucking stupid as to backdoor all your tech! Even if you have to sign on to that stupidity publicly?
I see Trump is withdrawing troops from Afghanistan, as predicted. Putin gets control of the TAPI pipeline. You'll see Trump drop US sanction against Russia soon too. Regardless of laws, both he and them will act as if the sanctions don't exist and Barr will stop enforcing them as if an executive order is law, same as they did with the Russian nuke treaty.
Look over at Africa's oil reserves, those will be the next targets. "Petro-Ruble" is the obvious end game here. Control enough of the worlds oil reserves that prices can be negotiated in Rubles rather than dollars. Putin's already got an army in Libya while you were distracted by his Orange puppet, and I expect if Trump wins, he'll withdraw US troops from African bases as Putin allies are ready to take over each base. Starting with Libya.
https://edition.cnn.com/2020/06/09/world/russia-libya-military-intervention-intl/index.html
Watch for early "Libya" mentions in Trump's rhetoric, signalling the game.
Yep, July 6th, I correct called that Trump would pull the troops from Afghanistan. It was the backdoors in the EARN Act that Barr and McConnell were pushing, I pointed out the obvious pattern they were following was the same one they (Putin and Trump) tried to run in Syria, but the attack on the US base failed.
Trump has just said he will withdraw all US troops from Afghanistan before December, taking the Pentagon by surprise. Yet it did not surprise me, because its so obvious what the pair of them are up to. Why do you think he suddenly needs to withdraw troops before December! Because he fears he might lose.
If you backdoor tech, then Trump will sell your backdoors to his Russian backers and Bill Barr here will help. Even if Trump loses, there will always be a next time, another Trump, another quid-pro-quo.
My comment from this article 3 months ago:
https://www.theregister.com/2020/07/06/revised_earn_it_act/
My comment:
"Leaked to the bad guys?
"They ARE the bad guys.
"This is a Republican thing, like the "Barr can snoop on any Americans internet without a warrant amendment", its pushed in the Senate by Mitch McConnell. These backdoors won't be leaked to the bad guys, THEY are the bad guys!
"They're the ones committing the big crimes. Example: look at Putin's bounty on US troops, It's the same thing as Syria, send US troops back in body bags, Trump does a photo op with the body bags, pretends to have empathy, withdraws the troops from Afghanistan, and Putin takes over those bases. The body bags are supposed to be Trump's excuse. *Big* crimes.
https://www.independent.co.uk/news/world/battle-syria-us-russian-mercenaries-commandos-islamic-state-a8370781.html
"Do you think they would do that if there was any chance they would be out of power next year? Do you think they'd tolerate all these back doors and US surveillance laws wielded by a Democrat? Obviously no!"
Warrants to obtain details of everyone who uses particular Google search terms already exist in the wild. From here it does not take a huge quantum leap in legal thinking to include WhatsApp and such in this tender embrace, extend applicability to "issues of public safety" such as, say, conspiracy to co-ordinate an anti-lockdown protest or to spend a night together with a member of a different household (coming up with other illustrative examples is left as an exercise to the reader), and thus extinguish free and unfettered exchange of thoughts and ideas and information and feelings by ordinary people who won't rely on "end-to-end encryption" (that will still be marketed, no doubt, the details buried on page 3672 of T&C) anymore. Before long, any meaningful communication will be limited to parties trusted not to share it with others, while huddled together in a kitchen with running water, not unlike the USSR/GDR/DPRK/PRC/Other...
A giant leap for mankind towards a much more governable population...
Warrants to obtain details of everyone who uses particular Google search terms already exist in the wild
Ok, what are those terms, and just how hard would it be to publish that list so that nobody uses them, except for people (possibly like me) who do it in a bash script in the backgtround to make those requests several hundred times per day, in protest, via the Tor network... thus filling their database with SO much crap it becomes WORTHLESS.
It's a fair bet that for an individual, the amount of bandwidth this would generate would be small. If a few THOUSAND people do this, it might become large enough to make such "search term" investigations IMPOSSIBLE. It really would not take very much to frustrate them into silence.
It also makes you wonder how the specific search terms were figured out... any MASS SURVEYLANCE involved in that process?
@bob: what are those terms
Here is a recent example: https://www.cnet.com/news/google-is-giving-data-to-police-based-on-search-keywords-court-docs-show/. Never mind that this particular case was related to a specific investigation - the point is that warrants on search terms are perfectly fine now.
Note that the warrant itself is still sealed. So, good luck with figuring out what keywords may be targeted in my (hopefully still hypothetical) scenario. And suppose you have figured the keywords out, so that
nobody uses them, except for people (possibly like me) who do it in a bash script in the backgtround
Mission accomplished then, eh?
Problem is that trust is gone, and not only in digital world, but everywhere. Sadly, I no longer trust any public institutions or businesses that they act in MY best interest. I absolutely trust they act in THEIR best interest, and if something goes wrong, it's ME who's the casualty / collateral damage. The only thing that keeps me in the "system" is that I have no choice (other than going off grid or ending my life).
So, do I trust the businesses that their encryption is designed so that it really protects me from 3rd parties' access, and they don't abuse their power to gain access themselves, or sell it to someone, or screw is so that someone gains this access? Or do I trust "trusted 3rd parties", which is, basically, government agencies that they really use their "privileged" access only for legal and genuine purposes, when those very agencies define and shift those legal and genuine purposes - as fits their current goals?
Not even THEIR best interest - just what they conceive as being most convenient at that moment. History is full of "powers that be" ignoring warnings because acting on them would require thinking (Space Shuttle booster rings being sensitive to cold being a prime example).
As for trusting governments - well if you do then I have a nice bridge to sell you - it is called Brooklyn !!!
Icon for what should happen to the promoters of these anti-encryption ideas. ======>
Think of the slimes such as US AttyGen Barr, or WH Operatives such as Steve Miller, and in the past Bannon, and of course the stable genius Orange Monkey currently known as "US President"... Would you trust them or their delegates and appointees? I'd rather perform a self-root-canal...
This is an idea that deserves to be ground to dust, then sent on a rocket to a sun in another galaxy. Yikes!
And you think that Eric Holder & Janet Reno were any better?
The US DOJ has been pushing this garbage in every administration since the original Clipper initiative under Clinton.
Make this a partisan issue, and you are guaranteed to lose at some point. Security is way too big of an issue for that.
Do they know something about prime number mathematics that the rest of the world doesn't?
Depends on whom you ask. If you as the Stable Orange'utan, I'm sure he will tell you he does.
But then, everything he says is a lie, so bring a salt shaker to the conversation.
@cantankerous swineherd
Most Mps have switched to Signal.I can't find the article, but it was published on the Beeb website.
As have Euro Mps. I did find this article.
https://www.politico.eu/article/eu-commission-to-staff-switch-to-signal-messaging-app/
When I switched to Signal, the hardest part of doing so was getting all my friends to do the same. I had to resort to telling them I had deleted Whatsapp. Somewhat surprisingly, it mostly worked
Cheers… Ishy
"access to content in a readable and usable format... subject to strong safeguards and oversight"
Which it won't be. Every Tom, Dick and Sally at your local council will be able to read all your messages whenever they feel like it because they don't like your face. Like other similar UK gov legislation.
"Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;"
Does this mean anything at all, other than "Wave a magic wand"?
Like everything, this is prob not an easy discussion.
Before internet, a large part of crime stopping was based on phone tapping, intercepting SMS messages, intercepting all kinds of communications before tech existed.
So it is understandable law enforcement wants / needs 'a way in' to be (more) succesful in their job.
Of those five+ nations the democratic elected governments already have the right to access homes, tap phones, etc for 50+ years.
All telco providers by law are required to provide ability to tap phones when a legal warrant is presented.
So I would say, the governments are prob fully in their legal rights to compel companies to provide access to comms of their users.
Problem is of course that this is no longer a local telco providing access to its local government.
The issue now is that any gov, whether you and I consider it good or evil, is making a claim to a company not under its laws to force it to do something that might result in something not legal where that company is based (e.g. arresting annoying journalist).
Hence the Apples of this world are blocking US gov, because if they allow access to one, they have to allow access to all.
Before internet, a large part of crime stopping was based on phone tapping, intercepting SMS messages, intercepting all kinds of communications before tech existed.
Yeah, and there were always ways around those measures.
So it is understandable law enforcement wants / needs 'a way in' to be (more) succesful in their job.
No, it's not. Law enforcement has had more effective ways of stopping bad guys for like a century now. Any bad guy who is an actual threat can just encrypt everything with an uncompromised cypher, making this idea entirely useless for its stated purpose.
You're falling into their trap, where they make you think what they say they want is somehow reasonable, useful, or indeed possible. The truth is that it's all just bullshit. It's not about stopping crime or saving the children, that's just the lie you've swallowed. They want mass surveillance, and widespread encryption makes that hard.
I could explain it to you in great detail, but I don't have the patience. Instead, you should do 5 minutes research on the topic.
Except, the Governments haven't had the access they are asking for for that long. Phone Lines used to be analogue, to tap a line you needed to tap that line, and get someone to listen to the call in real time, or record it and play it back. Text was by post, and you needed to intercept the individual letters, and read them. The process of "intelligence" gathering was personnel intensive, and expensive. This led to it's use being targeted by necessity. As more and more communication became digital it became easier to gather vast amounts of communications data without really having to commit personnel to reviewing it. This made the "intelligence" gathering cheap and easy. The "intelligence" processing however was still expensive and personnel intensive, but as long as they have the "intelligence" they can do that processing at their leisure. This has only really been the case with the internet, and only then with the increase in the popularity and utility of the internet. It is a myth that these agencies are only asking to maintain capabilities that they have always had, they haven't. It is also a myth that they would only use these capabilities in responsible ways, unfortunately for them that myth was blown wide open by Snowden, and other whistle blowers. These agencies are adicted to gathering ALL the information they can, but are unable to point to any substantive reasons why them having voyeuristic access to the entire world's communications is of any value to them. Let them do the hard work of actually doing targeted intelligence gathering again. That actually works.
Governments don't have a right to what you have shared, lxndr, however they may very well have a fervent all-consuming desire. The one is completely different from the other.
It is no more complicated than that, no matter how much is said and spun to try and deny it is so. And such is invariably self-serving and primarily designed to try and hide from general view and common knowledge, unsavoury government tolerated or sanctioned shenanigans which they would persecute and prosecute as being abhorrent and criminal whenever copied and performed by others no matter where.
The knowledge of the veracity of those simple facts is the deadly phantom enemy that they do vain battle against, jousting as they continually do against the windmills in their mind and the honest soul who would ask them about the validity of such facts as they would desire to be a fantastic fiction they could easily deny and disprove ....... without drawing any further inquisitive attention to any of their attempts at covering up their discovered actions and guilty proactivity.
However, once the horse is bolted, locking the stable door is no answer. One just needs to accept and prepare for the loss and take the hit and stop digging down deeper into one's own burial pit. Hopefully it leaves one wiser but ..... as Einstein is reputed to have said ....... “Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.” ...... and he knew quite a lot about some really weird things, didn't he, and is even to this very day universally feted for them, by all accounts.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2020
