back to article UK infoseccer launches petition asking government not to backdoor encryption

A UK infosec bod has launched a petition asking the government if it would please drop its plans to install backdoors in end-to-end encryption. Application security specialist Sean Wright's Parliamentary petition comes as an expression of uneasiness at long-signalled plans for British state agencies to sidestep encryption and …

  1. Tigra 07
    Childcatcher

    Quite literally...

    A case of "Oh noes! Won't someone please think of the children!"

    1. Anonymous Coward
      Anonymous Coward

      Re: Quite literally...

      Indeed. When they pull that card you know there is something terribly dodgy going on.

    2. julian_n

      Re: Quite literally...

      Quite. And the Food Standards Agency and their like NEED access to your encrypted communications in case your children eat a dodgy beef burger.

    3. David Shaw

      "Western law enforcement agencies maybe do not struggle....."

      OMNISEC anyone?

      (1) https://cryptomuseum.com/manuf/omnisec/index.htm

      (2) https://www.thenationalnews.com/world/europe/report-claims-cia-used-second-swiss-encryption-firm-to-spy-on-governments-1.1119327

  2. alain williams Silver badge

    I have signed it

    I am telling others to sign it as well.

    1. Nunyabiznes Silver badge

      Re: I have signed it

      I would sign it if I were in the correct jurisdiction!

    2. UCAP

      Re: I have signed it

      I've signed it.

    3. Anonymous Coward
      Anonymous Coward

      Re: I have signed it

      Nice, but what's the point?

      When has it ever made a difference?

  3. Wellyboot Silver badge

    Breaking encryption not needed

    The predator Wilson was traced using the age old 'follow the crumbs' approach giving enough circumstantial evidence for a search warrant. His phone was then found & seized, this was enough (easily identified endpoint) for another warrant requesting ISPs,Carriers & social media firms to hand over the logs. At this point, it wouldn't take very long to identify all of his victims and direct evidence from victims gives an easy conviction.

    At no point did reading the live messages need to be done, unless plod is saying that they were already doing this to everyone already (how else could they find him?) and no complaint was made by a victim or online child protection group before they took an interest in his activities.

    If this is the level of argument that the NCA comes up with as an excuse for removing any serious security from personal communications its pathetic, they can already find out easily enough all the details relating to any message (except the actual content) for the last year and proceed from that with warranted activities for the rest.

    1. Anonymous Coward
      Anonymous Coward

      Re: Breaking encryption not needed

      ...for the last year.

      What planet are you on? They don't delete anything, ever. Right to be forgotten is a date field in your file telling them not to provide you with any data older than your request date/time.

      1. Wellyboot Silver badge

        Re: Breaking encryption not needed

        I was merely pointing out the current 'legal' position where ISPs etc. must keep all data for a year should plod come calling with a warrant, so plenty of opportunity for legal investigation.

        If the ISPs choose to to keep data for longer, that's a commercial decision. If plod collects and keeps data forever that won't make any difference to the backdoored encryption debate.

      2. Anonymous Coward
        Anonymous Coward

        Re: Right to be forgotten is a date field in your file

        As we've been implementing it (miscellaneous banking industry) it not only stops data from being provided in any kind of information requests but also from being user-searchable past the forget-about-me date, though it will linger forever in the database (or its backups) and can be retrieved by IT at any given time - following proper channels, hopefully.

      3. Dr Dan Holdsworth
        Stop

        Re: Breaking encryption not needed

        I know that it can be very tempting to think of the ISPs and the State being some sort of shadowy organisation that is in cahoots to spy on and do down the little man, but quite honestly this is not the case. ISPs are businesses, and as such they have to make a profit. Storing customers' data indefinitely does not give them any profit, so pretty much all ISPs will comply with the very letter of the law and that is all.

        They will also have done a quiet cost/benefit/punishment assessment over what the fine might be for not keeping the required records, or having done so on a disk which subsequently turned out to be broken, and so on. Be assured that only precisely one year of data will be retained, and that will be retained on the cheapest, crappiest NAS box money can buy.

        1. Robin Bradshaw

          Re: Breaking encryption not needed

          The other way to look at it is that ISP 's are businesses and will look to monetise any asset they control so they are probably selling that data, theres a reason they started squealing about mozilla adding DoH support https://www.theregister.com/2019/07/10/ispa_clears_mozilla/

  4. smudge
    Joke

    It's easy

    All he has to do is talk to Sir Graham Brady and Sir Ian Duncan Smith and Steve Baker and all the Tory MPs who are currently fuming at the authoritarian attacks on our freedom and human rights that are the covid restrictions.

    They will of course instantly understand that backdooring encryption is also an attack on our liberty and rights, and will organise a rebellion to ensure that any proposal to backdoor encryption will never get through Parliament.

    Won't they?

    1. amanfromMars 1 Silver badge

      Re: It's easy

      All he has to do is talk to Sir Graham Brady and Sir Ian Duncan Smith and Steve Baker and all the Tory MPs who are currently fuming at the authoritarian attacks on our freedom and human rights that are the covid restrictions.

      They will of course instantly understand that backdooring encryption is also an attack on our liberty and rights, and will organise a rebellion to ensure that any proposal to backdoor encryption will never get through Parliament.

      Won't they? ...... smudge

      smudge, re the question, Won't they?, is easily resolved by simply asking them whether they be already ready, willing and able to perform such a Sterling Stirling Service for the home nation and similarly threatened allies should it prove to be necessary and unavoidable ‽ .

      Then any opposition can have aforesight of what would be certainly a less than friendly competition and surprisingly competent foe if parties get their intelligence acts together to harry and dash and exhaust and extinguish the common enemy and an enemy of the Commons too ...... and thus be not unaware of the fight they be destined to lose and can never ever win win against.

      Would you be a fool and think to try triumph against all of those odds against you? Would you both claim and blame madness for fatal miscalculation?

    2. Fruit and Nutcase Silver badge
      Coat

      Re: It's easy

      Call me a cynic - they won't. They are politicians. Two out of the 3 are Knights of the Realm. That leaves 1 whom the whips and party management can get to toe the party line with the promise of a Knighthood. A politician with a Knighthood would be looking for a carrot in the guise of a Peerage.

    3. UCAP
      Facepalm

      Re: It's easy

      GCHQ, MI5 and MI6 all know where their skeletons in the closet are buried (sorry - mixing metaphors a bit). They won't do anything that the security forces don't want them to do.

  5. Long John Silver
    Pirate

    Pie in the sky?

    This measure, being based on 'noble' sentiments, may well gain traction during these times of a punch drunk compliant parliament. Few MPs are likely to understand the technical issues involved or to bother getting up to speed. The large Conservative majority makes passage of legislation almost inevitable. Labour MPs wearing 'decency' on their sleeves could support it; perhaps some will indulge in the same inane kneeling gesture they did for BLM.

    Yet one must question just how much damage this proposal actually could do if implemented. Commercial purveyors of social communication platforms within 'Five Eyes' jurisdictions shall be obliged to obey. For speakers of English and other European languages these platforms (e.g. Facebook) predominate. However, people intent upon conducting their private and working lives secure from intrusion don't use these means to socialise and to do business. Unencumbered encrypted communication shall continue using VPN, secure email services, and messaging applications procured from foreign sources. Long established open source tools for specific purposes, e.g. PGP, will continue in use as shall transfer of divers 'content' in compressed encrypted format. Then there is Tor and a number of distributed peer to peer networks all at advanced stages of maturity.

    Internet recruitment and predation upon children must in the main depend upon mass social media. Hence, in theory neutering encryption on these media would accrue benefits. As for other criminal enterprise fruits from encryption back doors will be minimal in number and in terms of sophistication of crime; this because criminals along with sensible honest folk have other means to converse.

    Even benefit from detecting crime against children is moot with respect to enacting back door access to 'conversations'. It might help gathering incriminating evidence against those already suspect but fishing expeditions into a huge accumulating pile of decrypted communications doesn't seem worth the bother.

    Governments appear to place huge faith in technological solutions to problems better tackled by other means. We are seeing this now with respect to Covid-19: a pretty useless phone 'app', testing asymptomatic people, and the proposed "Operation moonshot". Concerning crime they would do better by increasing provision of traditional policing methods; when so, technology becomes a support rather than driver of activity.

    Crime dependent upon the Internet is largely abstract until it impacts the physical world. Connection between the two realms is tenuous until people seek physical contact, pay for services with money, and deliver physical items. That recognition has enabled police forces to prosecute vendors and recipients of 'deals' transacted in the quite secure environment of Tor. Conventional policing through steady observation of nefarious activity with cross-referencing within and between Tor and the open Internet has enabled investigators to pick upon human errors by criminals which give clues to identity.

    1. Anonymous Coward
      Anonymous Coward

      Re: Pie in the sky?

      We must think of the children.

      We need to ban cars. They enable criminals to get away.

      We must ban all gatherings of people in pubs, parks, private buildings etc. unless the location is fitted with authorised monitoring devices.

      Cameras must go too.

      As must all sales of sweets, and cute puppies.

      Everyone must converse in English!

      All posted letters will be opened and photocopied.

      GPS tags must be worn by all men over 18, and those under 19.

      1. Tigra 07
        Trollface

        Re: Pie in the sky?

        Ban oxygen. All criminals in a study were found to be using it, therefore it must be immediately banned.

        1. Tigra 07

          Re: Pie in the sky?

          Clearly anyone who disagrees wants to help the terrorists...

    2. EnviableOne Silver badge
      Paris Hilton

      Re: Pie in the sky?

      In other words, the criminals will adapt, the only people backdooring encryption will hurt are the law abiding citizens, who will now be less protected from the governments and those that wish to do them harm.

      Sod the Children, wont someone think of the adults for a change

  6. Zippy´s Sausage Factory
    Meh

    I'm thinking that a smaller state - let's say Australia, or perhaps a post-Brexit UK - passes this legislation. The tech industry gets together, and suddenly WhatsApp, FaceBook, Instagram, Twitter, Signal and Telegram are unavailable in the UK.

    That would send a significant message to the government, which I think would be enough to kill the idea of anywhere else doing the same thing.

    You'd need the majority of world governments to pass it simultaneously to make it work. Similarly, you'd need most tech companies to decide they hate that kind of regulation to make it stop. I can't really decide which of the two is the least likely, to be honest...

    1. don't you hate it when you lose your account Silver badge

      Pointless

      Such a ban on main stream products will just mean a shift to smaller services coming along that the crooks and pedos will switch to. Whack amole time.

    2. Anonymous Coward
      Anonymous Coward

      "and suddenly WhatsApp, FaceBook, Instagram, Twitter, Signal and Telegram are unavailable in the UK"

      An upside for some.

  7. Anonymous Coward
    Anonymous Coward

    Once more with feeling....

    ......backdoors don't make any difference if people ENCRYPT MESSAGES BEFORE THEIR MESSAGES ENTER A PUBLIC CHANNEL.

    *

    The spooks are welcome to extract this sort of encrypted message from their backdoor du jour:

    *

    19PD1d7y0Tea1k6n0AC21c2p0IsU0KMy1MLC0Znk

    0SFi1BVb12uD0wdX0G8j0U1w0xMQ1DR51esn0vsS

    0y7W0tzY1Nev1ZlP0r3q0uef0Q1b0hQA0pRY13nJ

    1JZz0B$U12561YYy0Mhg1U9b1X6I0oGj0GLZ13vj

    0AnB0bFO1YT51Ide0RKc0mPj1Ocz0UKL1LR$0ZhT

    0bOF1MwO14f$1Ras1kSh1dWP0aHR1BJ71X$g1acw

    1DK811mi0jtx07Iq0zfI0AYk0ytJ1UcO0Et21MS9

    1Hs90Z800iDV0tId1S$d1cAb0hZH038$0JhI1G14

    0JXH0XTs00zG04L=1ETk0nzx1lYg18W6052D1TOO

    1AXp0kVW133g0yJn188A0kAz1Uar

    *

    How hard is this to understand?

    1. terrythetech
      Big Brother

      Re: Once more with feeling....

      And how many people will even know how. let alone why they should care :(

      I've emailed all my contacts (I don't do social media) urging them to sign and pass it on with a link to this article and a brief description of why we should care, as most of them don't even know about this let alone the implications.

      1. eionmac

        Re: Once more with feeling....

        Very few care.

      2. Anonymous Coward
        Anonymous Coward

        Re: Once more with feeling....

        "I've emailed all my contacts"

        Now they join you as being under suspicion.

    2. Anonymous Coward
      Anonymous Coward

      Re: Once more with feeling....

      Anonymous due relations with a controlled regime. Documents encrypted with Backdoors just means a shift by criminal operators to other means. keys not kept on the device, and then sent via encrypted services are probably not readable, but you can be compelled to divulge the key or face consequences.

      All depends on 'them' being interested in you beforehand, or if automatic means cannot read, it may enable you as the needle to be visible in the haystack. Most 'crime' other than ideological crime (e.g. Pakistani guy's revelation of atomic bomb stuff to Iran) is done for 'money' or 'money's worth', selling of pictures, videos, drugs or bodies etc., thus starting with cash flows is always a better way to solve things.

      Distributed cash flows in Bitcoin etc. is then more relevant. Communication by distributed means can also be done. Then investigation is back to start for 'real criminals' but other folk are followed in controlled regime fashion. Net gain to authorities is little at very much effort. As in the major very controlled regime at present; folk find ways around it for their thoughts, while it 'suppresses' mass out breaks of rebellious thoughts, it does not stop the small groups. But regime's cost in manpower/ capital and technology is immense (probably greater that the NHS {National Health Service} cost in UK as a proportion of GDP).

  8. Giles C Silver badge

    Signed it, no 456

  9. scrubber

    Sssshhhhhhh.....

    The sooner we outlaw whispering the better.

  10. scrubber

    Sign it...

    ...and make yourself a person if interest to the authorities.

    1. eionmac

      Re: Sign it...

      .and make yourself a person OF interest to the authorities. (corrected it.)

  11. Anonymous Coward
    Anonymous Coward

    How it actually works

    > the French man-in-the-middle'd an Encrochat server. From there police deployed malicious updates across the Encrochat network to dump unencrypted images of users' handsets back to servers they controlled, bypassing encryption altogether by simply reading off chats direct from user endpoints.

    That is how. They do the same thing with the rather more popular and equally E2E encrypted Whatsapp. They are detain you and confiscate your phone, which is then imaged and the plain text message archive extracted from it, or they send you a nasty in one of various ways at their disposal and discreetly exfiltrate the data.

    The only possible rational explanation for wanting to ban encryption is wanting to conduct mass surveillance, in spite of that being illegal. Until now, the only thing that differentiated us from the old iron curtain states was that liberal democracies did, by and large, refrain from breaking their own laws: spying was illegal in the iron curtain states too, which is why they had to do it more or less surreptitiously. It was their habit of doing it en masse anyway that set them apart from most of the West.

    1. onemark03 Bronze badge

      spying

      Yep.

      The Stasi were champions at this, sometimes outdoing even the KGB.

      I shudder to think what they would have got up to had the Wall not fallen and former East Germany got its hands on the surveillance technology that exists today.

      1. Ken Hagan Gold badge

        Re: spying

        No need to shudder. Just look East.

        1. Anonymous Coward
          Anonymous Coward

          Re: spying

          East from where? Japan?

  12. Anonymous Coward
    Anonymous Coward

    Offshore banking surge?

    Domestic banks not secure enough?

    Bank offshore, encryption and privacy.

  13. needmorehare
    Facepalm

    Backdoors are already present

    Mobile phone cloud backups are not encrypted with a key that we define and services like WhatsApp back up all conversation data using these cloud backups anyway. In addition to that, the Regulation of Investigatory Powers Act allows the cops to lock people up who refuse to make intelligible any data they collect through the use of a warrant,

    So why do they feel the need to ask for more backdoors? I sense this is part of yet another psyop intended to convince the masses that the government can't easily dip in on our stuff through the equivalent of PRISM.

  14. Majikthise

    Signed

    It's at least a way to educate MPs that a problem exists - so if anyone does sign it, might as well fire off an email to your MP to tell them.

    Yes, I know MPs have no technical knowledge but bear in mind that - with honourable exceptions - most of them (and definitely most ministers or shadows) don't know much about any of the topics they actual deal with.

  15. IWVC
    Big Brother

    What about the future use?

    One of the major issues with this and other similar legislation brought in for police / security reasons is what happens when those responsible for bringing it in realise that it has cost a fortune to set up and / or run and is not actually producing anything near the benefits it was claimed to bring. So then the system is opened up for other Government or quasi government organisation to use “to maximise benefits”. So next thing the Tax authorities get permission to use the snooping facility and staff to root out suspected tax dodging builders, plumbers, car mechanics etc. who prefer to deal occasionally in cash and maybe avoid VAT payments (whether they are using encrypted correspondence or not). As a customer on their contact list suddenly all your correspondence is being monitored as well. Think about CCTV as a parallel. They were initially brought in to make people feel secure by acting as a deterrent or means to solve crime. In practice a current part of their use is for catching motorists who commit the cardinal sin of stopping for a few seconds in a prohibited area to drop off or pick up a passenger or goods without causing any delay to other road users or danger to pedestrians and other relatively minor traffic parking offences. These cameras are operated by staff from private companies with little training other than “if you see a car on a yellow line or in a bus or cycle lane report it” and nothing is taken into account of what the actual effects are on other road users or mitigating circumstances. They also have access to DVLA systems to trace vehicles from registration numbers. Other “security” legal provisions such as RIPA have allegedly been used in the past by Councils to inspect domestic waste to ensure it is in the right recycle bin, follow dog walkers to check they are clearing up properly etc. etc. That may have been reeled in somewhat now but officialdom will continue to look for opportunities to make their lives easier. By requesting powers to set up back doors into mainline encrypted services the powers that be are presumably already confident that they have the right to read all other non encrypted stuff. Or are they saying that only criminals and terrorists use encrypted correspondence and therefore need to be monitored? Think on – it is 5 years down the line we basically honest citizens need to be worried about.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021