It's only a change of organ grinder. The tune is always the same.
New UK Home Sec invokes infosec nerd rage by calling for an end to end-to-end encryption
Priti Patel has declared war on encryption safeguards, demanding they be torn up for the convenience of police workers. Patel, the social conservative appointed Home Secretary by British Prime Minister Boris Johnson last week, used this morning's Daily Telegraph to call for end-to-end encryption to be broken with backdoors …
COMMENTS
-
-
-
-
Thursday 1st August 2019 12:13 GMT Anonymous Coward
"[...] Pritti Vacant was calling for hunting immigrants with hounds before she joined the home office"
IIRC - in her campaigning for Leave she said she wanted to replace immigrants from the EU with more from the Indian subcontinent. The latter being "more entitled".
Popcorn time when that finally sinks in for Brexiters who blamed the EU for immigrants from the Indian subcontinent.
-
Thursday 1st August 2019 19:23 GMT MonkeyCee
Brexit
"Popcorn time when that finally sinks in for Brexiters who blamed the EU for immigrants from the Indian subcontinent."
I've heard from a number of British people of south east asian descent that they very much voted for brexit because of the EU making immigration from India and Pakistan harder. I recall it being a story before the referendum.
It's not news that leave voters have contradictory views. So do remain voters. It was a yes no on a complex issue, expecting any consistency within either camp is bonkers. I voted remain, I think the EU has many many problems, but I think they can be fixed, but from within. I think being in the largest trade bloc in the world is a good thing for the UK's soft power and economic gain.
But if we barely teach english in the schools, let alone french, german or spanish, and make university the be all of qualifications, of course there are going to be pissed off that they can't get a job because some continental prick who paid less than 6k for a degree can work for less than they can after picking up 35k of student loans. Or never made it through university, because god forbid we have trade schools and polytechs.
The UK will always need immigration, or massive wage reform. Minimum wage of 25-30 per hour might do it, free tertiary education, high consumption taxes and UBI or integration of industry and education aiming for 100% employment. Those are all pretty drastic, and would wreck the fortunes of a few too many party donors for that to happen. So got to get that cheap labour in.
-
Friday 2nd August 2019 03:47 GMT streaky
Re: Brexit
Our EU membership causes a situation where we need to have an immigration system that is unfair and racist - leaving the EU is an opportunity to put together an immigration system that is fair and not racist. That's not contradictory and it is a fact.
As for fixing the EU's problems from within they've had 40 years and laughed in the face of everybody who has tried - including Emmanuel Macron, the saviour of the EU. They won't change in another 400 years unless somebody leaves it who is bankrolling it and even then it's a crap-shoot. Delusional is the most polite word I can use to describe ideas like that.
-
Friday 2nd August 2019 07:18 GMT hammarbtyp
Re: Brexit
Our EU membership causes a situation where we need to have an immigration system that is unfair and racist - leaving the EU is an opportunity to put together an immigration system that is fair and not racist. That's not contradictory and it is a fact.
EU membership gives you freedom of movement not immigration. The important part of the equation which is often missed off by brexiters is that the right is reciprocal. I have the right to live, work, and study in any of the EU countries, an opportunity that I and many others have taken up. While many little englanders cannot get it around their head why anyone would want to leave this sceptetred isle (until retirement, when for some reason they all bugger off to Spain), in many large projects the ability to utilize the intellectual capital of the entire EU is invaluable. You will not find any immigration agreement that will come close to that level of benefit
As for fixing the EU's problems from within they've had 40 years and laughed in the face of everybody who has tried - including Emmanuel Macron, the saviour of the EU. They won't change in another 400 years unless somebody leaves it who is bankrolling it and even then it's a crap-shoot. Delusional is the most polite word I can use to describe ideas like that.
Maybe we should solve our own problems before we get on our high horse and claim we are better than others. I often talk to my German colleagues and they do not have the issues with the EU as again they have not had the years of dis-information campaign that we have been exposed to here, led initially by our Joker in chief, Boris himself
-
Friday 2nd August 2019 14:01 GMT Anonymous Coward
Re: Brexit
It's not racist to remove immigration controls for your near neighbours. Ireland and the common travel area is an obvious example.
No one tries to stop people in the US moving between New York and California. I can't believe that people here think that we are better off having such controls in Europe. Isn't it a great thing that Europe is our home and we don't need permission to move around it? Do you prefer to be stuck on this island?
-
-
-
-
-
-
-
Thursday 1st August 2019 11:21 GMT Jamie Jones
Re: Priti Patels Brain
Oh shut up, even women and non-whites can be morons.
There was a (black) guy on LBC recently complaining about how the "diverse" cabinet isn't a good thing.
He said "what does it matter if you're beaten up by someone of your ethnicity or someone white. You're still beaten up."
His point was that as soon as these deplorables support racist policies, people will say "well, they can't be racist, they are minorities themselves".
Similarly, anyone who criticises them will automatically be called racist.
Congratulations for falling into that last category.
-
Thursday 1st August 2019 20:11 GMT Michael Wojcik
Re: Priti Patels Brain
There's a nice bit in Ruthann Robson's Cecile where the narrator - a lesbian raising a son with her eponymous partner, back when that was rather less common in the US - somewhat acidly points out that being a woman doesn't automatically make someone her ally. It's a lesson that some people seem to have trouble grasping.
I dare say any reasonably-experienced adult (and most children) will have encountered fools and villains from their own demographics, however partitioned. No group is free of them. The struggle for equality is not assisted by pretending otherwise. Indeed, as you suggested, it's rather the opposite. Women and people of color have just as much a right to be idiots, and to be called out for their idiocy, as white men do.
-
-
Thursday 1st August 2019 12:11 GMT GruntyMcPugh
Re: Priti Patels Brain
@AC 'Pretty Vacant' is sexist or racist is it?
I thought her full name was 'Disgraced Priti Patel' as that was in the headlines some years back. You are aware who she is, right? Supporter of the death penalty, and the one who lied about her wherabouts to her seniors, whilst having secret meetings with the Israeli Government? She's pro-Zionist, and and voted against same sex marriage. Now she's on the wrong side of the fence wrt encyrption.
-
Thursday 1st August 2019 12:27 GMT Loyal Commenter
Re: Priti Patels Brain
It's not sexist, racist, or moronic, to point out that someone is an idiot. If they rise to a position of authority and demonstrate that idiocy publicly, then it's pretty much fair game to take the piss out of them for it too.
Just to be perfectly clear: she's a fucking idiot, and it has nothing to do with her race or gender, and furthermore, pointing out that she is an idiot has nothing to suggest about the poster's level of intelligence. Bitching about it suggests something about yours though.
-
-
-
-
-
Wednesday 31st July 2019 17:29 GMT T. F. M. Reader
There's a civil servant somewhere
What do you mean, "somewhere"? We know exactly who he is, don't we? His name is Bernard Woolley, he normally gets policy proposals and draft laws from Sir Humphrey Appleby over port in the club and puts them in the Minister's dispatch box the same evening...
That's the technique. As for the subject matter, in the words of SIr Humphrey himself, "It's always a victory of the heartless over the mindless." And he himself was never afraid of snooping as civil servants have developed extra layers of protection: "He who would keep a secret must keep it a secret that he hath a secret to keep."
Damn, that documentary was utterly - and timelessly - brilliant...
-
-
-
Friday 2nd August 2019 13:04 GMT Dr Dan Holdsworth
The Home Office has the reputation of being something analogous to the tar-pit of the Civil Service, where the terminally thick are sent to languish until retirement if they cannot be sacked. Thus we have this repeated series of attempts to make the laws of humans triumph over the laws of physics and mathematics.
Once more the same points will have to be made: strong encryption methods exist already in the wild and people know what they are and how to use time. Unbreakable encryption such as one-time pads also exist, and people know that these are unbreakable if used correctly (and thanks to innumerable Cold War spy dramas, everybody knows how to use one-time pads; the clue is in the name).
So, if you try to insert holes into encryption products, people will simply layer more encryption over the top of the leaky product and defeat you.
-
-
Thursday 1st August 2019 09:17 GMT David Shaw
Cheltenham, carry on doing what you are good at - but read some sense from time to time too
According to the Daily Telegraph "5VEY met in London on Tuesday to discuss plans to give law enforcement agencies (= spooks, who rarely share anything with the police, really hardly anything) to give "lawful access" (=more overcollection) to encrypted emails, text messages and voice communications" ....there will be a joint communique
5VEY claim it is because Facebook, Messenger, WhatsApp, Apple, Slurp/Google are increasingly using encryption on their platforms...
...did anyone not notice that the widespread increase in platform encryption came AFTER the Snowden revelation of widespread overcollection by 5VEY (and their multitude of tier partner agencies)...it is an effect
so, for some rational discussion, we head off to https://www.schneier.com/blog/archives/2019/07/aclu_on_the_gch.html
I suspect a bit of typing by the 6th Division, 77th Brigade of Disinformation on all of these online platforms, so let's get to US academia, Jon Callas at Vanguard, part One of a Four part takedown of this particular GCHQ proposal. Cheltenham, carry on doing what you are good at - but read some sense from time to time too - ta muchly
https://www.davisvanguard.org/2019/07/the-ghost-user-ploy-to-break-encryption-wont-work/
David
-
Friday 2nd August 2019 16:37 GMT stiine
Re: Cheltenham, carry on doing what you are good at - but read some sense from time to time too
No, but the Facebook-proposed end-run by capturing every message after having been decrypted for viewing will work...and if they've learned something from microsoft, they'll have hard-coded the ip address for itsourdatanow.nsa.gov into the application.
-
-
-
-
Thursday 1st August 2019 10:29 GMT Anonymous Coward
"Hes already employed by MI5"
No. Old Bat Wings is believed to be subservient to the Black Chamber, by the Black Chamber. In reality, it's the other way around, and has been for decades. The enthronement of the King in Orange in the White House is only the latest move in an aeons-long game.
As for the UK, you don't have to worry about Farage replacing Johnson any time soon. Nyarlathotep has plans for them both, and they involve a tzompantli.
(Yes, I've been reading Charlie Stross' Laundry novels. Why do you ask?)
-
-
Wednesday 31st July 2019 15:16 GMT Yet Another Anonymous coward
Careful. In the UK not handing over the key to anything the government thinks is encrypted gets you 5 years.
We did ask what happens to all Tb of background thermal noise in our data - which is indistinguishable from encrypted data - we were told not to worry because the law was only for use against criminals and terrorists.
-
Wednesday 31st July 2019 15:27 GMT MJI
Criminals and Terrorists
As I keep saying to death sentence supporters, are YOU prepared to be the mistake.
Look at that paedo who got the Police investigating lots of other people including gay MPs, mititary people, death cults and the like.
He was the criminal but his victims were treated like them.
-
Wednesday 31st July 2019 17:01 GMT Anonymous Coward
Re: Criminals and Terrorists
"Another useful ploy is the false accusation. First, create a situation where you are wrongly accused. Then, at a convenient moment, arrange for the false accusation to be shown to be false beyond all doubt. Those who have made accusations against both the company and its management become discredited. Further accusations will then be treated with great suspicion."
“The New Machiavelli: The Art of Politics in Business” by Lord McAlpine
-
Thursday 1st August 2019 12:15 GMT Anonymous Coward
Communication vectors
On the subject of background thermal noise, we picked up a threat vector in the wild from a piece of malware crafted to bypass air-gapped networks. The malware deliberately altered the fan speed of a given piece of equipment akin to a flashlight being used for morse code. All you then need is a microphone (or laser interferometer) to pick up the changes in air pressure to recieve the message.
The bit rate of this approach is of course atrocious, but that might not matter for the right kind of information. And virtually every electronic gadget in circulation larger than a phone has a fan in it now...
-
-
-
-
Wednesday 31st July 2019 17:08 GMT Mark 85
Re: Same old tune
Well, it is a race to the bottom between the Brits and the US. The hackers are the winners no matter who hits the bottom first. I fear that if this crap succeeds, the days of the Internet are over as basically every company, every bank, every person online will be at risk.
-
Thursday 1st August 2019 02:44 GMT Brent Beach
Re: Same old tune
The latest US version of this demand exempts BIG COMPANIES - they are allowed to have encryption. Presumably this includes people communicating with big companies.
This elevates the corporation once more step further above the mere person. Not only are they people for purposes of free speech and donation of unlimited amounts to political campaigns (making bribes legal), they now can conduct their business - off-shoring money to tax shelters - without fear of police snooping (making tax cheating impossible to detect).
The dupes in the Five Eyes countries outside the US will all bobble head this. Australia has already made encryption illegal.
I hereby define the Murdoch law of Mass Media - the more Murdoch media there is in a country, the lower the intelligence of the elected politicians.
-
Thursday 1st August 2019 11:37 GMT Barrie Shepherd
Re: Same old tune
"Australia has already made encryption illegal."
Don't think so - they have legislation which would allow security operatives to require service providers to push 'encryption breaking code' into a targets communication devices - but last time I checked encryption services were still operational in AUS. They wanted to force WhatsApp etc. into Aus wide encryption breaking but I think they got a encrypted finger.
-
-
Thursday 1st August 2019 18:51 GMT Anonymous Coward
Re: Same old tune
Are we already forgetting Australia’s contribution to this idiocy?
Former PM Malcolm Turnball: “The laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia."
Given her precious form, I fully expect Priti Patel to go one step further and try to revoke the laws of mathematics.
-
Wednesday 31st July 2019 18:00 GMT Anonymous Coward
I'm not even worried about hackers
Let's say they could leave a backdoor for the police while making it just as resistant to hackers as full encryption is today (which is not 100%, there are constantly holes being found in the way encryption is applied i.e. MiTM attacks and so forth so encryption isn't proof against hackers anyway)
What I'd be worried about is abuse like hoovering up all communications, decrypting it, and doing word searches looking for things that fit their filters. Or some stalker cop forging the court approval (because you know it'll allow for stupid stuff like judges that don't believe in technology faxing an order with their all-too-easily-forged signature)
Or worse it'll be directly accessible to anyone anywhere who can claim to be law enforcement, like a part time sheriff in a tiny town, so hackers will simply phish him and then use his access to look up the encrypted comms of their target for e.g. corporate espionage. The hackers won't need to break the encryption through the backdoor like you are worried about, they'll just need to steal the credentials to the system from anyone who has access and walk right in through the front door.
No one should expect them to hand out a 2FA physical key to everyone, and audit all accesses, with no exceptions. That's how we would set it up, but they will want to make it "convenient" for its users.
-
Thursday 1st August 2019 06:23 GMT Richard 12
Re: I'm not even worried about hackers
So Mr Upstanding Police Chief has their back door.
Mr Evil Hacker puts on their black hat and steals it from Mr Upstanding. It takes them a few days to get it, perhaps by applying a brown envelope or rubber hose to Mr Upstanding or their staff.
Next, Mr Evil sells it to the highest few bidders. Who sell it on to the next-highest.
Within a few weeks, every script kiddy in the world has a copy of said back door, several criminal organisations have a new income stream and the body of Mr Upstanding's private secretary still hasn't been found.
-
-
Thursday 1st August 2019 10:21 GMT 0laf
Re: Same old tune
Don't worry the politicians will invent magic unicorn encryption. It will be perfectly protect from all but the pure of heart. The wicked and sinful can't access your data
Unfortunately they will reject that coz clearly none of those corrupted sick fuckers would get near your stuff
-
-
-
Wednesday 31st July 2019 15:00 GMT MJI
Useless
A Foreign Secretary who confuses the Red Sea and the Irish Sea
https://www.indy100.com/article/dominic-raab-brexit-irish-sea-red-foreign-secretary-boris-johnson-9024901
https://www.irishpost.com/news/dominic-raab-irish-sea-169391
He is a moron, he think he just stares at things shouting Brexit and Raaaaaaaaaaaaaaaaaaaaaaaaaaab!
Bloody hell TWO Raab fans so far!
-
-
Thursday 1st August 2019 16:27 GMT Arthur the cat
Re: Scotland
The Secretary of State for Scotland is Alister Jack, a born and bred Scot who's never left.
Robin Walker, who you're obviously thinking of, is Parliamentary Under Secretary of State in both the Scotland Office and the Northern Ireland Office. He's MP for Worcester, as was his father who was MP while I was growing up there. I remember him coming to my school.
-
-
-
-
Thursday 1st August 2019 11:31 GMT Anonymous Coward
Re: I was just going to have a go at
I'm not in the "Pritti Patel is stupid" club, I'm firmly in the "Pritti Patel is an authoritarian nightmare" club. That capital punishment discussion on Question Time if you haven't seen it.
-
Wednesday 31st July 2019 15:03 GMT Anonymous Coward
So where is the antidote ?
One odd thing about all the catastrophising over dimwits like Patels pronouncements, is the lack of any apparent initiative to actually provide end-to-end encryption. On the basis that I don't actually believe anyone currently does. I start with a distrust of iOS and Android and any app built thereon.
And as for the notion that Facebook is somehow the most secure platform around ? Are you having a giraffe ?
-
Wednesday 31st July 2019 15:26 GMT Charles 9
Re: So where is the antidote ?
True end-to-end encryption is physically impossible without brains that can directly grok encrypted data. Anything else opens up the possibility of an Outside the Envelope Attack, where the data is obtained at the point where it MUST be decrypted so as to be typed by the Hand v1.0 or read by the Eyeball Mk I. Sadly, we're not at Ghost in the Shell levels of capability yet.
-
-
Wednesday 31st July 2019 16:28 GMT Anonymous Coward
RE: encryption from my PC to its destination PC/server
Certainly can be a lot more secure than mobile "apps". Unless anyone is willing to bet their lives that Android/iOS don't slurp keystrokes before you've actually encrypted anything ?
At least with a decent Linux kernel you can check your keystrokes aren't watched and build up from there.
-
Wednesday 31st July 2019 21:45 GMT Doctor Syntax
Re: RE: encryption from my PC to its destination PC/server
"At least with a decent Linux kernel you can check your keystrokes aren't watched and build up from there."
You need a decent userland around it. You can start with that kernel but then wrap it in layers of opaque binaries and it doesn't matter what the kernel is.
-
Thursday 1st August 2019 04:53 GMT whitepines
Re: RE: encryption from my PC to its destination PC/server
Also don't forget about the whole OS-under-your-kernel thing that's all the rage now. The signed one *you* can't replace but the manufacturer can decide to or be forced to -- a.k.a. the Intel Magement Engine or the AMD PSP depending on whether you're blue blooded or red blooded.
Unlike the Clipper chip, because people have already given up control to one type of "encryption" (signing, in point of fact) to save a few pounds on their media computer, there's no fighting this technically. If the authorities say no encryption, every "normal" (x86/Android) computer manufactured in the last decade can be made to make sure your keystrokes are logged and display monitored.
Scary world, innit?
-
Thursday 1st August 2019 08:26 GMT eldakka
Re: RE: encryption from my PC to its destination PC/server
"At least with a decent Linux kernel you can check your keystrokes aren't watched and build up from there."
Can you?You need a decent userland around it. You can start with that kernel but then wrap it in layers of opaque binaries and it doesn't matter what the kernel is.
Have you read the source code of everything compiled into the kernel?
What about the compiler, have you read the source code of that? Do you know if it compiles only what's in the kernel source code files and does not inject its own code into the final binaries? What did you compile the compiler with?
What about the firmware in the USB controller? Did you inspect the source code of the firmware, compile it yourself with a trusted compiler (see above), and is the code that was compiled from that inspected source code and trusted compiler the code that was actually loaded into the firmware? The keylogger could be in there, logging everything between the keyboard and the kernel before it gets to the kernel.
How about the secure controller most commonly available processors (Intel, AMD, ARM, Apple, IBM, etc.) have embedded in them/their chipsets? The same caveats apply as for the USB firmware. Same for HDD/SSDs, NICs, PCIe controllers/switches. They all have embedded microcontrollers with their own firmware.
And they're coming to take me away ha-haaa
They're coming to take me away ho ho hee hee ha haaa
To the funny farm
Where life is beautiful all the time
And I'll be happy to see those nice young men
In their clean white coats
And they're coming to take me away ha haaa
-
Thursday 1st August 2019 08:47 GMT whitepines
Re: RE: encryption from my PC to its destination PC/server
Quick correction, IBM is one of the few without one of these signed nasties. RISC-V and a bunch of the weaker ARM chips also lack them.
And really, you only need to be concerned about the firmware of things that have direct network and CPU internal access. What's your keyboard going to do, radio the key out somewhere? Needs a modem and antenna to do that, so spend 5 minutes looking at the PCB for one -- it's not hard.
The ME, PSP, and TrustZone on the other hand, are perfectly suited based on their position in the system and more importantly that there is *no* way to use the system without them or replace them with something you compiled from source. None, nada, zilch -- they're signed "for your protection".
More like Google, GCHQ, and Hollywood's protection, but we'll just handwave over that. It's better PR.
-
Friday 2nd August 2019 10:15 GMT eldakka
Re: RE: encryption from my PC to its destination PC/server
If you have compromised firmware, then there is no requirement for comms between devices to pass through processing done by software. E.g. a compromised USB controller on the motherboard doesn't have to go through the O/S to access the NIC. If the NIC is separate from the processor, e.g. a PCIe expansion card, it could go point-to-point along the PCIe bus.
If you compromise the firmware of the entire system, the UEFI, then you can do what you like without any CPU involvement (assuming you don't want or need the horsepower above the embedded microcontrollers).
And, depending on what the firmware does, the firmware could inject into the O/S it's own malware that can't be seen by the O/S, to do its own nefarious tasks, like capturing data coming in from the attached keyboard and then sending out out through the NICs. No extra hardware required. There are known HDD firmware that do this, they inject malware into the system so it runs as a rootkit, has full access to the system. When someone detects a virsus/malware and removes it, even does a reformat/reinstall, the firmware in the HDD re-injects the malware after the reinstall. Some security researchers found this HDD firmware a few years ago (2015 I think) and presented it at a BlackHat conference.
-
-
Thursday 1st August 2019 13:33 GMT Loyal Commenter
Re: RE: encryption from my PC to its destination PC/server
What about the compiler, have you read the source code of that? Do you know if it compiles only what's in the kernel source code files and does not inject its own code into the final binaries? What did you compile the compiler with?
A proof-of-concept of this attack was done decades ago...
https://scienceblogs.com/goodmath/2007/04/15/strange-loops-dennis-ritchie-a
Essentially, Thompson modified the C compiler to insert a backdoor into the login command. He then modified the compiler to add the code to do that into itself when compiled, compiled the compiler, then removed his extra code from the compiler's source code, so that when you compile the compiler, it adds the code to backdoor the login command on compilation back into the compiler, even though the mechanism to do so is nowhere in the source code.
The only way to get around this is to hand-compile the compiler, and then you have to trust the hardware it runs on anyway. Get your soldering iron out, and start hand-rolling your own capacitors...
-
-
-
Thursday 1st August 2019 07:29 GMT richardcox13
Re: RE: encryption from my PC to its destination PC/server
> At least with a decent Linux kernel you can check your keystrokes aren't watched and build up from there.
That is not sufficient. You need a completely trusted tool chain leading to that kernal and all software running on top of it.
Cf. https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
-
-
-
Thursday 1st August 2019 08:33 GMT Nick Kew
Re: So where is the antidote ?
True end-to-end encryption is physically impossible without brains
I think you just redefined end-to-end.
Now if you'd just pointed out the risk of malware on a user's 'puter, you'd be right. But this Newspeak seems to me just to confuse the issue. Your end isn't final either in a world where spyware might read the human mind (even if that world is still SF).
-
Friday 2nd August 2019 07:33 GMT hammarbtyp
Re: So where is the antidote ?
True end-to-end encryption is physically impossible without brains that can directly grok encrypted data
Nah, dead simple. Using a random process to create a one time pad. Hand deliver pad to recipient. Encode message by hand and send via snail mail. Destroy one time pad, repeat.
Oh you want a system which is scalable and quick? Why didn't you specify that?
-
-
-
Wednesday 31st July 2019 15:28 GMT Anonymous Coward
AmbassadorGate
The Kim Darroch affair proved conclusively that this administration can't even keep its own internal secret communications out of the newspapers. Whether the leakage route be politicians grinding axes, crooked employees or coppers with dubious connections to the tabloids, I can't see why anyone with any sense would trust sensitive information to any arm of the British state.
Given that end-to-end encryption isn't going to go away for those determined enough to set it up, I guess we'll see something like the password reveal law to catch those who don't roll over and accept backdoored apps, and those who really don't want their business pried into will be finding other jurisdictions.
-
-
Thursday 1st August 2019 09:17 GMT Anonymous Coward
Re: AmbassadorGate
>I hope the leaker gets a holiday at Her Majesties pleasure.
Not just the leaker, but also the journalist/editor. There is no public interest defence to the publication of classified UK gov information, and it is a clear breach of the OSA for *both* the leaker and the publisher.
The only issue is whether it is decided not to prosecute as it is not in the public interest.
-
Thursday 1st August 2019 12:43 GMT tiggity
Re: AmbassadorGate
No, no, no
Otherwise everything, no matter how trivial gets classified as a secret... and that was trivial (sure it caused embarrassment, got Trump ranty (but so do most things) but not e.g. putting spies at risk of being uncovered etc,)
Already very little gets into the public realm due to over use of OSA (e.g. it's amazing how many bits of govt IT work want you to sign OSA, still means people get to be at risk of prosecution for revealing juicy bits about many govt IT project failures)
-
Thursday 1st August 2019 13:07 GMT Electronics'R'Us
Re: AmbassadorGate
A couple of things:
Signing a document that refers to the Official Secrets Act is simply stating that you understand your responsibilities in terms of the act and this is done because you are expected to routinely come into contact with classified material.
Everyone in the UK is still covered by the act; you are just acknowledging that you really understand your responsibilities. I Have had to sign said pieces of paper more times than I care to remember over the past few decades.
When I was in the service (many many years ago), it was clear that items were routinely over-classified. Even the magazines that were delivered were stamped 'Restricted' - the lowest level but still a security classification.
-
-
-
-
-
-
-
Thursday 1st August 2019 13:39 GMT Peter2
Re: Yep, Patel continues age-old tradition
I'm sure there's a secret gov farm/lab/tank where they grow them, and when the time comes, hose, rinse, insert the battery, and out comes your new Home Sec, each one horribler than the one before.
I suspect that this is simply a very extensive dossier of particularly horrible true cases of child abuse at the hands of child pornographers and retrospectively obtained encrypted emails where the security services (quite rightly) say that "if we'd have been able to read these messages at this point, these kids wouldn't have been abused. These kids/people would still be alive." before then coming out with the same for terrorism etc, etc, etc, etc, etc. Do that for a few hours worth of briefings, and pretty much anybody (even if you have a heart of stone) is going to take the department line that "we need to do something about this".
The question is "what?".
There is a legitimate need in certain situations for law enforcement to lawfully get access to encrypted communications. The problem is that as noted, you can't trust any key you give them not to get leaked allowing remote access to pretty much any device.
I'd think the eventual response will probably be more along the lines of breaking encrypted storage on a device in a way that requires local access to exploit.
-
Thursday 1st August 2019 15:57 GMT Intractable Potsherd
Re: Yep, Patel continues age-old tradition
@Peter2: I wish I could agree with you about the dossier. Even if I did, I would have to think that the next words would be "It would be a shame if your knowledge of any of this were to come to the public's knowledge, wouldn't it, Minister? What would people think?" Someone senior in the Home Office has a serious obsession with regard to not being able to access everything they think they should be able to, and will do anything to get their own way, regardless of how disproportionate the result.
-
Thursday 1st August 2019 22:47 GMT Doctor Syntax
Re: Yep, Patel continues age-old tradition
"I suspect that this is simply a very extensive dossier"
Something like that. The last Home Sec, shortly after being appointed was interviewed in the Times describing being shown an alleged chat room and a child being groomed. This, he said, persuaded him. In other words he described the brainwashing without even realising that that's what was being done to him. He didn't even stop to wonder whether the entire thing was staged. Nor did he stop to ask whether, if this wasn't encrypted why breaking decryption should be necessary. This is the standard of thought that makes a good Home Sec from the HO's PoV.
-
-
-
-
-
Thursday 1st August 2019 10:36 GMT Sir Runcible Spoon
Re: child abuse and terrorist content
If those are the 'pro's' of banning encryption, perhaps we ought to be highlighting the 'con's' as a counterbalance?
How about:
-No more online banking/bonking by phone/contactless
-Power utilities hacked and we get taken back to the Victorian era (without the horses to do all the work)
In fact, we only have to lose the power for *everything* to fall apart very quickly..
-no food
-no fuel
-no heating
-no help (police/fire/ambulance)
-
Thursday 1st August 2019 14:06 GMT Peter2
Re: child abuse and terrorist content
The thing is, frankly people rely on encryption and security software where frankly, I feel it's outright inappropriate.
People talk about "oh, you could hack that nuclear power plant and cause a disaster", but the controls in the control room of the nuclear power plant that I have seen were done in ways that were secure beyond any possible doubt.
The controls for each reactor were on physically separate hardware with appropriate backups, on physically separate consoles with a purpose built 1970's OS that had never heard of networking. No remote access at all, everything was done via access to the console. They had a new computer next to the old box for searching digital copies of the manuals, but it was a completely separate system entirely and physical manuals, checklists, procedures etc were maintained as a fallback in hardcopy on shelves next to the control stations.
While I suppose that it's possible that the gas power plants that now make up most of our power generation could be disabled remotely, i'd doubt it given that they would have been built from the 1970's-1990's, and so the control software is almost certainly incapable of being connected to the internet; even if built with the OS's commercially available at the time it appears unlikely that either the software or hardware could possibly be connected.
That said, IMO anything capable of causing physical harm IRL shouldn't be directly connected to the internet. Losing websites would be an inconvenience. Losing power and major infrastructure could be a civilisation ending event if certain people in certain positions aren't as paranoid as i'd hope they are.
-
Thursday 1st August 2019 14:32 GMT Sir Runcible Spoon
Re: child abuse and terrorist content
"Losing power and major infrastructure could be a civilisation ending event if certain people in certain positions aren't as paranoid as i'd hope they are"
You would be amazed, and not necessarily in a good way. I'm not saying there aren't plenty of people who care, but they are fighting a *system* that isn't designed to deploy security best practice in all situations. Bureaucracy will be the death of us all I expect.
Also, whilst I'm not going to go into details (for obvious reasons) you don't have to disable a power station to turn off the power. Plenty of real-world examples of honest mistakes that have taken down large sections of the power grid in various countries.
"That said, IMO anything capable of causing physical harm IRL shouldn't be directly connected to the internet. "
I couldn't agree more, but that isn't the world we currently live in.
-
-
-
-
Wednesday 31st July 2019 15:47 GMT Electronics'R'Us
Self inflicted problem
Poor Pritti and other embarrassed politicians and various 3 and 4 letter agencies.
If the governments around the world (particularly the five eyes as revealed by Mr. Snowden) had not been trawling everything possible, then the push for end to end encrypted personal communications might not have been as hard, but after the revelations that they were spying on their own populations without good reason (other than trying to use computers where a real brain would be better and of course for the power trip) and slurping everything (which makes them no better than China in that respect) people decided it was none of their business what they were chatting about.
Given that the various acts in the UK leave basically no privacy otherwise, it is of no surprise to anyone in technology that end to end encryption is very popular indeed. Methods to defeat (admittedly currently highly inaccurate) facial recognition are continuing apace, apparently.
As it is, I personally use Signal for messaging (which is indeed end to end encrypted and I cannot give any keys because I simply do not know them).
So my perspective is tough shit; you all brought it on yourselves.
-
Wednesday 31st July 2019 16:11 GMT amanfromMars 1
Strewth. Is there no end to the madness? The lessons learned are ... there are no safe back doors
Why on Earth would Ms Priti Patel create almighty invisible foe and invincible intangible enemies for herself and self-serving friends with the fielding and fronting of a folly riddled with holes to its core?
Whatever is she smoking?
It's too strong for you, Priti. Try something else, not so powerful and overwhelming. It'll be doing everyone a great favour.
Or is it a mental health problem for her and supporters which rejects the evidence and views of experienced experts mastering in the subject matter?
We deserve better from those who choose to present themselves as a government representative of the people.
-
Thursday 1st August 2019 06:30 GMT Richard 12
Re: Strewth. Is there no end to the madness? The lessons learned are ...
Because she doesn't understand mathematics, doesn't want to understand, and thinks her career will be improved by refusing to listen to experts in whichever field she's currently trying to break.
Same as every Home Secretary in living memory. There's something very rotten in that department.
-
Thursday 1st August 2019 11:21 GMT Dr. Mouse
Re: Strewth. Is there no end to the madness?...
Or is it a mental health problem for her and supporters which rejects the evidence and views of experienced experts mastering in the subject matter?
It's not just her and supporters: There is a view by a large proportion of the population that experts are to be derided, that Gary down the pub knows more about a subject than someone who has spent his whole life working with or studying it. They also deride politicians and the media for being untrustworthy, unless of course they agree with what that politician or reporter is saying.
We have taken confirmation bias to the extreme, and the internet has aided the creation of almost perfect echo chambers to encourage this (even though it should do the opposite, with all that information available at our fingertips).
-
Wednesday 25th December 2019 10:46 GMT Charles 9
Re: Strewth. Is there no end to the madness?...
Problem is, a true true echo chamber is actually immune to outside influence, as it is able to turn that information against itself by using things like confusion-fu to make them look like they're "out of the loop" and don't really know any better. That's why it's so hard to argue with someone irrational: they're not thinking the same way we are.
-
-
-
Wednesday 31st July 2019 16:21 GMT Anonymous Coward
Watch Priti Patel in debates on Question Time. She comes across as a very nasty person indeed. Scary to think that she is now home secretary.
On a separate note, as much as the intelligence agencies complain about encryption, the truth is that this is a golden age for electronic surveillance. Never before have the agencies been able to gather, store and process so much data about so many people. End to end encryption only impairs a small part of that,
-
Wednesday 31st July 2019 16:42 GMT Anonymous Coward
Shame the horse has already bolted, not like openssl hasnt been available for decades, so as much as they would like to, crypto (and its source) is out there, nothing can stop end to end, and at best all that would happen is that face book or what ever comes along and makes that curly haired pricks website the next myspace will end up in court, years pass by mp's get bought off one way or another and everyone is happy, decision comes down one way then appealed the other too many day to day tech interactions the great unwashed will rely on will use end to end by the time a decision is made to render it all moot, as denying them conveinience will cost the assholes their seat in parliment or unpractible to enforce anything anyway. perhaps crypto will be the new tobbaco industry, the popular liars must be shitting it thinking they will only have landmine manufacturers to give them bungs by 2030...
-
Thursday 1st August 2019 05:07 GMT whitepines
Oh don't worry, that's been fixed. The Intel Management Engine and AMD PSP will ensure that despite what you try to run open source, a copy of the key or direct keyboard input is taken from underneath the kernel and sent to the authorities (think some kind of unblockable multicast or HTTPs via DoH to some master provider that won't let you online if you're not talking to it).
That's what years of just chasing the cheapest thing without caring about whether you actually have control of it or not will do. Welcome to 1984, comrade!
-
-
-
Wednesday 31st July 2019 20:57 GMT Anonymous Coward
Re: Estonia tells you who in government has been looking at your data
Well, if you made that public, and the just udpated the database to indicate that the local sex crimes unit officer (who's name and position is publicly known) and acessed everyone's records, you could probably get all of the kiddy fiddlers to off themselves in a week or so. You'd still be hard pressed to put that genie back in the bottle, though.
On second thought, having all of the actuall terrorists all blow themselves, and those around them, up over the span of a week would probably be looked back on as a rather shitty time to be alive...
-
-
-
Thursday 1st August 2019 12:12 GMT Anonymous Coward
Re: Estonia tells you who in government has been looking at your data
there's a famous phrase 'knowledge is power'
but it's actually incorrect. power is power. knowledge is the burden of knowing whats happening to you without the power to do anything about it. it's actually disempowering in that instance.
just like choice is only liberating when you have the knowledge and ability to pick between your options. if not, choice is actually oppresive.
its the basics of user interface design:
- do not present users with options they cannot distinguish between
- do not burden users with information that cannot effect actions
- there's more. lots more. and a lot of them go against common addages.
-
Thursday 8th August 2019 16:58 GMT Charles 9
Re: Estonia tells you who in government has been looking at your data
"knowledge is the burden of knowing whats happening to you without the power to do anything about it. it's actually disempowering in that instance."
I disagree. Otherwise, what's the power of blackmail? "I know something you might now want the world to know, hmm hmm?"
Now, granted, there is a level of power that allows one to disregard blackmail and the like, but that's a highly sanctified tier that few can actually reach. If you're not one of those few, like they say, a little knowledge can be dangerous.
-
Thursday 1st August 2019 22:54 GMT Doctor Syntax
Re: Estonia tells you who in government has been looking at your data
"You can formulate a response"
And much good may that do you. However it persuades the little people that ID cards are Good Things I can see why the Estonian PTP had it built that way. There is, of course, the underlying assumption that it actually does work the way the little people have been told it does.
-
-
-
Friday 2nd August 2019 06:18 GMT Danny 2
Re: Estonia tells you who in government has been looking at your data
Estonian citizen smartcards are made by Gemalto - I used to work for NewsGem, their Murdoch Sky News branch. They were specifically targetted by our security services. https://www.theguardian.com/us-news/2015/feb/19/nsa-gchq-sim-card-billions-cellphones-hacking
They were also hit by this flaw: https://www.ft.com/content/874359dc-925b-11e7-a9e6-11d2f0ebb7f0
Everyone has been looking at Estonian data.
-
-
Wednesday 31st July 2019 17:03 GMT smudge
What took her so long?
She's been Home Secretary for nearly a week. WTF has she been doing?
What the US wanted last week, the UK wants this week. Welcome to the new government's modus operandi.
Only good point is that, unlike Trump, she is unlikely to build a base out of white Christian evangelicals and supremacists :)
-
Thursday 1st August 2019 12:43 GMT Anonymous Coward
Re: What took her so long?
Her (and the rest of the current government's) base is the swarming ranks of readers of the Daily Mail. They still hammer on about how "we" won WW2 and don't even realise that they're the fascists now. In practical terms the UK is no better off than the USA.
It doesn't really matter how the race or religion demographics of this base are characterised, all that's important is that members are wilfully ignorant and routinely treat anyone they see as not in "their" tribe with spite and disrespect. Normally I'd be looking to the left to haul us out of this mess at the next general election, but all I see over there is a weak leader held up by a cult of personality (Momentum) that shows many of the same traits as the rabid right wing.
This is where our "winner takes it all" politics has led us. The best we can hope for is continued hung parliaments and ongoing stalemate to stop the next custodians of HM government from steering us off a cliff.
-
Sunday 4th August 2019 13:51 GMT acid andy
Re: What took her so long?
Corbyn's a strong leader. He's stood firm despite endless attempted character assassinations. I'm willing to bet you only think he's weak primarily because you read or heard other people expressing that view, rather than forming the opinion purely from the evidence you observe. Don't fall for all the propaganda.
I know some Remainers are frustrated with Labour but going 100% Remain would be electoral suicide for them.
-
-
Wednesday 31st July 2019 17:04 GMT SVV
Easy solution
Facebook, Twitter, et al just need to announce that if this is passed into law, then sadly their services will no longer be available in the UK, as they wish to keep users in other countries secure. Once the public discover that the sites they are addicted to on the web will be taken away from them there would be an almighty uproar.
Just start bombarding your users with an information campaign. Fexit means Fexit. Twexit means Twexit.
At least this new lot are so stupid that they seem to be using their old boss's paymaster the Daily Telegraph as their Pravda. Behind that paywall, few will be exposed to all the propoganda.
-
Thursday 1st August 2019 06:31 GMT amanfromMars 1
No Easy Solution ..... for Leading Horses with No Need to Drink the Kool-Aid*
At least this new lot are so stupid that they seem to be using their old boss's paymaster the Daily Telegraph as their Pravda. Behind that paywall, few will be exposed to all the propoganda. .... SVV
Makes you wonder what sort of brains/cells are at the helm of the Daily Telegraph when they be expecting the masses to be paying for disinformation and misdirection by an exposed few?
Addled springs immediately to mind, if one is in a generous frame of mind. Others may favour ripe rotten to the core, corrupt and/or perverted.
-
Thursday 1st August 2019 07:10 GMT amanfromMars 1
Re: No Easy Solution ..... for Leading Horses with No Need to Drink the Kool-Aid*
Army fights foreign views with home-grown news, says the Guardian ..... Propagandists and Hackers R Us
Good luck with that abortion of an operation creating Frankenstein monsters for the sport of slaying ..... or taking over.
Have no lessons been learned from the massive train wreck which is Russiagate in the Land of the Free and Home of the Brave ...... https://www.nationalreview.com/2019/07/mueller-sticks-the-final-shiv-in-the-russiagate-hoax/
What parts of .... What You Give is What You Get ..... are so clearly misunderstood?
-
Thursday 1st August 2019 09:55 GMT Cliff Thorburn
Re: No Easy Solution ..... for Leading Horses with No Need to Drink the Kool-Aid*
“Good luck with that abortion of an operation creating Frankenstein monsters for the sport of slaying ..... or taking over.”
Well that truth is certainly stranger than fiction is it not?
'All that's necessary for the forces of evil to win in the world is for enough good men to do nothing.'
Author: Edmund Burke
-
Thursday 1st August 2019 11:51 GMT Anonymous Coward
Re: No Easy Solution ..... for Leading Horses with No Need to Drink the Kool-Aid*
National Review: From https://mediabiasfactcheck.com/national-review/ :
These media sources are moderately to strongly biased toward conservative causes through story selection and/or political affiliation. They may utilize strong loaded words (wording that attempts to influence an audience by using appeal to emotion or stereotypes), publish misleading reports and omit reporting of information that may damage conservative causes. Some sources in this category may be untrustworthy. See all Right Bias sources.
Overall, we rate the National Review Right Biased based on story selection that always favors the right and Mixed for factual reporting due to misleading claims and occasional use of poor sources.
Detailed Report
Factual Reporting: MIXED
Country: USA
World Press Freedom Rank: USA 45/180
-
Thursday 1st August 2019 16:04 GMT amanfromMars 1
What could possibly go wrong?
Novel Virgin Regimented Forces against Restless and Rebellious State and Non State Actor Sources?
Well, there are two things then to immediately note are impossible to avoid, and there are surely bound to be many more too ....
1) the UK Special IntelAIgent Services are pitted in competition and/or opposition to NSAs Squandering Uncle Sam's Resources ..... so any Special Relationships there are FCUKd
2) Successful Engagement at any Practical or Virtual Level has Restless and Rebellious State and Non State Actor Sources Stealthily Infesting and Infiltrating Vital Leading Strategic and Tactical Communications Channels ...... which are Pumping Pulp Fiction for Virtual Realisation and Mass Media Presentation in Daily Attempt to both Macro and Micro Manage Universal Perceptions/Grand MetaDataBase Designs ...... and that has key players, both virtually new and as old as the hills, stepping into the realms of directing instructions where madness and mayhem take no live prisoners.
Do you not think national and internationally armed defence and attack forces are not traumatised and decimated enough via their actions just following crazy orders?
Now you're gonna launch them into an environment which is default hostile and quickly destructive to false propheteering.
All of that is where it can go so easily so terrifically wrong.
-
-
-
Wednesday 31st July 2019 17:11 GMT Kingstonian
Journalists distort statements to forward their own agenda. As do Governments.
The article on the front page of the Telegraph and continued on to page 2 by Charles Hymas its Home Affars Editor grossly distorts what is said in Priti Patel's commentary on page 2 in order to support the Telegraphs own position (campaign to protect children). The Article on the register distorts the Priti Patel article to support its position e.g. "throwaway lines", "backdoors". The Priti Patel commentary appears to me to be more reasoned and doesn't mention any solutions but highlight problems and challenges.
Her paragraph regarding legitimate concerns over use of personal data and theft of private information is only partially quoted in the Telegraph. The Register says she "call(s) for end-to-end encryption to be broken with backdoors inserted for illicit law enforcement access". nowhere in the Patel article is the word backdoor used - just a need to work with tech. companies. I don't belive there will be a satisfactory solution to the issue - encryption is a tool that can be used to hide evil things but also for legitimate privacy.
You can read the Patel article on the telegraph site (paywall or with a limited number of articles per month)
-
Thursday 1st August 2019 06:34 GMT Richard 12
Re: Journalists distort statements to forward their own agenda. As do Governments.
You can call a horse a shrew if you want, but it's still a horse.
Any way of accessing an encrypted communication when you're not Alice or Bob is a backdoor. Doesn't matter whether you're an Eve, Mallory, Chuck, Craig etc.
-
Thursday 1st August 2019 12:51 GMT Anonymous Coward
Re: Journalists distort statements to forward their own agenda. As do Governments.
Of course she doesn't mention backdoors. Backdoors are bad.
No, no, this is just a requirement for a facilitative oversight mechanism* to be put in place for the use of law enforcement. Totally different.
*or whatever they're marketing it as this time around
-
-
-
Wednesday 31st July 2019 17:45 GMT Boris the Cockroach
Oh dear
Looks like my simple Java messaging app built for my OU degree will fall foul of the new law.
mostly because I added Xor encyrption to it for a laugh..... and now the powers cant listen in to whatever I'm jibbering about when I talk to the only other user on the internet.....
and 5 years in the slammer because it generates keys on the fly......
-
Thursday 1st August 2019 06:35 GMT John Smith 19
She seems an ideal host for whatever the Home Office inserts in the brain of their so-called masters
An authoritarian with a fondness for taking un reported meetings with foreign powers.
No doubt entirely ignorant about what she's actually asking for and why it can't be done in the way she want's it.
Because all that matters is "We wants it."
-
-
Thursday 1st August 2019 21:23 GMT Anonymous Coward
Always surprised she and IDS never donned neo fascist uniforms, always thought IDS hankered after a uniform just like Mengele tbh.......all that black, shiny totenkopfs and all that unfettered power to "punish" people without any annoying courts etc getting in the way.....
I wonder if Irma Grese is Priti Patel's heroine....
-
-
-
This post has been deleted by its author
-
-
-
Thursday 1st August 2019 09:01 GMT Chronos
Three words: Low. Hanging. Fruit. Tackling the fundamental issue is too difficult. This makes both the puppetmasters in Washington and the Daily Failers happy,¹ and allows them to Be Seen To Be Doing Something™, even if that something is pretty much a) impossible, b) has too many proven cases of collateral damage and c) involves capturing a horse that has already bolted, bred, died and its progeny evolved into something unrecognisable.
Add to this the fact that HomeSec is something of a poison chalice these days and you get this nonsense every single time.
¹ Jacob Flea-bitten Moggy will be apoplectic that I just used an Oxford comma. Sadly for him, I'm not subject to his "guidelines for writing."
-
-
Thursday 1st August 2019 08:43 GMT Milton
Priti Useless at it again
'Failing upwards' is a phrase currently in vogue, and seems to apply to most of the new cabinet. Priti Useless (I think we have the Guardian's John Crace to thank for that), already disgraced once, renowned for talking shyte, despised by her civil servants for her serpentine dishonesty, seems like the perfect example of 'all ambition, zero talent'.
But even she is surely capable of asking any one of several hundred mathematicians working for GCHQ, or any of the managers and supervisors they report to, a very simple question: is it practically possible to introduce a backdoor into an encryption system without fatally weakening that system for all users?
The only possible answer is 'No.'
Because the math doesn't lie. It doesn't matter how many times a government minister or poorly-informed security type spits the dummy and screams 'But I want π to be 3.00 exactly!'—π doesn't care, and will continue being (in)exactly what it is.
The stupidity and ignorance of modern politicians is truly breathtaking.
-
Thursday 1st August 2019 21:27 GMT Anonymous Coward
Re: Priti Useless at it again
you think GCHQ care?
Likely to them the ends justify the means......the old "empire" mindset is still strong in UK.gov i.e. "we're the most advanced country on gods earth, a proverbial Jerusalem, so nothing to worry about, those fuzzy wuzzys probably don't have electricity yet let alone computers, they wouldn't dare either, we had an empire you know and they should ruddy well remember that"
-
Thursday 1st August 2019 08:46 GMT Anonymous Coward
Patel
the thread is interesting, I have a (vague) impression that the level of hate against the fresh Secretary is somewhat differently angled than the hate against the previous one, with quite a few posts linking her nastiness and (lack of) intelligence with he fact she that the current one is a woman. While I laugh and fart in the general direction of the current fad of women-hater-hunting and women-promoting, based on this thread I do have this uncomfortable feeling that there's more than a grain of truth in womenophobia in a male-dominated environment.
Plus, more to the point, once we look past the feel-good hate-session, developments for encryption look grim. I'm sure some smart busy-bodies are working hard behind the scenes to come up with a gov-pleasing feasible "solutions", that is, banning encryption in the uk, perhaps combined with some sort of license to use it, similar to that latest porn license, but more tightly controlled (think of children and terrorists and millions will approve). Yes, I do realize how silly it seems and what about businesses, well, I'm sure the British government will be happy to learn the lessons of our Chinese friends, given how few friends we have left.
One solution I see (even though I'm technically inept) is some legislation that forces ISPs to block encrypted traffic, unless the user is checked against some license - and that license comes with a mandatory "law enforcement access" details. And if there are no keys, well, no traffic. And don't tell me the government can't cripple businesses and private usage because the impact for the affected would be massive. They can, I'm sure they did in the past, and likewise, they will in the future, if they decide it's worth the perceived "benefits"
Control will happen, because this is how things progress with the internet in general, the rumblings about encryption have been heard for quite some time now, and it's only a matter of time. I wish it was otherwise, but :/
-
Thursday 1st August 2019 09:24 GMT MJI
Re: Patel
It is not that she is a woman, but that she is not suitable.
I LIKE women, I also like having them in parliament, I also think that many people will look a lot more favourably at Theresa May now we have BoJo.
The women who do get the mickey taken are the ones promoted above their abilities like the current HS and the shadow HS. Mind you the PM and Leader Opposition are also promoted above their abilities.
-
Thursday 1st August 2019 09:45 GMT Anonymous Coward
Re: Patel
So much wrong about your post but others have already pointed most of that out to you.
For me the worst aspect is you display the increasingly common attitude that the State is entitled to invade every aspect of our lives simply because they think they can. I guess it's our own fault for handing over power to the worst possible examples of bottom feeders that are the politicians of today.
Well, it seems you get the government you deserve.
-
Thursday 1st August 2019 13:27 GMT Anonymous Coward
Re: Patel
I have given NO indication that "the State is entitled to invade every aspect of our lives simply because they think they can". I do NOT think that "the State is entitled to invade every aspect of our lives simply because they think they can" or that they SHOULD. But I do believe the State WILL invade every aspect of our lives simply because they think they can. And not only because they THINK they can, but because, effectively, they can. Maybe not "every" aspects, but many, if not most of those that we consider, for now, private or no-go. And we may have as many sessions of Patel-hate as we wish, it means nothing as far as what is actually going to happen with encryption once the gov has finally made their move. And I don't see a solution when it happens.
-
-
Thursday 1st August 2019 11:15 GMT Sir Runcible Spoon
Re: Patel
"One solution I see (even though I'm technically inept) is some legislation that forces ISPs to block encrypted traffic, unless the user is checked against some license - and that license comes with a mandatory "law enforcement access" details."
I'm glad you qualified your opinion as inept, at least you get one point for accuracy.
Concepts of this scale do not neatly translate into a worldwide deployment of a single (complex) technology. For reference, government departments don't even understand their own rules (HMRC) and they can't even implement an age verification check for porn without cocking it up (pun intended).
Just so you know, it would be *extremely* difficult to deploy in a single large company, let alone all large companies, excluding private citizens, across the globe, meeting all legal requirements for all nations and still deliver the intended goal.
In the real world it's as close to something that is impossible that I can think of, and that includes matter transformation, free energy and teleportation across vast distances.
-
-
Thursday 1st August 2019 14:28 GMT Sir Runcible Spoon
Re: Patel
" and I don't hear much of VPN services in China easily circumventing their censorship"
Yes, well, you wouldn't would you? As soon as you *hear* about it, the Chinese government are able to crack down on it. Doesn't mean it doesn't happen (and that's just from China -> elsewhere, who knows what can still be achieved if all your traffic is internal to the Chinese border firewalls).
You're also forgetting that the Chinese government can just throw money/people at something to get it done, with extreme punishments for failure - which isn't exactly the hallmark of a democracy.
Actually, you've helped provide an excellent example of why we shouldn't want this.
Prevent all VPN's and develop your dictatorial powers all in one stroke, bonus.
-
Thursday 1st August 2019 21:35 GMT Anonymous Coward
Re: Patel
SNP will be right on it, they have a stated policy to ban porn and anything "adult" as it "normalises misogyny" "we need to make it unacceptable to buy or sell womens bodies as a product" and "nearly all are trafficked" when both of those statements are bollocks and many do it of their own free will, due to the flexible hours, good pay and some do it for the attention.
Any other government would have fallen already over the Carseview hospital scandal and the ongoing attempt to cover it up by the health board and ministers allowing things to carry on as normal, exposing more patients to abuse (including battery) by staff, rampant supply of illegal narcotics within wards, sexual assaults on vulnerable patients, multiple suicides, patients in crisis turned away with no reason given and worse.
Search for "Interim Strang Report Courier" for more.
-
Monday 5th August 2019 07:21 GMT Anonymous Coward
Re: Patel
{" many do it of their own free will, due to the flexible hours, good pay and some do it for the attention."}
Perhaps someone from the SNP has been there for the women after they've been in it for a while. Or the men for that matter. You should try helping some of the 'porn stars' when they want out. Your whole view of the industry will change.
-
-
-
-
-
-
This post has been deleted by its author
-
Thursday 1st August 2019 09:53 GMT localzuk
Out with the old, in with the, err, old
Same suggestion over and over again, yet the mainstream media (I don't include El Reg in that title) don't discuss the key flaws in the concept suggested.
The biggest flaw is that you can grab an open source app, sideload it onto an Android phone and voila, you've got end to end encrypted comms which don't have the mandated back door in. Takes minutes to do.
So, fundamentally, this is not about catching criminals - they will use these tools if they don't want to get caught. It is still about mass surveillance of the population.
It'll last about as long as it takes for a Minister's private info to be hacked and released before it gets backtracked.
-
Thursday 1st August 2019 12:03 GMT Anonymous Coward
Priti Patel wanted to use some of the foregn aid budget to fund the Israeli IDF, without declaring it to her seniors.
let that sink in for a moment. this is a politician that intended to use tax payer money, intended for helping the poor in foreign countries, to fund a foregn military force, discussed with the foregn government off the record and during what was declared to be a holiday.
she was sacked yet here she is, back in government, in an even more powerful position.
-
Thursday 1st August 2019 12:41 GMT Anonymous Coward
Why the fuss?
I'm failing to understand all the ire being vented on this subject. From as far back as I remember, the advice was never assume any communication was totally secure. I've kept that in mind whenever committing anything to paper or keyboard.
I want banking systems to be secure, as should any system that holds personal data that isn't otherwise publicly available (my name, address and phone number is freely available to anyone who wants to look it up in the phone book). Anything in the post can be lost or otherwise fall into the wrong hands, email has never been secure (other than when encryption methods have been purposefully applied). Text messaging was probably better but still not wholly secure should the carrier decide to intercept. The current assumption that messaging systems like WhatsApp should be 100% secure is relatively new and it's only since they became available have people become so vocal (in public, at least).
I have to question this attitude. OK, I know many people are now so addicted to their phones, Facebook, etc. that they rarely meet their "friends" face-to-face and the messaging apps are used to share details they'd probably hesitate to reveal if they did. Businesses have always needed secure means to communicate "trade secrets" and contract details - but the security is needed against competitors and I would worry if any company relied on such apps for that information. I can't recall ever, in my 60+ years, ever needing to send something that I would be worried about it being read by the national authorities. Yes, if there's a backdoor then others will find access, but I can't recall sending anything that would be disastrous that way. I never send passwords, etc that way. When I've needed to send let somebody have, say, online login details, the username and password go via at least two independent channels (e.g. email with the username, a password via text and, if I'm feeling paranoid, a phone call to explain how to unscramble the latter).
But then, I'm getting old and don't really understand the youth of today - much as I remember my grandparents saying!!
-
Thursday 1st August 2019 13:15 GMT Anonymous Coward
Re: Why the fuss?
Not assuming that comms are completely secure is one thing. Asking us to be OK with comms being guaranteed to be fundamentally compromised is completely another.
Just because you don't use apps for important comms doesn't mean that no-one does, nor that doing so is fundamentally wrong. A lot of business is done by app these days, especially by smaller companies and sole traders that can't afford the fancy enterprise software that would be used by the big boys. Why should their trade secrets be compromised when the secrets of their larger competitors are not?
"I can't recall ever, in my 60+ years, ever needing to send something that I would be worried about it being read by the national authorities."
Yet another formulation of the nothing to hide, nothing to fear argument. Does your house have curtains on the windows? What are you afraid of, eh?
-
Thursday 1st August 2019 20:11 GMT Anonymous Coward
Re: Why the fuss?
Whilst I’d prefer my messages to be read only by the intended recipient, I wouldn’t write anything on a public service that I would fear if seen by others.
In business for many years, much of it before WhatsApp, etc came to the fore. Communication existed before mobile phones, not as instant but, if absolute security is vital, speed may need compromising instead. There are other schemes for business that can be used, and under the company’s own control.
Yes, I have curtains that are drawn to protect modesty when undressed, just as I wouldn’t really want to strip off in Tesco’s to try on new underpants. But, even if I did want to, I suspect it wouldn’t be welcomed... Bringing personal privacy/modesty in is a red herring.
The argument of nothing to fear, nothing to hide is valid - though only for those who have nothing to hide. There more important battles to fight than getting behind WhatsApp, etc. I agree, though, that the various governments’ desire to have access is short-sighted as those who really have something to hide will just find another channel - and probably be even more secure.
Remaining anonymous because I suspect I’m a lone voice here.
-
Thursday 1st August 2019 21:47 GMT Anonymous Coward
Re: Why the fuss?
Alone this is bad enough, couple it to the rollout of facial recognition, both by Westminster AND Holyrood (you really thought the SNP were ANY better? no they are running the same "we need this technology to catch terrorists/paedophiles and its no different to fingerprints anyway") and its the start of a fall into a totalitarian dystopia where the state can and will follow your EVERY movement, know every detail of your life - where you go, how long you spent there, who you met, what you spent money on - miles worse than anything envisioned or implemented by the Stasi and they were denounced by democratic governments as totalitarian and abusers of their people and found abhorrent and yet here we are with our govt trying to turn this country into something far worse than the DDR.....
Next will be a ban on private car ownership, obstensibly to "tackle climate change" and "combat the 'global heating crisis'" (the latter is the latest one I've seen on the BBC, whose reporting gets more shrill by the week......)
In reality its a means to control the movements of the populace, after that will be exit visas (denied if your social credit isn't good enough) then time limits to how long you can be out of the country for and be required to justify it in advance to the government and again be denied if your social credit isn't good enough i.e. if you ask "difficult questions"
-
-
-
Thursday 1st August 2019 23:25 GMT Doctor Syntax
Re: Why the fuss?
You should listen to those who are older and wiser than yourself.
You say that you want banking, for example, to be secure. Presumably you never use online banking, otherwise you'd realise why there shouldn't be back doors in that. It may not be a question for you (and neither for me) of keeping your banking transactions secure from national governments. But what about keeping them secure from criminal access? A back door for one is a back door for anyone else who discovers it and the most effective way of preventing anyone else from discovering it s for it not to be there.
Yes, email has all the privacy of a post card. Does this mean that it's satisfactory? Of course not. Encryption, the equivalent of using an envelope, should have been rolled into it as standard, not as an add-on, years ago. The fact that is hasn't is why we now have things like WhatsApp. What's worse it might well prove too late to get it rolled in; it would certainly meet strong opposition.
-
Friday 2nd August 2019 13:03 GMT Carpet Deal 'em
Re: Why the fuss?
I can't recall ever, in my 60+ years, ever needing to send something that I would be worried about it being read by the national authorities.
You don't realize the number of things you can get in trouble for sending or obtaining even in first world countries, do you? On a more harmless level, you have things like Australia's ban on women smaller than C-cup in... certain kinds of films(no matter how clear their age). I'm not quite sure of the legalities of digitally importing such material from abroad, but quite a few countries that ban the seemingly innocuous will throw you in the clink if they find out you've done so.
-
-
Thursday 1st August 2019 13:05 GMT tiggity
Meanwhile
Jane Terrorist uses stego to split a message across several images.
These images are used in (take your pick, some examples below)
posts to a certain facebook, twitter, reddit etc "thread"
some of the pictures used to advertise an item for sale on fleabay etc.
etc, etc, etc.
Jon Terrorists knows what mechanism is used for hosting the images and they end up in his browser cache (along with lots of other stuff from ebay or whatever for plausible deniability) and the message can be extracted.
Amount of hassle Jane & Jon face from backdoors? Zero (let us assume their stego product is not (deliberately) backdoored as using their own terrorist group software)
There are plenty of ways to hide messages amongst internet "background" with no need for end to end encryption (or stego e.g. Jane posts with a different "life affirming" / "vomit inducing" (POV dependent) quote each time, Jon has committed to memory the list of "message" quotes and knows what each translates to
.. obviously old skool message passing needs no internet element whatsoever as existed long before the web.
Broken encryption wont cause any hassle to the proper "bad guys", it will just screw the privacy of the general public.
-
Thursday 1st August 2019 20:10 GMT Anonymous Coward
Imagine there were people who wished to establish a strong centralised government and roll back all those unpleasant social changes since the 1960s in order to re-establish a real England in which everyone knew their place (including those who foolishly think the UK is not England).
That is not an easy sell to the majority of people when they're relatively comfortable, so you need to change that by, say, introducing economic & social troubles - the more the merrier provided you are not affected yourself (e.g. money stashed abroad) and that the hoi polloi dont get out of control (i.e. must be able to know what they are saying & doing).
I know, ridiculous idea.
-
Friday 2nd August 2019 12:18 GMT FuzzyWuzzys
It's still a mostly free country...
...and she has a perfect to be bloody stupid!
It sounds like a perfectly valid reason for some ne'er do well to hack her personal comms and publish everything to all an sundry as a fine example of what will happen.
The thing is, these idiots say they want no encryption but what they don't realise is that the average person has a duller life than dishwater, so no one cares about what they talk about. The crims will simply hire someone to build them a phone app with encryption. That leaves those in charge who have a ton of dirty secrets they don't wany published and so they're the ones who will have their dirty laundry aired.
So have it is what I say, the sooner these prats have their personal dirty little lives splashed all over the tabloids, the quicker they'll belt up about removing encryption and let the rest of us have it back so we can send dirty love notes to our partners.
-
Friday 2nd August 2019 22:28 GMT Jonathan Richards 1
Different wording
> wording differs in many respects from what appears to be the agreed ministerial version.
Hmm. The gov.uk document that the article references is 404. A search yields this document with an identical title, but a comparison shows that it has almost no text in common with the document that El Reg has archived. It appears more as if the archive is the Communiqué, and the government upload is the 'Action Minutes'.
If there's a policy difference between the two, I'm not sure which would have precedence.
-
Monday 5th August 2019 10:41 GMT Anonymous Coward
Many years ago a chap whose name I cannot remember (I think he was with Sun systems) told us that, privacy is over. Deal with it or something along those lines.
I agree with him. I could not care less if I am being tracked. What is the point of worrying about it? It is going to happen no matter what. Why not just deal with it? I could not care less if ghcq/nsa/whoever is tracking me.They must be bored stupid with my browsing. I wish they would track me more positively and send me more relevant adverts.
No script, ad blockers? You do realise that by using that shit you are setting yourself up for special attention to break your and others' "protection".
AND YOU STILL GET ADVERTS
Cheers… Ishy
-
Friday 3rd January 2020 18:05 GMT Forclaz20
Building on last year’s commitment to establish a mechanism to share approaches to combating foreign interference —being the coercive, deceptive,and clandestine activities of foreign governments, actors, and their proxies, to sow discord, manipulate public discourse, bias the development of policy, or disrupt markets for the purpose of undermining our nations and our allies—our countries have shared strategies that protect our electoral institutions and democratic processes from foreign interference and other hostile state activity. Eh??? Wtf??
We commit to maintaining these efforts, and will continue our collaboration to combat foreign interference in other areas such as the economy and academia.???
Are they smoking wacky backy?
It is academia, its called >> Maki! Isreali - Communism and the isreali communist party, with it's underwater wiretap that is used primarily by the central party banks ie: workers party bank to transfer its money and financials for the larger economy of the entire world and at the same time bring everybody in academia into the fold of the idea of sharing your idea's so that others may improve upon them, thats the whole point! You can outlaw encryption till you turn blue in the face, it's the general public and the workers, that will sit there giving you the finger!
It's like listening to Trump going I did it for the people, he means he got caught out lying to hundreds of people and eluding taxes, thats his problem... Dont make it yours!
The Stasi was the “sword and shield of the party,” as its motto had it, and was widely hated for its frightening control over people’s lives. Everyone knew, or at least thought, that the Stasi was spying on ordinary East Germans all the time, and that they had to constantly be on their guard about what they could say and where. To many people, the secret police were the essence of Communist rule.
Surveillance Communism could lead to real prisons but mostly instilled fears about stepping over a party-defined line. Surveillance capitalism, far more overtly intrusive, makes our online activities a source of data that private firms harvest for their profit whilst we have to sit here and listen to party members proclaiming "I'm a capitalist" E. Schmidt.
Self-surveillance, finally, transforms our daily activities into a source of data that we train on ourselves and then turn on you! So suck it up!
Your not getting any magic keys unless you'd like to glow in the dark!