back to article Five Eyes nations plus Japan, India call for Big Tech to bake backdoors into everything

The nations of the Five Eyes security alliance – Australia, Canada, New Zealand, the USA and the UK – plus Japan and India, have called on technology companies to design their products so they offer access to encrypted messages and content. A joint “International Statement” issued on Sunday frames the issue as a matter of …

  1. Anonymous Coward
    Thumb Down

    Nope.

    Nope nope nope.

    Nope nope nope nope nope nope nope nope nope.

    TL;DR: Nope.

    1. BebopWeBop
      Facepalm

      Re: Nope.

      They will never learn. Legislating against mathematics is fruitless.

      1. Wade Burchette Silver badge

        Re: Nope.

        These are politicians and bureaucrats. The chances of them understanding anything about anything is less than my chances of walking on water.

        1. pavel.petrman

          Re: Nope.

          We, the undersigned, declare we haven't got the faintest idea what encryption is...

      2. ThatOne Silver badge

        Re: Nope.

        > They will never learn

        What is there to learn? Like all rulers since the dawn of civilization, they are afraid of the unruly masses, and want to keep tabs on them.

        The fact Backdoors are useless or even counterproductive against criminals is irrelevant, that's not why they're here. They allow the governments to sleep better at night, and thus are perfectly doing the job they were meant to do.

        Note the tearful "somebody please think of the children!" argument, a clear sign they have no real arguments to back up their project.

      3. anothercynic Silver badge

        Re: Nope.

        Awwwww. Complete with 'but think of the children!' argument.

        They really will never learn.

        1. bombastic bob Silver badge
          Childcatcher

          Re: Nope.

          They really will never learn.

          My point is that they HAVE learned, and the result of their "learning" is far more sinister than anyone wants to admit. They ignore facts, focus on FEEL, and the media helps them.

          And they know DAMN WELL what the truth is, and blatantly LIE about it ANYWAY.

          1. RegGuy1 Silver badge

            Re: Nope.

            No -- we are not talking about Brexit. (The cunts have already fucked that up.)

            1. Anonymous Coward
              Anonymous Coward

              Re: Nope.

              @RegGuy1

              Just what, exactly, has Brexit to do with this article?

              Are you perhaps thinking you are on that keyboard coward site H.Y.S?

              Just saying

              Cheers.. Ishy

          2. trindflo

            Re: Nope.

            Don't vote you up often Bob, but you are spot on.

            Question: who set up this game? Corporations, Marketeers, Politicians, or Political "consultants". Or have we chosen our own perdition with our contradictory demands?

      4. bombastic bob Silver badge
        Childcatcher

        Re: Nope.

        Legislating against mathematics is fruitless.

        Not when you a) manipulate with *FEEL* in every election, b) have willing accomplices in the vast majority of the news media, and c) rely on your electorate being a bunch of "Sheeple".

        (sadly, unfortunately, with deep regret)

        icon, because, 'for the children" was mentioned early on in the article as a primary reason for justifying this, but we know what *THEY* _REALLY_ want: POWER. It's _ALWAYS_ about POWER. And to do that, they MUST "dis-empower" US.

      5. HildyJ Silver badge
        Big Brother

        Re: Nope.

        Also, legislating exclusivity (especially on the internet) never works.

        The headline should read "Five Eyes nations plus Japan and India and Russia and China and Iran and North Korea and . . ."

        1. Anonymous Coward
          Anonymous Coward

          @HildyJ - Re: Nope.

          That's the whole point. They're watching how China, Russia, Iran and India are doing it and they want it too. This time it is moral because we're doing it not those oppressive regimes.

      6. Anonymous Coward
        Anonymous Coward

        @BebopWeBop - Re: Nope.

        This will not stop them from trying.

      7. John Sturdy
        WTF?

        Was King Cnut the last leader to have any contact with reality?

        At least he recognized that he couldn't hold the sea back.

    2. Gonzo wizard
      FAIL

      Re: Nope.

      Absolutely. There's no way on earth this can end well. What are they smoking?

      1. Spacedinvader
        Unhappy

        Re: Nope.

        and can I get some. 2020 needs some mighty smoke to deal with!

  2. DS999 Silver badge

    Can never work

    Even if what they wanted could work without compromising security, will they have to ban every app that promises end to end encryption? Will they ban websites that offer such encrypted communication outside of apps? How would they stop terrorists from sharing keys when they were together and encrypting ordinary emails before sending?

    The cat left the bag decades ago, what they want they cannot get even if they were able to force Apple, Google, Microsoft, Facebook etc. to comply.

    1. LDS Silver badge
      Devil

      "How would they stop terrorists from sharing keys"

      Simple: every encrypted communication or storage they can't access will be a crime itself....

      1. Gonzo wizard

        Re: "How would they stop terrorists from sharing keys"

        That's of little import given the level of expertise available to hire. It would simply cause new comms tools to be developed that are simply off the radar. Assuming there aren't any already (I bet there are).

        1. bombastic bob Silver badge
          Black Helicopters

          Re: "How would they stop terrorists from sharing keys"

          It would simply cause new comms tools to be developed that are simply off the radar.

          Easily done. Remember how PGP emerged? IDEA? OpenSSL? And the STUPID attempts by gummints to limit "strong encryption" exports. The defense: it went OPEN SOURCE.

          Too many other examples of outright REBELLION against government control over encryption happened back in the 90's, and some bad fallout (Korean government requiring an ActiveX component fror online banking as one example). Just remember PGP, IDEA, OpenSSL, and those PGP T shirts... (when shipping the binary compiled code was "illegal", but putting the math behind it on a T shirt was NOT)

        2. MachDiamond Silver badge

          Re: "How would they stop terrorists from sharing keys"

          "It would simply cause new comms tools to be developed that are simply off the radar."

          There could be some small island nations that couldn't give a rat's backside about what other nations legislate and apps can be available from "there". It might be big business or at least a steady income.

      2. Allan George Dyer Silver badge
        Coat

        Re: "How would they stop terrorists from sharing keys"

        @LDS - Only if they know about it. Never heard of steganography?

        Mine's the one with 200 hours of cat videos in the pocket.

        1. Arthur the cat Silver badge

          Re: "How would they stop terrorists from sharing keys"

          Never heard of steganography?

          See also: Chaffing and winnowing.

      3. skeptical i
        Angel

        Re: "How would they stop terrorists from sharing keys"

        re: "every encrypted communication or storage they can't access will be a crime itself", may I quote the King of Hearts: "He must have meant some mischief, or he would have signed his name like an honest man."

    2. Warm Braw Silver badge

      Re: Can never work

      what they want they cannot get

      What they want is mass surveillance: they have no interest in "terrorists sharing keys", except as a pretext for getting it.

    3. Pen-y-gors Silver badge

      Re: Can never work

      That worked really well when they tried to ban PGP as being 'weapons grade' software. I believe he published the entire source code of PGP in a hardback book

      1. Arthur the cat Silver badge
        Unhappy

        Re: Can never work

        That worked because of the US 1st Amendment. Most other countries would simply have labelled the subject as classified and prosecuted under their equivalent of the Official Secrets Act.

      2. Down not across Silver badge

        Re: Can never work

        Yes the source code was printed (or may have been photocopied from a book, I can't recall). Which was legal to export. It was then OCR'd and I was one of the many volunteers who proofread the OCR'd files against the printout and corrected where necessary. Let me just point out that back in the day OCR was awful.. Anyway, the end result was a legal copy of PGP.

    4. Version 1.0 Silver badge
      Facepalm

      Re: Can never work

      Sure, it will never work but there is an easy fix - simply drop the national and international Internet access speed to 1200 baud. Remember those days? There was virtually zero hacking attacks, spam, QAnon, and pornography was just something that you bought at the newsagents.

      I'm sure I'll get downvoted for this idea, but most people are OK with speed limits on the road so why not the Internet too? Or should we just raise the motorway speed limit to 700mph?

      1. Arthur the cat Silver badge

        Re: Can never work

        So, no telepresence, no remote medical diagnostics or treatment, no contacting isolated relatives during lock down. no TV/film over the net, no livestreaming authoritarian suppression of free speech, …

        Which side are you on?

      2. Anonymous Coward
        Anonymous Coward

        Re: Can never work

        "[...] and pornography was just something [...]"

        ...that took longer to download in more compact files. Remember various messaging boards that preceded the web? They also facilitated the use of the postal services to distribute hard copy.

        Spam, trolls, and "flooding" attacks were also known in those days. That's why usenet type groups eventually became no longer viable as discussion fora.

        1. terrythetech
          Coat

          Re: Can never work

          ASCII porn - ah, those were the days.

        2. John Brown (no body) Silver badge

          Re: Can never work

          "That's why usenet type groups eventually became no longer viable as discussion fora."

          Wait, what? I missed that memo.

      3. DS999 Silver badge
        FAIL

        Re: Can never work

        Well geez if you're going to postulate that they'd drop the speed of connections so low that you couldn't use encryption, why allow internet access across international borders at all? Just cut all those submarine cables and tell people they can only use the sites inside the country.

    5. Yes Me Silver badge
      Happy

      Re: Can never work

      Yes. This could just be the boost that true peer-to-peer encrypted messaging has been wasiting for.

      1. DS999 Silver badge

        Re: Can never work

        That's what they're talking about here. If you're waiting for peer to peer encrypted messaging to get a "boost" you're about a decade late, or whenever it was that iMessage was introduced which has been peer to peer encrypted from day one.

        I believe Whatsapp and Skype are as well, and while nobody can keep up with how quickly Google launches and then kills messaging platforms, I assume whatever their messaging platform of the month is that it is peer to peer encrypted as well.

        1. KarMann Silver badge
          Boffin

          Re: Can never work

          And you know what happens when you assume….

          Considering that in both Google's Hangouts & Skype, you can see the messages on multiple devices, and even in alternative clients such as Purple/Pidgin, there's almost no way it could be E2E/P2P encrypted. The only way that might be feasible is if the key is based on your password or other personal information shared amongst the clients, and never renegotiated, and while I'm no expert in this area, that seems like it would be pretty weak already.

  3. Anonymous Coward
    Anonymous Coward

    DB7E1DD27CE1AD9B90C2F568B8F92C597A72080B

    We produce encrypted products at 3072 bit RSA. Articles like this make us wonder if we should bump it to 4096... :o)

    1. seven of five Silver badge

      Re: DB7E1DD27CE1AD9B90C2F568B8F92C597A72080B

      Yes. And then double it, just to be sure.

      1. stiine Silver badge

        Re: DB7E1DD27CE1AD9B90C2F568B8F92C597A72080B

        Do know how long it takes to connect to a website and open the home page when you use a 16k client certificate?

        1. cbars

          Re: DB7E1DD27CE1AD9B90C2F568B8F92C597A72080B

          How much of it is javascript?

        2. vapourEyz

          Re: DB7E1DD27CE1AD9B90C2F568B8F92C597A72080B

          We are not connecting web client parties with this tech.

          Its C/C++.

          You are right in that it can take many seconds to gen a key.

  4. Anonymous Coward
    Anonymous Coward

    A thought

    So, while we're backdooring encryption in accordance with these "concerns", we should also be backdooring all your military encryption products, right?

    After all, military officers are perfectly capable of breaking the law and accessing child exploitation material too (not to mention the whole "war crimes" category of bad-person-actions that don't tend to be available to civilians). It would be awful to create a situation where the best thing for a pedo to do is join the military so that he can access un-backdoored-encryption, because please, won't somebody think of the children...right?

    So the obvious solution is to also backdoor all five-eyes military encryption, right?

    You say it can be done without compromising cyber security, so you should have no problem with that...

    ...right?

    1. IGotOut Silver badge

      Re: A thought

      Well, the US doesn't commit war crimes, remember?

      1. jpo234

        Re: A thought

        That was never claimed. The US just refuses to give up jurisdiction.

        1. Aitor 1 Silver badge

          Re: A thought

          The us troops only attack enemy combatants, as they define anyone shot by the us military as such...

    2. Anonymous Coward
      Anonymous Coward

      Re: A thought

      Betcha Ghislaine Maxwell gets a pardon from Trump. Kyle Rittenhouse too. Those 13 terrorists that tried to kidnap Governor Gretchen Whitmer and kill police, blow up bridges etc.? Pardon x 13.

      The usual excuses for surveillance, "think of the children" and "protect against terrorists" are mighty weak right now where the man in charge kidnaps kids from their parents at the border in open defiance of a court ruling, and the domestic terrorists are just following his tweets and his rants on Fox News.

      Who said this? a) A potential domestic terrorist, or b) a Trump appointee, or c) a Putin henchman?

      "And when Donald Trump refuses to stand down at the inauguration, the shooting will begin...The drills that you've seen are nothing. "If you carry guns, buy ammunition, ladies and gentlemen, because it's going to be hard to get."

      a) b) AND c), the guy is all three.

      https://en.wikipedia.org/wiki/Michael_Caputo

      " Caputo moved to Russia in 1994, ...He worked for Gazprom Media in 2000 where he worked on improving the image of Vladimir Putin in the U.S."

      Would Barr allow this guys encrypted comms to be intercepted as a potential domestic terrorist? Even if his comms is to Barr's boss Trump? What if its encrypted comms to his old boss Putin?

      1. fishman

        Re: A thought

        Trump can only pardon someone for federal crimes - they can still be prosecuted for breaking state and local laws.

      2. J.G.Harston Silver badge

        Re: A thought

        Trump can't refuse to stand down at the end of his term. The president's term ends at the end of the president's term regardless of what the president wants or does. A US president does not stand down at the end of his term, his term ends and he ceases to be president with no interaction on his part at all.

      3. Anonymous Coward
        Anonymous Coward

        Re: A thought

        So you don't like Kyle Rittenhouse ? Why, because he defended himself against at least 3 grown men who were also armed with items designed to hurt him or others? Go back and watch the video. Yes, he shouldn't have been there, but then again the police were there and NOT doing their job of stopping the rioters (and assaulters, etc.)

  5. amanfromMars 1 Silver badge

    All for one, one for all ....... if you have nothing to hide?

    Some opinions and calls for prosecution in some instances which are secured against wilful and wanton persecution and thought reasonably safe against crazy misinterpretation may be clearly demented, and the result of a debilitating neurological disease, rather than simply flirting around in the company of evil. To imagine there being no backdoor access to all encrypted systems, both elite and common, politically correct and incorrect, in favour of a remotely decided subjective limited access to a select few which are threatening just a relatively small number of status quo stabilities, is always going to struggle to be thought wise and perfectly acceptable rather than exposed as being liable and immediately an object subjected to rampant abuse and self-serving criminal and ethical misuse. ...... for such is the obscene nature of the beast concocting the scene.

    And such prosecutions and persecutions with demented solutions are not confined to encrypted services. Plain common free speech in the questions one asks, and in the answers in replies from others way beyond one's command and control, are also targets for pernicious attack in a mad manic and panic endemic world, and here be a current, present 0day sub-prime example of that particular abomination? ........ Lord Advocate Launches War on Twitter

    All your thoughts belong to us ‽ ...... In your wet dreams maybe, but in any real world situation, no way, Jose. Capiche, Kemo Sabe?

    1. IGotOut Silver badge

      Re: All for one, one for all ....... if you have nothing to hide?

      I need more drugs...or less...or I don't know..

      But a man from Mars post almost made sense.

      1. My-Handle Silver badge

        Re: All for one, one for all ....... if you have nothing to hide?

        The bot's been reading El Reg comments for training material, stands to reason it would make more sense over time.

        To us, at least.

    2. Maelstorm Bronze badge

      Re: All for one, one for all ....... if you have nothing to hide?

      So this is the infamous bot that everyone has been talking about. Not as funny as the one about Harry Potter and the portrait of what looks like a pile of ash.

  6. rjed

    To use raw power is to make yourself infinitely vulnerable to greater powers -Frank Herbert

    Government through legislation can at best mandate open social media platforms to share their private keys for all users.

    But terrorists do not hangout on WhatsApp, Facebook, WeChat to discuss their world domination plans. If they do, they have already proved their idiocy and they may not be as big a threat.

    An avg IT dev (myself) may take less than a week to write a private app which can ensure end to end encryption and this is what any terrorist (who has any wits) will do. Sure the keys have to be shared across the two ends but there are n number of ways to do that out of band (without necessarily using Internet).

    So the biggest purpose this legislation solves is to ensure that public dissent is caught early on. People make use of social media platform to connect to fellow citizens to whom they are not directly connected to voice opinions, raise dissents and governments will ensure that such dissent is caught early on and suppressed. Such legislation will become a tool for dictators.

    Such legislation will make evil-minds think more about having a cyber-security cell within their outfits. In short, <read the title>.

    1. amanfromMars 1 Silver badge

      Re: To use raw power is to make yourself infinitely vulnerable to greater powers -Frank Herbert

      Such legislation will make evil-minds think more about having a cyber-security cell within their outfits. In short, <read the title>. ..... rjed

      Quite so, rjed, have an upvote for that informative post ...... however, nevertheless, such legislation will make greater powered minds think about having evil cyber-security cells within their outfits. In order to both attract and short circuit such dodgy virtual operations. It is only natural and therefore fully to be expected and accepted.

      And the fact that so many may call such a situation, absolute nonsense, simply and clearly confirms the title premise and the notion that all are infinitely vulnerable to a greater power with greater powers ‽ .

      1. Lyndon Hills 1

        Re: To use raw power is to make yourself infinitely vulnerable to greater powers -Frank Herbert

        I've always assumed amanfromMars was a bot. It never ocurred to me that it might also up/down vote.

        1. DS999 Silver badge
          Trollface

          Re: To use raw power is to make yourself infinitely vulnerable to greater powers -Frank Herbert

          The amanfromMars AI is being improved, now it makes sense and hands out upvotes. A few years from now The Register's parent company will hire it to write articles and lay off their writers. Judging by the articles I see elsewhere, some other sites may have already done so!

          1. rnturn

            Re: some other sites may have already done so

            dice.com, for example.

    2. TimMaher Silver badge
      Thumb Up

      Re: To use raw power is to make yourself infinitely vulnerable to greater powers -Frank Herbert

      Good comment @rjed and, it should be pointed out that in full E2E only the public keys get shared.

      If you wanted to make it really secure you would password or PIN protect the app in such a way that credential failure would wipe the message store and alert the rest of the crew that you have been compromised.

      Just sayin, theoretically.

      1. Anonymous Coward
        Anonymous Coward

        Re: To use raw power is to make yourself infinitely vulnerable to greater powers -Frank Herbert

        """If you wanted to make it really secure you would password or PIN protect the app in such a way that credential failure would wipe the message store and alert the rest of the crew that you have been compromised."""

        Thats another great idea - much like SSL cert revocation - before SSL was compromised.

    3. Anonymous Coward
      Anonymous Coward

      Re: To use raw power is to make yourself infinitely vulnerable to greater powers -Frank Herbert

      @rjed

      Quote: "....terrorists do not hangout on WhatsApp, Facebook...."

      *

      But even if they do, they can still use private ciphers. Even if they use the comments area in El Reg to pass messages, the spooks have the same problem. Namely, anyone using a private cipher BEFORE the message enters the channel gets real-time messaging. The spooks on the other hand may have to wait a while, maybe a long while, maybe never to find out what is being said. (See Beale Papers for an example of two message secure for over a century.)

      *

      So here's the procedure:

      A) Encrypt message with private cipher

      B) Avoid locations using CCTV

      C) If using a burner phone, make sure that your "honest citizen" phone is switched off or located far away

      D) Send the message using a hijacked WiFi access point (or an internet cafe, or a VPN, or a burner phone, or El Reg)

      *

      Result: Spooks using the legally mandated backdoor in an end-to-end encrypted public service get:

      E) To examine the private cipher message.....

      F) ....which came from an IP address which has either no personal identity, or the identity of the wrong person or business

      *

      051k0UC319e4083J17r90Nhb0U$80WZ40pps0UTd

      1dsJ0ygw0zty0=T40PzU1VhF00$q0rEr0ALd0Ove

      0y7W1m6n19ny0IIS0PCp0DLz18ab1g5q0pRY1L$W

      0yo$0zsE08GH1cUw1Wvr11I50UIv1mfp0o0g0kho

      0bCa18aW0ChM1mjC01oi1cSo0c=80UGR1LR$1j3o

      0j=u1LBl1N7p1U5d1XUL16HF1Hrv0WwK0UgB0EYW

      0W0u1KnM1hTL0E6l0wIe0DYm0StQ1Uvv1l4e1SbG

      1WYO0$rb0Baw1mBH0inR0qIA0XS80Q1t1EL=005b

      1dqs09Qp04J70lqC1RYt0A7u0mmv1Uan0z3d1c9E

      0oG70TZH133g0L8l1kYt0kAz121305RG0oY015Om

      1L2l0P3E112d1W$30yOr1f8l0ZEU0jPt1HGg0naI

      0mWi0JN816X50kvp13lr1Kno11Uq0cKW031Z0nHQ

      11$D0J6e0SON0=Rj1kmJ05Qu1Y$70tW30dk90SN6

      1EoC1KNJ1PPH1ARc02gL

      *

      P.S. Like the Beale Papers example, this is a book cipher example. I know, I know....book ciphers are crap. But they might just be good enough to get the job done!

      1. Anonymous Coward
        Anonymous Coward

        Re: To use raw power is to make yourself infinitely vulnerable to greater powers -Frank Herbert

        Principles like these are already appearing in some products I thought ?

      2. roytrubshaw
        Headmaster

        Re: To use raw power is to make yourself infinitely vulnerable to greater powers -Frank Herbert

        I know this is old hat but you don't really need to share a key, private or otherwise:

        1) Alice encrypts her message and sends it to Bob.

        2) Bob encrypts Alices's encrypted message and sends it back to Alice.

        3) Alice decrypts the doubly-encrypted message and sends it back to Bob.

        4) Bob decrypts the message to retrieve the plaintext.

        Obviously you would need to involve Charlie and Diane (and possibly Edward and Felicity) to avoid the to obvious back-and-forth between Alice and Bob, but no keys have been exchanged.

        Just sayin'

  7. Anonymous Coward
    Anonymous Coward

    Committee of Public Safety

    And who shall play the role of Madame Defarge, Tricoteuse extraordinaire?

    1. amanfromMars 1 Silver badge

      Re: Committee of Public Safety

      And who shall play the role of Madame Defarge, Tricoteuse extraordinaire? .... Anonymous Coward

      Are DC [Washington and No 10 Chief Advisor Wizard] in the frame and in the running for that dubious honour, AC? :-) Who else do you think would contemplate and deserve such a booby prize and do it justice?

  8. redpawn Silver badge

    Why Stop at a Back Door?

    How about porch lights to aid the dark web and a welcome mat for friends such as your local retailers?

  9. Anonymous Coward
    Anonymous Coward

    DOJ = Bill Barr

    That's from US DOJ, aka Bill Barr's office. He's compromised already. It's no real surprise he's pushing to compromise allied security too. I assume you're smart enough not to do something so fucking stupid as to backdoor all your tech! Even if you have to sign on to that stupidity publicly?

    I see Trump is withdrawing troops from Afghanistan, as predicted. Putin gets control of the TAPI pipeline. You'll see Trump drop US sanction against Russia soon too. Regardless of laws, both he and them will act as if the sanctions don't exist and Barr will stop enforcing them as if an executive order is law, same as they did with the Russian nuke treaty.

    Look over at Africa's oil reserves, those will be the next targets. "Petro-Ruble" is the obvious end game here. Control enough of the worlds oil reserves that prices can be negotiated in Rubles rather than dollars. Putin's already got an army in Libya while you were distracted by his Orange puppet, and I expect if Trump wins, he'll withdraw US troops from African bases as Putin allies are ready to take over each base. Starting with Libya.

    https://edition.cnn.com/2020/06/09/world/russia-libya-military-intervention-intl/index.html

    Watch for early "Libya" mentions in Trump's rhetoric, signalling the game.

    1. Anonymous Coward
      Anonymous Coward

      Re: DOJ = Bill Barr

      Yep, July 6th, I correct called that Trump would pull the troops from Afghanistan. It was the backdoors in the EARN Act that Barr and McConnell were pushing, I pointed out the obvious pattern they were following was the same one they (Putin and Trump) tried to run in Syria, but the attack on the US base failed.

      Trump has just said he will withdraw all US troops from Afghanistan before December, taking the Pentagon by surprise. Yet it did not surprise me, because its so obvious what the pair of them are up to. Why do you think he suddenly needs to withdraw troops before December! Because he fears he might lose.

      If you backdoor tech, then Trump will sell your backdoors to his Russian backers and Bill Barr here will help. Even if Trump loses, there will always be a next time, another Trump, another quid-pro-quo.

      My comment from this article 3 months ago:

      https://www.theregister.com/2020/07/06/revised_earn_it_act/

      My comment:

      "Leaked to the bad guys?

      "They ARE the bad guys.

      "This is a Republican thing, like the "Barr can snoop on any Americans internet without a warrant amendment", its pushed in the Senate by Mitch McConnell. These backdoors won't be leaked to the bad guys, THEY are the bad guys!

      "They're the ones committing the big crimes. Example: look at Putin's bounty on US troops, It's the same thing as Syria, send US troops back in body bags, Trump does a photo op with the body bags, pretends to have empathy, withdraws the troops from Afghanistan, and Putin takes over those bases. The body bags are supposed to be Trump's excuse. *Big* crimes.

      https://www.independent.co.uk/news/world/battle-syria-us-russian-mercenaries-commandos-islamic-state-a8370781.html

      "Do you think they would do that if there was any chance they would be out of power next year? Do you think they'd tolerate all these back doors and US surveillance laws wielded by a Democrat? Obviously no!"

      1. stiine Silver badge

        Re: DOJ = Bill Barr

        The U.S. should never have put troops into Afganistan (and most other places) in the first place.

    2. DS999 Silver badge

      Re: DOJ = Bill Barr

      Trump can't drop sanctions against Russia - congress passed a law preventing him from doing so early in his term. If it wasn't for that he would have done so years ago.

  10. T. F. M. Reader

    The real goal (hint: not terrorists or child molesters)

    Warrants to obtain details of everyone who uses particular Google search terms already exist in the wild. From here it does not take a huge quantum leap in legal thinking to include WhatsApp and such in this tender embrace, extend applicability to "issues of public safety" such as, say, conspiracy to co-ordinate an anti-lockdown protest or to spend a night together with a member of a different household (coming up with other illustrative examples is left as an exercise to the reader), and thus extinguish free and unfettered exchange of thoughts and ideas and information and feelings by ordinary people who won't rely on "end-to-end encryption" (that will still be marketed, no doubt, the details buried on page 3672 of T&C) anymore. Before long, any meaningful communication will be limited to parties trusted not to share it with others, while huddled together in a kitchen with running water, not unlike the USSR/GDR/DPRK/PRC/Other...

    A giant leap for mankind towards a much more governable population...

    1. BebopWeBop
      Big Brother

      Re: The real goal (hint: not terrorists or child molesters)

      A very particular form of 'governance'

    2. bombastic bob Silver badge
      Pirate

      Re: The real goal (hint: not terrorists or child molesters)

      Warrants to obtain details of everyone who uses particular Google search terms already exist in the wild

      Ok, what are those terms, and just how hard would it be to publish that list so that nobody uses them, except for people (possibly like me) who do it in a bash script in the backgtround to make those requests several hundred times per day, in protest, via the Tor network... thus filling their database with SO much crap it becomes WORTHLESS.

      It's a fair bet that for an individual, the amount of bandwidth this would generate would be small. If a few THOUSAND people do this, it might become large enough to make such "search term" investigations IMPOSSIBLE. It really would not take very much to frustrate them into silence.

      It also makes you wonder how the specific search terms were figured out... any MASS SURVEYLANCE involved in that process?

      1. T. F. M. Reader

        Re: The real goal (hint: not terrorists or child molesters)

        @bob: what are those terms

        Here is a recent example: https://www.cnet.com/news/google-is-giving-data-to-police-based-on-search-keywords-court-docs-show/. Never mind that this particular case was related to a specific investigation - the point is that warrants on search terms are perfectly fine now.

        Note that the warrant itself is still sealed. So, good luck with figuring out what keywords may be targeted in my (hopefully still hypothetical) scenario. And suppose you have figured the keywords out, so that

        nobody uses them, except for people (possibly like me) who do it in a bash script in the backgtround

        Mission accomplished then, eh?

  11. Anonymous Coward
    Anonymous Coward

    Encryption is an existential anchor of trust in the digital world

    Problem is that trust is gone, and not only in digital world, but everywhere. Sadly, I no longer trust any public institutions or businesses that they act in MY best interest. I absolutely trust they act in THEIR best interest, and if something goes wrong, it's ME who's the casualty / collateral damage. The only thing that keeps me in the "system" is that I have no choice (other than going off grid or ending my life).

    So, do I trust the businesses that their encryption is designed so that it really protects me from 3rd parties' access, and they don't abuse their power to gain access themselves, or sell it to someone, or screw is so that someone gains this access? Or do I trust "trusted 3rd parties", which is, basically, government agencies that they really use their "privileged" access only for legal and genuine purposes, when those very agencies define and shift those legal and genuine purposes - as fits their current goals?

    1. Duncan Macdonald Silver badge
      Mushroom

      Re: Encryption is an existential anchor of trust in the digital world

      Not even THEIR best interest - just what they conceive as being most convenient at that moment. History is full of "powers that be" ignoring warnings because acting on them would require thinking (Space Shuttle booster rings being sensitive to cold being a prime example).

      As for trusting governments - well if you do then I have a nice bridge to sell you - it is called Brooklyn !!!

      Icon for what should happen to the promoters of these anti-encryption ideas. ======>

  12. C-L
    FAIL

    Who decides who is trustworthy?

    Think of the slimes such as US AttyGen Barr, or WH Operatives such as Steve Miller, and in the past Bannon, and of course the stable genius Orange Monkey currently known as "US President"... Would you trust them or their delegates and appointees? I'd rather perform a self-root-canal...

    This is an idea that deserves to be ground to dust, then sent on a rocket to a sun in another galaxy. Yikes!

    1. Eclectic Man Silver badge

      Re: Who decides who is trustworthy?

      "Think of the slimes such as ... Steve Miller"

      But I liked his band, although he was a bit of a Joker, and a Space Cowboy.

      <Sorry, couldn't resist, this is a serious topic, I know.>

    2. Claptrap314 Silver badge

      Re: Who decides who is trustworthy?

      And you think that Eric Holder & Janet Reno were any better?

      The US DOJ has been pushing this garbage in every administration since the original Clipper initiative under Clinton.

      Make this a partisan issue, and you are guaranteed to lose at some point. Security is way too big of an issue for that.

      1. quxinot Silver badge

        Re: Who decides who is trustworthy?

        I just was thinking, if we want to stop the criminals and terrorists, we don't need to break encryption.

        We just need to stop electing them.

  13. RobLang

    They don't explain how, they never do

    Do they know something about prime number mathematics that the rest of the world doesn't?

    1. CAPS LOCK

      "Do they know something about prime number mathematics that the rest of the world doesn't?"

      Quite possibly. The NSA is the largest employer of Maths Ph. D.'s in the world. Clifford Cocks created a form of public key encryption years before R, S and A. I wouldn't rule it out...

    2. Someone Else Silver badge

      Re: They don't explain how, they never do

      Do they know something about prime number mathematics that the rest of the world doesn't?

      Depends on whom you ask. If you as the Stable Orange'utan, I'm sure he will tell you he does.

      But then, everything he says is a lie, so bring a salt shaker to the conversation.

      1. John Robson Silver badge

        Re: They don't explain how, they never do

        "But then, everything he says is a lie, so bring a salt shaker to the conversation."

        That's not fair, he slips up sometimes.

  14. cantankerous swineherd

    politicians should realise this means we would be able to get at their WhatsApp messages.

    1. Anonymous Coward
      Anonymous Coward

      @cantankerous swineherd

      Most Mps have switched to Signal.I can't find the article, but it was published on the Beeb website.

      As have Euro Mps. I did find this article.

      https://www.politico.eu/article/eu-commission-to-staff-switch-to-signal-messaging-app/

      When I switched to Signal, the hardest part of doing so was getting all my friends to do the same. I had to resort to telling them I had deleted Whatsapp. Somewhat surprisingly, it mostly worked

      Cheers… Ishy

    2. Ken Hagan Gold badge

      And their bank accounts.

  15. Ordinary Donkey

    Three weeks to the election and impossible demands are being made again.

  16. Potemkine! Silver badge
    Childcatcher

    What a bunch of hypocrites.

  17. iron Silver badge

    "access to content in a readable and usable format... subject to strong safeguards and oversight"

    Which it won't be. Every Tom, Dick and Sally at your local council will be able to read all your messages whenever they feel like it because they don't like your face. Like other similar UK gov legislation.

    1. Richard 12 Silver badge
      Holmes

      Doesn't matter. They will be stolen

      Any key that valuable will be stolen.

      Something that valuable means a miscreant will be willing to kidnap some official and torture them to death to get the key.

  18. Christoph

    "Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;"

    Does this mean anything at all, other than "Wave a magic wand"?

    1. Anonymous Coward
      Anonymous Coward

      yeah, it means "bullshit bullshit bullshit bullshit bullshit bullshit bullshit bullshit"

    2. ancilevien74

      Shut up, it's magic.

      The excuse of the worst GM.

  19. lxndr
    Meh

    It's not so easy...

    Like everything, this is prob not an easy discussion.

    Before internet, a large part of crime stopping was based on phone tapping, intercepting SMS messages, intercepting all kinds of communications before tech existed.

    So it is understandable law enforcement wants / needs 'a way in' to be (more) succesful in their job.

    Of those five+ nations the democratic elected governments already have the right to access homes, tap phones, etc for 50+ years.

    All telco providers by law are required to provide ability to tap phones when a legal warrant is presented.

    So I would say, the governments are prob fully in their legal rights to compel companies to provide access to comms of their users.

    Problem is of course that this is no longer a local telco providing access to its local government.

    The issue now is that any gov, whether you and I consider it good or evil, is making a claim to a company not under its laws to force it to do something that might result in something not legal where that company is based (e.g. arresting annoying journalist).

    Hence the Apples of this world are blocking US gov, because if they allow access to one, they have to allow access to all.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's not so easy...

      Before internet, a large part of crime stopping was based on phone tapping, intercepting SMS messages, intercepting all kinds of communications before tech existed.

      Yeah, and there were always ways around those measures.

      So it is understandable law enforcement wants / needs 'a way in' to be (more) succesful in their job.

      No, it's not. Law enforcement has had more effective ways of stopping bad guys for like a century now. Any bad guy who is an actual threat can just encrypt everything with an uncompromised cypher, making this idea entirely useless for its stated purpose.

      You're falling into their trap, where they make you think what they say they want is somehow reasonable, useful, or indeed possible. The truth is that it's all just bullshit. It's not about stopping crime or saving the children, that's just the lie you've swallowed. They want mass surveillance, and widespread encryption makes that hard.

      I could explain it to you in great detail, but I don't have the patience. Instead, you should do 5 minutes research on the topic.

    2. pmb00cs

      Re: It's not so easy...

      Except, the Governments haven't had the access they are asking for for that long. Phone Lines used to be analogue, to tap a line you needed to tap that line, and get someone to listen to the call in real time, or record it and play it back. Text was by post, and you needed to intercept the individual letters, and read them. The process of "intelligence" gathering was personnel intensive, and expensive. This led to it's use being targeted by necessity. As more and more communication became digital it became easier to gather vast amounts of communications data without really having to commit personnel to reviewing it. This made the "intelligence" gathering cheap and easy. The "intelligence" processing however was still expensive and personnel intensive, but as long as they have the "intelligence" they can do that processing at their leisure. This has only really been the case with the internet, and only then with the increase in the popularity and utility of the internet. It is a myth that these agencies are only asking to maintain capabilities that they have always had, they haven't. It is also a myth that they would only use these capabilities in responsible ways, unfortunately for them that myth was blown wide open by Snowden, and other whistle blowers. These agencies are adicted to gathering ALL the information they can, but are unable to point to any substantive reasons why them having voyeuristic access to the entire world's communications is of any value to them. Let them do the hard work of actually doing targeted intelligence gathering again. That actually works.

    3. amanfromMars 1 Silver badge

      Re: It's easy...You pays your money, you takes your choice @lxndr

      Governments don't have a right to what you have shared, lxndr, however they may very well have a fervent all-consuming desire. The one is completely different from the other.

      It is no more complicated than that, no matter how much is said and spun to try and deny it is so. And such is invariably self-serving and primarily designed to try and hide from general view and common knowledge, unsavoury government tolerated or sanctioned shenanigans which they would persecute and prosecute as being abhorrent and criminal whenever copied and performed by others no matter where.

      The knowledge of the veracity of those simple facts is the deadly phantom enemy that they do vain battle against, jousting as they continually do against the windmills in their mind and the honest soul who would ask them about the validity of such facts as they would desire to be a fantastic fiction they could easily deny and disprove ....... without drawing any further inquisitive attention to any of their attempts at covering up their discovered actions and guilty proactivity.

      However, once the horse is bolted, locking the stable door is no answer. One just needs to accept and prepare for the loss and take the hit and stop digging down deeper into one's own burial pit. Hopefully it leaves one wiser but ..... as Einstein is reputed to have said ....... “Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.” ...... and he knew quite a lot about some really weird things, didn't he, and is even to this very day universally feted for them, by all accounts.

    4. Graham Cobb Silver badge

      Re: It's not so easy...

      Before internet, a large part of crime stopping was based on phone tapping, intercepting SMS messages, intercepting all kinds of communications coppers wearing out shoe leather before tech existed.

      You are buying into the completely fictitious "going dark" story. In fact, law enforcement have never had it so good! They have managed to reduce budgets and cut police numbers because IT has given them massive efficiencies -- they have more data than they know what to do with. In the old days, to find out what crims were saying they had to infiltrate people into gangs (extremely dangerous) or bribe or blackmail other crims to report the conversations they heard. Now they just have to access some emails or messages (almost always on the end devices rather than in transit anyway).

      What they want is not to catch criminals -- that is just the story for the public -- what they want is to set up a police state that tracks and monitors everyone. The ordinary policemen and women think, like the public, that this is to reduce lawlessness but the real reason is social control is so much easier in a police state where being "different" is a crime in itself.

      1. MachDiamond Silver badge

        Re: It's not so easy...

        "they have more data than they know what to do with."

        That's one of the problems. You have to figure out what is really data and what is noise or wind up chasing your own tail. Just like if forensics hoovers up every spec of dust at a crime scene and empties the bag on a table at the lab. What's evidence and what's rubbish? Somebody good at the scene would look at things in situ and only tweezer the things that might be relevant.

  20. Eclectic Man Silver badge
    Coat

    Every now and then ...

    ... someone in 'authority' comes up with the 'brilliant' idea of making developers and vendors of communications products put a 'Government agency' only available 'backdoor' into their products so that the 'good guys' can get access to the 'bad guys' communications. A few years ago it was the (now former) head of the FBI, Mr. Comey. Decades ago, it was HMG asking for all PKI public and secret keys used by commercial organisations to be escrowed to a government approved company (I read their paper twice, clearly written by people from near Gloucester).

    The mathematicians and cryptographers complain that you cannot legislate so that only the 'good guys' can use the backdoor, and the implementers complain that it is really difficult to sell a product which is known to be insecure. The 'government authorities' bring out the arguments of terrorists and paedophiles communicating securely on the 'dark web' and protecting the children. The Human Rights activists talk about freedom of speech in oppressive regimes.

    Nobody (or not that I have noticed) acknowledges that cryptography is what evolutionary biologists call an arms race. Public key cryptography changed the rules and environment of communications and security, and gave people a whole new toolkit to do wonderful things, like digital signatures and secure communications over insecure channels. When a new invention arrives and is powerful it changes the power balance in society, and legislation will only protect the innocent from the law-abiding.

    Sometimes, as we mathematicians understand, there is no solution to the problem.

    I suggest (rather facetiously) that we tell the 'powers that be' that 'quantum computing will solve all their problems in this area, they just need to wait a few years for it to get running properly. Either that or insist that Huawei tell us ow they do it...

    I'll get my coat, its the one with the tin-foil hat in the pocket.

    1. Cliffwilliams44 Bronze badge

      Re: Every now and then ...

      They do not need these back doors! They need to use good old fashioned police work. The Mafia in America was notorious for not using telephones, everything was communicated "in person" even of that mean someone had to drive across town to get that done. How did we take down the mob? By infiltrating these organization. We can do the same with child molesters and terrorists.

    2. amanfromMars 1 Silver badge
      Pint

      Re: Every now and then ... something slowly quickly emerges and devastates the landscape

      I concur, and couldn't have said it any better or clearer myself, Eclectic Man. Bravo, Sir or Madam. A toast to your good health, ... Cheers.

      :-) How quickly do you think they will listen and see its great common sense? Before or after they are crushed in every inevitable crash?

  21. Cliffwilliams44 Bronze badge

    Been there, done that!

    Have we not heard this tale before?

    "If you are not doing any wrong, then you have nothing to fear!"

    We have a Political party in the US that has no problem using the power of the Federal government to target and prosecute their enemies.This is a dangerous policy!

    1. Duncan Macdonald Silver badge
      FAIL

      Re: Been there, done that!

      ?? A Political Party ?? - All Political Parties would be more correct - neither of the two main US political parties has even the slightest shred of decency or honesty. From both the complaints are of the form "you should not be doing this to us - it should be us doing it to you" !!!!

      My opinion of politicians ==============>

      1. Smirnov

        Re: Been there, done that!

        If you still fall for the (false) narrative that both main parties are equally bad you clearly haven't paid much attention during the last decade.

        1. Anonymous Coward
          1. Anonymous Coward
            Anonymous Coward

            Re: Been there, done that!

            Do you REALLY think anyone here is going to click on a youtube link without any context at all?

            1. Anonymous Coward
              Anonymous Coward

              Re: Been there, done that!

              That's actually a really good point that I totally didn't think of for some reason. Thanks for pointing it out! :)

              Bit late now, but it's Bill Hicks' "politics in america" bit.

        2. Duncan Macdonald Silver badge

          Re: Been there, done that!

          Both are so bad that they make the Mafia seem like paragons of virtue.

          As to which is the worst - I do not care - both are so bad that they should never be in charge of a hotdog stand let alone a country.

          1. quxinot Silver badge

            Re: Been there, done that!

            The Mafia is effective and has a sense of honor.

            Politicians on either side? Not relevant. The highest bidder will be, per usual, dictating the government's actions. The government office holders have the simple job of generating controversy to take the limelight off these machinations.

            It's surprisingly effective, and not new at all.

  22. Richard 12 Silver badge

    USA repeals Mathematics. Again

    I'll accept this when Mr Barr wears an explosive collar secured by the same means.

    If he really believes this is ok, then he should bet his life on it, like he is asking everyone else in the world to do.

  23. Wolfclaw

    Do these muppets actually read what they write? You can't have a secure system if a backdoor exists, even if they keys to are held in the most secure place on earth, nothing is 100% guaranteed and when it all goes wrong (as it regularly does), everybody involved, governments and companies have big get out of jail clauses and Joe Public foots the bill and takes the hit ! I have two safe and secure encrypted letters for 5 eyes and friends, its U.F !

  24. Mage Silver badge
    Facepalm

    so they offer access to encrypted messages and content

    Periodically we get this daft PR.

    Likely within a year all the criminals and unfriendly nation states would know the "backdoor keys".

    So a gift to designers not controlled by the Five-Eyes.

  25. Anonymous Coward
    Anonymous Coward

    If they want access, they should use the front door like everyone else, get a warrant if required.

  26. EnviableOne Silver badge

    UDHR - Article 12

    No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

    ALL the nations making this declarations are signatories to the UDHR, and all tend to ignore Articles 11 and 12

  27. Anonymous Coward
    Anonymous Coward

    Look at the big picture

    So if this becomes law then every politicians cell phone, email, and bank account is accessible?

    1. Anonymous Coward
      Anonymous Coward

      Re: Look at the big picture

      They usually include a clause that specifically exempts them from the measures.

    2. MachDiamond Silver badge

      Re: Look at the big picture

      "So if this becomes law then every politicians cell phone, email, and bank account is accessible?"

      Well, in the US, the spooks got caught snooping on the Government oversight committee. High level government employees bypass official security protocols to avoid scrutiny of their actions which then gets hacked by foreign countries. Etc, ad nauseum.

  28. Anonymous Coward
    Anonymous Coward

    not possible

    Any individual can easily encrypt data using technology available today that if intercepted, in transit while encrypted, can NEVER be decrypted with all the quantum computing power that will ever be created and all the traditional computing power that will ever be created.

    I am not going to describe how, SO DON'T ASK, but it is trivial and does not require an Einstein level of genius to implement.

    So if the Eyes idea is implemented it serves no purpose, other than mass surveillance. It is easily bypassed by anyone with a basic knowledge of cryptography.

    1. Anonymous Coward
      Anonymous Coward

      Re: not possible

      @anonymous coward

      Bollocks

      Cheers… Ishy

      1. Bill Gray

        Re: not possible

        I suspect the AC is referring to one-time pads. In which case he/she is actually right, though the usual limitations of one-time pads in practice apply. (If I were up against a nation-state adversary and my life depended on it, I'd probably use them in any situation I could, along with steganography. And I'd probably post some random bytes here and there in hopes that the various "national security" organizations would waste computer cycles on them, rather than on my actual communications.)

        JML&c0Z2Ow&.0!2p$i@1UIo7l0S2^p_H0%<wTV2%2??v32[730g1R0:v=S2)tZy.

        u0DSa'0]c%kE2152X61)4I'91/0ulzP122e=Yj1'K8{f2_rPE#0{0mt:{0#RFJi2

        N0ojKa2ek7r[0Kk<)a2OqB$N2EV+JY0eyyD<1:%?Q40p2mLEq0UHvW'1P1H_h40T

        H\su1<23=Ne2y1{)g62bWOqh0J2azaZ2a1wYY<0$KU?n2xj3ed0r2O;&62xaG>+1

        VUuY11*g*d90:2Mo%&06"4>82,%%Ak2X_NF-1(U+DS2t,]OO0ZzyUN22G'JA1|J{

        ^P2lHMhU0oeRvA2dRhoH0\r1-w0\11sI%2'0vR<0{2(({1J0SC@0$Won_1f6{8R0

        <2*dkW0@)#&61[Yh*M1<|=p(1_-g0g2lDsfN1&,_nA0s#G7u242_Yr185$!60lLb

        HQ2E1z%b12Z?Lg<0Q],0J1Os,k-0)HSWt23;'CR0UxouQ2k9b;C0GsMLn0Q8N=c1

        6C9!_0-,9(G2e/-;a16bw3C0([c{+0zgCeY18oh/I1d/OsJ1\6%>$2f1m1v(1r$S

        TD0HVEH$1jY\1T2+yaYX0)>8&b0T=/L\19R44+0?SL?W0{vD}+2DCRF_0HA"4%2;

        1. Anonymous Coward
          Anonymous Coward

          Re: not possible

          I like the idea of agreeing a particular edition of a common physical book. Then each word is referred to by an obfuscated page, paragraph, line, word position. Each time you use the same word it is a different one in the book. You can even go down to individual characters for words that otherwise are not available.

          If you have several books then you agree a word that can occur many times in all the books. The position code for one of those instances in a book indicates which book the rest of the message uses.

          1. Anonymous Coward
            Anonymous Coward

            Re: not possible

            One problem with that is that most books and magazines have been scanned, by google, so not as useful as it used to be. It can rapidly be brute forced.

            Pre distributed of random key material is the way to go these days, a thumbnail sized microSD card can hold hold a terabyte of random numbers from something similar to say a radioactive source.

            Time to crack encryption: "never" as long as both copies of the key material is destroyed after one use.

            1. MachDiamond Silver badge

              Re: not possible

              "a thumbnail sized microSD card can hold hold a terabyte of random numbers"

              I expect that the spooks have even smaller devices, but a commercial MicroSD with data that looks like noise from a secure delete program is easier to miss by security. They can be hidden on a person or embedded in so many things that somebody searching would have to know there was something to find.

              I've thought of using those to make US border crossings less dangerous. I would be able to offload my data from phones/laptops if needed. I used to do a lot more news photography and getting images back from some places might take some creative thinking. I never had the problem but a couple of colleagues that liked to do those sorts of assignments were good at getting photos to the editor even if all of their gear was impounded somewhere.

  29. You aint sin me, roit Silver badge
    Coat

    Encrypted propaganda? How does that work?

    Don't worry about me, I'm doing nothing wrong, so you don't need to know....

    1. Anonymous Coward
      Anonymous Coward

      Re: Encrypted propaganda? How does that work?

      The Cardinal Richelieu attributed quote means that the more innocent you are - the more you are suspected of being "guilty - but very clever. We'll get them next time".

      I was once told that a previous manager believed my totally honest expense claims to be covering some fraud he couldn't figure. Not that he was concerned with saving the company's money. He wanted "the system" for his own use - to go with his purported appropriation of a namesake's university qualification.

  30. Anonymous Coward
    Anonymous Coward

    and and and

    They conflate the issues when they put crime (enforcement) and national security (intelligence) together. Tools, techniques and methods of each are very different. As are intentions.

    A willfully exploitable encryption backdoor plus a planet-wide permanent "search warrant" yields failures of reliability, of compliance, of oversight, of trust. In everything. Everything.

    They know not what they do.

  31. Anonymous Coward
    Anonymous Coward

    Did Huawei refuse to play ball?

    Ironic that they banned Huawei because of imaginary backdoors.. I wonder if they were really banned because they refused to comply?

  32. smalldot

    I'm just going to say it

    I hope the five eyes force their technology companies to adopt this proposal. Maybe then more people would start to use open source alternatives. Or maybe then European companies would get a boost in their hopeless attempts to compete with giants who have unlimited cash to spend.

  33. Inkey
    Flame

    And the....

    Five Eyes nations plus Japan and India

    Can fuck right off!

    It's not like the 3 letter agencey's don't have enough access .... if they are given the keys to encripted comms it will end badly ....

    This is how it starts....

    https://www.theregister.com/2020/10/09/cps_solicitor_computer_misuse_act_charges/

    Already a marketing stazi.....

  34. Boris the Cockroach Silver badge
    FAIL

    Oh god

    the stupidity... its hurts us my precious..... it hurts us

    Given the code for your typical public/private key encoding algorithm is already widely available, how long would it take for a reasonably competent programmer to knock up a bit of code to run the encyrption on say , a message of 500 characters, then decrypt it at the other end, after generating an on the fly key pair for it, and deleting all data on exit.

    30 mins maybe? an hour? maybe a day to stick a quick and dirty GUI on the the front, connect to a prearranged server's IP and away you go.

    And yet public grade stuff for transmitting bank info/transfers is to have a backdoor in it (if such a thing can be achieved)... and how long do these people think it will be before every major criminal cyber gang will be tearing apart the code to see where the backdoor is...

    And in any case for my regular followers

    "The eagle flies south in summer... the eagle flies south in summer"

  35. martinusher Silver badge

    Will Someone Please Think Of The Children?

    Using the notion of children being sexually exploited must rate as the most cynical exploitation of children ever.

    I've always been against the international measures against child porn not because I'm a fan of kiddie porn -- that's obvious -- but because its a wedge used by the cynical to ban a form of information. In addition to the ban an entire international enforcement infrastructure is then created that can invade privacy at will, damn people without adequate proof, essentially condemning them on some unaccountable person's say so. (All with the noblest of intentions, of course.) Once these measures are in place and accepted then they can be applied to other classes of information -- "supporting terrorism", for example. Gradually the screw gets tightened until anything other than approved information becomes banned and the possession and transmission of that information becomes a crime.

    Adding backdoors to encrpytion is just part of the process. Fortunately, mathematics is not amenable to political will. However, the mere fact of the use, or even just the possess, of unathorized encription software or even just the information could be taken as proof of guilt. (Back to kiddie porn -- you don't need to actually have to actively solicit the material, just have it found (conveniently) on your computer for you to be guilty.)

  36. Anonymous Coward
    Stop

    Seven nations announce that they would like their cake and eat it too!!

    I think its going to be a real battle to keep the tech-illiterate and those focused on the next electoral cycle from pushing at least a large part of their damaging encryption-weakening agenda through now, but let's discuss some of their goals.

    "Embed the safety of the public in system designs"

    Which public would that be? Because yes, there are pedos and terrorists and drug dealers out there right now, using encrypted communications for at least some of their dangerous activities. However, there are also abused or stalked ex-wives and girlfriends who don't want their ex's to find them or spy on their communications. And there are parents, grandparents, uncles, aunts, godparents, brothers and sisters who like the current paradigm where they can share pictures and videos of the young members of their families and have those communications protected by encryption, instead of it being put at risk by pedos who managed to get access to or reverse-engineer some law enforcement backdoor. And there is the part of the public who likes to be the only ones who can see what's happening when they access their online banking, stock trading and medical information. And there is the part of the public who might be involved in international human rights or journalism, or just want to be able to talk to their loved ones who live under oppressive regimes overseas, without the secret police being able to see what they are talking about.

    "Enable law enforcement access to content....where an authorisation is lawfully issued"

    What constitutes a "lawfully issued" authorization? One where the local sigint agency has made a classified redefinition of existing privacy and due process laws, so that they can surveil large amounts of society without any probable cause? One where the local sigint agency has farmed out it's surveillance to an overseas partner, to avoid any of those annoying clashes with local laws? An authorization that is technically subject to judicial oversight, but where in fact the judiciary refuses to push up against "national security" exceptions or has its own oversight classified so that the public cannot see how many authorizations are being issued, who or how many people are covered by those authorizations, how long those authorizations will be in force and what constitutes the basis for approval or disapproval of a request for an authorization?

    "Engage in consultation with governments and other stakeholders to...genuinely influences design decisions."

    So you want tech companies to be the turkeys voting for Thanksgiving. And when Facebook or some major ISP or device manufacturer engages in this consultation and has their design decisions "genuinely influenced", one of two things are going to happen. Either the fact that tech company X has caved to adding a backdoor is going to go public, and people are going to start moving to other, more secure offerings from other companies outside of the "Five Eyes & Friends" jurisdictions. Or the fact that tech company X has caved will be kept classified, and thousands/millions/hundreds of millions of technology users, many of them operating secure systems to protect the data of the companies and organizations they work for, will be walking around with unknown and unpatchable information security risks in their pockets, on their computers and in their datacenters.

    Go to Hell, Five Eyes & Friends...

  37. Tempest
    FAIL

    Why Do They Need Backdoors? Seems that . . .

    the Chinese, Russians and even the DPRK have little difficulty in penetrating high security Western defence computer networks, or those networks used for US elections or electrical grid systems.

    Perhaps the vaunted Western security agencies should hit the books, not the manufacturers, for assistance.

  38. CrackedNoggin Bronze badge

    The simplest interpretation is that this is a step towards requiring companies to hold the keys and records of encrypted conversation.

    Needless to say, those keys and records will have value not just to domestic policing agencies (scary enough) but also to a wide range of

    foreign and domestic adversaries, competitors, and hackers. As sure as water flows downhill, those third parties will obtain that valuable information,

    and the main victims will be (e.g, US) companies and individuals.

    Therefore, it's not even necessary to go "as far" as discussing right to privacy or any "wet" concept like that.

    For example, the US military, being the "largest" or at least most expensive, in the world, also has the largest exposure. Yet -

    "The use of the encrypted messaging applications Signal and Wickr by the 82nd Airborne’s Task Force Devil underscores the complexity of security and operations for U.S. forces deployed to war zones where adversaries can exploit American communications systems, cell phones and the electromagnetic spectrum. But it also raises questions as to whether the Department of Defense is scrambling to fill gaps in potential security vulnerabilities for American forces operating overseas by relying on encrypted messaging apps available for anyone to download in the civilian marketplace." [Military Times]

    Yes of course the military could throw 10 billion at a bespoke messaging app, but that introduces new risks when it comes to the need for experts to look for potential weaknesses, not to mention more expense. And it still doesn't address the need for secure communications at military contractors, in government agencies, in the banking world, in private companies, and even individual folks.

    The motivation is of course domestic political control, which is just a manifestation of the instinct for absolute control of the tribe. A little bit of thinking shows that damages the security of our modern nation as a whole.

  39. RLWatkins

    Oddly enough, it is possible to fight crime without a wholesale invasion of citizens' privacy.

    Remember?

    Societies have been fighting crime throughout the entirety of human history without governments being able to climb through people's keyholes at the drop of a hat. And it has worked pretty well.

    Kind of makes one wonder what it is they're really want, for which they're using this as an excuse.

    1. Anonymous Coward
      Anonymous Coward

      Re: Oddly enough, it is possible to fight crime without a wholesale invasion of citizens' privacy.

      People who seek the levers of power are often attempting to satisfy their need to be in control of anything that might disturb their blinkered mindset. The more power they get - the more insecure they feel.

  40. Gene Jones
    WTF?

    The road to Hell is paved with good intentions. They always throw the protection of grannies, mothers and children arguments when they know their real intentions are nothing of the sort.

  41. codejunky Silver badge

    Hmm

    "Embed the safety of the public in system designs"

    That instruction negates the other two. For the safety of the public these things need to be solid. As unbreakable as they can make them with no backdoor.

    1. Gene Jones

      Re: Hmm

      You're right, of course. But that only means Congress will pass backdoor legislation. They do not have the public's safety or privacy in mind - ever. It's all about the power.

  42. J.G.Harston Silver badge

    ....and ensure that pi shall always be 3.0000

  43. ancilevien74

    An easy way out would be to say :

    OK, you develop the mathematical theory and the algorithm to do that. And when mathematicians, security specialists, encryption specialists and developers from all around the world will validate it to be sound and working, we will implement it in our products.

    Like this, the burden of doing this impossible task is reverse to them. We know it's impossible and they will never succeed, so no risks for us.

  44. MachDiamond Silver badge

    BS Johnson gets elected

    Where's Terry Pratchett when we need him for a great story about this? Oh wait, he wrote lots of them.

    The next big debate will be about making Pi=3 to simplify math. Besides, the way it is now is racist. I'm sure they'll pass something soon.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021