Re: All very Orwellian.
"that it knows bugger all about IT"
Really? That's like me going to a toilet and not knowing where to piss.
Our time is up. enjoy your limited freedoms while they last.
UK Home Secretary Amber Rudd kicked off a firestorm in the tech community Tuesday when she argued that "real people" don't need or use end-to-end encryption. In an article in the Daily Telegraph timed to coincide with Rudd's appearance at a closed event in San Francisco, Rudd argued: "Real people often prefer ease of use and a …
This post has been deleted by its author
This post has been deleted by its author
How quaint, lots of down votes for a reasonable rational comment.
Let's look at two possibilities,
1. The government is completely clueless and has absolutely no idea what it is doing with regards to encryption or IT, they have no advisers and absolutely no one who understands anything. Lets face it she's a woman who incorrectly used the term hastags.
2. They know exactly what they are doing and it's got nothing to do with terrorists.
I know what I believe.
"Let's look at two possibilities,"
It's both. The ministers who are supposed to be our elected representatives, supervising the machinery of state and making sure it doesn't run out of control, are clueless. Those advising them from the shadows know exactly what they're doing.
"The government is completely clueless and has absolutely no idea what it is doing with regards to encryption or IT, they have no advisers and absolutely no one who understands anything."
Whereas I can understand why you would think this, based on the woeful performance of government ministers, it's not true. UKGOV has available to it some of the best advice from some of the best people in their field in the world. People who are listened to by foreign governments which deeply appreciate the insights offered. UKGOV of course has access to the full, uncensored, advice which is more useful than that information made public.
So, why are UKGOV projects not the best run, most effective, most secure in the world? The answer is simple, not only do the ministers (MA PPE, Oxon or Cambs) not understand the advice given, they think that they know far better than those funny "technical" people. Hence the ministers do their own thing, ignoring all advice given. The end result is the usual circle jerk. As long as the country is run by people who have never done productive work, who have no appreciation of science and technology and to whom manufacturing is a dirty word there's no hope of getting anything sensible out of them.
Wouldn't make any difference.
She has spouted exactly what the group of data fetishists who are her "advisors" on this subject tell her.
Exactly as at least the last 9 Home Secretaries have done.
A piano could drop on her head tomorrow and within a week her replacement would be spouting the same line.
"A piano could drop on her head tomorrow and within a week her replacement would be spouting the same line."
What's even worse is that once they've been brainwashed they stay that way. Look at her predecessor. Fly-in Amber is only the Home Sec in residence. May is the Home Sec in command.
"A piano could drop on her head tomorrow and within a week her replacement would be spouting the same line."
What a waste of a good piano.
Actually, no, coming to think of it, maybe not such a waste after all. I think the loss of the finest Steinway would be justified.
"A piano could drop on her head tomorrow"
You see? That's why the gov' needs access to your 'encrypted' social media, you're plotting to assassinate her with a piano. They need to know where you are getting the piano from and how you are going to lift it.
I suggest you fool them and buy an anvil.
Oh dear.
In order to avoid any hint of a suggestion that I might be seen to be inciting a terrorist act I should state that I have no desire to see a piano drop on Amber Rudd's head, no plans to drop a piano on Amber Rudd's head and no knowledge of any plans by anyone else to drop a piano on Amber Rudd's head.
This is not to say that at some point in the future Ms Rudd might find herself underneath a falling piano, as past performance (not being underneath a falling piano) is no guarantee of future safety (but then it never was :-( ), merely that I have no desire to arrange for the aforesaid musical instrument to descend on the aforesaid current Home Secretary, or any knowledge of anyone else who might wish to do so.
I trust that clarifies things.
...I have no desire to arrange for the aforesaid musical instrument to descend on the aforesaid current Home Secretary, or any knowledge of anyone else who might wish to do so...
Aha! So either you have a desire for a piano to fall on a past or future Home Secretary or you have knowledge of somebody with that desire!
I suggest you fool them and buy an anvil.
How about a small anvil, followed by a 4 second delay, then 6 more anvils of increasing size and a large safe in quick succession, then a 7 second delay, then a piano, another 7 second delay, a cement truck, 20 second delay, a rapid pan-back and finally an aircraft carrier.
How about a small anvil, followed by a 4 second delay, then 6 more anvils of increasing size and a large safe in quick succession, then a 7 second delay, then a piano, another 7 second delay, a cement truck, 20 second delay, a rapid pan-back and finally an aircraft carrier.
You are Tex Avery, AICMFP.
Vic.
Imagine a world where e2e encryption is scrapped from WhatsApp.
Terrorists will just stop using WhatsApp.
Public Key encryption exists and will never cease to exist - but we have elected idiots who continually exhibit their stupidity.
I used to think they were all in the cohort of the evil-lizards - but nope, they're just a bit thick.
On the bright sides, their stupidity appears to be revealing itself to more and more of us - so I've actually just stopped worrying.
This post has been deleted by its author
"I fear the problem is that everyone else is just as uneducated in relation to encryption, so whatever the politicians say, will be believed...Too many people don't care about privacy, yet."
The first explains the second. But what happens if, instead of asking about Windows 10 telemetry, you ask about the banning of encryption making their online banking more easily hacked? If you put it in those terms I think you'd find people did care.
>"Public Key encryption exists and will never cease to exist - but we have elected idiots who continually exhibit their stupidity."
I'm pretty sure at least one smart person advising the home office knows this, but they don't care and want the power anyway.
>"Give me six lines from an honest man and I'll find something with which to hang him."
They haven't forgotten Snowden. He and his ilk is the targets, "we must never again let such a thing happen!"
Real terrorists just grab a vehicle and ram it into something.
Allegedly.
You don't need whatsapp for that. I'd be surprised if whatsapp has ever been the locus of terrorist organisation. The logic of banning e2e encryption is the same as for bugging private homes. All of them.
I'm coming round to the view that all this politicking and "pressure on the tech companies" is more about "legalising" what the security services can already do, albeit somewhat clumsily, than actually being able to do the snooping they want.
The Home Office are the pawns in the arguments between the Cheltenham and the Tech companies and are allowed to be "clueless" so that they can extricate themselves from future damage when the activities in Cheltenham extend beyond the "terrorist" searching, as they will (or have), inevitably do.
Snooping on legal protesters "They are plotting industrial/social/investment terrorism", snooping on elected representatives "They are plotting overthrow of (our view of) democratic (sic) society", snooping on each other "You know where you are with the enemy but you can never trust your friends", snooping on my neighbour "Because I can".
Time travel is real welcome to the 1960's and the Stasi soon to be replaced by 1984 and the all seeing eye.
This post has been deleted by its author
This post has been deleted by its author
You have correctly identified a significant problem with private pigeon exchange.
This is why work is in progress to develop public pigeon exchange. The major problem to be solved is signing the pigeons: tattoos require the pigeon to be plucked and then time is needed to replace feathers. Obviously, something better is needed.
Once the scheme is perfected, perfect forward privacy will be assured by the use of session pigeons carried by the public pigeons.
"Imagine a world where e2e encryption is scrapped from WhatsApp.
Terrorist will just stop using WhatsApp.
Public Key encryption exists and will never cease to exist - but we have elected idiots who continually exhibit their stupidity.
I used to think they were all in the cohort of the evil-lizards - but nope, they're just a bit thick."
Not thick at all. All non-breakable communications will be declared illegal. Anyone using them will be locked up until they provide the means to decrypt them (legislation for this already exists it you are arrested for something else).
Terrorists will change to non digital codes like prearranged phrases.
John has a long moustache.
Sadly this is the norm for almost all legislation. It is is response to a situation which is not well understood in a changing landscape and even well-meaning laws never achieve the desired effect because they are mis-used or poorly worded or just too late to fix a problem which is no longer there.
My custard never set but I needed sugar
"All non-breakable communications will be declared illegal."
That would get a real push-back from business. Take, for instance, VPNs.
And take, for one small example, my daughter's employers. They are a pharmaceutical business. Her role is managing clinical trials in hospitals a hundred miles or more from their offices. She works from home. Her company laptop communicates via HQ with a VPN. By that means she is able to connect to their office system securely. She is able to take part in teleconferences securely.
Given the nature of her work there will be various regulations and requirements governing the data on her laptop (which I assume is encrypted). There will be personal data relating to trial subjects. This will be subject at the very least to existing DPA and forthcoming GDPR laws. I'm not familiar with clinical trials legislation but there may be additional regulations relating to that. There will be issues of commercial secrecy. There will also be financial regulatory issues: clinical trials results can affect share price.
Banning encryption over the net would require some form of point-to-point comms link to be put in place instead, otherwise it would mean that such trials couldn't be organised except from the office. In practical terms it would restrict the trials to fewer hospitals. Restricting trials would slow down the process of obtaining approval and place the company at a competitive disadvantage unless it chose to relocated to a saner business environment.*
These sort of issues would be reflected in businesses up and down the country. Do you really think the business community would stand for it?
*As a side issue it would also put my daughter out of work but with Brexit coming along that would be just another unemployed PhD?
"All non-breakable communications will be declared illegal."
Doesn't mean a ban on all encrypted communications - just those where the authorities/secret intelligence service/governmental wonks - don't have a means to intercept and decrypt
. The VPN is fine - provided the data can be intercepted and decrypted by GCHQ. The data on the laptop is protected by encryption? RIPA requires the user to hand over the keys on demand.
"Doesn't mean a ban on all encrypted communications"
TPTB then have the problem of sorting out the banned from the unbanned. They also have to set up a mechanism to allow VPNs on a case-by case basis and I'd like to see them try to blame that red tape on the EU.
Very similar to https://www.amazon.com/11-Synthetic-Terror-Made-USA/dp/1615771115
UK terror campaigns will be back in the next round of elections, Secret services have all the patsies they need to corale the sheep to the so called protectors.
As for Rudd, she must have a gun to her head for spurting out all that crap.
Not at all.
She's very much a part of the "Coalition of the willing" as "W" put it.
"It is difficult to get a man to understand something, when his salary depends upon his not understanding it." as Upton Sinclair put it.
Where would a Home Secretary be without a sea of "threats" to wave at voters come election time?
"It is difficult to get a man to understand something, when his salary depends upon his not understanding it." as Upton Sinclair put it.
In Rudd's case I think it's almost the converse. It would be difficult for her to understand even if her salary did depend on it.
This post has been deleted by its author
She seems to be the one who is on another planet here!
Whenever I mention the governments plan to break encryption to enable mass spying to anyone I always get a "That's not right" type response - whether said person is a tech or whether they are average joe.
The fact is the public do not want to be mass spied upon.
Now as big companies - if they give in then sure, they will have mass spying data on your conversation with grandma on skype.
But they will have nothing on Mr. Terrorist because said terrorist will either:
A) Stop using tech all together and go back to old fashioned letters/face to face
B) Use older not yet broken technologies which the government has no access to.
It's clear the government hasn't yet broken the current encryption systems - this is obvious due to the amount of fuss they are making about getting a backdoor. So it is safe to assume that should legislation come in to add backdoors, you can just continue using what existed before and not update your software to backdoored versions.
The problem of course will come in obtaining safe hardware. As no doubt the government will request backdoors in new hardware. But you could just buy an old PC off eBay that has an older non-backdoored chipset.
And let us not forget that this will be a UK and possibly also US law - that means that safe software may continue to be developed outside of those regions in the form of Open Source which means you could just switch to that instead should the need arise.
So yup, all in all we're going to be fine!
Now if you don't mind, I need to go blow something up as apparently I'm a terrorist due to wanting to keep my privacy!
(with profuse apologies)
First they came for the paedophiles - and I did not stand up - for I am not a pervert..
Then they came for the islamic extremists - and I did not stand up - for I am not a terrorist..
Then they came for the cybercriminals - and I did not stand up - for I am not a hacker..
Then they came for the privacy campaigners - and I did not stand up - for I have nothing to hide..
Then they came for me - and there was no-one left, to stand up for me.
Erm, the whole point of the original quote is that each time they "came for", it was for a group of innocent people. And yet we did nothing because it wasn't us.
I'm fine with them "coming for" paedophiles, extremists and cybercriminals. So using them as example groups ruins the poem's message.
"Erm, the whole point of the original quote is that each time they "came for", it was for a group of innocent people. And yet we did nothing because it wasn't us."
Erm..
Actually.. No it wasn't.
Each time "they" came for a nice easy to identify "not me" group of officially identified trouble makers.
The Jews, the Gipsies, the physically and mentally disabled, the gays.. All groups that were declared to be "undesirables" Not innocent victims. You know.. Like immigrants, or asylum seekers, or single mothers in council houses...
"I'm fine with them "coming for" paedophiles, extremists and cybercriminals."
And you can prove you are not any of these naturally..
"So using them as example groups ruins the poem's message."
No sweetie. Just highlights your heroic lack of understanding.
The whole bloody point of the poem.. Is how people can be segregated into Us and Them. And anything that happens to "them" is no more than "they" had coming.
Until we become "them" to someone else. Because we are the good guys.. Right?
Enjoy the camps comrade.
"
Erm, the whole point of the original quote is that each time they "came for", it was for a group of innocent people.
"
No it wasn't. The people they "came for" were all criminals, on account of the fact that laws had been passed that made them criminals.
Many of the people who have been labelled as paedophiles, extremists or cyber-criminals have done nothing that the average person would regard as being terribly wrong. Many of our great-grandparents were paedophiles by today's definition (not to mention a great many biblical characters). Looking up "The Anarchist's Cookbook" on the Internet will make you a terrorist (in fact having a map of the Underground could do that). The people who leaked data to WikiLeaks are all cyber-criminals.
Every one of us is only one new law away from being a criminal.
"You have to go back s long way to not have Intel management engine built in, which is an obvious who to backdoor your system."
Yeah, or get a slightly older AMD CPU - they remain clear of such engines.
Well, except the new Ryzen that has a similar system now, but older than that you're golden.
Sure, it might be slightly slower - but ask yourself what do you value more? Speed or Privacy?
You have to go back s long way to not have Intel management engine built in, which is an obvious who to backdoor your system.
You only have to go to Haswell or older, according to what I've read, as far as consumer CPUs go. Not only that, but to exploit the vulnerability, you have to connect using the ethernet port whose controller is integrated into the PCH (formerly called chipset or southbridge).
I have a bunch of PCs, and only one is newer than Haswell... my low-end laptop that really should have been a Chromebook, but it came with Windows. It has no ethernet port at all, so its otherwise vulnerable CPU/SoC doesn't present a threat.
My main desktop is Sandy Bridge, so it is way too old to be vulnerable. Even if there was vulnerable, though, the motherboard has two built-in ethernet ports. One's the Intel, the other is Realtek... if I were concerned, I could just use the Realtek and disable the other one in the UEFI.
My main workhorse laptop is a Core 2 Duo, which is much older than Haswell... but in addition to that, it has only a Realtek ethernet controller.
None of my other PCs are vulnerable either, for multiple reasons. My Ivy backup server is too old; my other desktop system is too old and also has dual NICs onboard, my even older than C2D laptop is AMD, and so is my even older than that laptop. And my Compaq portable plus luggable... let's just say it is not subject to this either.
I've made no effort to try to buy gear to mitigate the vulnerability. Even though I own eight functional PCs, I have none that are vulnerable to this. It might not be as hard to avoid as you may think!
Real people don't want to be spied on as a matter of principle, yet it seems they are happy to have CCTV cameras on every street corner. They are also happy to post all of their most personal information onto Facebook and numerous other social media sites and pay good money to put an Amazon Alexa into their living room to ensure everything they say there can potentially be monitored. They will also gleefully download an App to their phone that animates pigs dancing (because its funny for 30 seconds and they can show their friends) with no regard to the fact that it is also a keylogger that is going to snoop the passwords to anything that is effectively secured by encryption.
Whilst real people say they don't want to be spied on the evidence suggests that 95% don't care enough to act like they do.
I know only two or three people who actually pay attention to the asked for permissions on apps, most have no idea what or where all of that information goes to.
I wont even pay for an app via my android phone, fortunately I don't need many including the factory installed weather app that could access everything.
This "woman" used to be my MP in Hastings and displaced an honourable solicitor who did a lot of good work for his constituency when he was the MP.
She only just passed the post this time round and I now wish I hadn't moved from Hastings because my vote might well have kept her from being re-elected.
Bloody stoopid woman, go and effoff.
I saw this woman on a TV interview in the past day or two. During the course of 2 minutes or so she constantly (at least 4 or 5 times) kept referring to "The Enemy", and how important it was to know what "The Enemy" was planning. WTF ? Who the hell is this mystical enemy that she has suddenly invented? Yes, there are a few misguided nutters out there - there always have been, and always will be, but "The Enemy" ???
This woman is seriously deluded - her lack of any form of technical understanding is unbelievably frightening for someone in her position of power. And now she has invented "real people" - as if there are a race of "unreal people" out there. I think she seriously need to get herself checked out by a psychiatrist before she hurts someone. Her, and a few of her peers are turning this government into a laughing stock.
I'm afraid we all are starting to understand that 'the enemy' which the intelligence services are so keen on monitoring, was never really 'terrorists' anyway. It always has been us, the very people who they are supposed to serve and protect.
We are the enemy, by their reasoning, because freedom is chaos. And chaos is danger. They insist that such danger cannot be tolerated by the State. So the masses must be locked down, and only given the illusion of freedom, in as limited a dose as they think we can safely consume, without damaging the immortal State's certain control.
It is only then that they will be satisfied.
To a politician, "The Enemy" is those with the power to vote.
And to a government minister those with the power to vote include those who can vote in Parliament.
"Nurses and teachers can't vote against me till the next election -- backbenchers can vote against me at ten o'clock tonight."
The Enemy", and how important it was to know what "The Enemy" was planning
You don't get it do you?
We have always been at war with Eurasia Eastasia.
They think this kind of newspeak will work to frighten the muggles into giving them the one thing the politicians so desperately want; More power.
Problem is, they are right, they will get it with cheers and howls of happiness from the cheap seats.
Gimp mask because that is how we are all going to end up with these muppets in charge and those muppets supporting them because terrorist
Her views on encryption are at best ignorant, and definitely dangerous in the long term, but one thing that I'm very confident about is that this technical ineptitude has nothing to do with her lack of a penis. Most women I know would find such statements as made by Rudd et al equally stupid.
If that was true, maybe she'd have an argument that people should be able to decide between enabling encryption and getting access to all these great features that having it prevents.
Unfortunately for her, that's not the case, and she just looks stupid to anyone who understands thing one about tech.
"maybe she'd have an argument that people should be able to decide between enabling encryption and getting access to all these great features that having it prevents."The VPN I use does disable at least one convenience feature: automatic logon at certain websites. Consequently I turn the VPN off and on as I need.
"she just looks stupid to anyone who understands thing one about tech"I know it's de rigeur to call politicians we disagree with "stupid", but that's very sloppy thinking. They are far from stupid or they would not be in positions of power. Better to think: "cunning as a shithouse rat" rather than "stupid".
The problem is that intelligent people do believe her, because her skill set is sounding like she knows what she's talking about and theirs doesn't cover cryptography. Sure, she sounds clueless to people who do know crypto, but calling a doctor stupid for now learning it isn't going to convince anyone that she's wrong. It just strengthens her propaganda.
"The VPN I use does disable at least one convenience feature: automatic logon at certain websites"
I use ssh (fish://) all the time (it's just another icon in my filemanager) to pass files to/from my traveling laptop. to my fileserver I don't even think about it. Nothing confidential but it's just the way it works if I want secure access (as opposed to secure transmission ) . Are terrorists all so stupid they can only use provided apps?
if they (government) want to spy on all of us, they need to provide an honest and accurate bi annual report on who they have looked at for what reasons.
i'm sure once mr and mrs average find out how often they have been looked into they may ask the government to change their minds.
I'd be willing to give them a portion of a key my stuff is encrypted with, such that they'd have to utilize a whole datacenter's worth of computers for one second to decrypt a single message. The portion of the key they get would be smaller each year, to maintain that "one datacenter second" relationship.
That way they could snoop me if they really had reason to believe I was a terrorist, but they couldn't hoover up and decrypt everything I do and store it in a giant database just because their unlimited black budget allowed them to.
This would require them disclosing their decryption abilities (so they couldn't lie and also have a weakness that reduces the effective key length by 40 bits so they end up with a "datacenter picosecond" instead)
I know it is just a thought exercise but there are two rather glaring issues with such a proposal.
Firstly, it is impossible to get an honest report on the capacity of their data centres. "We can only crack 56 bits in a cluster second, honest guv".
Secondly, are we assuming that five eyes is king of the supercomputer today and into the future. Hint: the top two last month are in China. Are we ok if it takes our guys 1 second per message but some other country can do 100 per second.
Thirdly (can I do that if I am pointing out two issues? Eh, who cares where was I. Thirdly, assuming the math is sound, each new bit of key doubles the key size. It would be most difficult to fine tune this to hover at the 1 second mark.
Fourthly (lost all pretence of making two points now) that deals with the nice Dougs of this world, bus the paedoterrorists will keep using a bazillion bits in their key.
Super secret dark sites do not appear on the top500 list of super computers.
I've been told by a source I trust that the NSA have a large supercomputer cluster that would easily be in the top 20 which is just used for breaking cryptography. They keep extending it by buying clusters of this machine type as they get decommissioned, re-engineering them and then adding them to the cluster.
Sounds to me like you are making the assumption that the super computers we hear about are the fastest being produced and they may be; but, I wouldn't be surprised to find that some countries spy agencies have built faster, whether from production equipment or specially developed equipment that hasn't been released publicly.
Ah but you do let the government snoop on you. They know what you look like, where you work, where you live, how much you get paid, where you spend most of your money, who you phone, who phones you, what web sites you visit etc. If they thought you were dodgy Snowden has shown there are a multitude of ways they could steal your encryption keys from you.
And if they really really want to snoop you ..... https://xkcd.com/538/
The NSA doesn't use clusters of computers with standard CPUs to their decryption. For many years they operated their own fab, where they designed ASICs specific to their needs. They still design ASICs specific to their needs, but they contract out fabrication of them. They used to have IBM make them, but since IBM sold their NY fab to Global Foundries a few years ago they probably have Intel making them now.
I would imagine the NSA can get 50-100x more cracking power per square foot of datacenter floor space with dedicated ASICs versus running code on x86 or POWER CPUs. That $2 billion plus datacenter they are building in Utah will probably have more cracking power than every supercomputer on the Top 500 list combined, and then some.
and I look at the WIMUN INTHAG NEXT traylor T'me WHEN EITHRR /she or Me OR BATH IS NAKID. Holding MY GRAN. GRIN. GUN!!!!!! I do t THINK THISN is SPIEING b'cos I AM NUT A spy. I AM A TRAMO supporterrr(( and when I see MY NEIHBUR I Thunj of Lady MORANICa hu IS BEAUTIFUK and at one my LEEGE. ANYWAY I support TRUMO AND that tadynin THE next tray lord WHI IM Goin' ta MARRI NEXT WEEK at Walmart cox she says I TREET HER LIKE A MAN. SHIUKX. AHIUKX. SHIUKX. SHOULD. STAY sofa.
Just dont listen to the off-shore tax evading bint!
She's only digging her-self into a hole she can't climb out of...
She has absolutely no buisness telling people what they can and can't do...
If I put my smart phone in a microwave whilst I have a private conversation or use a GSM jammer to blanket the signal so no device within a 3 mile radius to me works, then thats my legal perogative and I am allowed to do that, just like I am allowed to play C-Tone for wire-taps as an ambient background tone when I make a phone call or use any other technical innovation such as a pair of scissors on those ethernet cables and telling my service provider to shovel there service up there ass.
" use a GSM jammer to blanket the signal so no device within a 3 mile radius to me works, then thats my legal perogative and I am allowed to do that"
No, you most certainly are not - I can't think if a single country where this would be even remotely legal, it's even dodgy for the authorities to jam cell phones in prisons in many countries.
Your other ideas, yes, fill your boots as they affect no-one but yourself, but it's a brave person who would be caught jamming cellular (or any other radio) signals within a 3 mile radius.
Yes, you can, I didnt say a built up public area where blanketing would be noticed also I also would love to know how when it's a unit the size of a belkin router with a huge antenna rigged up to a car battery you'd ever be found using it. After all how exactly would you propose you trace a signal thats stated goal is - Signal JAMMING?
Everyday I get on the train and people are glued like Zombie's to there smart phone and I personally find it deeply objectionable that those devices are composed of proprietary firmware blobs that you as a programmer are not allow to disect. you are aware I trust you can buy small pocket sized unit's that would only effect anything or any one in your imediate proximity.
I doesnt have to extend to a range of 3 miles that was simply for the dramatic effect of getting the point accross and directional jammers oh boy those are fun too, did you know they sell noise blanketing units with disks that vibrate the glass on your windows and units you can suspend from the ceiling,
'Real' people want govts to spy on them, argues UK Home Secretary
'REAL' people want to spy on there own government and there elected representatives, that is after all how this technology works, its not about you spying on all of us, it's about all of us being able to spy on all of you!
"I didnt say a built up public area where blanketing would be noticed also I also would love to know how when it's a unit the size of a belkin router with a huge antenna rigged up to a car battery you'd ever be found using it. After all how exactly would you propose you trace a signal thats stated goal is - Signal JAMMING?"
Radio Direction Finding. Because your instruction "Stop at three miles" doesn't really work with radio waves.
"After all how exactly would you propose you trace a signal thats stated goal is - Signal JAMMING?"
The same way that we, and the Nazis, did in WWII.
Is there the remotest chance that you could learn to use an apostrophe, the difference between there, their and they're and in general cease from talking absolute drivel in a forum that is used by many, many technical savants? Thanks awfully, thanks, no don't bother to write, bye, have a nice summer, relax, no we won't see you again I hope, bye.
"Would you do your banking over the Internet without "end to end" encryption?"
Actually I was thinking did nobody in that meeting have the wit to challenge her to publish her online banking credentials, her Waitrose login credentials etc? And then explain to her bewildered self that that's effectively what she wants the entire electorate to do.
"I'm sure CESG have ensured that Amber Rudd's computers and communication devices are secure"
I'm sure they haven't. Largely because they don't exist and haven't since Francis Maude had a hissy fit that they dared to tell him that he couldn't put official government paper on a tablet that he had bought himself. The new broom in government speaks against encryption with the GDS mantra being that security is bad because it prevents "information sharing".
In the inaugural Technically Illiterate statements about Encryption Ashes series, I thought we had it in the bag with the "commendable laws of mathematics". Like everyone else, I thought there's no coming back from that superb M. Turnbull innings. Then A. Rudd comes out and fires off such an response. "Real people don't need to use end to end encryption". Who saw that coming? I'm not sure the Aussies will have a satisfactory response. I'm not sure that anyone could give a satisfactory response. Sometimes one has to take a step back and appreciate the tremendous skill under pressure.
This coverage of the 2017-2018 Technically Illiterate statements about Encryption Ashes series is brought to you by our telecast sponsors TLS, because we care what you think peasant and available exclusively through the El Reg media network.
You're right. I wasn't thinking about the left/right* combination of George "metadata" Brandis and Peter "moar security theatre and less immigrants" Dutton. If those two bring their A game then we're definitely in with a shot.
Actually, I have an idea that might help us lose this series. Does anyone know a country that would be willing to bestow honorary citizenship on a few of these Muppets?
*Technically moderate/far right
I don't know if my MP Lucy Frazer has had an opportunity to discuss things with Rudd. I don't credit emails to my MP as having any affect whatsoever on policy. However I did write to her (it's very rare I write to anyone) before the election to tell her I wouldn't be voting for her because of the Conservative manifesto, specifically their ideas on internet "regulation". They were predicted a huge majority before the manifesto was published.
Since 1992 I have never voted for the losing side in an election. This was the first time in my life I abstained. Nobody won.
Next week I'll be publishing the lottery numbers on my Twitter.
"I don't know if my MP Lucy Frazer has had an opportunity to discuss things with Rudd. ...However I did write to her (it's very rare I write to anyone) before the election to tell her I wouldn't be voting for her"
I wrote to my former MP to tell him some time ago that, on account of his following the party line on this very issue, I wouldn't be able to vote for him as long as May* remained party leader. Note I said "former MP".
*Forget Rudd, she's just the monkey.
need encryption
Well, the next time she goes online shopping she can post her credit card details, and everything else needed for the order in plain text to the supplier.
After all.. REAL people dont need encryption.....
PS what is it about the home office that turns regular politicians into outright fascist b*****ds?
'"But they rely on mature conversations between the tech companies and government..."
It's difficult to have a mature conversation with someone who has a child's level of understanding.'
No, what she means is that if anyone disagrees with her, they are not being mature about it. The only mature attitude in such conversations are those in agreement with her.
Can we all please stop pretending that the government is clueless and stupid?
They know what they want and why, there is no "They don't understand encryption or math"
Unless someone can explain to me how they don't understand the very simple facts of how it all works then I think labelling them as stupid is dangerous because they will get what they want and then we are all in the shit.
This post has been deleted by its author
that 'stupid' and 'intelligent' are not opposites, in fact all too frequently they can be found working happily together. Some of the smartest people I know do, and think, the dumbest things.
MPs, by and large are simply the monkeys dancing to the tune of the organ grinder/s. Those wankers -- mostly greedy people intent on embiggening their parasitic hold on the general population -- can be and often are spectacularly stupid, but the sad thing is that the consequences of their stupidity tends to fall first and hardest on the heads of those least able to protect themselves, and then on all of us.
It's not all bad news, but we really cannot afford to be complacent; as the aphorism goes: for wicked (and stupid) people to flourish it only requires good (and wise) people to do nothing.
It's not all bad news, but we really cannot afford to be complacent; as the aphorism goes: for wicked (and stupid) people to flourish it only requires good (and wise) people to do nothing.
That is the bad news. The UK has been sliding into the stupid and blinkered world view since the 80's or 90's - it's going to slide further and nastier before the boat rights itself or sinks.
Still not as bad as things were this time a century ago - so that to be thankful for...
Encryption may indeed be used by terrorists. However they have also been known to wear underpants, and underpants have been actively used in at least one attempted terrorist attack. Please consider making the wearing of underpants illegal. That should significantly reduce the threat of terrorism.
I could knock up a P2P messaging solution that used end to end encryption in an afternoon. I could then share this with my evil friends and they would know very little. This is nothing more than scare mongering so that the government look like they are doing something to protect us when they don't have the first clue.
We used to have "effective" (couldn't think of another word) terrorists in the UK that didn't use the internet, end to end anything, mobile phones, etc. They managed to indoctrinate and share information and training quite well enough. We couldn't really stop Irish terrorism then and these knee jerk plans by an ineffective bunch of clowns won't stop Islamic terrorism now.
We did however try: by having the army and intelligence service supporting the other side's terrorists, by having a police force so closely allied to those terrorists that it was hard to see the difference. By having an entire country divided on religious grounds. By introducing internment, removing jury trials and having decades where the judicial standards for prosecution where simply "irish and in the same city".
Shouldn't be too difficult to dust off the same effective policies and r\catholic\muslim\g
I've long had a theory which has mostly stood pretty firm - the more powerful / promoted an individual becomes the more childish they get.
Seem to work quite well with executives demanding toys and special privileges and that risks specific to them are made to go away. Here you have Rudd demanding that the mathematics of encryption be changed to to suit this idea she had of only the good guys having access.
And then Trump.... I rest my case there really.
But in the end this sort of thing will go on forever. Politicians etc will always demand that immutable laws / rules bend to their will because of who they think they are. And we'll all suffer when some sycophant pretends they've managed to do it for them and sells their snake oil well.
Governments don't need a backdoor, when they can just barge in through the front.
If Amber Rudd cares that much about who I'm exchanging messages with or what I'm saying, let her send some goons round to seize my phone. That's completely within her power to do, and it would answer all her questions far more easily and, ironically, less intrusively.
And here's why.
Govt "We wants it"
Tech companies "The mathematics don't allow it. You compromise one, you compromise all. Ecommerce also becomes vulnerable to any compromised device in the chain between the customer and seller."
Govt "We wants it"
And that's about as mature as it will get.
Rudd is playing that classic politicians gambit of conflating 2 issues. Access to devices and people when there is actual evidence of a serious crime and the desire to have access to all people's behavior all the time.
I don't know who really penned her piece in the Torygraph but the implied split of "real" and by implication "not real" people (who want e2e encryption) is a very two edged sword.
I think politicians who believe this sort of twaddle are "unreal," but in common with Conservative party behavior I am in fact using it as a code phrase.
For "f**king delusional" in their case (as in "Amber Rudd is unreal in her belief that e2e encryption that can be disabled on demand").
Incidentally she reckons she's got a shot at stepping into May's shoes as the current generation of wannabe PM's are viewed as getting either too old or are too Marmite for the other candidates (Gove supporters hate Johnson and Davis. Johnson supporters hate Gove and Davis etc).
The original article is behind the Daily Telegraph firewall, so I can't read it. But I have just gone through the readers' comments.
And I am immensely cheered to report that they are pretty much the same as the comments here - just more polite.
For those who don't know, the Daily Telegraph is the authoritarian right-wing broadsheet newspaper in the UK. So finding over 100 comments condemning the Home Secretary is a bit of an eye-opener.
Amber Rudd is a mouthpiece of utter conjecture.
(101 comments condemning the Home Secretary).
It's her simplistic idea of "Good Guys" and "Bad Guys". "Real People" don't use encryption, attitude.
It's absolute (clueless) bullshit, technically, and in terms of rhetoric.
By the sound of it, it would be worth sending the ICO to her constituency office to check on compliance with the Data Protection Act. It sounds like they would find serious procedural errors taking place. It's no way to talk regards the security of other people's data you hold in your possession.
Then, we have viral video of the Police Officers kicking out, in Aston, Birmingham.
These are might not be the norm, but these Officers are a sample of who willl have access to our data, under Amber Rudd's braindead plans and as they say, it only takes one.
I'd say it's a bit unfair to characterise the Torygraph as "authoritarian".
"Paternalistic", sure. But it's got a healthy streak of scepticism towards "big gummint" in general, no matter which party is in power. It's no Daily Mail.
(Some people equate "right-wing" with "authoritarian", but that can't be justified either philosophically or observationally - in the UK, Labour is at least as authoritarian as the Tories.)
Indeed.
In truth there are "authoritarians" to either extreme end of the political spectrum.
In fact it's their views that make them extremists.
The real split, whatever your broad political views is between the "democrats" who believe in the rule of the people, and the authoritarians, who believe in the rule of themselves.
Find out what sort of person you're dealing with and act accordingly.
Indeed. Not known as the "Torygraph" for nothing.
But I think my favorite comment on the article she has allegedly written was from Telegraph commentard "Number Seven" who wrote.
"More socialist totalitarianism from this woman.
Quelle surprise."
Possibly not the most obvious analysis of her comments.
But the totalitarianism bit sounds right.
Liar or fool? It's hardly an original question to ask of a British politician, and most of them seem to be both, anyway: but it's still a tad surprising that Rudd's handlers continue to let her talk such unadulterated shit. I accept that in common with most ministers she is unqualified for job, has a poor grasp of her brief and is in any case intellectually dishonest. What I find more curious is that her department must have at least some senior people who know the topic and realise that Rudd makes herself look stupid when she opens her mouth. Can they not write better things for her to read out loud (slowly and carefully with the big words)?
It's absolutely pointless to build backdoors into encryption, whether it's done by ISPs, or messaging providers or even via a government-secured (hah! as if) store of keys. And more or less everyone reading The Reg knows why.
It's because any competent coder—there are only several tens of millions, to be found in every country on the planet—can implement a modern, highly secure encryption scheme using, if they wish, arbitrarily large keys, which can be made to run on every OS and every device there is. If the Black Hats can't trust WhatsApp or their ISP, they will also not care in the slightest: encrypt your message on an offline device, transfer it to your online device, obfuscate further if you wish using steganography, and the job is done: perfectly secure comms. Today something like two billion—2,000,000,000—photos are uploaded to social sites every day: if only one in a million of those contains steganographically encrypted data, even at a meagre rate of 1bit-per-1000, for an average image size of 5Mb, that's still around 10Mb of encrypted data. That's enough for every flavour and faction of the People's Liberation Front of Judea to have bandwidth for their own atrocity planning calendar for a year. (And of course, the only people whose data and messaging will be accessible to the government are those who couldn't care less and therefore are of no value to security or law enforcement anyway.)
The simple response to idiots like Rudd and May must be: stop talking arrant rubbish, because there are lots of people out there who recognise it instantly for what it is. (Yes, an educated population is the worst fear of politicians with authoritarian instincts. Lies don't work forever. Trump take note.)
"Real people" do value their privacy. It IS a basic human right.
In fact, real people's sense of dignity is matched only by their contempt for and mistrust of politicians like Rudd.
Given many peoples' almost pathological need for constant attention and self-validation via social media, sharing more and more of themselves and their tawdry lives, regardless of how inappropriate or just plain idiotic it makes them look, perhaps a government that actively spies on most of the population is just what these people want.
After all, if the state is interested in you, you must be, like literally, such an interesting person.
The usual arrant nonsense to anyone that understands the technology. Unfortunately those who do understand represent less than 0.01% of the electorate and no matter how much we argue against these assertions and proposed legislation we have no actual leverage or public visibility. Of course anyone who argues the case for encryption is immediately suspect (at least a spy, terrorist or paedophile). To show that strong encryption is a real world necessity it would be necessary to have a practical demonstration of what could happen without it, in a way that can be understood by the electorate. I suspect balls of steel, imagination and sheer chutzpah will be a necessary prerequisite for this approach to be successful though.
"I think a larger majority of the population would like their MP's communication open to inspection, not specifically excluded!"
Yes, they probably would. Right up to the point where you explain that that would include some problem that they have that they take to that MP. Then their view might change. They might actually start thinking that it's a problem with any communication they might want to keep private.
"My Country" by New Model Army
Tell all the people who believe what they read in the press
Tell all the folk who stare from behind suburban walls
The enemy is not some nation far across the sea
The enemy is with us every single breathing day
So yes, I will fight for my country
The land that I love so well
Yes, for justice, a land fit for all our futures
Yes, I will fight for my country
The land that I love so well
Hear the voices of our history echo all around
Fight all the ones who divide us rich against poor
Fight all the ones who divide us white against black
Fight all the ones who want their missiles in our earth
Fight all the powers who would lead us into war
No rights were ever given to us by the grace of God
No rights were ever given by some United Nations clause
No rights were ever given by some nice guy at the top
Our rights they were bought by all the blood
And all the tears of all our
Grandmothers, grandfathers before
For all the folk who gave their lives for us
For all the folk who spit out, never say die
For all the fires burning on our highest hills
For all the people spinning tales tonight
Fight all the powers who would abuse our Common Laws
Fight all the powers who think they only owe themselves
The only difference between Amber Rudd "doing something" about encryption and a labrador competing on Only Connect is that there isn't a large enough plastic bag to scoop up the mess that Rudd will produce.
Otherwise both have a look of baffled incomprehension and a pitiful desire to please their master .
"Real people often prefer ease of use and a multitude of features to perfect, unbreakable security."
What are you trying to say, the more tech savvy you are the less of a real person you are?
Well that statement isn't going to help your cause. Whatever speech writer wrote that sack them.
Why would anyone trust a government to not abuse the system they put in place? With all the backdoor legal proceedings that go on in the UK, how would anyone know they are abusing it?
Perhaps a little extra knowledge might be useful here.
Remember the copyright laws? They used to be simple things, restricted solely to book publication. Then they branched out to cover all sorts of things. Finally came the happy day when all you needed to do was to write something down and it was protected by copyright - as long as it was unique.
There's now a whole industry - primarily in the US - dedicated to defending the idea that anything copyright is uniquely "holy".
It follows that anything you say or write or tweet/twitter or whatever, is protected by copyright. Now, as a private publisher of the content of my own private life, do I thereby give the UK or US or 5Eyes governments or any other government carte blanche to infringe my copyright through the mere act of publication?
There's more than one way to skin a cat, and this particular moggy's already half-skinned already, courtesy of her own actions.
"Real People" don't need seat belts in their cars, they're good drivers and never crash into other cars.
Drunks, idiots, criminals, etc, kill and injury many "real people" every year. Seat belts are mandatory for those times when something does go wrong, not because "real people" aren't careful. Strong encryption is there for when things go wrong, not because Aunt Bessies kitten video is secret.
Amber "necessary hashtags" Rudd and Malcolm "Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.” Turnbull, should compete to see which of them knows the least about encryption.
It's a tough one, but on current form, Rudd might just win.
Over to you Oz.
fuck yeah! (not that I trusted any gov before they were proven to be thieves). If it looks like a thief, and acts like a thief... trouble is, you can't stay away, because other "nice" governments are in the same thieves' league. Only some have been caught, others don't care about being caught or not, but essentially, they're all crooks :(
So, I understand from the Granuiad that WhatsApp is the favoured tool for politicians to scheme amongst themselves. See here: https://www.theguardian.com/technology/2017/mar/05/political-rebels-whatsapp-encryption-technology-mps-security
So, does that mean:
1. To Amber Rudd, politicians aren't "real people"? (an easy answer methinks...); and/or
2. Amber Rudd thinks that all of her party's internal plotting/backstabbing/abuse should be freely available to the public?
There are three very distinct points of debate
1. Encryption is important to people
2. Most users care about having an encrypted connection.
3. It is impossible to provide government access to encrypted communications without ruining the encryption and allowing (or at least increasing the probability of) criminal access to communications.
Not only are these separate issues they are separate types of issue.
1 requires a philosophical / moral answer
2 just requires a survey
3 requires a technical answer
The problem is that people set themselves up as pro-privacy or pro-security which is an answer to question 1 but they allow that position to bleed in to the answers to questions 2 and 3 when it shouldn't.
The comments section is usually crammed with people who say yes to 1 with such passion that they say yes to 2 and 3 even though 2 and 3 are clearly not true. The oft quoted study where people give up their passwords for a chocolate bar and the negligible change in market share as companies turn on/off encryption disproves 2 and page two of the article gives a good example of a technical method of allowing 3.
https://tox.chat/ - take a look (I have nothing to do with this, it isn't a plug)
After thinking I would build something like this myself (just to prove a political point), I googled and eventually found this mainly thanks to this excellent article: https://ar.al/notes/decrypting-amber-rudd/.
Anyway, as far as I can tell, this makes the entire argument moot. What is the point of breaking e2e encryption on whatsapp etc, when there is something that is fully encrypted, decentralised and open-source available for anyone to use from any platform.
Yes, it's still not quite as easy to use as whatsapp, but what we have here is something that the government could do nothing about but "ban" it's use. And I'm not sure how you would police that given they'd have to go after people individually.
Does the existence of technology like this not make the entire argument moot?
As far as I can tell, people are trying to fight the arguments of the government on their playing field and losing thanks to the poor general knowledge of the public and the mainstream media on this subject. Let's try being persuasive to the general public rather than being an echo chamber where we all agree with each other and don't persuade anyone else!
Stop fighting based on logical reasons and breaking down their dumb arguments & publicise this (and related technologies) and point out that the argument was lost a long time ago by the government (before they even started arguing their case). Cat is out of bag etc.
Way back there was the short, bald Hague who was followed by a real dummy called Mad May of Hurst and now the Tories have outdone her by this total brain dead woman Rudd.
She can spy on my cell handset for as long as she likes - out company uses external encryption units that can't hacked by GCHQ or the NSA as there are only five connections between the units: ground (earth), received data and transmitted data. Both units have isolated, batteries and the the data connections are through opto isolators.
P.S. I am a real, feet on the ground person, too, Rudd.
I've got 2 theories, either, she must be an opposition party spy...spouting all sorts of absolute rubbish to make everyone think that the govt is a bunch of morons who know nothing about how technology actually works, don't think they've thought about visitors to the country and whether they can spy...sorry read the visitors vital messages.
Or, they can already read the messages of whatsapp etc and by saying they can't, they get all the 'dodgy people' to use the app even more than they already did thereby getting more info.
I know which one I'd put my money on.
Making pi = 3 "breaks" all formulas using it because they now give you the wrong answer.
You wouldn't do that because you're not stupid Ms Home Secretary.
Well encryption that can be broken is like making pi = 3 in its effects on the users.
That's why it's a bad idea. Encryption is also like pregnancy. You can't just be a bit pregnant.
(I loath analogical thinking but this is the only stuff simple enough I can think of to use on her).
That's what Amber Rudd doesn't appear to understand, the terrorists will just make their own encryption or use other services other than WhatApps or even make their own social media service with their own encryption.
All that she'll do is move encryption underground. She's clueless and incompetent. Anyone else in that position would of been fired by now, but appears MPs get away with no understanding anything.
If I were a terrorist, or bog-standard criminal, and any of the mad proposals currently floating around the political word were to be implemented I would assume that all messaging and social media platfoms were compromised and revert to old fashioned email with PGP. Let Rudd/Turnbull/Trump etc crack that.
Do I daresay it's not 'spying' when we are watching each other (and ourselves) ....
If the Governments/Security agencies are so keen on watching the citizens, then, by all means, they should avail themselves, and be prepared, to be watched by the citizens. Hence 'fully democratizing' the 'watching' business/game ...
Privacy is my right until such time as I may be legally under suspicion of having committed a crime.
So please, dear government. Stop getting your totalitarian hackles up and your panties in a paranoid bunch. This sort of response to terrorism is exactly the opposite of what we should be doing. It is exactly what the terrorist want us to do. IOW: This is enabling the demolition of our civilization.
Yes it is! Do your homework.