Keep up the good work!
Back in October, a call by spy agencies to weaken end-to-end encryption "because of the children" provoked a bit of analysis on how many times UK Home Secretaries had banged the same drum. All of them, it turned out. All of the time. The argument is a bit beyond Priti Patel, alas, as she ran the threadbare rag up the flagpole …
Is it wrong to extrapolate the technical and scientific knowledge of the criminal fraternity to the digital domain? I mean, we've been using fingerprints for over 100 years and criminals know this - do they wear gloves all the time now? Did they know that you can lift a print off the inside of the latex glove they wore believing it would stop the forensics? What about DNA evidence? Smart water? Forensic accounting? Gun shot residue? Ballistics matching? A thousand and one methods of proving that a particular person or persons were at a crime scene the same time as the victim was with margins of chance down to the realm of one in a hundred billion... Do the criminals employ biologists, chemists, physicists etc to avoid detection? After all this time, surely they've gone and got themselves degrees in all the sciences in order to understand and avoid the myriad ways they can get caught?
Nah. As you say, simple to set up, simple to use, on the surface the technology made enough sense to the lay person, no thinking required. And that's why it worked.
This is of course the same home secretary who, looking for a "solution" to migrant boats, publicly suggested using "wave machines" to stop them. In the sea. Which would require an unfeasable amount of energy to even cause the boats to bob up and down a slight bit more. She probably got the idea from some swimming pool and imagined it would scale easily.
Safe to say technology and maths are not among her strong points, which seem to be limited to xenophobia and cruelty.
"home secretary who, looking for a "solution" to migrant boats"
To be fair she is dealing with a border force that asked the French for permission to send a boat into French waters to help a slow moving migrant boat that was in no trouble nor distress. When you cant even trust your own border agency to do their job an automated solution might sound better.
Yeah, it's all fine and good having a humanitarian mindset, but imagine those are Russian spies bringing nerve gas and explosives across the water and you can imagine why having boats deliberately avoiding customs and passport control is a problem.
As opposed to, for instance, Russian agents bringing nerve toxins into the country on board scheduled international flights. You know, like they actually did.
But of course, demonising people fleeing wars (that we almost certainly contributed to by being one of the world's largest sellers of bombs'n'guns™) is easier than doing some proper counter-intelligence against a known foreign threat, and it reads a lot better in the gutter press than "people you aren't allowed to know about do things you aren't allowed to know about in order to stop other people you aren't allowed to know about committing crimes you aren't allowed to know about against people you probably aren't allowed to know about either". Dumb it down to keep the proles in their place, eh? After all, that has worked for every British government since the same proles got the vote...
And all of this "stop migrant boats" BS completely ignores the fact that almost all of the illegal migrants in the UK have simply stepped off a commercial airline flight.
However that's much less sexy to try to stop. And might actually require a system that counts people in and out, which currently seems Too Hard.
This post has been deleted by a moderator
works, because people are hypocrites and most will vote for 'tough on crime, tough on immigration', but in the meantime, they lament Patel (even though she's beyond lamentable) and they demand 'SOMETHING' be done about those poor Syrian and Kurdish sods and their kids drowning and so sad to see those pix! But hey, suggest we take on board, say, 500,000 Syrian refuges and welcome them with open arms and hearts, uh-uh, FUCK NO!!! - let the frenchies deal with this issue, not in MY backyard!
p.s. for your consolation: we're no worse in the above hypocrisy than any other fat, European nation, THANKS GOD!
And the US is arguably worse, because 1) we're a nation founded on and profiting enormously from immigration (voluntary and forced, and to the detriment of the native population); and 2) we have a ton of space. You could drop a million refugees in the middle of Kansas without encroaching on any existing buildings, much less urban areas.
Of course you wouldn't do that – just deposit people in the middle of Nowhere, US – because they need infrastructure and services, and you want to give people a path to integration, not establish permanent cultural enclaves. (Ethnic neighborhoods in urbanized areas with fluid borders are a plus; ghettos and reservations are not.) But those are just a matter of fungible resources, and the US has a lot of those. Habitable real estate is not fungible, but even with the West's ongoing and permanent water crisis we still have a whole freakin' bunch of that.
Turkey took in, what, 3.5 million Syrian refugees? That would be small potatoes for the US. Sure, transportation logistics would pose some costs, and the infrastructure/services/integration stuff is not trivial. But it could be done.
And meanwhile half the country is spitting mad about a relative handful of brave souls trying to cross the border from Mexico, as if that's some sort of national existential threat. Maybe they're worried the newcomers will be less xenophobic.
It may be an unpopular fact, but the vast majority of British asylum seekers are not fleeing war. If anything, it is a compliment that they should wish to join our country, I just wish their country did not have the humanitarian/economic issues they aim to flee.
It has been pointed out many times, that if you base your immigration/asylum policy on the absolute quantity of refugees who can travel 1000+ miles, with minimal cash, no ID and across several borders, without being caught, the primary result is the obvious one - the only ones likely to achieve this are military age young men (the system is thus chronically sexist AGAINST women and children, who have virtually no hope of managing that feat).
Hence the correlation with social problems, when the Home Office puts young military trained men in a hostel/B&B, bans them from working for 2 years while their application is processed, and gives them £40 per week for "food and sustenance" (it's very tempting to drift into dodgy lines of unofficial trade).
It is an absurd system all around. I'm not opposed to immigrants or asylum on any particular level, but you cannot continue a process that effectively taxes and prevents Australians and Americans becoming British across a multi-year process, while having a 2nd system where refugees arrive and a Human Rights lawyer is given £10-15k in legal aid to represent and appeal for the applicants.
"Russian spies bringing nerve gas and explosives" - really? What decade are you in? What makes you think Putin even gives a shit about Britain?
Yes we've had Russian spies here recently - busy trying to kill a Russian double agent. Yes, completely innocent British people were harmed or killed, but it was hardly an attempt to bring down Britain. Imagine some of Our Brave Lads sneaking into Russia to off some notorious British double agent (unfortunately killing/harming some innocents). What would you call that? An attempt to bring down the Russian government?
Ah yes, a foreign agent, tasked with killing someone on British soil, is very likely to get on a rickety boat, which has a huge likelihood of cap sizing or being intercepted.
It's obviously also the best environment for hiding poison or weapons as of course, you'll be plenty dry wearing those 10 layers of clothing.... Don't want to get cold as you drown, after all!
I bet you also think real crims tell the good guys their whole wicked plan before killing them?
No surprise you lack compassion, but you also haven't thought it through.
What was the alternative? Wait and watch until they reach British waters, or capsize? Either scenario resulting in the same outcome as picking then up immediately?
What exactly do you think "their job" is?
Anyway, you won't have to worry. Once brexit starts to bite, the immigrants will not want to come here.
"No surprise you lack compassion, but you also haven't thought it through."
I dont want people drowning in the Channel trying to reach Britain. As far as I am aware that is compassionate.
"What was the alternative?"
Illegals out in the water, French waters, it is the job of the French (the UK pay them to do this) to collect them and take them back.
"Wait and watch until they reach British waters, or capsize?"
There wasnt any difficulty, it was just slow moving. By making it easier to cross and even helping them cross makes it more enticing to try and cross which causes more people to drown. Idiots are buying swimming gear and being found washed up. Remove the safety net and less people want to risk the extremely dangerous crossing.
"What exactly do you think "their job" is?"
Considering they actually stated to the French that what they were doing was illegal and needed their permission I doubt the action is part of their job description.
"Anyway, you won't have to worry. Once brexit starts to bite, the immigrants will not want to come here."
I hear this occasionally (less and less as the propaganda doom fails to occur) but see no evidence of it.
"Anyway, you won't have to worry. Once Brexit starts to bite, the immigrants will not want to come here."
I hear this occasionally (less and less as the propaganda doom fails to occur) but see no evidence of it.
Oddly, I see it more and more. The results of the predictions (not propaganda) have been slow in occurring for several reasons. Obviously, Covid is the biggest reason but the various extensions have stretched it out as well.
Who would have guessed that the people in Northern Ireland would be the first to get really stroppy because they can't get their Walls sausages?
I was having a conversation with a logistics manager of a haulage firm just yesterday evening. Apparently a large number of haulage firms are raising wages just to keep the drivers they have. Likely due to a whole mix of circumstances, many foreign drivers are returning home and older ones are retiring. Both Covid and the excessive paperwork / immigration checks introduced by Brexit were fingered as being contributors.
I'm not particularly well read on the subject and the above is just one single anecdote, so take that with a pinch of salt. But it does seem to be an indicator that effects are definitely being felt.
"Who would have guessed that the people in Northern Ireland would be the first to get really stroppy because they can't get their Walls sausages?"
Pretty much anyone looking at the 'deal' which was as dumb as can be. The good news is the UK is unilaterally delaying implementing the border because the EU wants empty shelves in NI. Basically just scum.
Just wait until the EU rules on medicine kick in. I cant imagine NI being happy about that since not being under those rules is why they got vaccinated while ROI could only watch.
"The results of the predictions (not propaganda) have been slow in occurring for several reasons"
FUD and bull being a big part of it. Thankfully we left just in time otherwise the EU covid stupidity would have hit the UK too!
As you know, we didn't have to join in the EU vaccine scheme. As it was, we didn't - procurement started before brexit had taken effect.
The EU rules are not new, they aren't a surprise. They apply to all outside the single market / customs union. We left the club - we can't expect to be treated as if we are still members.
Don't make it seem like the EU is applying petty rules to us. As I've said before, you're intelligent, and you know this already.
"As you know, we didn't have to join in the EU vaccine scheme."
Its amazing isnt it. Not one member decided to go their own way, not a single member of the EU went their own way and were instead coerced into the EU 'in it together' vaccine procurement. With people boasting the UK would be left behind for not joining it. Even after it went tits up ROI being told by the EU they cannot go get some from the UK. The stomping of feet by the EU when finally countries turned to Russia and China. The EU twerp tweeting the EU doesnt need any from the Russians and the Russians replying that they want to know if thats the official line and they wont ramp up for EU production.
"The EU rules are not new, they aren't a surprise"
If you mean the rules on medicine it will be a surprise. NI will be left behind as UK approved drugs wont be allowed without EU approval. We saw how fast that is during a pandemic (EU president comparing their supertanker to the UK speedboat)!
"We left the club - we can't expect to be treated as if we are still members."
Eh what has this to do with my comment?
"Don't make it seem like the EU is applying petty rules to us"
They do but they are petty however what has that to do with what I posted?
The excellent Scott Manley of Youtube fame actually explains how to do what Rep. Gohmert was wittering on about, and indeed gives several different possible yet practical mechanisms to achieve this. The bad news for Rep. Gohmert is that it would take a lot of effort (literally) and tens if not hundreds of millions of years to succeed.
Instead of trusting an encryption/-ed app alone, add another layer by using an air-gapped offline PGP box either end. Bit of a faff, but worth it compared to a decade in the clink, no?
Things could be streamlined fairly simply too, such as using something akin to acoustic coupling to transfer messages, or a USB stick for heavy loads.
> Things could be streamlined fairly simply too, such as using something akin to acoustic coupling to transfer messages, or a USB stick for heavy loads.
You've streamlined the wrong end.
Encrypted message transfer (the bit you've just done) is easy. The hard bit is they key exchange - the issue with using OTT PGP has always been that first bit: if the feds manage to give you their key in place of ShadyBryan's then you're fucked.
- Sure, you think, just post the key (or it's fingerprint) - except the mail gets intercepted.
- So you go for in-person exchanges, except you're now both in the same place... even if you don't get nicked, it's not terribly convenient
Essentially, either you have to expose yourself to risk of interception (by exchanging online, or in some other middle of the road way), or you have to have physical interactions with your, err, acquaintances. Either one is open to exploitation (in different ways) by the sort of people who might be interesting in your criminal mis-doings.
The more popular/convenient solutions all abstract key-exchange away from the user to some extent, which is nice and convenient but leave open the risk of it being quietly subverted. With something like OTR, you're supposed to verify fingerprints, but a lot of people don't bother. That complacency leads to mistakes, which is a prime opportunity for law enforcement (and much, much easier to achieve than breaking encryption).
FWIW I previously created a PGP encrypted chat protocol that uses DNS as a transport - it nicely mixes in with existing DNS traffic, making it hard to spot without prior knowledge. But, key exchange remains an issue.
Quote: "....either you have to expose yourself to risk of interception.... or you have to have physical interactions with your.... acquaintances..."
Didn't Diffie and Hellman show (in 1976) that key sharing is possible in a way that the key is secure, even if the exchange transactions are completely compromised?
So the proposed "either...or" in the quote is a false dichotomy.
Of course Diffie-Hellman is fiddly..........but secret key exchange IS possible!
They did. In this scenario you post your colleague an empty box, they return it locked with their padlock, you return it locked with your padlock and theirs, they remove their padlock and return it with yours still intact, you put your secret key in and send it back? Something like that? (Can't remember exactly how it works but I know this allegory was the only thing that stuck in my head!)
In the phsyical world, you've opened yourself up to compromise multiple times with Diffie Hellman.
No, the box contains your key from the start. Initially locked with your key, then when you know their padlock is on you can remove yours and allow them to get your key!
So three journeys where your box is in transit and, depending on the padlocks, at risk.
> So the proposed "either...or" in the quote is a false dichotomy.
Fair point, but:
> Of course Diffie-Hellman is fiddly..........but secret key exchange IS possible!
It's all the more fiddly if you start adding in the air-gapped systems that OP was referring to.
Not impossible, but also enough effort that it's not really workable (complexity engenders risk and all that)
Of course it's possible. Secret key exchange happens billions of times every day, just for HTTPS.
Key exchange tells you nothing about who the participants are. Authentication is the really hard problem.
Key exchange is still a hard problem, just not as hard as authentication. The algorithms, such as RSA Kx, discrete and ECC ADH, etc, are pretty simple. Getting the protocols and implementations right is hard, as we've seen time and time and time again. Some of the primitives, such as crypto-strong pseudorandom numbers and constant-time arithmetic, are hard. Cryptosystems often incorporate some simple primitives, but on the whole they either aren't easy or aren't strong. That's why we have a large and complex body of theory and formal analysis around them, with things like the Random Oracle Model.
- Sure, you think, just post the key (or it's fingerprint) - except the mail gets intercepted.
The whole point of PK encryption is that it *doesn't matter* if the public key gets intercepted. In fact the normal method is to post your public key to a public forum that everyone can see, which prevents your key being substituted by someone else's public key. You can then check the public forum to ensure that your key has not been replaced by an impersonator.
Of course, no form of encryption guards against being duped by someone who is pretending *from the outset* to be a good guy but is in fact a criminal, or vice-versa.
> The whole point of PK encryption is that it *doesn't matter* if the public key gets intercepted.
Ahh, but it does.
As with OP, you're thinking of the wrong end.
You're right in that them intercepting the public key doesn't now mean they can decrypt message encrypted with it. But, they can substitute your PK for their PK and the other end will now be sending messages that they _can_ decrypt (and can then re-encrypt with your key to send onto you).
> In fact the normal method is to post your public key to a public forum that everyone can see, which prevents your key being substituted by someone else's public key.
It does indeed, but it also provides another path of attribution that can lead back to you. Your interactions with that public forum have to be pristinely clean, otherwise anything that links you personally to the post also links you to the key that the authorities are interested in.
It also means that you're only really moving your point of trust - has the place you've published been compromised? You could post to two places instead, but you've just doubled your potential exposure.
This headache is part of why the web-of-trust was developed - Alice trusts Bob and sign's Bob's key, Carol doesn't know Bob, but trusts Alice, therefore trust's Bob's key - that (of course) has it's own set of issues.
Not so much the "wrong end" as the wrong aspect. Key exchange does not imply authentication; there's nothing to tie an ADH exchange, say, or an RSA private key to an entity.
There are protocols for identity-based key generation which are quite interesting in theory and might be workable in practice. Matt Green has a blog post about some of them. Of course what they're doing is deriving key entropy from evidence of identity, so you're shifting trust from some other authentication protocol to that set of evidence; whether that helps depends on your threat model.
Signal uses a combination of a phone number and something-you-know token (a "PIN", ugh) for authentication. The authentication proposition there is the assumptions that the account was created by the rightful owner of that phone number, and the phone number corresponds to the entity you want to communicate with. Those are decent assumptions under some reasonable threat models. They don't work for all use cases, obviously.
The PGP Web of Trust is an attempt to use non-mechanical channels for offline authentication that could subsequently be used for online authentication. In most use cases it doesn't scale, though it could have been employed more widely. For example, banks and other businesses could offer in-person WoT key exchanges for customers willing to stop by a retail branch office. But PGP was never deployed widely enough to make that useful.
I tend to think the "think of the children" argument for breakable encryption is a red herring. The politicians pushing this are trying to appeal to our emotions to cover up what they really want. I believe that is not about snooping in on the baddies, but snooping in on the private citizens. As the article points out, the big criminal organizations are smart enough to avoid breakable encryption. They can easily fund and create their own unbreakable encryption. We don't have such expertise. I've always believed breakable encryption was to so that the governments can spy on us.
Maybe less a red herring than the thin end of the wedge. The methods in the article for catching criminals work against *organized* crime. Backdoored encryption is (maybe) needed for acting against *dispersed* crime such as child-p)rnography. The dragnet will pull in more than just criminals, but as noted the people in favor of the backdoors are not very bright.
Indeed. Per title, "strong encryption puts crims behind bars, so why do politicos hate it": because the holy grail is the ability to snoop on anyone, any time, anywhere. That is and will always be far more important than targetting actual crims 'now'.
For example, some current teenagers or pre-teens will become the Julian Assange / Peter Tatchell / Chelsea Manning of 2035 and some people in power (by no means just the government) would love to have a decade or more of their electronic history to browse through, selectively present to the public, and hang them with. Think of last week's 'scandal' of an England cricketer dropped from the team for one offensive tweet sent years ago when he was a dumb teenager, then magnify. (Mr Orwell had an apposite phrase about boots and faces, I believe)
Encryption is easy to spot because it's encryption so people decrypt it - but if it's not encrypted the AI is much less likely to spot it - for example:
Leave Eastern Trains Sometime Dick Under Many Pumps Before Ordinary Risks Invest Simple Innocence Never Treated Heavily Even There Ordinary Incase Lovers Excite Themselves.
I've used capital letters to help the average reader figure it out but normally they would also be part of the "encryption" - would AI even bother looking at this? The icon indicates that the encoded statement is just a joke, not a threat.
Look up "steganography" It is not returning, it has never disappeared.
Your example is not very good, because a message containing a word salad that makes no sense would be immediately suspected of having a hidden message.
The modern digital method is to encode conventionally encrypted data into the low bits of (say) audio or video data. The audio or video file still plays perfectly OK, with the low-bit changes just altering the slight random noise that is present in almost all audio or video files. IOW the low-order bits of most (decoded) audio or video data is *already* essentially random, so changing one random bit-pattern to a different seemingly random pattern is not detectable (without access to either the original unchanged audio or video or the decryption key for the encoded encrypted data). You cannot see or hear any difference in the audio/video of the carrier data, so nothing to flag it as containing steganographic data.
The downside is that it requires many times the data size of the hidden encrypted data - but as both storage and bandwidth become bigger and cheaper, this is becoming less of a disadvantage.
A camera pointed at an ever-varying scene (say, the area around your front door, with plants moving gently in the the wind) would be a good source of background data for steganography... which means a surveillance camera could be useful for transmitting hidden messages under the nose of state surveillance :-)
A camera pointed at even a completely static scene such as a wall will have enough noise in the low-order bit (LSb) to make any steganographic data in that bit undetectable. But a camera showing a very low-light scene will have much much more noise - which allows a few more low-order bits to be used without the possibility of detection, making the data overhead a lot less. Basically, the noisier the source material, the greater the amount of steganographic data can be encoded into it without becoming detectable. A 16 bit audio file of a weak high-bandwidth shortwave radio station could have its low-order 8 bits replaced without any detectable change to the audio content - thus making the total data only twice the size of the hidden message.
The only thing to be aware of is that the original source must not either go into overload (e.g. clipped audio waveforms or saturated white video frames) or have periods of completely null data (e.g. completely silent intervals in an audio stream or completely black video frames). In both cases the data becomes a string of 0x00 or 0xFF and changes to the low order bits will stick out like the proverbial dog's wotsits. Of course, a steganography program could automatically skip data words consisting of all 0's or all 1's.
Are you aware of the Bazalgette sewer system in London? Some of its sewers really are quite impressively large constructions, and are certainly large enough to flush away even the most odious of foul wastes!
Sadly, Bazalgette's engineering masterpiece was designed for an era when massive lying turds had no chance of become prime minister. How about you shove Boris into those sewers - IIUC one's conveniently close to Downing Street - and see how you get on? Thanks.
"...your Aunty Heather does as she goes online shopping, only with more guns, drugs, and fraud."
I have one. She loves online shopping. I didn't need to do much talking to convince her to start using a PAYG credit card instead of her actual card for all her online transactions. Her real data got snagged, her card used to buy a bunch of stuff on "the dark web", and she had to go round & round with her bank for a few months before they would agree to refund the stolen funds. I explained the benefits of using a PAYG card, she sat bolt upright & shouted "That's brilliant!", and has been doing so ever since.
Sometimes ElReg is so true it's almost scary. =-)p
As far as the ruling class is concerned, we peons are all criminals. They want to block off all ways we could get together and decide to do something to remind them what the term "public servant" actually means. If they can sniff out all talk of organising against the ruling class then all they need to do is lock up the instigators and carry on fleecing the public purse to feather their nests undisturbed.
I don't know about other nations but the UK went down the wrong track with its well-meaning but disastrously framed legislation concerning indecent images of children (IIoC). I refer to The Protection of Children Act 1978 and the Criminal Justice Act 1988. Visit Free law essays for detail.
The legislation concentrates on "making" IIoC. The term is misleading because it refers to receiving images on a computing device with their retention in transient or permanent memory rather than being originator of the images. Thus press reports of someone convicted of making IIoC, the haul often large, are read as meaning the offender took the original photos/videos (or perhaps paid another to do so). Everyone sighs with relief when another dangerous predator on children is put away. Huge resources are spent on supervising offenders in the community regardless of whether there is evidence of originating IIoC or encouraging others.
There is analogy to curbing trade in illicit drugs. It is relatively easy to catch 'users' and low level distributors but difficult to trace importers and manufacturers. It is the latter two in need of arrest if impact on the trade is to be achieved. Police forces gain easy brownie points by picking up 'users'. Each 'user' punished somehow makes for a better society.
It appears safe to assume most people engaged in 'making', i.e. downloading, IIoC are merely voyeurs. Moreover, it may further be assumed, in absence of evidence otherwise, that most IIoC have been in circulation a long while. That is not to say that voyeurism is acceptable but rather to place it in perspective.
As for illicit drugs, one must get at the roots rather than cut the branches. Regarding IIoC it is clear that genuine manufacturers of IIoC are in direct contact with children and may do far greater harm than, say, simple pictures of nudity suggest.
Realistically, voyeurism on global scale is an intractable problem and won't go away. Maybe a lid should be kept on voyeurism but most effort ought go into rescuing children recently abused and preventing abuse of others. Obviously the Internet is nowadays a major channel for bringing abusers and children together. Targeted use of resource, instead of present scattergun approach, is necessary. Identifying abusers and the abused requires locating physical people rather than just their digital presence. That is where conventional policing is essential. Technical solutions such as circumventing encryption are but hot air promulgated by simple minded politicians.
Maybe what's wanted is not to arrest voyeurs but to have a file of "dirt" on key individuals which can be brought to bear at key moments. In the meantime some non-key voyeurs can be prosecuted to keep up appearances, statistics, and funding. One problem I see with police work is that they are bound to have unscrupulous personnel just like every other walk of life. But the police observe at close hand all the criminal ways, the temptation must be very great to try out some of those ways. All the better if you can get legislators to approve them. The problem is less that the politicians are simple minded (many are), but that the politicians think their voters are simple minded (most are). It's very hard to tell where simple-mindedness stops and prevarication starts.
It would be great if El Reg could have a second tinfoil hat icon to superimpose over one of the other primary icons. I would use it pretty much all the time.
I've long assumed that the idea is to have a file of dirt on all individuals in case they turn out to be "key" to something the government (or its associates) don't like. Then if, for example, you attend a protest and are spotted by the Forward Intelligence Teams, they'll have something to add to your "biography" as well as your presence at the protest. Per terabyte of storage, that's about 15k per person in the UK.
A visit to the STASI museum, housed in the former STASI headquarters in East Berlin is very elucidatory on where this line of thinking leads. I've recommended visiting it before in the comments on this site, and I'm doing so again.
I can't recall the exact figures, but I think it was something like one in six people in East Germany who ended up working directly, or indirectly (as an informer) for the STASI. That level of surveillance leaves signs that are visible from space...
It's not "just voyeurism" though. Every indecent image of a child is the product of child abuse.
It's not the same as looking at images of consenting adults.
The "I only wanted to look at the images, not abuse a child" excuse doesn't work in court, and it shouldn't work here, either.
I beg to differ (regardless of my extremely negative opinion about her and her post). The last week's action was only, or most likely successful, not because the evil-doers (thank you George!) used strong, (supposedly) un-compromised encrypted messaging system, such as, say, signal, but because they decided they wanted a bit more 'privacy' from the mainstream, and went for the (supposedly) un-compromised evil-doer-cooked (not! ;) encrypted messaging system. So yeah, her argument (from the viewpoint she represents, not that I share this sentiment) is still valid, i.e. TRULY uncompromised encrypted systems make it hard-er to track the evil-doers, and sadly, for lack of alternatives, they will move on to use signal, thus giving Patel and others even more incentive to argue such systems should and MUST include back/side door for the law enforcement agencies. I'm afraid this will happen, sooner or later, if Uncle Sam puts enough pressure to choke their funding. And the noose is already tightening elsewhere, according to wikipedia:
In early 2018, Google App Engine made an internal change to stop domain fronting for all countries. Due to this issue, Signal made a public change to use Amazon CloudFront for domain fronting. However, AWS also announced that they would be making changes to their service to prevent domain fronting. As a result, Signal said that they would start investigating new methods/approaches. Signal switched from AWS back to Google in April 2019.
In January 2021, Iran removed the app from app stores, and blocked Signal. Signal was later blocked by China in March 2021.
So, in short, Patels of the world - unite! :(
What puzzled me about this story was advertising that it had been done by selling a compromised "encryption" system to the criminals.
The fact that the Nazi Enigma code had been broken at Bletchley Park by Alan Turing and was kept a Secret long after WWII. (1970s?)
I gather the reason for this was that were selling it to (both friendly and hostile) governments of "developing" countries around the World.
During WWII, the allies had to be very careful not to reveal the fact that they had broken the Enigma cipher, to the extent that they had to pick and choose which information to act upon, which could plausibly have been obtained via other means.
This was because WWII was an ongoing war, and they couldn't just go out and arrest Hitler.
After the Nazis were defeated, the fact that we had broken the enigma system was kept a secret, because the techniques used were themselves secret.
The An0m system was, on the other hand, designed to gather intelligence on criminals so that they could be identified, and arrested en-masse. There was nothing inherently secret about the techniques used, which was basically just tricking a bunch of crims into using back-doored hardware. Once they swooped in and arrested all the targets, it would have been obvious that the hardware was back-doored, as this would have formed part of the evidence in court.
Biting the hand that feeds IT © 1998–2021