Nope nope nope.
Nope nope nope nope nope nope nope nope nope.
The nations of the Five Eyes security alliance – Australia, Canada, New Zealand, the USA and the UK – plus Japan and India, have called on technology companies to design their products so they offer access to encrypted messages and content. A joint “International Statement” issued on Sunday frames the issue as a matter of …
> They will never learn
What is there to learn? Like all rulers since the dawn of civilization, they are afraid of the unruly masses, and want to keep tabs on them.
The fact Backdoors are useless or even counterproductive against criminals is irrelevant, that's not why they're here. They allow the governments to sleep better at night, and thus are perfectly doing the job they were meant to do.
Note the tearful "somebody please think of the children!" argument, a clear sign they have no real arguments to back up their project.
They really will never learn.
My point is that they HAVE learned, and the result of their "learning" is far more sinister than anyone wants to admit. They ignore facts, focus on FEEL, and the media helps them.
And they know DAMN WELL what the truth is, and blatantly LIE about it ANYWAY.
Legislating against mathematics is fruitless.
Not when you a) manipulate with *FEEL* in every election, b) have willing accomplices in the vast majority of the news media, and c) rely on your electorate being a bunch of "Sheeple".
(sadly, unfortunately, with deep regret)
icon, because, 'for the children" was mentioned early on in the article as a primary reason for justifying this, but we know what *THEY* _REALLY_ want: POWER. It's _ALWAYS_ about POWER. And to do that, they MUST "dis-empower" US.
Even if what they wanted could work without compromising security, will they have to ban every app that promises end to end encryption? Will they ban websites that offer such encrypted communication outside of apps? How would they stop terrorists from sharing keys when they were together and encrypting ordinary emails before sending?
The cat left the bag decades ago, what they want they cannot get even if they were able to force Apple, Google, Microsoft, Facebook etc. to comply.
It would simply cause new comms tools to be developed that are simply off the radar.
Easily done. Remember how PGP emerged? IDEA? OpenSSL? And the STUPID attempts by gummints to limit "strong encryption" exports. The defense: it went OPEN SOURCE.
Too many other examples of outright REBELLION against government control over encryption happened back in the 90's, and some bad fallout (Korean government requiring an ActiveX component fror online banking as one example). Just remember PGP, IDEA, OpenSSL, and those PGP T shirts... (when shipping the binary compiled code was "illegal", but putting the math behind it on a T shirt was NOT)
"It would simply cause new comms tools to be developed that are simply off the radar."
There could be some small island nations that couldn't give a rat's backside about what other nations legislate and apps can be available from "there". It might be big business or at least a steady income.
Never heard of steganography?
See also: Chaffing and winnowing.
Yes the source code was printed (or may have been photocopied from a book, I can't recall). Which was legal to export. It was then OCR'd and I was one of the many volunteers who proofread the OCR'd files against the printout and corrected where necessary. Let me just point out that back in the day OCR was awful.. Anyway, the end result was a legal copy of PGP.
Sure, it will never work but there is an easy fix - simply drop the national and international Internet access speed to 1200 baud. Remember those days? There was virtually zero hacking attacks, spam, QAnon, and pornography was just something that you bought at the newsagents.
I'm sure I'll get downvoted for this idea, but most people are OK with speed limits on the road so why not the Internet too? Or should we just raise the motorway speed limit to 700mph?
"[...] and pornography was just something [...]"
...that took longer to download in more compact files. Remember various messaging boards that preceded the web? They also facilitated the use of the postal services to distribute hard copy.
Spam, trolls, and "flooding" attacks were also known in those days. That's why usenet type groups eventually became no longer viable as discussion fora.
Well geez if you're going to postulate that they'd drop the speed of connections so low that you couldn't use encryption, why allow internet access across international borders at all? Just cut all those submarine cables and tell people they can only use the sites inside the country.
That's what they're talking about here. If you're waiting for peer to peer encrypted messaging to get a "boost" you're about a decade late, or whenever it was that iMessage was introduced which has been peer to peer encrypted from day one.
I believe Whatsapp and Skype are as well, and while nobody can keep up with how quickly Google launches and then kills messaging platforms, I assume whatever their messaging platform of the month is that it is peer to peer encrypted as well.
And you know what happens when you assume….
Considering that in both Google's Hangouts & Skype, you can see the messages on multiple devices, and even in alternative clients such as Purple/Pidgin, there's almost no way it could be E2E/P2P encrypted. The only way that might be feasible is if the key is based on your password or other personal information shared amongst the clients, and never renegotiated, and while I'm no expert in this area, that seems like it would be pretty weak already.
So, while we're backdooring encryption in accordance with these "concerns", we should also be backdooring all your military encryption products, right?
After all, military officers are perfectly capable of breaking the law and accessing child exploitation material too (not to mention the whole "war crimes" category of bad-person-actions that don't tend to be available to civilians). It would be awful to create a situation where the best thing for a pedo to do is join the military so that he can access un-backdoored-encryption, because please, won't somebody think of the children...right?
So the obvious solution is to also backdoor all five-eyes military encryption, right?
You say it can be done without compromising cyber security, so you should have no problem with that...
Betcha Ghislaine Maxwell gets a pardon from Trump. Kyle Rittenhouse too. Those 13 terrorists that tried to kidnap Governor Gretchen Whitmer and kill police, blow up bridges etc.? Pardon x 13.
The usual excuses for surveillance, "think of the children" and "protect against terrorists" are mighty weak right now where the man in charge kidnaps kids from their parents at the border in open defiance of a court ruling, and the domestic terrorists are just following his tweets and his rants on Fox News.
Who said this? a) A potential domestic terrorist, or b) a Trump appointee, or c) a Putin henchman?
"And when Donald Trump refuses to stand down at the inauguration, the shooting will begin...The drills that you've seen are nothing. "If you carry guns, buy ammunition, ladies and gentlemen, because it's going to be hard to get."
a) b) AND c), the guy is all three.
" Caputo moved to Russia in 1994, ...He worked for Gazprom Media in 2000 where he worked on improving the image of Vladimir Putin in the U.S."
Would Barr allow this guys encrypted comms to be intercepted as a potential domestic terrorist? Even if his comms is to Barr's boss Trump? What if its encrypted comms to his old boss Putin?
Trump can't refuse to stand down at the end of his term. The president's term ends at the end of the president's term regardless of what the president wants or does. A US president does not stand down at the end of his term, his term ends and he ceases to be president with no interaction on his part at all.
So you don't like Kyle Rittenhouse ? Why, because he defended himself against at least 3 grown men who were also armed with items designed to hurt him or others? Go back and watch the video. Yes, he shouldn't have been there, but then again the police were there and NOT doing their job of stopping the rioters (and assaulters, etc.)
Some opinions and calls for prosecution in some instances which are secured against wilful and wanton persecution and thought reasonably safe against crazy misinterpretation may be clearly demented, and the result of a debilitating neurological disease, rather than simply flirting around in the company of evil. To imagine there being no backdoor access to all encrypted systems, both elite and common, politically correct and incorrect, in favour of a remotely decided subjective limited access to a select few which are threatening just a relatively small number of status quo stabilities, is always going to struggle to be thought wise and perfectly acceptable rather than exposed as being liable and immediately an object subjected to rampant abuse and self-serving criminal and ethical misuse. ...... for such is the obscene nature of the beast concocting the scene.
And such prosecutions and persecutions with demented solutions are not confined to encrypted services. Plain common free speech in the questions one asks, and in the answers in replies from others way beyond one's command and control, are also targets for pernicious attack in a mad manic and panic endemic world, and here be a current, present 0day sub-prime example of that particular abomination? ........ Lord Advocate Launches War on Twitter
All your thoughts belong to us ‽ ...... In your wet dreams maybe, but in any real world situation, no way, Jose. Capiche, Kemo Sabe?
Government through legislation can at best mandate open social media platforms to share their private keys for all users.
But terrorists do not hangout on WhatsApp, Facebook, WeChat to discuss their world domination plans. If they do, they have already proved their idiocy and they may not be as big a threat.
An avg IT dev (myself) may take less than a week to write a private app which can ensure end to end encryption and this is what any terrorist (who has any wits) will do. Sure the keys have to be shared across the two ends but there are n number of ways to do that out of band (without necessarily using Internet).
So the biggest purpose this legislation solves is to ensure that public dissent is caught early on. People make use of social media platform to connect to fellow citizens to whom they are not directly connected to voice opinions, raise dissents and governments will ensure that such dissent is caught early on and suppressed. Such legislation will become a tool for dictators.
Such legislation will make evil-minds think more about having a cyber-security cell within their outfits. In short, <read the title>.
Such legislation will make evil-minds think more about having a cyber-security cell within their outfits. In short, <read the title>. ..... rjed
Quite so, rjed, have an upvote for that informative post ...... however, nevertheless, such legislation will make greater powered minds think about having evil cyber-security cells within their outfits. In order to both attract and short circuit such dodgy virtual operations. It is only natural and therefore fully to be expected and accepted.
And the fact that so many may call such a situation, absolute nonsense, simply and clearly confirms the title premise and the notion that all are infinitely vulnerable to a greater power with greater powers ‽ .
The amanfromMars AI is being improved, now it makes sense and hands out upvotes. A few years from now The Register's parent company will hire it to write articles and lay off their writers. Judging by the articles I see elsewhere, some other sites may have already done so!
Good comment @rjed and, it should be pointed out that in full E2E only the public keys get shared.
If you wanted to make it really secure you would password or PIN protect the app in such a way that credential failure would wipe the message store and alert the rest of the crew that you have been compromised.
Just sayin, theoretically.
"""If you wanted to make it really secure you would password or PIN protect the app in such a way that credential failure would wipe the message store and alert the rest of the crew that you have been compromised."""
Thats another great idea - much like SSL cert revocation - before SSL was compromised.
Quote: "....terrorists do not hangout on WhatsApp, Facebook...."
But even if they do, they can still use private ciphers. Even if they use the comments area in El Reg to pass messages, the spooks have the same problem. Namely, anyone using a private cipher BEFORE the message enters the channel gets real-time messaging. The spooks on the other hand may have to wait a while, maybe a long while, maybe never to find out what is being said. (See Beale Papers for an example of two message secure for over a century.)
So here's the procedure:
A) Encrypt message with private cipher
B) Avoid locations using CCTV
C) If using a burner phone, make sure that your "honest citizen" phone is switched off or located far away
D) Send the message using a hijacked WiFi access point (or an internet cafe, or a VPN, or a burner phone, or El Reg)
Result: Spooks using the legally mandated backdoor in an end-to-end encrypted public service get:
E) To examine the private cipher message.....
F) ....which came from an IP address which has either no personal identity, or the identity of the wrong person or business
P.S. Like the Beale Papers example, this is a book cipher example. I know, I know....book ciphers are crap. But they might just be good enough to get the job done!
I know this is old hat but you don't really need to share a key, private or otherwise:
1) Alice encrypts her message and sends it to Bob.
2) Bob encrypts Alices's encrypted message and sends it back to Alice.
3) Alice decrypts the doubly-encrypted message and sends it back to Bob.
4) Bob decrypts the message to retrieve the plaintext.
Obviously you would need to involve Charlie and Diane (and possibly Edward and Felicity) to avoid the to obvious back-and-forth between Alice and Bob, but no keys have been exchanged.
And who shall play the role of Madame Defarge, Tricoteuse extraordinaire? .... Anonymous Coward
Are DC [Washington and No 10 Chief Advisor Wizard] in the frame and in the running for that dubious honour, AC? :-) Who else do you think would contemplate and deserve such a booby prize and do it justice?
That's from US DOJ, aka Bill Barr's office. He's compromised already. It's no real surprise he's pushing to compromise allied security too. I assume you're smart enough not to do something so fucking stupid as to backdoor all your tech! Even if you have to sign on to that stupidity publicly?
I see Trump is withdrawing troops from Afghanistan, as predicted. Putin gets control of the TAPI pipeline. You'll see Trump drop US sanction against Russia soon too. Regardless of laws, both he and them will act as if the sanctions don't exist and Barr will stop enforcing them as if an executive order is law, same as they did with the Russian nuke treaty.
Look over at Africa's oil reserves, those will be the next targets. "Petro-Ruble" is the obvious end game here. Control enough of the worlds oil reserves that prices can be negotiated in Rubles rather than dollars. Putin's already got an army in Libya while you were distracted by his Orange puppet, and I expect if Trump wins, he'll withdraw US troops from African bases as Putin allies are ready to take over each base. Starting with Libya.
Watch for early "Libya" mentions in Trump's rhetoric, signalling the game.
Yep, July 6th, I correct called that Trump would pull the troops from Afghanistan. It was the backdoors in the EARN Act that Barr and McConnell were pushing, I pointed out the obvious pattern they were following was the same one they (Putin and Trump) tried to run in Syria, but the attack on the US base failed.
Trump has just said he will withdraw all US troops from Afghanistan before December, taking the Pentagon by surprise. Yet it did not surprise me, because its so obvious what the pair of them are up to. Why do you think he suddenly needs to withdraw troops before December! Because he fears he might lose.
If you backdoor tech, then Trump will sell your backdoors to his Russian backers and Bill Barr here will help. Even if Trump loses, there will always be a next time, another Trump, another quid-pro-quo.
My comment from this article 3 months ago:
"Leaked to the bad guys?
"They ARE the bad guys.
"This is a Republican thing, like the "Barr can snoop on any Americans internet without a warrant amendment", its pushed in the Senate by Mitch McConnell. These backdoors won't be leaked to the bad guys, THEY are the bad guys!
"They're the ones committing the big crimes. Example: look at Putin's bounty on US troops, It's the same thing as Syria, send US troops back in body bags, Trump does a photo op with the body bags, pretends to have empathy, withdraws the troops from Afghanistan, and Putin takes over those bases. The body bags are supposed to be Trump's excuse. *Big* crimes.
"Do you think they would do that if there was any chance they would be out of power next year? Do you think they'd tolerate all these back doors and US surveillance laws wielded by a Democrat? Obviously no!"
Warrants to obtain details of everyone who uses particular Google search terms already exist in the wild. From here it does not take a huge quantum leap in legal thinking to include WhatsApp and such in this tender embrace, extend applicability to "issues of public safety" such as, say, conspiracy to co-ordinate an anti-lockdown protest or to spend a night together with a member of a different household (coming up with other illustrative examples is left as an exercise to the reader), and thus extinguish free and unfettered exchange of thoughts and ideas and information and feelings by ordinary people who won't rely on "end-to-end encryption" (that will still be marketed, no doubt, the details buried on page 3672 of T&C) anymore. Before long, any meaningful communication will be limited to parties trusted not to share it with others, while huddled together in a kitchen with running water, not unlike the USSR/GDR/DPRK/PRC/Other...
A giant leap for mankind towards a much more governable population...
Warrants to obtain details of everyone who uses particular Google search terms already exist in the wild
Ok, what are those terms, and just how hard would it be to publish that list so that nobody uses them, except for people (possibly like me) who do it in a bash script in the backgtround to make those requests several hundred times per day, in protest, via the Tor network... thus filling their database with SO much crap it becomes WORTHLESS.
It's a fair bet that for an individual, the amount of bandwidth this would generate would be small. If a few THOUSAND people do this, it might become large enough to make such "search term" investigations IMPOSSIBLE. It really would not take very much to frustrate them into silence.
It also makes you wonder how the specific search terms were figured out... any MASS SURVEYLANCE involved in that process?
@bob: what are those terms
Here is a recent example: https://www.cnet.com/news/google-is-giving-data-to-police-based-on-search-keywords-court-docs-show/. Never mind that this particular case was related to a specific investigation - the point is that warrants on search terms are perfectly fine now.
Note that the warrant itself is still sealed. So, good luck with figuring out what keywords may be targeted in my (hopefully still hypothetical) scenario. And suppose you have figured the keywords out, so that
nobody uses them, except for people (possibly like me) who do it in a bash script in the backgtround
Mission accomplished then, eh?
Problem is that trust is gone, and not only in digital world, but everywhere. Sadly, I no longer trust any public institutions or businesses that they act in MY best interest. I absolutely trust they act in THEIR best interest, and if something goes wrong, it's ME who's the casualty / collateral damage. The only thing that keeps me in the "system" is that I have no choice (other than going off grid or ending my life).
So, do I trust the businesses that their encryption is designed so that it really protects me from 3rd parties' access, and they don't abuse their power to gain access themselves, or sell it to someone, or screw is so that someone gains this access? Or do I trust "trusted 3rd parties", which is, basically, government agencies that they really use their "privileged" access only for legal and genuine purposes, when those very agencies define and shift those legal and genuine purposes - as fits their current goals?
Not even THEIR best interest - just what they conceive as being most convenient at that moment. History is full of "powers that be" ignoring warnings because acting on them would require thinking (Space Shuttle booster rings being sensitive to cold being a prime example).
As for trusting governments - well if you do then I have a nice bridge to sell you - it is called Brooklyn !!!
Icon for what should happen to the promoters of these anti-encryption ideas. ======>
Think of the slimes such as US AttyGen Barr, or WH Operatives such as Steve Miller, and in the past Bannon, and of course the stable genius Orange Monkey currently known as "US President"... Would you trust them or their delegates and appointees? I'd rather perform a self-root-canal...
This is an idea that deserves to be ground to dust, then sent on a rocket to a sun in another galaxy. Yikes!
And you think that Eric Holder & Janet Reno were any better?
The US DOJ has been pushing this garbage in every administration since the original Clipper initiative under Clinton.
Make this a partisan issue, and you are guaranteed to lose at some point. Security is way too big of an issue for that.
Do they know something about prime number mathematics that the rest of the world doesn't?
Depends on whom you ask. If you as the Stable Orange'utan, I'm sure he will tell you he does.
But then, everything he says is a lie, so bring a salt shaker to the conversation.
Most Mps have switched to Signal.I can't find the article, but it was published on the Beeb website.
As have Euro Mps. I did find this article.
When I switched to Signal, the hardest part of doing so was getting all my friends to do the same. I had to resort to telling them I had deleted Whatsapp. Somewhat surprisingly, it mostly worked
"access to content in a readable and usable format... subject to strong safeguards and oversight"
Which it won't be. Every Tom, Dick and Sally at your local council will be able to read all your messages whenever they feel like it because they don't like your face. Like other similar UK gov legislation.
"Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;"
Does this mean anything at all, other than "Wave a magic wand"?
Like everything, this is prob not an easy discussion.
Before internet, a large part of crime stopping was based on phone tapping, intercepting SMS messages, intercepting all kinds of communications before tech existed.
So it is understandable law enforcement wants / needs 'a way in' to be (more) succesful in their job.
Of those five+ nations the democratic elected governments already have the right to access homes, tap phones, etc for 50+ years.
All telco providers by law are required to provide ability to tap phones when a legal warrant is presented.
So I would say, the governments are prob fully in their legal rights to compel companies to provide access to comms of their users.
Problem is of course that this is no longer a local telco providing access to its local government.
The issue now is that any gov, whether you and I consider it good or evil, is making a claim to a company not under its laws to force it to do something that might result in something not legal where that company is based (e.g. arresting annoying journalist).
Hence the Apples of this world are blocking US gov, because if they allow access to one, they have to allow access to all.
Before internet, a large part of crime stopping was based on phone tapping, intercepting SMS messages, intercepting all kinds of communications before tech existed.
Yeah, and there were always ways around those measures.
So it is understandable law enforcement wants / needs 'a way in' to be (more) succesful in their job.
No, it's not. Law enforcement has had more effective ways of stopping bad guys for like a century now. Any bad guy who is an actual threat can just encrypt everything with an uncompromised cypher, making this idea entirely useless for its stated purpose.
You're falling into their trap, where they make you think what they say they want is somehow reasonable, useful, or indeed possible. The truth is that it's all just bullshit. It's not about stopping crime or saving the children, that's just the lie you've swallowed. They want mass surveillance, and widespread encryption makes that hard.
I could explain it to you in great detail, but I don't have the patience. Instead, you should do 5 minutes research on the topic.
Except, the Governments haven't had the access they are asking for for that long. Phone Lines used to be analogue, to tap a line you needed to tap that line, and get someone to listen to the call in real time, or record it and play it back. Text was by post, and you needed to intercept the individual letters, and read them. The process of "intelligence" gathering was personnel intensive, and expensive. This led to it's use being targeted by necessity. As more and more communication became digital it became easier to gather vast amounts of communications data without really having to commit personnel to reviewing it. This made the "intelligence" gathering cheap and easy. The "intelligence" processing however was still expensive and personnel intensive, but as long as they have the "intelligence" they can do that processing at their leisure. This has only really been the case with the internet, and only then with the increase in the popularity and utility of the internet. It is a myth that these agencies are only asking to maintain capabilities that they have always had, they haven't. It is also a myth that they would only use these capabilities in responsible ways, unfortunately for them that myth was blown wide open by Snowden, and other whistle blowers. These agencies are adicted to gathering ALL the information they can, but are unable to point to any substantive reasons why them having voyeuristic access to the entire world's communications is of any value to them. Let them do the hard work of actually doing targeted intelligence gathering again. That actually works.
Governments don't have a right to what you have shared, lxndr, however they may very well have a fervent all-consuming desire. The one is completely different from the other.
It is no more complicated than that, no matter how much is said and spun to try and deny it is so. And such is invariably self-serving and primarily designed to try and hide from general view and common knowledge, unsavoury government tolerated or sanctioned shenanigans which they would persecute and prosecute as being abhorrent and criminal whenever copied and performed by others no matter where.
The knowledge of the veracity of those simple facts is the deadly phantom enemy that they do vain battle against, jousting as they continually do against the windmills in their mind and the honest soul who would ask them about the validity of such facts as they would desire to be a fantastic fiction they could easily deny and disprove ....... without drawing any further inquisitive attention to any of their attempts at covering up their discovered actions and guilty proactivity.
However, once the horse is bolted, locking the stable door is no answer. One just needs to accept and prepare for the loss and take the hit and stop digging down deeper into one's own burial pit. Hopefully it leaves one wiser but ..... as Einstein is reputed to have said ....... “Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.” ...... and he knew quite a lot about some really weird things, didn't he, and is even to this very day universally feted for them, by all accounts.
Before internet, a large part of crime stopping was based on
phone tapping, intercepting SMS messages, intercepting all kinds of communications coppers wearing out shoe leather before tech existed.
You are buying into the completely fictitious "going dark" story. In fact, law enforcement have never had it so good! They have managed to reduce budgets and cut police numbers because IT has given them massive efficiencies -- they have more data than they know what to do with. In the old days, to find out what crims were saying they had to infiltrate people into gangs (extremely dangerous) or bribe or blackmail other crims to report the conversations they heard. Now they just have to access some emails or messages (almost always on the end devices rather than in transit anyway).
What they want is not to catch criminals -- that is just the story for the public -- what they want is to set up a police state that tracks and monitors everyone. The ordinary policemen and women think, like the public, that this is to reduce lawlessness but the real reason is social control is so much easier in a police state where being "different" is a crime in itself.
"they have more data than they know what to do with."
That's one of the problems. You have to figure out what is really data and what is noise or wind up chasing your own tail. Just like if forensics hoovers up every spec of dust at a crime scene and empties the bag on a table at the lab. What's evidence and what's rubbish? Somebody good at the scene would look at things in situ and only tweezer the things that might be relevant.
... someone in 'authority' comes up with the 'brilliant' idea of making developers and vendors of communications products put a 'Government agency' only available 'backdoor' into their products so that the 'good guys' can get access to the 'bad guys' communications. A few years ago it was the (now former) head of the FBI, Mr. Comey. Decades ago, it was HMG asking for all PKI public and secret keys used by commercial organisations to be escrowed to a government approved company (I read their paper twice, clearly written by people from near Gloucester).
The mathematicians and cryptographers complain that you cannot legislate so that only the 'good guys' can use the backdoor, and the implementers complain that it is really difficult to sell a product which is known to be insecure. The 'government authorities' bring out the arguments of terrorists and paedophiles communicating securely on the 'dark web' and protecting the children. The Human Rights activists talk about freedom of speech in oppressive regimes.
Nobody (or not that I have noticed) acknowledges that cryptography is what evolutionary biologists call an arms race. Public key cryptography changed the rules and environment of communications and security, and gave people a whole new toolkit to do wonderful things, like digital signatures and secure communications over insecure channels. When a new invention arrives and is powerful it changes the power balance in society, and legislation will only protect the innocent from the law-abiding.
Sometimes, as we mathematicians understand, there is no solution to the problem.
I suggest (rather facetiously) that we tell the 'powers that be' that 'quantum computing will solve all their problems in this area, they just need to wait a few years for it to get running properly. Either that or insist that Huawei tell us ow they do it...
I'll get my coat, its the one with the tin-foil hat in the pocket.
They do not need these back doors! They need to use good old fashioned police work. The Mafia in America was notorious for not using telephones, everything was communicated "in person" even of that mean someone had to drive across town to get that done. How did we take down the mob? By infiltrating these organization. We can do the same with child molesters and terrorists.
I concur, and couldn't have said it any better or clearer myself, Eclectic Man. Bravo, Sir or Madam. A toast to your good health, ... Cheers.
:-) How quickly do you think they will listen and see its great common sense? Before or after they are crushed in every inevitable crash?
?? A Political Party ?? - All Political Parties would be more correct - neither of the two main US political parties has even the slightest shred of decency or honesty. From both the complaints are of the form "you should not be doing this to us - it should be us doing it to you" !!!!
My opinion of politicians ==============>
The Mafia is effective and has a sense of honor.
Politicians on either side? Not relevant. The highest bidder will be, per usual, dictating the government's actions. The government office holders have the simple job of generating controversy to take the limelight off these machinations.
It's surprisingly effective, and not new at all.
Do these muppets actually read what they write? You can't have a secure system if a backdoor exists, even if they keys to are held in the most secure place on earth, nothing is 100% guaranteed and when it all goes wrong (as it regularly does), everybody involved, governments and companies have big get out of jail clauses and Joe Public foots the bill and takes the hit ! I have two safe and secure encrypted letters for 5 eyes and friends, its U.F !
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
ALL the nations making this declarations are signatories to the UDHR, and all tend to ignore Articles 11 and 12
"So if this becomes law then every politicians cell phone, email, and bank account is accessible?"
Well, in the US, the spooks got caught snooping on the Government oversight committee. High level government employees bypass official security protocols to avoid scrutiny of their actions which then gets hacked by foreign countries. Etc, ad nauseum.
Any individual can easily encrypt data using technology available today that if intercepted, in transit while encrypted, can NEVER be decrypted with all the quantum computing power that will ever be created and all the traditional computing power that will ever be created.
I am not going to describe how, SO DON'T ASK, but it is trivial and does not require an Einstein level of genius to implement.
So if the Eyes idea is implemented it serves no purpose, other than mass surveillance. It is easily bypassed by anyone with a basic knowledge of cryptography.
I suspect the AC is referring to one-time pads. In which case he/she is actually right, though the usual limitations of one-time pads in practice apply. (If I were up against a nation-state adversary and my life depended on it, I'd probably use them in any situation I could, along with steganography. And I'd probably post some random bytes here and there in hopes that the various "national security" organizations would waste computer cycles on them, rather than on my actual communications.)
I like the idea of agreeing a particular edition of a common physical book. Then each word is referred to by an obfuscated page, paragraph, line, word position. Each time you use the same word it is a different one in the book. You can even go down to individual characters for words that otherwise are not available.
If you have several books then you agree a word that can occur many times in all the books. The position code for one of those instances in a book indicates which book the rest of the message uses.
One problem with that is that most books and magazines have been scanned, by google, so not as useful as it used to be. It can rapidly be brute forced.
Pre distributed of random key material is the way to go these days, a thumbnail sized microSD card can hold hold a terabyte of random numbers from something similar to say a radioactive source.
Time to crack encryption: "never" as long as both copies of the key material is destroyed after one use.
"a thumbnail sized microSD card can hold hold a terabyte of random numbers"
I expect that the spooks have even smaller devices, but a commercial MicroSD with data that looks like noise from a secure delete program is easier to miss by security. They can be hidden on a person or embedded in so many things that somebody searching would have to know there was something to find.
I've thought of using those to make US border crossings less dangerous. I would be able to offload my data from phones/laptops if needed. I used to do a lot more news photography and getting images back from some places might take some creative thinking. I never had the problem but a couple of colleagues that liked to do those sorts of assignments were good at getting photos to the editor even if all of their gear was impounded somewhere.
The Cardinal Richelieu attributed quote means that the more innocent you are - the more you are suspected of being "guilty - but very clever. We'll get them next time".
I was once told that a previous manager believed my totally honest expense claims to be covering some fraud he couldn't figure. Not that he was concerned with saving the company's money. He wanted "the system" for his own use - to go with his purported appropriation of a namesake's university qualification.
They conflate the issues when they put crime (enforcement) and national security (intelligence) together. Tools, techniques and methods of each are very different. As are intentions.
A willfully exploitable encryption backdoor plus a planet-wide permanent "search warrant" yields failures of reliability, of compliance, of oversight, of trust. In everything. Everything.
They know not what they do.
I hope the five eyes force their technology companies to adopt this proposal. Maybe then more people would start to use open source alternatives. Or maybe then European companies would get a boost in their hopeless attempts to compete with giants who have unlimited cash to spend.
Five Eyes nations plus Japan and India
Can fuck right off!
It's not like the 3 letter agencey's don't have enough access .... if they are given the keys to encripted comms it will end badly ....
This is how it starts....
Already a marketing stazi.....
the stupidity... its hurts us my precious..... it hurts us
Given the code for your typical public/private key encoding algorithm is already widely available, how long would it take for a reasonably competent programmer to knock up a bit of code to run the encyrption on say , a message of 500 characters, then decrypt it at the other end, after generating an on the fly key pair for it, and deleting all data on exit.
30 mins maybe? an hour? maybe a day to stick a quick and dirty GUI on the the front, connect to a prearranged server's IP and away you go.
And yet public grade stuff for transmitting bank info/transfers is to have a backdoor in it (if such a thing can be achieved)... and how long do these people think it will be before every major criminal cyber gang will be tearing apart the code to see where the backdoor is...
And in any case for my regular followers
"The eagle flies south in summer... the eagle flies south in summer"
Using the notion of children being sexually exploited must rate as the most cynical exploitation of children ever.
I've always been against the international measures against child porn not because I'm a fan of kiddie porn -- that's obvious -- but because its a wedge used by the cynical to ban a form of information. In addition to the ban an entire international enforcement infrastructure is then created that can invade privacy at will, damn people without adequate proof, essentially condemning them on some unaccountable person's say so. (All with the noblest of intentions, of course.) Once these measures are in place and accepted then they can be applied to other classes of information -- "supporting terrorism", for example. Gradually the screw gets tightened until anything other than approved information becomes banned and the possession and transmission of that information becomes a crime.
Adding backdoors to encrpytion is just part of the process. Fortunately, mathematics is not amenable to political will. However, the mere fact of the use, or even just the possess, of unathorized encription software or even just the information could be taken as proof of guilt. (Back to kiddie porn -- you don't need to actually have to actively solicit the material, just have it found (conveniently) on your computer for you to be guilty.)
I think its going to be a real battle to keep the tech-illiterate and those focused on the next electoral cycle from pushing at least a large part of their damaging encryption-weakening agenda through now, but let's discuss some of their goals.
"Embed the safety of the public in system designs"
Which public would that be? Because yes, there are pedos and terrorists and drug dealers out there right now, using encrypted communications for at least some of their dangerous activities. However, there are also abused or stalked ex-wives and girlfriends who don't want their ex's to find them or spy on their communications. And there are parents, grandparents, uncles, aunts, godparents, brothers and sisters who like the current paradigm where they can share pictures and videos of the young members of their families and have those communications protected by encryption, instead of it being put at risk by pedos who managed to get access to or reverse-engineer some law enforcement backdoor. And there is the part of the public who likes to be the only ones who can see what's happening when they access their online banking, stock trading and medical information. And there is the part of the public who might be involved in international human rights or journalism, or just want to be able to talk to their loved ones who live under oppressive regimes overseas, without the secret police being able to see what they are talking about.
"Enable law enforcement access to content....where an authorisation is lawfully issued"
What constitutes a "lawfully issued" authorization? One where the local sigint agency has made a classified redefinition of existing privacy and due process laws, so that they can surveil large amounts of society without any probable cause? One where the local sigint agency has farmed out it's surveillance to an overseas partner, to avoid any of those annoying clashes with local laws? An authorization that is technically subject to judicial oversight, but where in fact the judiciary refuses to push up against "national security" exceptions or has its own oversight classified so that the public cannot see how many authorizations are being issued, who or how many people are covered by those authorizations, how long those authorizations will be in force and what constitutes the basis for approval or disapproval of a request for an authorization?
"Engage in consultation with governments and other stakeholders to...genuinely influences design decisions."
So you want tech companies to be the turkeys voting for Thanksgiving. And when Facebook or some major ISP or device manufacturer engages in this consultation and has their design decisions "genuinely influenced", one of two things are going to happen. Either the fact that tech company X has caved to adding a backdoor is going to go public, and people are going to start moving to other, more secure offerings from other companies outside of the "Five Eyes & Friends" jurisdictions. Or the fact that tech company X has caved will be kept classified, and thousands/millions/hundreds of millions of technology users, many of them operating secure systems to protect the data of the companies and organizations they work for, will be walking around with unknown and unpatchable information security risks in their pockets, on their computers and in their datacenters.
Go to Hell, Five Eyes & Friends...
the Chinese, Russians and even the DPRK have little difficulty in penetrating high security Western defence computer networks, or those networks used for US elections or electrical grid systems.
Perhaps the vaunted Western security agencies should hit the books, not the manufacturers, for assistance.
The simplest interpretation is that this is a step towards requiring companies to hold the keys and records of encrypted conversation.
Needless to say, those keys and records will have value not just to domestic policing agencies (scary enough) but also to a wide range of
foreign and domestic adversaries, competitors, and hackers. As sure as water flows downhill, those third parties will obtain that valuable information,
and the main victims will be (e.g, US) companies and individuals.
Therefore, it's not even necessary to go "as far" as discussing right to privacy or any "wet" concept like that.
For example, the US military, being the "largest" or at least most expensive, in the world, also has the largest exposure. Yet -
"The use of the encrypted messaging applications Signal and Wickr by the 82nd Airborne’s Task Force Devil underscores the complexity of security and operations for U.S. forces deployed to war zones where adversaries can exploit American communications systems, cell phones and the electromagnetic spectrum. But it also raises questions as to whether the Department of Defense is scrambling to fill gaps in potential security vulnerabilities for American forces operating overseas by relying on encrypted messaging apps available for anyone to download in the civilian marketplace." [Military Times]
Yes of course the military could throw 10 billion at a bespoke messaging app, but that introduces new risks when it comes to the need for experts to look for potential weaknesses, not to mention more expense. And it still doesn't address the need for secure communications at military contractors, in government agencies, in the banking world, in private companies, and even individual folks.
The motivation is of course domestic political control, which is just a manifestation of the instinct for absolute control of the tribe. A little bit of thinking shows that damages the security of our modern nation as a whole.
Societies have been fighting crime throughout the entirety of human history without governments being able to climb through people's keyholes at the drop of a hat. And it has worked pretty well.
Kind of makes one wonder what it is they're really want, for which they're using this as an excuse.
People who seek the levers of power are often attempting to satisfy their need to be in control of anything that might disturb their blinkered mindset. The more power they get - the more insecure they feel.
An easy way out would be to say :
OK, you develop the mathematical theory and the algorithm to do that. And when mathematicians, security specialists, encryption specialists and developers from all around the world will validate it to be sound and working, we will implement it in our products.
Like this, the burden of doing this impossible task is reverse to them. We know it's impossible and they will never succeed, so no risks for us.