"The former policy wonk -
whose performance on radio this morning was criticised as "clueless" by" - anyone with three active neurons.
Calls by a former special advisor to ex UK Prime Minister David Cameron to allow the circumvention of end-to-end encryption to monitor terrorist suspects have come under fire from security experts. Rohan Silva, government policy consultant turned co-founder at Shoreditch-based tech incubator/workspace startup Second Home, …
+1 I was effing and blinding too - good thing no one paid me any attention or I'd have been pulled over!
PS. Thankfully, El Reg covered this - I was going to have to start cross posting in another article if it wasn't!
PPS. Actually, I'd be DELIGHTED if all communications were tapped 100% of the time if the penalty for the slightest misuse of that information no matter how minor was slow, painful public execution Pour Encourager Les Autres...
>Unfortunately that is a real-time reflection of how many fucking idiots are present in society.
But not everyone knows enough to be able to pick out fuckwits like Rohan. I dont doubt that that the other interviewee did know enough, but when it came to tricky things like stringing a sentence together, making a coherent argument and explaining things in ways that typical R4 listener might understand she couldn't compete. If the tech industry wants to be taken seriously, they need to send serious sounding people to be interviewed. Its a shame because this is yet another instance where our politicians are simply lying to us and it would be good to have had someone say so more cogently.
"If the tech industry wants to be taken seriously, they need to send serious sounding people to be interviewed. Its a shame because this is yet another instance where our politicians are simply lying to us and it would be good to have had someone say so more cogently."
Presumably the good Revd Adrian Kennard (AAISP) is now banned from being interviewed by the BBC, as his previous inverviews he has:dared to criticise BT and dared to criticise government policy. He's still doing it for Sky and RT, but does anybody watch them? In the past he's been on the BBC too.
So you think any non-tech person is a fucking idiot?
Can you do the job of a doctor, dentist, cardiologist, optician etc? DO you know how to build houses, install central heating systems, do plumbing... the list goes on.
No? then I guess by your own logic, you must also be an idiot for not knowing how to do all the things that other people know how to do.
I am a techy as well, the difference is that I have respect for the jobs other people do, and do not arrogantly expect everyone else to be good with computers and technology.
Except most people don't go through life having to perform surgery, repair teeth, or take care of eyes professionally. Most people in today's society don't have to do those things, as they're specialised jobs.
OTOH, most people use their fondleslab and even computers on a regular basis (i.e. daily or more) and should be expected to understand the basics, or at least be able to tell the difference between an expert and someone completely clueless, like this fuckwit Rohan Silva.
On second thought, this is going up as AC
Probably because they would need 18,000 people to monitor all suspects in real time around the clock. Plus a tenth more to cover for sickness and holidays, and even more when the Maybot cracks down on anyone who has ever travelled to Libya or Syria, even as a kid.
Does anyone have a list of 20.000+ Arabic-speaking people with a security clearance? Let's ask the wonderful and thoroughly-informed Rohan.
Give it time, it'll grow again.
Well, it's understandable that one lauded as an expert is just so clueless.
After all, it's not like FVEY have bothered to install middleware to fork microphone and camera data, to transmit via a covertly, network install applet, to their central monitoring software and it then transcribes everything said for automatic analysis.
That's a 21st century technology! We're nowhere near - oh, wait. We are in the 21st, we can and have that capability and use it constantly.
You can, as long as you advise them 100% of the time that they are 100% correct 100% of the time.
A Yes Man seems to be the qualification required for crypto expertise in some gov circles. And it is worrying that so many of our leaders have not yet grasped the very basic concept that you can't have safe backdoors guaranteed to be unusable by criminals through some magic fairy dust. Wherever else you stand on the surveillance/privacy divide wrt terrorism prevention, how can supposedly smart people just not understand that basic fact? Or take the word of the experts in the field?
'And it is worrying that so many of our leaders have not yet grasped the very basic concept that you can't have safe backdoors'
Hypothetical government minister. 'You are quite right. I am not calling for a backdoor, I am asking for a special golden key which acts just like a backdoor but can only be used by the good guys.'
Interviewer. 'Thank-you for your time, is there anything else you would like to share with a grateful nation?'
And therin lies a massive part of the problem: too many elected officials are clueless when it comes to math, science, and reality.
We need to get more people with practical degrees (not to demean non-STEM fields) to run for office in order to make the government more logical and rational.
"But what else do you expect when parliament does not have one science or engineering degree between 650+ people."
This makes me sad. I'd like to see a list of what bullshit they have got merit badges in.
Inst there some acrnym at oxbridge for politicain studies ? PPBA
for Politics, Philosophy, bollocks and arselicking or something like that .
And this is why my new startup "Quantum Time Developments" needs government funding to take our ideas from the drawing board (ok...scribbled on the back of a beer mat) to someplace that only a massive injection of public money can possibly achieve.
All of us here in "Quantum Time Developments" look forward to the exciting new possibilities this funding will give us and society as a whole.
Note: "society" as a whole may or may not extend past local drinking establishments, suppliers of recreational pharmaceuticals and artistic venues with "girls" in their title. And any politicians who need convincing of the merits of our brave new world.
Why aren't 'people' asking the government what would be different if they had access to every bit and byte that exists, in real-time?
They aren't interested in stopping attacks, all they are interested in is tracking down the contacts of the perpetrators once they've committed an act of atrocity. It serves their purpose to have the general population fearful and rubber-stamping draconian laws that will come back to bite us all on the arse.
It doesn't require prescience to see this, just a view of history. Power is as power does.
"Metadata" is _much_ more important than the actual data. With it you can automatically track networks and people. And surely the secret services already had access to that....
...it's just that secret services are not the police. They are not responsible for stopping crime, their tasks are, obviously, secret. Usually they are supposed to work more or less like a news organisation, but keeping their findings secret. More and more they seem to be occupied with trying to find some justification in a time when they fail more and more often. (apparently US secret services were completely surprised by the fall of the Berlin Wall)
Also they assume that there was some "network" behind it, giving orders and commands. There doesn't seem to be any indication of that.
Dear Government,
Two terrorist attacks have taken place in the past two weeks by people that were reported to you as terrorists and you didn't monitor them anyway so asking for real time monitoring and the breaking of encryption smells of bullshit.
Kind Regards,
The People.
P.S. When you eventually try to put that totalitarian regime in place you can be sure I and many others would die for our freedoms and the freedoms of our families. Vive la revolution.
Dear The People,
Under our current system of law, we tend to require evidence of wrongdoing before we can imprison someone. There are tens of thousands of extremists in the UK right now, only some of which will actually end up killing people. Precisely how do you intend that we monitor these people without something like bulk surveillance? Or should we just lock all these people up without charge?
Kind Regards,
The Government
The reality is that you know someone is dodgy, and you know he knows dodgy people. Unless you have concrete evidence that he's about to murder a bunch of people, our current innocent-until-proved-guilty system says you cannot just throw him in jail. By the way, according to the police anyway, this is lost 2, won a dozen or so, in that they "disrupted" about a dozen terror plots in the last few years.
And anyway, we are talking tens of thousands of people here. We'd have to build a few prisons just to hold them. And if we start engaging in the habitual internment of Muslims in the UK, how many more extremists do you think that will generate?
I don't know what the solution is, but some kind of automated surveillance is going to be necessary because of the sheer numbers of Islamic extremists involved. If there are 10000 extremists, and each needs a team of five (absolute minimum) to watch them, on £50000 each (salary, pension, equipment, cover, etc.) then that's £2.5bn. And that's to employ 50k people just to follow them round. It's not feasible.
And we cannot deport them because most of them are British citizens.
"Under our current system of law, we tend to require evidence of wrongdoing before we can imprison someone."
...but just in case we'll assume everyone is guilty and put them under surveillance just in case. We'll ignore the fact that the core of strong encryption S/W went public decades ago and that there are enough tech-savvy people* amongst terrorists who will put something together entirely out of our control and even if there aren't there are others who'll do it for cash. We'll also ignore the fact that we will also be attacking British business's ability to compete in a world where security of communications is regarded as essential. We just want all your data.
*We only wish we had a few in our government.
FTFY
@DavCrav. Sadly, I agree with just about every point you make. Despite your 7-1 thumbs down to up ratio, everything you said regarding the current situation seems 100% accurate. The only one I don't agree with is your solution. Creating a police state (and enforced monitoring is a firm step in that direction), might do the trick of stopping attacks, but by doing so you hand the perpetrators the exact victory they were looking for.
There is only one way to fight this kind of 'war'. It's been tried and tested for thousands of years, and looking through history books, I've yet to see a single instance of something else working.
That way is harsh, unapologetic, brutality.
I know this isn't what any right-thinking human being wants, regardless of political bent. It's the antithesis of just about everything we believe in. But the thing is, it's NOT what the radicalized believe in.
Despite our best intents, you simply cannot import a world view that was formed in the relatively luxurious west, to a region that doesn't have the same comforts and sensibilities.
How many of us loved seeing what happened during the "Arab Spring"?
How many thought, uh oh, maybe we shouldn't be removing the strong men who have been keeping all the religious nuts in line the past 50 years or so?
So, unless we are willing to emulate the Sadams and Muammars we helped boot out, we better get used to these attacks, because they have no reason to stop them.
You want it to stop? Once you've identified one of these monsters, emulate them. Make life a living hell for everyone they have ever known. Let them know that if they pull this sort of thing, we might just find their entire families and do the same to them.
Personally, I hate to think about it, and have hundreds of arguments against my own rant.
But it's been historically proven to be the only method that has ever worked against fundamentalism.
We need to stop pretending the attacks are just a passing fad that can be stopped be changing government policy. They aren't, and it won't.
If anyone has a better solution, that takes into consideration the global situation as it is, and not as you'd like it to be, then please enlighten me.
Because it sucks to think there is no other solution.
@mstreet
The other solution is to move the rest of the world to an alternate fuel. Once oil stops being valuable, World+Dog stops being interested in the region, world+dog stops sending $vast amounts of money, guns and technology into the region; Region quickly (hopefully) degenerates back to stone age backwater that no one gives a flying fuck about. (See most of Africa)
Do I wish that there was a better way, that results in the lives of everyone becoming better, fairer & more fulfilling? Yes;
Will that ever happen? No :(
It's clear that monitoring thousands of people is expensive and won't prevent all atrocities. Imprisoning or deporting them all would also be difficult/impossible. Executing them all will just make them 'martyrs'.
If they started to disappear without trace though, that might give the rest of them some food for thought (while also decreasing the excessively-high population).
Do you think I might get funding for my idea? It's no crazier than Rohans.
Agreed.
And all the terrorists know you shouldn't trust your IT. Surveillance is about stopping people like Snowden who embarrass governments, not terrorists. Once you know you shouldn't trust your IT you leave it out of your planning.
Terrorism is not high-tech and doesn't need high-tech. There is no high-tech solution to it.
We have to engage the values and historical context which nurture it. Sadly, no-one wants to discuss morality, in case an uncomfortable conclusion is reached or logical inconsistency is noted. So we make vague statements about "extremism" without saying what it is that is extreme. If "extremism" is bad, should we not be extremely committed to safety? Is May extremely committed to Brexit? Is Juncker extremely committed to "ever closer union"? Was Mohammed an extremist or moderate?
Think the key point that was made in the interview was that in the end the reason for everyone suddenly deciding that they needed to roll out end-to-end encryption on their services was profit based. Once one company saw the Snowden revelations as providing them with the opportunity to say "use our product and you don't neeed to worry about being snooped" as a marketting strategy then everyone else had to do the same to avoid being at a perceived competitive disadvantage. So if the various Governments get together and come up with some scheme that makes it financially disadvantageous to offer these services then I'm sure all these "high minded" companies will abandon their principles and follow the money.
"Think the key point that was made in the interview was that in the end the reason for everyone suddenly deciding that they needed to roll out end-to-end encryption on their services was profit based. "
The key point is that enough people were interested in their own privacy to make the provision of such, profitable.
Kind of points to democracy at work really , doesn't it?
The majority want their privacy and an unelected PM wants their privacy too.
Hope she doesn't get a mandate for it this week!
Silva sounds like a man who would like to be back in the fold advising Frau may with more clueless ideas.
to have secure encryption with a government escrow key
- I would not particularly trust US/UK/Chinese/Russian governments as citizen of non of those places
- why wouldn't an insider sell good stuff for money (card details, business secrets)?
If there are 800.000 in the US system with Top Secret Clearence, the must have missed more than 1.
E2E was not introduced for the customer. The real reason was that is allows WhatsApp etc to honestly say that they don't know what is being sent. With so many jurisdictions with different laws and ideas on sedition, lgbt issues etc, operating a messaging App where you can read traffic is going to get you in jail somewhere
> So if the various Governments get together and come up with some scheme that makes it financially disadvantageous to offer these services then I'm sure all these "high minded" companies will abandon their principles and follow the money.
Here. Take a look of Product v2.0. Just like Product v1.8 but without all that privacy. Would Sir like to upgrade?
Maybe you are right that the 'WhatsApps' of this works saw the opportunity to be painted as the good guys in the fight against out of control mass surveillance. It doesn't matter. It is cheaper to provide end to end these days. We have seen this movie before. What happened when ABP introduced a new feature to let through some ads from marketers who agreed to their protection racket fees? Things like uBlock came along to do the exact same thing the old one did.
The signal protocol is public. The minute WhatsApp start using something inferior, they will stay to lose market share. First will be those techies who really care about privacy. Then the next time they get asked to install the new shiny ithing on behalf of a family member they will say "that used to be good but the new version is breaks your privacy, use this instead".
What is that bloody clunking noise. Sorry, gotta go. Someone left the stable door open again.
while I fully support the sentiment, and think the Gov are a bunch of idiot data fetishists and regard PM TM's motives with extreme prejudice....
There definitely is a way, and it's what is being proposed by some (***tard) people. Simply enforce MITM attacks by any company handling more than X 'messages'/'transactions'/'customers'/whatever. Then enforce the ability for some sub set of those to be stored at will.
Can the enemy du jour hack into those servers and read that data? Yes, probably
Can the majority of data be retained/processed/snooped? Not currently feasible (but bet your bottom hexagonal pound that it will get that way)
Does this mean 'no security'? No. It just creates a target for the data either at rest on the server, or while passing through the RAM on said server. This is just in addition to the two existing targets at each endpoint that we currently have.
Is there a tangible benefit for society to the Gov having this capability? Not in my opinion
All this allows is digital CCTV, does nothing to prevent an offence, just helps point fingers afterwards. And in politics that is all that is important. There is a reason we are the most monitored per capita (by CCTV) country on Earth
"So either we have strong security or we have no security."
False dichotomy. The government can look at my bank records but my nosey neighbour can't. And similarly we could escrow messages without backdooring the crypto -- giving me more security than rot13 but less than end-to-end encryption. So your job is to explain to my nosey neighbour, without side-stepping the question, why Whatsapp chats should receive a level of protection greater than that accorded to my money or (AFAIK) my voicemail.
Because the end goal of the state is to make the use of end-to-end encryption a prosecutable offence anywhere in the western world. Sure the contents of a server might occasionally end up on the front page of the News of the World or on Wikileaks. But we've lived with that. We coped. And politicians would rather deal with an embarrassing leak than dead children. And my nosey neighbour, who anyway has a vested interest in reading my comms, would eagerly agree that's the right trade off to make.
Because telco staff have always eavesdropped calls, especially the rich and famous. Simply looking for saucy gossip, insider information or something to sell to the papers. For these purposes they can afford to wait for slower computers to do their grind. These days foreign governments might want to break your encryption for many evil reasons
False dichotomy.
The dichotomy is in no way false. You cannot have your cake and eat it too: either you're secure or you're not. There is no false dichotomy here, just the only two options that exist in reality: strong security or no security.
And, for the record, if your voicemail isn't encrypted then it should be. Unless, of course, you don't care if your nosy neighbor listens to it. It's not that Whatsapp should have more security than your voicemail, it's that your voicemail should be at least at the level that Whatsapp is if you care at all about your privacy. And your money already enjoys end-to-end encryption (unless you're so foolish as to log into your bank account without SSL that is). Were I explaining this to my nosy neighbor I absolutely would sidestep the question with a more relevant one: what makes him think he should be able to listen to my voicemail?
"There is no way to let the good guys snoop without letting the bad guys snoop. That option simply doesn't exist."
Yes there is, and yes it does. We've done it with paper letters and phone calls for years. You just need to cooperation of one end point.
Peer-to-peer comms is different, but the government isn't (yet) suggesting that.
No, the original statement is absolutely true. Your assertion that we've done it with paper and comms is a false one. In those cases as with this, the bad guys could employ most of the same tactics to snoop that the good guys used, it was just illegal for them to use them (which is a fairly low bar when you're a bad guy).
The current situation is further complicated by the fact that monitoring, whether good or bad, happens in an unmonitored location, so it's hard to know exactly who is monitoring until they take some action.
Add the fact that the "terrorists" will simply start employing e2e encryption of their own or other methods which require no encryption at all and you really haven't accomplished much towards your stated goal. Bear in mind that drug dealers have managed to avoid capture for decades in a world with no encryption despite being high value targets.
Thicko religionists aren't mostly communicating encrypted (and if they were, nobody would necessarily notice - steganography, anyone?) More likely they're sitting on stained sofas upping their courage with videos of ME extreme nastiness. And then they go out to die and be 'brave' (in their terms). Noted, but at least help block the images of nastiness on which they (arguably) thrive.
My understanding is that such groups have - the vendor of that software is themselves. After all, the techniques, and open source algorithms, are widely available and known. Imagine a law that basically insists that ISIS, as a "software vendor", must put in government approved back doors in to its messaging platform!
There are quite a few (well-publicised) cases of extremists trying to "knit their own crypto" and making a complete balls of it, some of them have even been reported here.
Eventually, one of them will come up with something decent, and GCHQ/NSA/<insert acronym here> will be back to square one. All it will take is a few evil/misguided/pissed-off crypto geeks.
extremists trying to "knit their own crypto" and making a complete balls of it, some of them have even been reported here.
That seems to have been a typical example of "if all you have is Excel everything looks like a spreadsheet". Real cryptography algorithms are already available as libraries ready to be wrapped up in a UI. It doesn't have to be a pretty UI, just one that works. And if that hasn't already been done it's only because the commercial packages suffice for now.
Apparently 40 million Iranians are using software called "Telegram".
As a trade union member with a quantum of sympathy for differently gendered and differently coloured people, I don't want governments having the means to browse through any of our private business. Tell that to former MP David Cameron and to his former PA.
The intelligence agencies usually prevent such attacks successfully. Recent figures suggest a rate of something over one attack a fortnight. So what's changed?
If the intelligence agencies had been nobbled, for example by a botched information system upgrade (which no individual would know about, as they work on a need-to-know basis), it might indeed explain two such attacks in quick succession.
With a bit of luck, Thursday will bring an end to the motivation for nobbling them.
Bloody good question. Such prosecutions as there have been appear to have been somewhat farcical if they've ever reached the courts.
Readers might want to read about the arrest, charge, and initially failed trial(s) of Erol Incedal, starting 2013. Here's a rant I writ here earlier today:
https://forums.theregister.co.uk/forum/1/2017/06/05/theresa_may_london_terror_attack_response/#c_3199364
But there have been options other than arrest, charge, and trial, and they have existed for many years. For many of those years a certain Theresa May has even been in charge at the Home Office.
Anti-terrorist control orders, for example, and their associated rules.
There's clearly a problem here that needs addressing. Calls for extra laws and extra powers don't really help anyone other than the lawyers and the headline writers.
Having a police/intelligence force that was trusted by the public to do its job properly (including having sufficient resources to do it properly) might help, but doesn't make for such exciting headlines.
Endless repetition of 'we have foiled x numbers of terrorist attacks in the past three months' is beginning to sound lame.
One of the latest sentences included conviction for the possession of 'The Anachist Cookbook'.
Have you, ever, read it?
It was published in the early 1970s; the contents are approaching something like 'Dangerous Things for Boys'.
I rest my case.
One of the latest sentences included conviction for the possession of 'The Anachist Cookbook'.
Have you, ever, read it?
I have.
It was published in the early 1970s; the contents are approaching something like 'Dangerous Things for Boys
Not dangerous. Suicidal. It doesn't take much chemistry knowledge to realize that mixing plaster with explosives then chucking it into the oven to dry faster isn't going to end well. Or that nitroglycerin is liable to ruin your day if you don't do something about the waste heat from the chemical reaction that produces it. Or...actually, you know what? Just give the thing to terrorists. Air drop pallets of copies of it into ISIS training camps. That alone should make a big dent in the problem. Granted the ones that survive will be the ones with more than two brain cells to rub together and thus be harder to catch, but the total volume should be down to manageable levels.
Or...actually, you know what? Just give the thing to terrorists. ...That alone should make a big dent in the problem.
Having come across a copy of it in my youth (possibly even public or school library), I often wondered if that was exactly why it was written. Even my high-school level chemistry, I could tell that much of it would be likely to detonate a little earlier than planned - like while you were carefully following the recipe.
Some of it was interesting, but other bits were so scarily badly written (to me at least) that even the stuff that appeared safe was never tried by me - if recipe 1 appears designed to kill whoever tries it, and recipes 2-9 are much the same, I'm pretty sure recipe 10 will go BANG right when I least expect it.
Because many people are "known" to them. It simply isn't possible to monitor all of them, short of internment.
I don't think imprisonment or punishment without trial - which is what that article author is advocating is an appropriate response either.
Locking people up because they are a bit socially inept and their neighbours reported thrm might reduce El Reg's readership a bit though.
"Because many people are "known" to them. It simply isn't possible to monitor all of them, short of internment."
Loony neighbour reports are easy to deal with because there will only be one or two reports about the person of interest. You can eliminate that kind of noise pretty easily.
However, when someone is being reported by multiple sources - and those sources include credible people like various Imams (and the head of one of the UK's largest anti-terror muslim charities telling them "This guy is off his rocker and dangerous, you need to act NOW"), then filing it under non-urgent isn't appropriate.
That said, the security apparatchik is understaffed and underfunded, but not making best use of intelligence provided isn't helping their cause (FWIW, internment of potential terrorists would cost at least 100 times as much as the shortfall in funding now being talked about, probably 1000 times. There are sound financial and psychological reasons to avoid doing it)
You make an excellent case in general.
And yet, the security services and their Metropolitan oppos seem to have had plenty of staff and plenty of funding in recent years to run legally dubious financially unjustifiable operations infiltrating legitimate non-threatening peaceful protest organisations, of which probably the best known one might be Mark Kennedy aka Mark Stone.
There was plenty of money for other similar operations on the mainland, managed by what used to be the Association of Chief Police Officers Ltd (now renamed to protect the guilty).
Elsewhere, there were plenty more undercover ops in Northern Ireland (which might arguably have been somewhat more legitimate).
And yet also, the Police seem happy to waste time, money, and indeed lives by not properly exercising their duty of competence and care in relatively routine cases, of which the unnecessary killings of JC de Menezes, and the inappropriate shutdown of the News Group phone hacking case (run by the 'anti-terror police') are but a few examples.
Let's not even start to think about the huge amounts of police time and money thrown at an ultimately unwinnable "war on drugs".
Someone is responsible for those errors of judgement, planning, and execution.
Things aren't going to noticeably improve unless the UK gets rid of (or works around) its culture of management complacency and management incompetence, and makes a few other politically awkward changes.
The idea that there is a way to stop secret communications is a nonsense. Playing whack-a-mole with whatever is used now only has one end game, when the only remaining "safe places" are those that cannot ever be stopped - like systems using pen, paper and dice! Along the way they will damage the legitimate use of encryption to protect us all from criminals on a day to day basis. This video gives some clue, please do share it... https://youtu.be/QRa_zzQOEe8
"The idea that there is a way to stop secret communications is a nonsense. Playing whack-a-mole with whatever is used now only has one end game"
The concept of not being able to say "enough is enough" and have it work just fine is an impossible concept to grasp for the vicar's daughter.
They've done the "taking away devices", but now the list of people dangerous to the government is "everyone, including you".
Although, apparently ringing up MI5 and saying "My neighbour / brother / son is a religious extremist" doesn't get anything done (otherwise it would be a great way to prank your neighbour / brother / son). In fact, nationally broadcasting a reality TV show called "The Jihadi Next Door" about that person doesn't get anything done.
So it looks like the solution has to be to stop "knife crime prevention" of the knife-prevention kind and everybody go out tooled up. Make it an even fight. In fact I know how to kill someone with a credit card. Put them on hold on the premium line to the call centre and play Vivaldi Four Seasons at them for 99 minutes.
Silva clarified that he was not in favour of "banning encryption" but rather getting the tech industry to "lean in".
"I'll lean, then. Is this far enough?"
"More, please."
"How about now?"
"More."
"Is this enough?"
"Look, just go ahead and bend over, okay?"
which mandates terrorists *must* used electronic devices to communicate ?
Just wait until we discover an atrocity planned via snail mail (preferably using a foreign language in a foreign script - e.g. Farsi).
Alternatively, just set up a public streaming webcam pointing at a bit of pavement, and just walk past with the message at a set date and time ....
And there are thousands of other non-encrypted ways to communicate in secret. Starting with learning Welsh ....
'sdim ishe ei ladd. Anfona fe i Benffordd Las (Staylittle) a ni fydd yn bosib iddo ddweud wrth unrhywun :-)
M.
It's a standards track problem.
The standards track says stronger crypto more [all] of the time.
The government can bitch about this all it likes but it's the reality of the situation. This shit can't be weakened, it can't be reasoned with, it can't be bargained with.
That's why I have no problem voting Tory - they can want it all they like; they aint getting it. Even if they hypothetically did (which is an absurdity for all sorts of reasons) - you'd just make those platforms irrelevant. On the internet services are like pop groups, a year or so after they're popular you forget they existed because you're on the new thing.
@Pen-y-gors - Exactly: https://en.wikipedia.org/wiki/One-time_pad
"Silva argued that end-to-end encryption was only introduced by services such as WhatsApp"
Whatsapp was built from the outset with end to end encryption, it wasn't added later.
Anyhow, Rohan Silva is an idiot, as demonstrated on a frequent basis in the regular opinion piece column he has in The Evening Standard. I often find myself wondering "who the fuck does this guy think he is??" ... and now I know.
What if Alice and Bob choose their own private scheme for encryption, say without using any public resources at all?
*
Say Alice and Bob do the encryption/decryption on machines which are standalone (no network), and use thumb drives to transfer only the privately encrypted messages to network-enabled machines? The plain texts are always air gapped.
*
Then their messages going over public channels are twice encrypted.....I don't see how backdoors help the government (or anyone else listening in).
*
What am I missing here?
Bigford ooralis bewinter malachi Dinesen drifted wall-fight snow-swathe dynamicity pomatums ecliptics McDermott yabbi EUUG neo-impressionism incapacitator unsplendidness unsharpen Walls dilemma chokers Carlini reverberated Dianthaceae troctolite polypier manner diabolic chevalier ribaudequin viridene nappies plagueproof EMA heliotherapies Soledad busulfans beduke phosphore low-frequency nonbeauties Ossetian Sugarland linsang serpentize Witbooi espanol telpherage zoogony patroon yeggs clamjamfry verminously crimple underturn woodbark Dev whensoe'er minigroups undeferrable dunamis justifably zacate unrepressive disenfranchised nonrejection rectifies dawing ISV uncarded drabbets esthesiology foliaging Deyoung Holocene endocoelar buffoonish opodymus demonstrant premarrying hypoalbuminemia nicknameable Wyner Lowestoft reticent multisection Bobo proctorrhaphy dashpot functor Oxystomata Pro-bermudian remigrant tinkerers meager Tinsley Dannemora outblot hastated vitrite make overdye saccharotriose planirostal diapasonal Split eight-celled unvariation huddle gravery unmitres phenazine geodetic Warms mulched chokeberry thermoradiotherapy UEC Patricksburg unsilvered orpit microgyne Astrangia nonjudicable Loxias double-queue wowserian anthocarpous specialists stookers Afshah rabbitfish pro-Jacobean hog-plum Caragana americanizing grub-prairie Ann-Marie nonperseverance Pica satanophany reschool underspread aepyornis tear-dimmed stillish hays exterminates concertino Isoptera quinque-articulate bump preaxiad megasporange nighty-night durabilities Pleasanton landowners suprabasidorsal pinewoods plumbery gyromancy self-identical accommodated sentimental theologastric intail Ailsa spacecraft retiral sorcerous marvel-of-Peru representor enterogenous Athenaeum spacewalkers wind-god gemsboks skatoxyl technicalness Aglipayan penetrably Lemitar alcoholisms Tadich superstition noblify phenomenalist cosmographist terne nonspectral prepsychological Sutter valeramid inletting speckle-breasted arkite notre travel-parted Lafollette maddock Claverack microcosmography untarnished stubbornest sadhes modulative protraditional unassuaged demonising
What's outstanding about this is that it makes the same, if not more, sense than AManFromMars's posts...
So true, thinking of which, haven't seen him around here recently. Anyone know what's happened? Has the medication finally started working?
He's still here: https://forums.theregister.co.uk/user/31681/
Bigford ooralis bewinter malachi Dinesen drifted wall-fight snow-swathe dynamicity pomatums ecliptics McDermott yabbi EUUG neo-impressionism incapacitator unsplendidness unsharpen Walls dilemma chokers Carlini reverberated Dianthaceae troctolite polypier manner diabolic chevalier ribaudequin viridene nappies plagueproof EMA heliotherapies Soledad busulfans beduke phosphore low-frequency nonbeauties Ossetian Sugarland linsang serpentize Witbooi espanol telpherage zoogony patroon yeggs clamjamfry verminously crimple underturn woodbark Dev ----SNIP---
What is THAT?
Dictionary attack?
Intellectual Lorem Ipsum?
Poetry Made by Vogon Living In Onancock?
'The assertion that 'Two of the suspects were known to the authorities and ought have been the targets of control orders and travel restrictions.' is absurd. The number of people known to authorities is just too large for this to be feasible.'
Can you explain how monitoring all communications and dealing with the many false positives will reduce the workload of the spooks and the number of people to monitor ?
"The number of people known to authorities is just too large for this to be feasible."
Yes, BUT.....
When the senior people in an anti-terrorism focussed muslim charity (who have experience and qualifications in such things) ring up and say "XYZ is acting bloody strangely, menacingly and in my opinion is dangerous" then attention should be paid to the quality of the source and weighted accordingly.
Because that's exactly what happened in this instance - and that wasn't the only source.
Ditto cases where multiple reports are being filed, especially from community leaders such as multiple Imans (which happened in Manchester)
It's one thing to "gather intelligence" and quite another to collate such reports and (not) act on them.
If bombs and guns were made useless somehow then the terrorists wouldn't use those either, and maybe would be stuck with writing rude words on walls in public places. So there is a bit of an argument, that depriving the enemy of a tool is a good idea. So let me know if the enemy ever gets better at killing people than, say, everyday road traffic does.
Yeah, the latest London attack didn't use guns or bombs, presumably because the naughty men didn't have them. They were wearing pretend bombs that they may have believed to be real ones. I don't want to tell naughty men their own business, but outrages in Paris show that with guns and bombs and a personal death wish you can kill a lot more people than just with knives.
My point was that for the intelligence services to get good intel they should compromise the devices of the people under investigation. Not ruin encryption for everyone, thus making it obvious to even the most daft murderous lunatic sociopath nutter that those devices cannot be used at all to communicate securely.
The extra threshold of having to do so also makes it less likely that we will all be monitored causally like in some 1984 scenario. (For which our technical capability is now way beyond what was envisioned in "1984".)
"What’s needed is not a clampdown on encryption — after all, it’s essential for financial transactions and the modern economy... the Home Office has developed sensible proposals that require a judge to give permission before real-time communications can be monitored — ensuring that suspected terrorists can be stopped before it’s too late, while also protecting against the mass surveillance that the public is worried about."
Notice the implicit distinction between needs and wants. He seems believe encryption is only "essential" for banking. The other consideration is lip service to placate the masses. But they do not deserve robust protection from abuse by authority.
While I can not disagree with the tweet by Jim Killock (the 'security expert' referred to) as a statement of fact, I must point out that he is not actually a security expert, but a privacy and open source activist.
There are numerous much more important issues at stake if we're contemplating backdoors in encrypted services than whether you can break end to end encryption if you have control of one of the end points (frankly that's a bit obvious).
Speaking as a security expert of some 20 years standing, I find that real security experts currently have too little voice in the media and activists and journalists to much (even when they happen to be right). The outcome, as in this case, is a superficialising of the issues that misleads and debases the public debate.
jA0EBwMCfi81hf/SpdZg0sAgATWgsbXjdBQYIoQiNL9rDDt3cV6NxdDTJdYTaH5nFGVPN910qsG3
pkaS/oyi4jfMR08J3QJ/lPT9olv1DTrtrX4hlafJJhO6WkICqfdLs+K0eC0WTZft+Sj0seb7A/PD
ao4Aq48uIyFJ9JmsenJZCeVIYFOZWiBdkdL+26fd0y+i7yoOuTt9mTNfju8WPp3Hjd4ai4okjnAa
nDO1EkmMeAtmne56L7dd525TVAlD2laTYou+m1MCeQbDXWLmstkGjGaYvid0HZPahvI3ZmxLDOPD
oI12oxIhbD6cTZpZaTI=
Just for fun this is a little harder to decrypt. I'm sure it will take any of you that care to do so about, what, 2 minutes once I tell you that the key is the title? Seriously. GPG exists. There's no point pretending that it doesn't. It can't be un-invented.
Euthanasia for Terrorists!
At some point we MUST decide to take away all human rights from people who decidedly do not behave as humans. Preferably NOW, while the numbers are still manageable.
First Human Duties, THEN Human Rights!
The human duties will simply consist of behaving like a civilised human being, with OUR society as the yardstick!
We have seven billion people on an earth that can only feed one billion in some sort of sustainable comfort. Having many bad specimens around is not helping.
It's amazing how many dimwitted hipsters fail to get that...
ther or not terrorists used encrypt comms to conspire among themselves is puzzling.
What's puzzling about it? Without prejudice to whether or not it's a good idea -- comms have a unique property in comparison with all the other incidental things used by terrorists (vans, knives, er,.. trainers? hoodies?) in that they provide access to someone's social and, ahem, professional network(s). That could enable you to find direct members of a conspiracy or group (if someone else made the bomb or is preparing their own attack) and presumably sympathisers and people who should have informed on them but failed to, etc.
That information's probably less useful in defending against random independent self-starter types like the current crop than the IRA, of course. But there's no guarantee there aren't more traditional multi-person cells. Perhaps some of the disrupted plots were of that sort, IDK.
Hands up I am completely ignorant about this but something occurs to me...
If the Gov't have this 'watch-list', can they not pass this to the companies that apply crypto, and the said companies then apply a backdoored version to the comm's of the only the suspect individuals, rather than some blanket application affecting everyone? I'm not a fan of this but if the individuals have been confirmed to have suspect behaviour then screw them. I do understand the dangers and flaws in this, but we're in a situation of all or nothing at the moment which doesn't seem to serve anyone. It would require proper international cop-operation between Gov'ts to ensure the watch-lists were up to date and accurate of course, because the companies applying crypto are international. Yes it may be possible these watch-lists might be leaked, but in some ways that may not be a down-side, it would make the individuals very paranoid and less likely to use these channels. So they might resort to having to meet, or send snail mail, which would slow down their communication and also make them more visible.
Nope because it doesn't work like that. The encryption (and decryption) occurs on the end device, ie the user's phones, so in essence once the message leaves the sender's device it is already strongly-encrypted and so (assuming that the encryption has been done properly) it can't be read by anyone else (including the ISP, manufacturer of the phone, writer of the OS etc.).
Either the encryption is secure (nobody can intercept the message) or if it is designed so that it is possible to intercept and decode, then by definition it's insecure and it's insecure for everybody not just the suspected bad guys.
So what you are asking for is that people on the watch list are somehow sold already compromised phones or that their already bought off the shelf phones can be got at and compromised. The authorities already have the legal right to do this but physically being able to do it (actually getting hold of the phone without the owner noticing) is somewhat challenging.
To put this whole question into context ie perfectly secure encryption which magically become completely insecure as soon as you wave a court order at it; what the authorities seem to be requesting (demanding) is exactly the same as wanting a gun which can only shoot 'bad' people, knives which can only be used to cut food or cars (vans) which can never hit a pedestrian. On that basis I'm mystified as to why the clever people from Smith and Weston, Kitchen Devils and Ford aren't being invited to 'lean-in 'as well.
LOL - my ignorance confirmed! Your explanation was very helpful thank you. (walks away tail between legs)
The terrorist issue seems like a really intractable problem to most people and Gov't is using this a yet another way to introduce draconian laws and put the shits up people. It would do more to ensure their communities have high levels of employment to keep them busy, financially secure and have more outside influences to counter the garbage they're being fed.
I'm quite surprised to have seen such a polite conversation occur on the internet, and for someone to admit and then fix ignorance.
I do completely agree with what Confused Boots said, but I'd also like to add that if the "bad guy" gets worried about their phone being compromised all they'd have to is buy a burner phone. Or, you know, just factory reset the phone. Or take some other action. Getting around this stuff can't be that hard for them.