back to article Australia's Snooper's Charter: Experts react, and it ain't pretty

If the Australian government was hoping its encryption legislation would have a smooth run, it'll probably be disappointed. Not only has the exposure draft landed with a political storm, reactions from technologists range from guarded to sharply critical. On the political front, the Australian Greens came out most strongly …

  1. Winkypop Silver badge
    Facepalm

    Deeply flawed

    Therefore: full steam ahead!

  2. Anonymous Coward
    Anonymous Coward

    The East is Read!

    So Australia has been taken over by China!

    (I'd append the word 'intellectually', but we're talking politicians, so...)

    1. Doctor Syntax Silver badge

      Re: The East is Read!

      "So Australia has been taken over by China!"

      Or Australia has overtaken China.

  3. VikiAi
    Flame

    Sadly you won't get much opposition from the 'opposition' on this one. Both major parties are equally guilty of drought-breaking levels of salivation over e-privacy-invasion legislation.

  4. Magani
    Unhappy

    Dr Vanessa Teague of Melbourne University: “Most of the firm guarantees and comforting protections described in the explanatory memorandum do not actually appear in the bill, or appear only in a weakened, ambiguous or limited form,”

    In other words, it's going to provide the ability for agencies and others to embark on data fishing expeditions that will make Moby Dick look like Nemo.

    I wonder if Prince Leonard of Hutt has any IT vacancies going...

  5. Long John Brass
    Mushroom

    Watch em squeal...

    Once facebook, google, amazon, netflix etc suddenly block all Australian subnets/routes. Doesn't AWS have a couple of big DCs there?

    1. Anonymous Coward
      Anonymous Coward

      Re: Watch em squeal...

      When it comes to Australian politicians the only attitude to have is "fuck them and the horse they rode in on". You cannot engage or debate with these people, they are fucking idiots. What's more they are sock puppets. They all bullshit about becoming tech orientated and no longer a dig shit out the ground country but this will put a swift end to that. Australia will end up as just a beach for people to piss about on and little more. It sickens me how these duplicitous little weasels are turning every Western nation into a Stasi ruled hell hole. Any law that requires zero disclosure and thus builds in an inability to seek proper defense against it, or is enforced through secret courts, is a shit law and it's proposer should be retroactively aborted.

  6. Neon Teepee

    VPN

    <Rant

    VPN's? Journalists right to protect their sources for, say, telling Australia what a bunch of scumbags their own govt/military is.

    Is the suggestion here seriously that the govt can legally and without a warrant install a piece of malware on one of my users laptops, have them bring it in here, gather a bunch of keys, hack a bunch of info, potentially use that to get at their target and then ..... what? When the investigation finishes they remove said malware. Advise us its happened and that we should zap said laptop. Obviously like the US they would ensure they don't 'accidentally' gather information from say my UK or Dubai office and accidentally realise they have a big fat pipe to those govts to accidentally advise them whats going on, and of course there would be no danger of non govt sources accessing my now compromised network. AND it definitely isn't a backdoor.

    /Rant>

    Thank you for your attention :-)

  7. Anonymous Coward
    Anonymous Coward

    Set

    VPNs to MEH

    1. Anonymous Coward
      Anonymous Coward

      Re: Set

      I currently use a VPN provider that claims it keeps no logs of one's usage. They have a multitude of access points worldwide including 2 in Oz. I wonder what the legal position of this is going to be.

      Any takers?

      1. Anonymous Coward
        Anonymous Coward

        Re: Set

        Hi Gary

        Should be OK, just remember to speak clearly into the vase.

        BTW: Your curtains seem a tad faded...

        BB

      2. DownUndaRob

        Re: Set

        Please name this VPN provider, I may be interested.

        1. Anonymous Coward
          Anonymous Coward

          Re: Set

          https://www.privateinternetaccess.com/helpdesk/kb/articles/do-you-log-the-traffic-of-your-users

          HTH

  8. Anonymous Coward
    Anonymous Coward

    I think one of the elephants in the room here is being missed, it's not the how, the why or the whether, it's the where?

    They want access to communications either in real time or after the fact, that requires potentially storing the communications. Who stores it? If it's the provider then there is no way to access it without a backdoor in the key, if it's the owner then again there needs to be a way to access it on the device which means a back door. Therefore I believe it's not possible to do what they want without a back door. What if someone destroys their phone on arrest? Will the provider still be responsible for providing the information? There's also the cost to store these communications, who pays for that? Why would you do business in Australia with extra costs for little benefit when your business model is built around ads? Would people even use your product if they knew the government was using it to spy on you? Lets face it there are plenty of foreign alternatives that the Australian government won't be able to force to do their bidding and the people they claim to be targeting will do just that.

    This is just another knee jerk throw the toys out of the pram reaction by politicians to something they really don't understand and it's a slap in the face for the people that the government want to spy on. Did they read peoples post back in the day? They most certainly did not, so why should this be acceptable?

    The most worrying thing is peoples apathy to all this and I fear once people in all countries (because that's where were going) realise what the governments are trying to achieve it'll be too late.

    1. Anonymous Coward
      Anonymous Coward

      "Did they read peoples post back in the day? "

      Probably. Did they stay within their legal bounds? Well - maybe - maybe not. Short of a whistle blower you'll never know.

      1. WonkoTheSane
        Trollface

        "Short of a whistle blower you'll never know."

        So... They ban the sale of whistles?

        1. Persona non grata

          Whistleblowing is not quite the option it used to be

          If you whistleblow they'll prosecute you.

          And your lawyer.

          And any press who report it.

          And the leader of the opposition.

          And random other people.

          And your cat.

      2. Peter2 Silver badge

        Did they read peoples post back in the day?

        In the UK, according to MI5 they did. Firstly they required a warrant to open each individual letter, and faced with WW1 and german espionage they did a blanket authorisation to open the letters of suspects.

        This however was a manual process that involved individually intercepting the message from the post, redirecting it to a centre where it was opened by steaming it with a kettle to make the glue stop sticking, reading the letter and checking for invisible ink etc, followed by then copying the contents down, resealing said letter and getting it back in the Royal Mail delivery system so a delay wasn't noticed.

        This required a lot of work. Setting a scanning program up that searches for certain key words in every electronic communication sent by anybody in the country is a bit more intrusive, and probably more tedious as it results in a few useful bits of information buried in such a mass of false positives that I suspect it's practically useless.

        1. Anonymous Coward
          Anonymous Coward

          "In the UK, according to MI5 they did."

          In 1660 King Charles II's Royal Mail was specifically created as a monopoly replacing several private enterprises. All mail had to go via a central office. There it could be carefully opened, copied if necessary, and resealed. Even a supposedly secure wax seal did not get broken. The Royal mail museum still has some of the copies made of intercepted letters.

        2. Pedigree-Pete
          Big Brother

          Cipher....

          Back in the day authorities could obtain a warrant to intercept snail mail but there was (is) nothing to stop the sender applying a cipher to it, the key to which is ONLY held by the recipient. PP

      3. Loyal Commenter Silver badge

        "Did they read peoples post back in the day? "

        Depends on which 'they' you are talking about. I've been to the museum in East Berlin where they have the equipment the STASI used to do exactly that on display.

        You'd be naïve to think that the STASI differed from any other security service in anything other than the scale of their operations.

        1. Anonymous Coward
          Anonymous Coward

          The IT department of a nhs offices i worked at not long ago demanded we (the contracting company who did their jobs for them) enable them to read any of their users email. probly still do.

          Then they demanded all users email is encrypted

          Then kicked off that they couldnt snoop on it anymore

          Then demanded the best of both worlds ... i think they got told to choose eventually.

          a microcosm of gov eh?

    2. Cuddles

      "Therefore I believe it's not possible to do what they want without a back door."

      That is correct. From what the article says, it appears the government is arguing that because they don't want a back door in the encryption process, everything is absolutely fine and dandy. Because who could possibly have a problem with legally mandated back doors on all communication devices? You can send messages with no possibility of them being intercepted, it's just that anyone who likes can read them at either end. Surely that's fine, right?

    3. Mark 65

      Paedos and terrorists are the excuse, whistle-blowers and journalists are the target.

  9. GrapeBunch

    Pressed Internet users. Pre-, Re-, De-

    This, and other measures, I'm not picking on Oz, will be ineffectual against those who have sufficient resources or incentives. Those people will get their messages through, in secrecy, with plausible deniability, all the time. The pen-pushers will never catch any of them. But it will be an excuse for a government to further restrict the freedoms of its citizens, and to expend more of the country's resources building some bureaucratic creep's empire. Meantime, ordinary people will get stuck in a web. It's like "law and order" campaigns that, for every real crook they don't catch, issue jaywalking tickets to twenty.

    Internet. That was a cool idea.

    Please downvote if you detect pessimism.

    1. Doctor Syntax Silver badge

      Re: Pressed Internet users. Pre-, Re-, De-

      "Please downvote if you detect pessimism."

      Seems unduly optimistic to me.

  10. Crypto Monad Silver badge

    Two options

    It seems to me there are only two options to give law enforcement access to cleartext messages:

    1. Find and exploit unintended vulnerabilities in devices and/or algorithms

    2. Get manufacturers to add specific mechanisms to allow law enforcement access

    If 2 isn't adding a "backdoor", I don't know what is.

    1. stiine Silver badge
      Facepalm

      Re: Two options

      1 is also a backdoor, but not one with an Enter sign, carpeted walkway, and a key on a hook by the door.

    2. Jellied Eel Silver badge

      Re: Two options

      I think it's all part of the joys of legislating in a global environment.

      1) Is almost certainly done by SIGINT types at places like Pine Gap. But that's also something hackers are doing all over the world. We want and expect our suppliers to have no exploits or vulnerabilities, and to quickly patch them when they're discovered. It's also where agencies have helped, eg the NSA famously suggested modifications to DES's S-boxes to strengthen it's security.

      2) Is already done, eg the US and CALEA requirements. So the US has a lawful intercept mechanism. But Australia can't use that at their end, and it won't really help if the communication is encrypted. So back doors already exist, but might be country specific. Or would need to be globally implemented so there's a 'standard' lawful intercept provision.. But that could mean something that's exploited & risky.

      I think legislation's working around this by defining CSPs because traditional intercepts aren't practical. So a telco won't know what you're posting on Facebook, but they're a CSP and do. Same with Apple and the iPhone test case. Apple probably could crack it, but they didn't, and that was a US challenge. If Australia asked the same thing, they've got less leverage because they can only legislate within their own jurisdiction. How LEA's communicate with CSPs is another one of those fun global challenges.

      1. JohnFen

        Re: Two options

        "But that could mean something that's exploited & risky."

        I think you misspelled "would" there.

  11. Doctor Syntax Silver badge

    “will ultimately diminish the presumption of innocence and the privacy of all Australians online”

    Ultimately? All these proposals, whatever the country they emanate from, are founded on a presumption of guilt.

  12. Neceptos

    Tor and VPNs

    How would use of Tor Browser be handled? Would they attempt to block Tor altogether? Also, what about VPNs? When end-to-end encryption is employed, the only remaining 'solution' might seem to be malware on the device. Waiting patiently to see what people like Pavel Durov will say. Iran and Russia couldn't stop Telegram so there could be an almighty fight on the way.

  13. Zippy´s Sausage Factory

    So is that doublespeak? "We'll make you install backdoors, but pretend not to", "we'll install malware, but pretend that's not happening", that sort of thing?

    I'm confused, but maybe that was the idea of the legislation - leave everything so vague there's room for any shenanigans they can think of

    1. Anonymous Coward
      Anonymous Coward

      They're at the start of an election cycle. That's when zendoors tend to become policy.

  14. Anonymous Coward
    Anonymous Coward

    Still Puzzled!

    Alice and Bob have developed their own private cipher. They only communicate using equipment in internet cafes. They post cipher text on publicly available web pages (like this one), making the intended recipients hard to identify. They change keys on a pre-agreed schedule.

    *

    How does this legislation, with or without backdoors, help the so called "good guys" gain access to their messages?

    1. Aladdin Sane

      Re: Still Puzzled!

      1.We must do something

      2.This is something

      3.Therefore, we must do this.

    2. Crypto Monad Silver badge

      Re: Still Puzzled!

      > How does this legislation, with or without backdoors, help the so called "good guys" gain access to their messages?

      AFAICS, it doesn't. It would apply only if a "service provider" were helping them to keep their messages secret: such as the vendor of the equipment they were using, or some managed encryption service they were using.

      If they build their own devices and write their own software, then it seems they are not affected.

      However, if they provide these devices and software to others, then they become service providers and so may be required to add law enforcement back doors (even though they're not called "back doors")

      The assumptions seem to be:

      1. Most people are lazy and/or don't have the skills to build this stuff themselves

      2. There won't be a black market in genuinely secure devices for use by criminals

      (1) is a reasonable assumption, (2) rather less so.

      If manufacturers or distributors of secure devices refuse to comply with back door requirements, I guess they will be in violation of the law. But what does that do for open-source crypto apps? Does github need to be blocked?

    3. Anonymous Coward
      Anonymous Coward

      Re: Still Puzzled!

      How do the "good guys" gain access? Good guys or jack-booted thugs, same thing, will find it simple - at the point of a gun. In Oz, all citizens were effectively disarmed years ago. The trend is inevitable - lose your rights to defend yourself, lose all your other rights to the gov'mnt. The laughable thing is, NOW the Greens object. Too little, too late.

    4. Neon Teepee

      Re: Still Puzzled!

      As far as I can see the spooks are perfectly within their rights (under the proposed jackboot, sorry legislation) to pop around to see Bob and demand the original clear text or more likely the keys / decryption method that Alice is using. If they don't? 5 years in the chokey for both of em

      1. Anonymous Coward
        Anonymous Coward

        Re: Still Puzzled!

        And Alice and Bob are perfectly fine if they have to operate in cleartext, only signing messages with their private authentication (note: not encryption) keys.

        (a subliminal channel exists in RSA signatures, so who knows what was actually communicated...)

      2. RobHib

        @ Neon Teepee‎ - Re: Still Puzzled!

        All this legalisation will do is to catch amateurs and fools (not to mention inconvenience ‎lawful users, further subvert democracy etc.). Perhaps this is the Government's main aim. ‎There's also little doubt that this legislation is meant to intimidate the citizenry.‎

        Serious players, criminals, terrorists, etc., will simply revert to computer-generated one-time ‎password/key systems where neither Alice nor Bob have the passwords and messages are ‎destroyed after sending/receipt (i.e.: plaintext never saved anywhere).

        Alice and Bob will ‎have effectively reverted to what happens in older POTS communications; therein the only ‎information that is recoverable at the conclusion of transmission exists in the minds of the participants.‎

        This ought to be damn obvious to everyone – even legislators.‎

      3. Mark 65

        Re: Still Puzzled!

        @Neon Teepe

        As far as I can see the spooks are perfectly within their rights (under the proposed jackboot, sorry legislation) to pop around to see Bob and demand the original clear text or more likely the keys / decryption method that Alice is using. If they don't? 5 years in the chokey for both of em

        Re-read the OP. The point is that the post states Alice and Bob are communicating but the method by which they are doing so makes it very difficult for the Government to know that Alice is communicating with Bob at all. That's the point of encrypted/coded public postings. Done carefully it'll be bloody hard to prove either made a particular post and hence ask for the keys. You think you're identifying the author of a post on a public forum made using a TOR/VPN or TOR/proxy combo? I don't.

        The point most people miss is that this is never ever about terrorists, paedos and other criminals. This is now and always about control. Controlling dissent. Jailing whistle-blowers and journalists. Controlling the population at large and leaving them as piss-weak financial cattle to be milked.

        1. Neon Teepee
          Big Brother

          Re: Still Puzzled!

          @mark65

          I don't want to get into a war of words about it but there's no such thing as completely untraceable, you, a friend, a colleague, your cat, whatever, will, at some point, make a mistake. I'm not saying its quick, easy or cheap, but if they think your activities are interesting enough they will find you, it just takes time.

          Think back to the way they caught Hector Monsegur (Sabu) and then dismantled lulz sec / anonymous.

          Maybe Bob's auto-updated browser became leaky or able to be fingerprinted, maybe they manage to stick a tracer cookie on Bob's machine from the public board he is posting on, the management of which will almost certainly be changing their underwear after a visit from a 3 letter agency. No amount of VPN hops, TOR layers or proxies will save him from that.

          It's always the soft squishy bits that give the gig up. Book codes, Enigma, Lorenz, Steganography, Quantum Cryptography. Take your pick they are all (practically) un-crackable as long as people don't get involved,

          The cat and mouse is never ending.

          In the OP's example the public board will be seen as a provider and will get visited / spoken to. Even if they tough it out and refuse to allow monitoring tools on their server the various agencies involved can legally demand logs from them. Once they know where the post came from, they get the IP of the VPN connection used, and yes the VPN may not keep logs but once the cops have that info they will start to watch and break the traffic in and out, BAM up pops your identifier. I cant speak for all countries but you can be sure that every packet that leaves Australia is reflected, analysed and recorded. Are they going to go to those lengths if you are downloading the latest Hollywood blockbuster or called the Prime Minister a snot nosed prick - of course not, but they might if you are a journo talking about a big scoop you are investigating concerning the government.

          Now re-read my post and you will see where I was coming from.

          It will just take a few high profile stories to allow them to be, as you so eloquently put it, "Controlling the population at large and leaving them as piss-weak financial cattle to be milked."

    5. Jellied Eel Silver badge

      Re: Still Puzzled!

      1) Alice and Bob are invited to take an all expenses paid trip on a private jet to a tropical location, where they could stay for as long as they liked. Or until they handed over the messages.

      2) An field expedient version of the above could involve asking Alice or Bob the questions whilst their hands are clamped in a sandwich toaster. It's a cafe. There are options.

      3) Fred, or several Freds follow and observe Alice and/or Bob so they can get warrants to monitor Internet cafe connections or to see what's being posted. Which may or may not include warrants to install keyloggers, trojans etc. If the messages are enciphered on the cafe PC, a key may be extracted. If the text is already enciphered, there's the possibility to try and slip something onto a USB stick that may end up on Alice or Bob's private machine.

      4) Alice & Bob are fed into a threat profiling system that casts a virtual hairy eyeball over all the personal information commercially available and determines Alice and Bob are no threat.

  15. Andy The Hat Silver badge

    What happened to the Judiciary?

    Much like the similar UK Act, there seems to be a steam roller of 'avoid legal warrants at all costs'. I don't know why but side-stepping the traditional rule of law - allowing Judges or magistrates to make clear decisions about validity of individual communication 'taps' - and putting that power directly into the hands of 'enforcement agencies' or, worse, one or two politicians in a secret way smacks of Big Brother.

    This juggernaut needs to be stopped.

    If the same Act was presented with 'with judicial oversight' sprinkled at each point I think there would be less bad feeling and general suspicion about it.

    1. Anonymous Coward
      Anonymous Coward

      Re: What happened to the Judiciary?

      The tendency to populist elected governments goes with the political executive attempting to control the other branches that were intended to act as independent checks and balances. This is done by attempting to limit powers - and intimidating or replacing uncooperative incumbents in those branches..

      Trump is doing it in the USA. The EU is currently taking to task some member countries whose populist politicians are similarly trying the same grab for unfettered power in their countries.

  16. Anonymous Coward
    Anonymous Coward

    GDPR compliance

    From a different direction, I wonder if this would affect the ability of places in Australia to remain GDPR compliant?

    1. Pascal

      Re: GDPR compliance

      Of course. GDPR has exceptions tailored exactly for that.

      GDPR basically goes "You shall not retain data without user permission, except if you have any other legal reasons to do so".

      1. Anonymous Coward
        Anonymous Coward

        Re: GDPR compliance

        > GDPR basically goes "You shall not retain data without user permission, except if you have any other legal reasons to do so".

        Well, the "Safe Harbour" agreement looks to be in deep trouble due to GDPR, and that's also based on "legal reasons to do so".

  17. John Sanders
    Facepalm

    It seems that...

    Western democracies are laying up all the necessary infrastructure to go full blown tyranny.

    The funny bit is that nothing this would do if pass will address the primary problem, they try to alleviate the secondary symptoms which will exacerbate the problem and lead to the inevitable outcome.

    Anyway, all the the Australian government has to do is that all the IT infrastructure and devices is made by cisco, they seem to come with plenty backdoors as standard.

  18. DCFusor

    Wrong target

    These measures, ostensibly to protect against some few "enemies of the state" are not actually meant to hamper say, criminals or spies.

    The enemies of the state in this case, and it's not just OZ - are the ever growing group of people who don't buy the obviously flawed narrative pushed by the status quo and who are becoming ever more upset about the lies that hold us down, get our children killed- while making enemies to ensure the ongoing justification to sell war, and part us from what we earn. While the things we people need, like infrastructure, collapse around us.

    One old crank, like myself - no problem. The first hint of organization..that's what extreme rendition is for. But the plod are too lazy and too few to do it the old fashioned way, and even they have some morals, so it has to be spun as it is to fly.

    This sort of thing is the symptom of a government afraid of its citizens for all the wrong reasons - torches and pitchforks, not being voted out of office (though they of course aren't stopping voter fraud, only making it harder for non-government actors to commit).

  19. JohnFen

    The US has experienced exactly this

    "“Are we going to see software moving overseas?” he asked."

    In the Bad Old Days in the US, when you weren't allowed to export strong crypto, this was precisely the effect: almost no serious crypto development took place in the US, and as a result the bulk of crypto talent and advancement in the technology was no longer in the US.

    Instead of the intended result (keep strong crypto out of the hands of whoever we considered "enemies" at the time), the actual result was the exact opposite.

  20. Woodnag

    Working with companies

    Phair said he would prefer to see governments better engage with the industry: “It's not legislation or ten million dollar fines, it's working with companies on next product suites so there can be lawful interception.”

    This is dumb. Oz gov can't work with every company, so either the relationships become legislated state secrets or the ppl wanting to avoid compromise use untampered products.

  21. tekHedd

    "puritans on both sides"

    Or, in the words of someone who my mother says is a "great man and a genius", there are "Very Fine people on both sides" of the argument. :P

  22. Anonymous Coward
    Anonymous Coward

    Ah.....very fine people.......

    @tekHedd

    .......very fine people........

    *

    .......but it's a real shame that "very fine people"........are often supporting an argument which is JUST PLAIN WRONG.

    *

    What does "very fine people" have to do with anything at all?

  23. DownUndaRob
    FAIL

    Jbhyq or shaal vs vg jnfa'g fb frevbhf

    Guvf sebz n tbireazrag gung pbhyqa'g rira vzcyrzrag n qrprag Angvbany Oebnqonaq Argjbex, ubj ba rnegu qb gurl guvax gurl pna trg guvf yrtvfyngvba evtug?

    1. Anonymous Coward
      Anonymous Coward

      Re: Jbhyq or shaal vs vg jnfa'g fb frevbhf

      Caryatis aerotropism mudlarks McGuffey sergings Charmion leadiest Bur. viduation arthrosporous tongue-lash fringiness half-plane

      1. Anonymous Coward
        Anonymous Coward

        Re: Jbhyq or shaal vs vg jnfa'g fb frevbhf

        Chrissy Waddle.

  24. Anonymous Coward
    Anonymous Coward

    Re: Still Puzzled!

    @AC, @Neon TeePee

    If you look through the article, it seems that the legislation is aimed squarely at companies who provide the means to deliver "end-to-end" communications services. So:

    - Service providers

    - Manufacturers and suppliers of devices

    Since Alice and Bob are private citizens, and do not fall into either category, it would seem that their very limited role as users (not suppliers) of communications services is not covered by the proposed legislation.

    Of course, this would not prevent the authorities from breaking other laws by sending round "jack-booted thugs". But we all know that governments never break the law!

    1. Neon Teepee

      Re: Still Puzzled!

      I agree, but my post was in answer to "Still Puzzled", more of an exercise in working through the intent than the exact details.

  25. This post has been deleted by its author

  26. Tom Paine
    Facepalm

    *wince*

    ...at another politician boning up on all the technical terms but still ending up with "Hello, fellow kids!"

    installing software or legislating some other means to capture data as it is unencrypted on the receiving device undermines the very principle of end-to-end-encryption,” Steele-Joh [of the Greens said.]

    Firstly: no it doesn't, it circumvents E2EE by going after content in plain at each end of the encryption tunnel. Unless the Greens have a plan to teach everyone to do memorise keys and do AES in their heads, it has to be in plain somewhere between the user's eyeballs and the phone or computer. The actual crypto is unaffected and works exactly as intended. Evidently Steel-Joh has not heard of the concept of a crypto SYSTEM, that there's more to it than the bit with the complicated maths.

    Secondly, getting access to the plaintext is the whole point of the exercise. If they just don't want their domestic LEA / IC carrying out any surveillance at all, of anyone, under any circumstances, come out and say so. I don't think they'd get very far. If they accept that sometimes the state has a legitimate need to surveil, presumably they agree the state should do so as effectively as possible.

    1. Anonymous Coward
      Anonymous Coward

      Re: *wince* -- but still not getting the point....

      @AC posted earlier under the title "Still Puzzled!".

      *

      Alice and Bob only copy enciphered text (say from a thumb drive) when they send their enciphered messages. Plod can undo the end-to-end-encryption, and all they will find is Alice's enciphered message! There never was plain text on the end-point device!

      *

      The *wince* is not needed -- the flaw is in the assumption that everyone using public communication services is using their end point device for encipherment AS WELL AS FOR COMMUNICATION. Bad assumption!

      1. Anonymous Coward
        Anonymous Coward

        Re: *wince* -- but still not getting the point....

        Here's the sort of thing Plod might find -- AFTER they've used their backdoor:

        0AFDF1EEBC4D3BA590341BD35430461AB476B65F36999422A450CF90650E743C420B5D55B012F0F3

        6E30A0054D30F565EBD222A0C23C1F5B64B2B7815970D7242B59D2B65C516BD153EEC549D200E17D

        307AC6672D3BA4074EBC701CB2311D17B8C1585E4C5A30E3273A7F0668C61F4A20D61E1A89D2F83A

        28B407489154F4C370FF6FD67374C2

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like