Not banning encryption doesn't mean the government won't try to ban usable encryption.
If Cameron and the monsters in the Home Office had their way we'd be lucky to be left with ROT13.
The government has "no intention" of introducing legislation to weaken encryption, minister for internet safety and security Baroness Shields told the House of Lords in the wake of the TalkTalk cyber attack debacle. The debate was brought by Liberal Democrat Lord Strasburger, who claimed Cameron "does not seem to get" the need …
This post has been deleted by its author
"Phew, so the buggers can't make me disclose Pa$$W0rd1 as my key"
Actually they can, and have been able to since 2000...
Regulation of Investigatory Powers Act 2000 part III (RIPA 3) gives the UK power to authorities to compel the disclosure of encryption keys or decryption of encrypted data by way of a Section 49 Notice. A suspect instructed to disclose keys can be prevented from telling anyone else about it, outside of their legal representative. Refusal to comply can result in a maximum sentence of two years imprisonment, or five years in cases involving national security[1] or child indecency[2].
[1] Amended by Terrorism Act 2006 enacted 2006-03-30
[2] Amended by Policing and Crime Act 2009 enacted 2010-01-25
and there hangs the problem and the government,s excuse to use its overarching powers.
Who determines who or who is not a suspect? Answer the government and its "security" agencies including the Home Office, GCHQ, MI5, MI6, The FCO, and strangely enough the creeps from the CIA who are answerable to nobody.
If in the future anyone takes issue with the government, the basis of all modern democracies, the government will use one of the oldest pieces of legislation still on the statute book, "The Defence of the Realm Act" This in many parts is similar to the US Patriot Acts 1 & 2. i.e.The power to declare ANY public meeting or demonstration illegal and arrest without warrant any individual or group of individuals that the government considers a threat or a perceived threat.
Those arrested will be held without access to legal representation and brought before a court held in camera. The presiding judge will be appointed by the Home Secretary and will pass judgement on the evidence of arrest plus any "evidence" gleaned by the security services. A disreputable and morally weak government could and probably would use this absolute power to silence any opposition, discussion or condemnation of its policies.
An example of totally non democratic control and over arching secrecy, is the Bank of England, and its secretive and shadowy "nominees" It is an offence under the Official Secrets Act to disclose, name or publish the list of "nominees" Why? because then the public would know, who really controls the government and the BOE.
Once government is no longer trusted by the electorate, it is time to remove the government. Freedom of speech is slowly being eroded, what next, freedom of thought? The diminishing freedoms that we still enjoy were never given freely by the government or its establishment friends, every single freedom had to be fought for.
"It's not like the current government have done anything they said they wouldn't or not done things they said they would."
Sure glad this sort of thing doesn't happen on the left side of the pond. We have solid, honest, politicians who always hold true to their campaign promises.
Excuse me a moment...what's that Nurse? Time to take my meds? OK...be right there.
So as I was saying, too bad that the pols in Blighty aren't as upstanding as they are in the good old US of A.
"... Innocent Brazilian Plumbers ..."
Not quite. Jean Charles de Menezes was an innocent Brazilian Electrician.
His death might have been a terrible mistake by the officers concerned, but the cover-up and misinformation afterwards was absolutely inexcusable.
now where did that one-time pad go?
Trotting out the security excuse is getting tiresome. You fundamentally cannot be free without an element of risk being present, just as a democracy cannot function if there is no guarantee of privacy at some level (the election booth at minimum).
"[...] just as a democracy cannot function if there is no guarantee of privacy at some level (the election booth at minimum)."
IIRC the UK cast ballot forms are stored in archives for many years. Each one is numbered and the number was cross-referenced to the voter on the electoral roll.
"they are not cross referenced as there are no correlation between the paper and the voter."
This 2011 report is from someone who watched the official disposal of old ballot papers. Several other letters in response appear to validate that correlation. They say that the cross referencing is perfectly possible - and occasionally used in cases of suspected ballot fraud. However the period of archive seems to be shorter than I thought - at only a year and a day. It still presumably provides a window of opportunity that has concerned people from all shades of the political spectrum.
http://www.theguardian.com/notesandqueries/query/0,,-1051,00.html
I have worked in a polling station and yes, they are linked. However, it needs a court order (which can only be given if there is reasonable suspicion of fraud) to get the linking paper unsealed and everybody involved is personally responsible if anything naughty comes to light. After that, you are not searching a database, you are trawling through a mound of paper. Obviously there is the "What if Hitler gets in?" issue but, on t'other hand, it does mean there is evidence to lock people up for fraud.
Right actually. Each ballot paper is numbered, the number being entered against your name on the attendance register maintained by the polling station staff. To test their reaction a couple of elections ago, I reached for the ballot paper pile and gently extracted one from the middle of the pile. Oh! the outrage. What was worse than their refusal to allow this simple test to proceed was their total inability to see what I meant when I explained that there is NO annonymous vote in this country since the sixties when the state secret services(or panty-sniffers as they have come to be called) decided that they needed to know who votes communist. No annonymous vote here.
My great-grandfather used to tell the local Tory candidate that he would like to vote for him, but was unfortunately too frail to go the the polling station.
The Tory candidate would then arrange transport for him, enabling him to get to the polling station - where he would invariably vote for the Liberal candidate,
A friend tells the story of her parents in the garden of their rather grand house on polling day. The Tory "chaser" wanted to know why they hadn't voted - and offered them a lift to the polling station. After much cajoling they accepted the offer. As my friend said - it was a wasted effort as her parents always voted in way that cancelled each other's vote.
@Michael H f Wilkinson
just as a democracy cannot function if there is no guarantee of privacy at some level (the election booth at minimum).
I was agreeing with you up until somewhere around this point.
Provided you believe what we currently have IS democracy, and provided you believe it IS working.... well... I'm not sure how you square that with your statement.
At the last election there was so much "empty can" rattling from Labour supporters in the months before voting, that they actually swayed the polls significantly. Clearly none of these people thought that voting was a private matter.
There's a great deal of things I'd like to see society regard as private that it doesn't, and it seems Generation X will be the last generation to regard privacy as a good thing - the millenials / Y all seem to want anyone to know anything about them, if only someone would notice they exist. 15 seconds of fame at any price. It's a mystery to me.
"There's a great deal of things I'd like to see society regard as private that it doesn't, and it seems Generation X will be the last generation to regard privacy as a good thing - the millenials / Y all seem to want anyone to know anything about them, if only someone would notice they exist. 15 seconds of fame at any price. It's a mystery to me."
I object!
As a Generation Y (Born 1991) - I object that we "all" seem to want anyone to know anything about us..
I am a very privacy concious person, I do not use any social media services, such as Facebook, Twitter etc. I am also an active supporter of EFF, Access, etc.
I protest against all spying laws and strongly hate the very idea of national spying including all the CCTV in my country (UK).
So nope, not all of us want everyone to know who we are. I know several generation X people who are users of Facebook and don't give a darn about their privacy.. but this doesn't mean all G-X people want to use Facebook, just like not all G-Y people want to use Facebook.
That is all.
@AC
I object that we "all" seem to want anyone to know anything about us.
Noted, and for any offence you have my apology. However, were you from my generation or perhaps the ones before, you would understand the point I'm making. As we're speaking about generations, it is impossible to consider all the edge cases.
I am a very privacy concious person, I do not use any social media services, such as Facebook, Twitter etc. I am also an active supporter of EFF, Access, etc.
I hope you'd understand that this makes you an edge case of your generation?
I know several generation X people who are users of Facebook and don't give a darn about their privacy.. but this doesn't mean all G-X people want to use Facebook, just like not all G-Y people want to use Facebook.
Yes, there were vacuous, self obsessive, low talent dumbasses of my generation who also sought, and indeed seek, fame at any price. However, when I was young the celebrity news was confined to the showbiz page of the paper, and one or two specialist magazines. The antics of retired footballers children were not considered newsworthy. Famous for being famous wasn't really a thing.
Fame seeking afflicts your generation in a way that has never previously been considered normal. Publicising everywhere you go, whatever passes for a profound thought in your world view, and auditioning to be one of a bunch of people in a house being watched by other people in theirs.... well, generationally speaking, yours is the only one that regards that behaviour as in anyway normal, typical, or usual. And sadly, it will only get worse.
If you truly believe what you say, then in addition to my earlier apology for offence, you have my sincere best wishes, because not only are you fighting a losing battle, but when Gen X dies out, you'll probably be fighting it alone!
Confuse the hell out of them - send noise!
Working in radio astronomy we correlate noise signals from across the world to make images of the sky; noise from each place's receiver does not correlate, but noise from the radio source does. Large chunks of noise is readily available if you de-tune a satellite dish.
Encrypted files?
No, they are just large files filled with random data that I used when testing out various programs from my copy of Numerical Recipes in C.
You suspect otherwise? Okay, prove it!
The problem with "banning" encryption is that it doesn't stop criminals/terrorists, and it's those people that we don't want having encryption, isn't it? And when something is encrypted with any half-decent encryption, it is forensically indistinguishable from anything stored with any other half-decent encryption. So you can't ban certain algorithms, you can't ban certain keylengths (the whole PGP thing proved how pointless this is), and you can't ban the actual software that does this sort of thing in general anyway (published in books, long-held mathematical theory, open-source code, etc.),
Much better to stop wasting time trying to ban it, and find better ways to monitor suspects and correlate them. Let's be honest, anyone worth their salt and therefore worthy of serious interest is going to be pretty much religious about not using unencrypted or weakly-encrypted channels anyway, no matter the technology involved. Banning encryption just catches the idiots, not stops what it claimed to be the source of the problem - being left in court with files you can't open which you think might hold evidence against clever criminals. who will quite happily go to jail for a year rather than open up those incriminating files for you.
At least they're not suggesting backdoors in encryption either, I suppose.
Most of us, and me most quickly, will divulge the necessary information if the "law" really wants it.
I also think that whatever the GCHQ or NSA or whatever can do to break existing encryption, there are plenty of smart people who can do add-on/tiered techniques that might fry the cores of their colossi.
The systems I work with in a major government org, restrict certain stupid passwords
i.e you can't use password/Password/idname/secID
But by default you can use 'wordpass'
AND guess what everyone I tell makes me set as their password..... Hmmmmm
The security encryption with stored images, is just as stupid
I can use any word or words in the above to encrypt min 3 max 16 chars
Anon just in case you know me!
This post has been deleted by its author
Seriously asking.
So far all I can find is stuff along the lines of "there should not be a message that we cannot, in extremis, read" - I can't see any specific reference to encryption or any technological solution. People have been having hysterics about "banning Whatsapp/war on crypto", but Cameron's comments could just as easily apply to Part III of RIPA (mandatory key disclosure), or the targeted installation of encryption-circumventing malware (which, thanks to Snowden, we know already happens). If anyone has any quotes that specifically mention encryption I'd be interested to see them.
Mandatory key disclosure doesn't guarantee that a message can be read by the authorities. The penalty for non-disclosure might be significantly less onerous than that for any crime revealed to have been committed if the key is disclosed. Guess what people will do under such circumstances.
Encryption circumventing malware? Maybe.
This post has been deleted by its author
"Mandatory key disclosure..."
...I guess you know you have a really bad day when you find yourself having to pay that one bitcoin just to be able to prove that it really was cryptowall who ate your disk and you're not just playing the idiot card insisting you really can't decrypt it when prompted to...
"The penalty for non-disclosure might be significantly less onerous than that for any crime revealed to have been committed if the key is disclosed. "
Not that now the penalties for displeasing her majesty's intelligence services include being extraordinarily renditioned to some -istan to be tortured and then chained to a floor to freeze to death.
"The penalty for non-disclosure might be significantly less onerous than that for any crime revealed to have been committed if the key is disclosed. Guess what people will do under such circumstances."
If "they" really believe that you have something they want decrypting and that you have the key, yes, the worst they can do is bang you up for a year. But there's nothing stopping them from asking you again as you walk out the prison gates, at which point you refuse and commit another crime and get banged up for another year. Ad infinitum.
She said: "The Prime Minister did not advocate banning encryption; he expressed concern that many companies are building end-to-end encrypted applications and services and not retaining the keys.
She added that companies that provide end-to-end encrypted applications, such as Whatsapp, which is apparently used by the terror group calling itself Islamic State, must be subject to decryption and that information handed over to law enforcement "in extremis".
Excuse me Mr and Ms complete and utter fucking stupid fucking dimbulbs.
As a member of '$OurDeity Against $YourDeity and Your Spawn, The Only True Path' me and my colleagues regularly use our Linux things to generate TLS and PGP key pairs so we can exchange tasty recipes securely over the Internet and via e-mail.
You may ask "in extremis", has that got something to do with being at the point of orgasm?, for our 'secret' ones but expect to get a face-full of Bolognese Flan up your respective fannies in response.
Next thing you know they will be banning something because they are not very good at it. Obviously broken Boris Bikes and cycling in general is safe but you have to wonder about November 11th..
https://regmedia.co.uk/2015/10/28/david_cameron_pmq_smut_filter_law.jpg?x=648&y=348&crop=1
Note to Dave..
See that subversive Boris? Ay? Ay? Behind You!
He's got his poppy on upside down and is after your job. Don't try to see if he floats. Burn the bastard now... Tis the season.
Except that Baroness Shields says in the next breath "that companies that provide end-to-end encrypted applications [...] must be subject to decryption and that information handed over to law enforcement "in extremis"." blatantly contradicting herself.
The trouble is, any mechanism that enables the government to ask for decryption "in extremis" means that there's a mechanism there to be exploited by other people that might want to see my data.
"many companies are building end-to-end encrypted applications and services and not retaining the keys"
Please stop trying to sound like you know what you're talking about by making truly idiotic statements like this, or at least ask someone to give you a basic explanation of certificates and public/private keys, otherwise those of us who are responsible for implementing this stuff in the real world might just point out that you are talking absolute drivel and obviously don't understand it and therefore cannot be trusted to pass sensible legislation that won't compromise the security of UK online businesses.
Whist we have a professor for the public understanding of science already, surely it is time for a chair for Political understanding of science (and possibly, being controversial here, religious understanding of science too).
Our noble and ignoble leaders seem to have very little grasp of basic science and rational thought quite often.
(Don't mind me I'll just talk amongst myself.)
"absolutely confirm that there is no intention in forthcoming legislation either to weaken encryption or provide back doors."
If we must have monolithic parties, they should provide diffs of any changes to legislation they wish to enact as part of their manifesto. When a party is then elected, only those changes can be committed to legislation. At least the people get a say on the laws that they will have to live under and can in effect veto any significant changes.
It will put an end to Govs coming in and doing whatever the fsck they want once elected, usually defending their actions with "well you elected us".
Or something like that... I haven't worked out the details.
Everyday, a good sleeper terrorist goes past a shop (or a house, or a field) on his way to work. Or play. Or prayer.
Every day, there is something he can see without breaking pace.
One day, that something is no longer there. The next day it is.
Jihad is on !!!!!!!!!!!
Meanwhile MI<x> are farting around trying to decrypt hours of white noise (or modern music, it's all the same).
In other ideas, I worked out how to use BitCoin as an untraceable ransom payment.
So, if I use strong encryption in Internet traffic or on my disk drives, they're seriously proposing to throw me in jail?
No. They never were serious about that (although they said it to bring a few more out-of-touch, harumphing, something-must-be-done types on board before the election).
What they are serious about is "forcing" the big app players to co-operate. But they have (at last) realised that openly forcing them (like writing a law that says they have to) is likely to fail spectacularly (pushback from ordinary people, house of lords, foreign internet firms, UK internet firms, ECHR, etc).
So, expect to see a UK CISA just as soon as the fuss about the US version has died down.
"So, expect to see UK CISA just as soon as the fuss about the US version has died down."
The reason why clowns like Bliar & Hameron don't have any rational arguments to back up their policies is that the policies they are pushing aren't their policies in the first place. There is a very well established pattern of UK governments passing laws on behalf of the US Government, I'd guess this is just another instance of that.
Making encryption redundant/useless would make it easier for GCHQ to spy on US citizens on behalf of the US Gov. The US Feds get to claim they aren't spying on their citizens, GCHQ can carry on recording & cracking everyone's private communications, and the UK voters can piss off because the British PM isn't actually working for them anyway.
"Few people have a legitimate need for encryption"
Er - because someone (or something) made you the sole and authoritative source for the definitions of both 'legitimate' and 'need'?
Oh - and because 'because I wanted to/ felt like it' is not supposed to be acceptable in your definition of a free society?
Or, perhaps, because the existence of a 'free society' is less important/ desirable to you than the one you'd prefer to be in place (or perhaps already have elements of in place)?
Never mind me. I'm just an idiot...
Few people have a legitimate need for encryption so it's a lot of noise over nothing.
A-Huh. So only a few people use credit cards, or have confidential data? So you'd be quite happy for anyone to be able to access all your bank details and personal information?
In my personal view - yes. Because there is the chance that someone (or some number of someone-s) may take the comment at face value, and use it to justify the comment's apparent point.
I would rather, and again this is only a personal view, make a potentially unnecessary comment about such a point than keep silent - and wake one day to find it has somehow migrated into Truth.
Of course, I'm an Idiot...
"The Prime Minister did not advocate banning encryption; he expressed concern that many companies are building end-to-end encrypted applications and services and not retaining the keys."
Ah.
We will not ban encryption.
We will not require encrypted communication applications to include a copy of the key they use encrypted with a key that the GCHQ can read with every message.
But we will require that the company who sold you the encrypted communication application either generate all the keys, and keep copies of them, so we can come around and ask for them.
There's a difference? Well, in the first two cases, the government can read everything; in the third case, they'd actually have to get a court order or something, and even in the case of the intelligence services, it would be awkward to read everything. Unless they tapped the lines of the software company.
Close, but IMHO you are thinking to small.
For many years GCHQ eavesdropped on all communications between the UK and Ireland by simply intercepting the BT microwave backbone at Capenhurst. No physical connection, no warrants, just a tower in a convenient location listening to the chattering in the ether. Now that was fifteen years ago, technology has moved on, high-gain antennas have gotten smaller and if I were paranoid it may explain the existence of some unlisted cell-phone towers.
Wolfclaw, the evidence that Cameron is lying again is irrefutable. Yes he probably is illiterate regarding I.T. most 3rd rate recycled failed PR people are. More to the point he is dangerous and many of his neocon friends in the UK and across the pond in the land of the not so free love him. UK Patriot Act anyone?
Even if encryption were banned, it would simply result in an upsurge in the use of steganography. You could hide a heck of a lot of data in a 2 hour HD movie with no noticeable degradation to the movie. Which would mean that not only could the government not decrypt the data, but they would not know who was using encryption in the first place.
The same bill that required you to hand over your password also applied to steganography. The wording was something like "any document that contained a hidden or secret message" so if you had a copy of anything by James Joyce or pretty much any religous book in the house you were in trouble.
It's a bit tough to get 5years if you can't explain Paradise Lost
"The government has "no intention" of introducing legislation to weaken encryption"
If they are not introducing legislation, perhaps they have found some old legislation that can be reinterpreted to do the same job.
It's not like there isn't a crapload of existing freedom limiting legislation already on the books, there is a high probability that something could be massaged a little, then it only needs one suitable judge to set a precedent .
Here's how I think it's going to go,
We don't want to ban encryption, companies can use it as long as they keep the keys so we can use them to decrypt whatever we need to in extremis (i.e. if we don't like someone or they disagree with us) and of course we won't use these keys to spy on everything everyone does in case someone talks about the coming pedoterrorarmagedon that we are protecting everyone from.
However we don't see why the general populace needs encryption or to keep their own keys so that needs to stop.
Here's what I don't understand and maybe someone on here with more intelligence than me (probably a hell of a lot) can explain it to me?
What exactly is the problem with encryption?
The way I see it,
A. It keeps my details and data safe whether I have it or a company has it.
B. It stops that script kiddie that has dropped a wifi pineapple from doing lots of damage (though personally I never use "Free Wi-Fi" unless I'm also using my own built secure VPN)
C. They talk like encryption is an internet only thing? After Snowden do they really think IS state are using Whatsapp? Are we supposed to think they are really that stupid?
Also aren't keys on their own a bit useless? I thought that was proved years ago that you had to have an extra level of cycling of keys.
"The time to guard against corruption and tyranny is before they
shall have gotten hold of us. It is better to keep the wolf out of
the fold, than to trust to drawing his teeth and talons after he
shall have entered." --Thomas Jefferson: Notes on Virginia, 1782.
I think I need to do more research on Thomas Jefferson Airplane or maybe those hippies had it right, My head hurts just thinking about the potential misinformation from the ministry of information either that or the LSD (not mine, theirs of course)
"Lethargy is the forerunner of death to the public liberty."
--Thomas Jefferson to William Stephens Smith, 1787.
Sounds a lot like "Niemand hat die Absicht, eine Mauer zu errichten." to me.
Berlin 1961 (A Freudian slip if ever there was one)
I see the problem.
There's a house filled with inbred sock-eaters making decisions.
Unlike the elected House of Commons, most members of the House of Lords are appointed. The membership of the House of Lords is made up of Lords Spiritual and Lords Temporal. The Lords Spiritual are 26 bishops in the established Church of England. Of the Lords Temporal, the majority are life peers who are appointed by the monarch on the advice of the Prime Minister, or on the advice of the House of Lords Appointments Commission. However, they also include some hereditary peers. Membership was once an entitlement of all hereditary peers, other than those in the peerage of Ireland, but under the House of Lords Act 1999, the right to membership was restricted to 92 hereditary peers. Very few of these are female since most hereditary peerages can only be inherited by men.
Because that is all encryption is, maths. Banning encryption isn't like banning guns, where most people don't have the ability or resources to make one and requires physical transport to redistribute.
An encryption algorithm is just maths. Any maths undergraduate is quite capable of rolling their own and making it available to anyone who needs it.
Shields replied: "I can confirm that there is no intention to do that; that is correct."
The trouble is, that statement can be true at the time it is made, but be superseded by policy change the next nanosecond. So the question as stated is pointless.
The sort of question I'd prefer is something like Does Mr Cameron now understand that his previous demands on encryption were impractical and that weakening encrytion in the way proposed would be contrary to the best interests of the British people and, indeed, of British business?
In all the chatter about encryption I think we miss the reasons why it's used.
One of the attractions of BitCoin et al is the ability to conduct transactions anonymously. I'd quite like to conduct chunks of my life anonymously.
In addition there are things that I need to keep Private, such as banking pins, access codes etc.
And finally I may have some things I wish to keep Secret, (Dont ask otherwise I may be forced to kill. you.)