British intelligence recycles old argument for thwarting strong encryption: Think of the children! Two notorious characters from the British security services have published a paper that once again suggests breaking strong end-to-end encryption would be a good thing for society. Nearly four years ago Ian Levy, technical director of the UK National Cyber Security Centre, along with technical director for cryptanalysis at …
Having no Encryption won't solve child porn, nor will it help against organised crime or terrorism.
If one avenue becomes closed, others will be used.
I mean, stealing national secrets with a usb drive smuggled out in a short (coffee cup, lip balm, pack of smokes) who would ever imagine that that could happen to secure government, tempested and air gapped devices ?!?!
Having regular snooping, or scanning of user data by a private company in the interest of 'national security' ???
Come on, do they think we're all stoopid, and if they don't encrypt our data, how will it meet data protection compliance?
Oh yes, we've got it covered, we'll use a physical key on the cupboard. :(
I mean, stealing national secrets with a usb drive smuggled out in a short (coffee cup, lip balm, pack of smokes) who would ever imagine that that could happen to secure government, tempested and air gapped devices ?!?!
Any competent organisation would have blocked USB discs by now...
There are lots of people (and groups) who can implement private encryption before their messaging enters either a client or directly into a service provider channel.
Then.....the service provider is to be made responsible for scanning the messaging for "illegal content". How would that work? Service providers get to set up an internal cryptography group? And since well designed AES (or samba, or chacha) ciphers are thought to be secure......to what end?
Maybe the long-term STASI goals are actually:
(1) Make private encryption (and the possession of encryption tools) completely illegal
(2) Make service providers responsible for blocking any message that looks like encryption
(3) Make service providers responsible for reporting anything that looks like encryption to "the authorities"
But then "We do not seek to suggest that anonymity on commodity services is inherently bad....." Really?
And all this before we start thinking about the mapping of end-points to specific real people:
(4) The smartphone is a burner (no account registered, pay-as-you-go minutes bought for cash)
(5) The email account is fictitious (say gmail authenticated with a burner phone)
(6) The email account has an assigned "app password" so that software can do the heavy lifting (i.e. no GUI interface is ever seen by anyone)
(7) The laptop and the email client is only ever used from a public wifi connection, never from a place of domicile
Yup......the privacy argument says this is a piece of political posturing.....
.....because anyone who wants to avoid ALL the downsides associated with the STASI scanning content can do so.....see above!
.....and there's always steganography!!!
Quote: "These safety systems will be implemented by the service owner in their app, SDK or browser-based access,"
OK, so how long would it take for the scumbags to start using some other "service" then?
As usual with these things, it's only designed to catch the honest crooks.
since non-governmental organizations could be used to moderate the scanning of personal information and
Her Majesty's Government has no intention of picking up the tab for this project, nor overseeing its operation
Company x is now going to monitor all encrypted communications, since the government will not oversee the operation it will be an entirely private company affair - think of all the additional data a company such as Google* could get for marketing opportunities as a result, which would of course be acceptable as their revenue stream for doing all this work.
They definitely would NOT abuse it in any way of course.
* Other companies are available to abuse your personal data
They are simply lying. They want to get rid of encryption, so that they can obtain data points to calculate a factor in your social credit score.
Did you send a photo with a BBQ you've been doing in your garden? Oh you supposed to reduce meat in your diet! We know that from your connected health data. That's minus 20 points for you and your coming salary will be programmed to no longer work on meat products. If you buy sugary products your salary will be set to expire in month's time.
UK central bank digital currency
Economic Design: The Behavioural Effects of Programmable Money
If you Google a central bank name and CBDC you will see that every country penetrated by WEF is working on this.
Overton window is moving steadily.
No paper of this nature should be given credence unless its authors are prepared to expose themselves in the way they'd expose others: they should include all their online credentials for banking, shopping, email and everything else.
If they do include such details then the paper shouldn't be given credence as the authors are either outright liars or stupid.
I always have the same response when this nonsense comes up. "If you think I've been trafficking in this material, send a goon squad to sieze my hardware. Once you've got it, you should be able to decipher anything on it. That's fair enough, it's no different from what governments have been doing for centuries.
"If, on the other hand, you don't have any evidence to back up a warrant for that, then GTFO. Your suggestion is to drastically reduce the barriers and costs of snooping on me, and I see absolutely no reason why any person of goodwill should support it."
@JustSomeBloke
False dichotomy: choose between:
(1) Encryption
(2) Criminals
People (all people, including criminals) are responsible for their actions.
Obviously criminals will attempt to hide their actions, so that they avoid responsibility.
The criminals might do this in any number of ways.....
......why pick on "encryption"?
Just one more reason (do we need more?) why this debate is just empty posturing!
This post has been deleted by its author
To become a technical director at GCHQ you have to be smart, really smart - possibly one of the smartest people in the country. And here we have two of them putting their name on a paper that is nothing more than a rehashing of lazy ideas going back decades.
Why on earth are they flying this particular kite? They must know it is stupid and unworkable, but they publish anyway.
The only answer must be that ministers (who are certifiably dumb) are planning yet another attempt at breaking modern society.
WTF is going on here?
GCHQ is supposed to be doing defence of the realm stuff - spying on the enemies who want to kill or destroy us with WMDs and suchlike. What on earth has that got to do with child abuse or mass surveillance of everybody's phone?
Last time I looked, it was the police and not spies who were in charge of catching and prosecuting paedophiles.
Start with UK government ministers* and run it for a few years, see if it reduces pornography and sexual assault before putting it to a vote on rolling out to the general public.
*including ministers of state, parliamentary undersecretaries of state, whips, leaders of the houses etc.
"including ... whips"
Steady on there, old chap! How's a fellow who likes pinching another fellow's callipygien* derriere going to get a job in government if you let that sort of thing out?
See https://www.newsandstar.co.uk/news/national/20252450.pm-didnt-know-specific-claims-chris-pincher-giving-whips-job/
*(Callipygian comes from the combination of the two ancient Greek words for "beauty" and "buttocks")
It is clear that there can be no compromise. Data is either encrypted or it is not. No matter in what way the encryption algorithm is borked, criminal hackers will eventually find the bork. Borked encryption is exactly equivalent to no encryption at all. Actually, it is worse, a false sense of security. It is also clear that most online services are not viable without encryption. Basically, we either have unborked encryption or we pull the plug and stop using the internet. So like a perpetual motion proposal, their paper is entirely based on the false assumption that borked encryption is even possible. I wonder if that lot has written a paper about curing a headache by cutting off the head.
Makes us sound more like China every day. But the government have proven they can brainwash people repeatedly to do their bidding over recent years so if it came around again I’m sure they can get their media mates to make a storm out of it. Won’t be much tech left in the country though as most of us will need to emigrate to a free country.
What we need is for a company to produce an App that does exactly what they're asking. It encrypts to an extent, but has a back door that the company actively use to monitor the communications of its users.
Users know up front they are being monitored, and exactly what content is being looked for and flagged to the authorities. If you've nothing to hide you've nothing to fear using that App, and by using that App your friends and colleagues get some reassurance you're not breaking the law (at least not through that App).
I think it might attract half a dozen users before it dies a death...
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
They all signed up to it, its up to them to abide by it
Or the innocent that find themselves accused because the AI thinks it has found something 'naughty', for which they have no explanation... or a 'feeble attempt' at explanation that fails because 'only a guilty person would do that'... or an explanation that sounds plausible but is 'statistically highly unlikely'
Even if every communication was legally required to be in the clear or encrypted only with something the police could crack, and the police had the means of looking at it all to make sure you weren't trading in child porn (or illegally using encryption they couldn't crack) it wouldn't eliminate child porn.
Worse comes to worse they'd just go back to how they used to trade it, via mail. Are they going to require all mail be sent in transparent envelopes to remove that possibility?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
