back to article UK.gov is launching an anti-Facebook encryption push. Don't think of the children: Think of the nuances and edge cases instead

The British government is preparing to launch a full-scale policy assault against Facebook as the company gears up to introduce end-to-end encryption across all of its services. Yet the backlash has already begun, showing that officials face a tooth-and-nail fight against their attempt to derail the rollout of end-to-end …

  1. A Non e-mouse Silver badge

    potential child sex abuse offenders on Facebook

    Isn't everyone who isn't a sex offender a potential sex offender?

    1. codejunky Silver badge

      @A Non e-mouse

      Every non-criminal has the potential to be criminal. This is where people had rights to be judged when they broke the law, instead of the powers that be acting as big brother and hoping to find anything and everything to use against the people

      1. Arthur the cat Silver badge

        Re: @A Non e-mouse

        hoping to find anything and everything to use against the people

        If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.

        Supposedly Cardinal Richlieu.

    2. Andy The Hat Silver badge

      Welcome to the world of political spin ... Word it as vaguely as possible to make it sound as bad as possible to get away with as much state surveillance as possible whilst still insiting that free speech, pricacy and data security are "their" main concerns. Be it e2ee, mass surveillance or selling medical data to the highest bidder, it all comes down to states making sure their free populous are toeing the line and making the lives of the incumbunt powers-that-be as comfortable as possible.

    3. Anonymous Coward
      Big Brother

      Guilty until proven innocent

      It is the attitude of police, intelligence services, and governments around the globe.

      Anyone who wants any privacy must have something to hide.

      1. jason_derp

        Re: Guilty until proven innocent

        I do have things to hide. I wear clothes in public, keep blinds on windows, and don't say everything that pops into my head. Hiding things is literally the most socially normative thing, and it's universal across all cultures and time periods. Pretending otherwise is absurd. It begins to sound like ducks <=> witches if you actually talk through the "...if you have nothing to hide..." logic that governments use.

    4. martyn.hare
      Thumb Up

      Now they’re very afraid

      See, there used to be a system called BT Cleanfeed which would intercept and mess with peoples internet connections, relying on the fact that there was plaintext HTTP in use to discriminates between safe and unsafe URLs. When HTTPS came out, that had to change to IP blocking instead. But then came the cloud, so that had to change to hostname interception instead. But along came TLS 1.3 with the ability to encrypt the hostname and cert details (encrypted SNI), so they had to start implementing DNS-level checks… so when Mozilla wanted DNS-over-HTTPS, they cried and said how evil Mozilla was… and they lost!

      With private companies now offering end-to-end encryption to further bolster protection against data protection liabilities, the only loopholes left in the end will be based on government surveillance groups attacking the client software, rather than the backend servers themselves. This is a heck of a lot less convenient for mass surveillance programmes while making tailored operations much more expensive. Besides, every week, static analysis tools, fuzzers, sanitisers and many other automated tools detect and assist in the cleanup of bugs to the point where every program crash bug is now given a CVE; that is how good the quality of software is getting.

      Keep calm and carry on rejecting backdoors. We will win!

  2. Marki Mark
    Gimp

    70 per cent would be "lost" if E2E encryption were put in place,

    So 70% of child porn is on Facebook?

    1. iron Silver badge

      Logically the correct course of action is not to ban E2EE but ban Facebook instead.

      With the bonus of removing all those far right / anti-vax / flat earth echo chambers!

      1. alain williams Silver badge

        ban facebook

        Logically the correct course of action is not to ban E2EE but ban Facebook instead.

        Part of me is screaming "yes, yes - ban facebook". But that itself would be oppression/control-freakery by government just as much as the CCP is trying to do away with the Uyghur Muslim religion.

        In a free society we have to allow people to do and believe things that we think are wrong or stupid.

        1. Robert Grant Silver badge

          Re: ban facebook

          I agree, and that's why I support your right to think that banning Facebook would end silly opinions.

        2. Charles 9 Silver badge

          Re: ban facebook

          But in doing so, we allow our own undoing as those things we think are wrong or stupid turn out to actually BE wrong or stupid...and then take the rest of us with them.

          So what do you do?

        3. Anonymous Coward
          Anonymous Coward

          Re: ban facebook

          In a free society we have to allow people to do and believe things that we think are wrong or stupid.

          Including, but not limited to murder, theft, human traffic and so on. Am I right?

          1. RegGuy1 Silver badge

            Re: ban facebook

            You missed brexit.

      2. TheMeerkat Bronze badge

        “ With the bonus of removing all those far right / anti-vax / flat earth echo chambers”

        People who think like that are the same people who allowed Nazi and Communist dictators to come to power.

        1. Hubert Cumberdale Silver badge

          BZZZZT: Godwin!

      3. Nafesy

        Disabled my account about a year ago and feeling much better for it. Amazing people still think it's a good idea.... but maybe I'm just in my own little happy echo chamber

        1. Anonymous Coward
          Anonymous Coward

          Welcome to the club. I've been Facebook free for a decade.

          1. Anonymous Coward
            Anonymous Coward

            As someone who has never had a Facebook account, I suspect that there is a me-shaped hole in FB's data that actually has a fairly accurate impression of me-ness in it due to the other people who know me and have Facebook accounts.

            1. Nick Ryan Silver badge

              Yep, all you need is just one contact/friend who has the Facebook app on their phone and Facebook will have harvested all of their contact details, including yours. This will include your name and phone number, and any other information that is recorded against you - address, date of birth and so on. You are not in control of this data harvesting, it's someone else giving your details to Facebook and it only requires a single individual do to this - if there are multiple people with your contact details then it, of course, enhances the data validity.

              So it's a hole with your name and contact details against it. It's rather creepy really, but very simple.

              1. tip pc Silver badge

                How is that different to a credit rating agency who has details in you that you never provided and can’t account for its accuracy?

                1. Nick Ryan Silver badge

                  The data for credit agencies is specifically provided by other organisations - essentially, a cartel which goes along the lines of "you must provide all of this information otherwise we won't provide services for you"). In other words, demanding customer information.

                  The contact data hoover is individuals unwittingly or uncaringly providing information on others, essentially peers providing information on each other.

                2. Anonymous Coward
                  Anonymous Coward

                  I made a payment by Worldpay recently. It didn't work at first, not until I told noscript to enable the Google I-am-not-a-robot sniffer code. Cunts.

              2. aks

                I assume it's governments who collate all of that data, not Facebook and friends although such companies are presumably open to direct big-data mining of this metadata by such governments.

              3. marcellothearcane

                But... why?

                It begs the question: *why* do they want so much data? I don't have a Facebook account, and I've never been contacted by them, and any advertising I've suffered (which is partially Google too) has either been absolutely irrelevant or something I've just looked at - which I don't see why they'd need my details for.

                Is it just that there are some data fetishists at Facebook who collect data for its own sake?

      4. tip pc Silver badge

        “ With the bonus of removing all those far right / anti-vax / flat earth echo chambers!”

        The bonus is just that Facebook wouldn’t exist.

    2. big_D Silver badge

      There must be an awful lot, considering the terabytes of data that were confiscated from a private dark net forum run out of a garden allotment in German a couple years back.

  3. Mike 140

    Sauce for the goose

    So the names of these officials are withheld. Logically = encrypted except for those in the know.

    1. batfink Silver badge

      Re: Sauce for the goose

      Agreed. The British Public should have the right to unencrypt the identity of these briefers/leakers. Won't somebody think of the children?

    2. Swarthy Silver badge
      Big Brother

      Re: Sauce for the goose

      "on condition of anonymity" - Privacy for them, but not for the rest.. That...that's pretty on-brand actually.

    3. Cav Bronze badge

      Re: Sauce for the goose

      So you don't want anyone to talk to the press and make information available? Because that's exactly what would happen if names were published. You'd be left relying on whistle-blowers who didn't mind their careers ending.

  4. batfink Silver badge

    Yes it is difficult

    Obviously anyone in their right mind would agree with tracking down and prosecuting these child-molesting fuckers.

    However, of course this wouldn't be limited to child abusers. Governments around the world would start to use it against their bogeyman groups. Uighurs in China? Gays in Eastern Europe? Pregnant Texans discussing abortion? Opposition support groups in many African countries?

    So, basically government snooping coming soon to a FB Group near you...

    1. Anonymous Coward
      Anonymous Coward

      Re: Yes it is difficult

      Catholics in N Ireland

      Anybody Irish in England

      Anti-bloodsports campaigners in Britain

      Union members in Britain

      Nuclear Disarmament campaigners in Britain

      Anti-War campaigners in Britain

      Labour party members in England

      Anybody opposing a local council in England

      1. Anonymous Coward
        Anonymous Coward

        Re: Anybody opposing a local council in England

        anybody who MIGHT Anybody oppose a local council in England (with the exception of the UK gov)

      2. Wellyboot Silver badge

        Re: Yes it is difficult

        All but the last group in your list have had national security implications in the not too distant past and as such were/are monitored by the security services due to the very small minority intent on doing actual harm, everyone else in these groups carried on with no impact on their life. - example - being a Communist/Labour activist didn't stop Jack Straw qualifying as a barrister (or bringing in the the R.I.P. 2000 act while he was home secretary*)

        On the other hand local councils performing intrusive investigations into members of the public for 'offences' that only carry a fine is overstepping any reasonable boundary and any investigations arising from councillors personal animosity towards anyone should result in plod taking a serous interest (too often it doesn't).

        *Irony lost on so so many.

    2. Missing Semicolon Silver badge

      Re: Yes it is difficult

      Does anyone remember the number of organisations that could use RIPA?

      It included Local Councils, making sure that you weren't putting rubbish in the recycling, amongst a very long list of unexpected organisations.

      Example: Guardian article

      Aha. Found the list for the IPA

      1. scrubber

        Re: Yes it is difficult

        RIPA: a very loosely worded bill that Tony Blair promised would never be used by anyone outside of its intended anti-terrorism purpose because that would be damaging to the validity of the bill.

        It is now the blueprint for all bills, make them as vague as possible so they can be used by authorities as they see fit later.

        1. Nick Ryan Silver badge

          Re: Yes it is difficult

          Don't forget the obligatory scrutiny-free ministerial overrides and judgements.

          Wouldn't want the legal system or parliament to get in the way of things.

  5. Doctor Syntax Silver badge

    I have no direct involvement with Facebook. Nevertheless before I give anyone, official or otherwise, extolling E2EE a hearing I want to see them publish the following:

    Their name and address.

    Their online banking credentials.

    Any additional ecommerce credentials they may have.

    If they think think those are things that must be kept hidden then they need to realise that I have similar things that need to be kept hidden and that's what E2EE is about.

    1. Sok Puppette

      The word "extoll" means to praise something publicly, at length, with the implication that the person doing the praising wants to promote it to others. Just about the opposite of what I think you're trying to use it to mean...

      1. Doctor Syntax Silver badge

        Quite right. I missed out "banning". Sorry.

  6. David Austin

    "NCMEC generates around 20 million reports of child sexual abuse material"

    That's OK - We can just ignore their screeching minority voices

  7. Anonymous Coward
    Anonymous Coward

    So perhaps Politicians should put their own Houses in order

    and lead by example and publish all of their communications in the open to prove they're not hiding anything?

    1. Anonymous Coward
      Anonymous Coward

      Re: So perhaps Politicians should put their own Houses in order

      Politicians are always exempt from these rules. Look at the snoopers charter that has a tail put on every single one of us, except politicians. I am still waiting on your internet history Alok you unrepresentative expletive. What are you hiding?

      1. Anonymous Coward
        Anonymous Coward

        Re: So perhaps Politicians should put their own Houses in order

        It requires a signature from the PM and secretary of state so opposition politicians are fair game if you happen to have a corrupt party in power, abusing the Met Police for political purposes.

        1. Adrian 4 Silver badge

          Re: So perhaps Politicians should put their own Houses in order

          Hasn't parliament itself already harboured paedophiles, terrorists and mobsters ?

          1. Fruit and Nutcase Silver badge
            Trollface

            Re: So perhaps Politicians should put their own Houses in order

            The difference is they are "Honourable" paedophiles, "Honourable" terrorists and "Honourable" mobsters

  8. BazNav

    What are the police doing now?

    "Around 100,000 individuals are reportedly on the Sex Offenders' Register at any one time, while government officials suggested to the press that potential child sex abuse offenders on Facebook are greatly in excess of that number."

    So the argument is that there are >100K potential sex offenders on Facebook without E2EE and the police are doing little to nothing about it unless they are really bad. If E2EE comes in then all that changes is that the police can't do anything (without a warrant) rather than just choosing not to do anything.

    Or maybe the police are overstating their lack of action to highlight how bad their inability to act would be

    1. fidodogbreath Silver badge

      Re: What are the police doing now?

      So they can't just (continue to) create sock puppet accounts and insinuate themselves into peoples' friend lists?

    2. Anonymous Coward
      Anonymous Coward

      Statistical games

      Of course the 100000 on the Sex Offenders list are only those who have been caught and sentenced, and presumably includes people who didn't offend against children. Suppose we assume 0.5% of people are "potential offenders" and British Facebook users follow that proportion, then of the 42 million, we have 210000 on Facebook, way in excess of the Sex Offenders list. Pushing things a bit further we might project 3 MPs and 4 Peers, but investigations in that direction didn't come out very well.

    3. Hubert Cumberdale Silver badge

      Re: What are the police doing now?

      As an aside, on a point of order, there is no such thing as the "Sex Offenders' Register" in the UK: there are merely people subject to notification requirements under the Sexual Offences Act 2003. I know it's not as catchy for a Daily Mail headline, but it's an important distinction: the UK does not have the same system as much of the US, and this is probably a good thing, as evidence shows it actually makes things worse.*

      *As an aside to the aside, I suggest that any proposed "[$name]'s Law" is by definition a knee-jerk, tabloid-appeasing reaction that will have unintended consequences, and a more nuanced and evidence-based approach will almost always be a better solution to $problem.

  9. julian_n

    More distraction politics from Ms Patel, I think, when she is failing in so many areas and there is rumoured reshuffle coming up.

    1. Zippy´s Sausage Factory

      So long as she's loyal to he-who-must-not-be-named she's not going anywhere.

      1. Julz

        That

        Would be Nyarlathotep.

      2. cyberdemon Silver badge
        Devil

        he-who-must-not-be-named

        Lord Voldemort?

        Emperor Palpatine?

        Michael Howard?

        1. Jonathon Green
          Trollface

          Re: he-who-must-not-be-named

          The New Management.

        2. Anonymous Coward
          Anonymous Coward

          Re: he-who-must-not-be-named

          She who must not be named, better known as Princess Nut-Nuts I think.

      3. Fruit and Nutcase Silver badge
        Big Brother

        Ok, I'll put my head above the parapet

        he-who-must-not-be-named is of course Boris

        Break out the popcorn - there should be at least a couple of downvotes from the Boris fan club -->

        1. Nick Ryan Silver badge

          BoJo was a perfectly reasonable and mockable low quality part time comedy quiz show contestant, or even host.

          However he should absolutely never be put in any position of responsibility whatsoever.

          1. Fruit and Nutcase Silver badge

            Indeed - Cameron was bad enough, then May comes along. Then when you think it can't get any worse BoJo the Clown gets a crack at his ambition to be World King, so starts flag waving. Though he did have the willyflag fixation from earlier when he was Mayor of London - a fact not lost on his IT Tutor

          2. Fruit and Nutcase Silver badge

            This report says he intends to go on and on - let's hope he jumps ship soon to make £££, but as ever, the country will be left to pick up the pieces of his vanity.

            https://www.theguardian.com/politics/2021/sep/11/johnson-aims-to-beat-thatcher-record-with-another-decade-in-power-reports

  10. Yet Another Anonymous coward Silver badge

    There are still terrorists and mobsters?

    I thought the end of pirate VHS videos would have destroyed their funding sources?

    1. Chronos

      Re: There are still terrorists and mobsters?

      It's hookey fags and baccy now. Apparently, if you don't pay the sin tax on your demon weed, a Don gets rich on the 30p or so that the actual product costs. Whoda thunk?

  11. Anonymous Coward
    Anonymous Coward

    FB doesn't need encryption

    There is literally no use for it. FB has access to all data, and are the biggest offenders of harvesting data, so Encryption on FB is only lip service. OR maybe they are trying to get all the perverts onto FB for a false sense of security, or maybe one of those extremists elitist groups that runs the world are looking for new friends... Either way, it's all BS. There is no privacy on the internet.

    1. cyberdemon Silver badge
      Big Brother

      Re: FB doesn't need encryption

      While your post demonstrates a lack of understanding of what "end-to-end encryption" is supposed to mean, I can't help but agree with your skepticism/cynicism..

      Facebook wouldn't be "throwing away" all that valuable data on what people are talking about.

      If the data is encrypted as it passes through Facebook's messaging servers, that doesn't mean it can't be data-mined on-device (Apple style!) for trend analysis, social graph info, advertising impact analysis etc. Saves them a few compute clusters by outsourcing the electricity to your pocket if they do.

      E2EE is kind of irrelevant when you completely control both "ends". Except it gives you a get-out-of-jail-free card (potentially) against government regulation.

      With E2EE, Your data are safe (maybe) from the prying eyes of governments, but NOT from the (even more prying) eyes of Facebook itself.

    2. Warm Braw Silver badge

      Re: FB doesn't need encryption

      I would imagine there's a sufficiently deep sewer of widely-shared plaintext material on FB to keep all the available investigators busy for the rest of their lives without adding to their burden.

  12. Steve Kerr

    Cesspit of criminals, despots & the downright untrustworthy

    That would be a variety of members of parliament & their advisors, lackies & hangers on.

    If this is required, I'm sure our illustrious leaders will lead by example by making sure that all of their communications are freely available unecrypted to anybody requesting it.

    If you have nothing to hide, you have nothing to fear - I'm sure that's ok isn't it? No?

    I'm sure they're mostly there to be serving the country rather than self serving?

    1. fidodogbreath Silver badge

      Re: Cesspit of criminals, despots & the downright untrustworthy

      Basically, Facebook = Mos Eisley + QAnon.

      1. Yet Another Anonymous coward Silver badge

        Re: Cesspit of criminals, despots & the downright untrustworthy

        >Basically, Facebook = Mos Eisley + QAnon.

        Do they have a band ?

        1. Winkypop Silver badge
          Facepalm

          Re: Cesspit of criminals, despots & the downright untrustworthy

          “Do they have a band?”

          OK, now I’ll have the music running through my head all day….

    2. Dan 55 Silver badge

      Re: Cesspit of criminals, despots & the downright untrustworthy

      That would be a variety of members of parliament & their advisors, lackies & hangers on.

      Sorry, that cannot be proven, due to a freak IT problem, the phone wiped itself and was replaced and the Google Drive backup disappeared.

      1. Wellyboot Silver badge

        Re: Cesspit of criminals, despots & the downright untrustworthy

        There is a good argument to be made for 'proof of virtue' before* anyone can stand for public office,

        however that would require legislation and I trust politicos as far as they obviously trust us.

        * but as the maxim says, power corrupts.

  13. Jamie Jones Silver badge
    Thumb Up

    The last quarter of a century, where legislation controlling police searches of digital devices and cloud storage failed to keep pace with technology, is a blip against a long legal and historical tradition that kept police on a short leash when it came to searches and seizures.

    Very much this!

    Remember in the good old days, "terrorists and paedos" were not caught by dragnet wiretapping of everyones phone. We don't have every pub in Britain recording every table conversation.

    Imagine the outcry if the government announced that every letter sent through Royal Mail will be opened, scanned, copied, kept, and scanned for key phrases. ? But why not? Think of the children!

    People seem to accept this stuff in the digital world. Unfortunately, this propaganda TV campaign will be quite successful unless it's countered properly.

    1. Fonant
      Thumb Down

      Worst of all worlds

      The daft thing is that we then end up with the worst-of-all-worlds: nasty people and enemy states will still use encrypted communications while our own population is not allowed to.

    2. Charles 9 Silver badge

      "Imagine the outcry if the government announced that every letter sent through Royal Mail will be opened, scanned, copied, kept, and scanned for key phrases. ? But why not? Think of the children!"

      Um...didn't that actually happen during World War II?

      1. Falmari Silver badge

        @Charles 9 "Um...didn't that actually happen during World War II?"

        No it didn't. Logistics alone would have prevent that. There would not be the man power :- "Royal Mail will be opened, scanned, copied, kept, and scanned for key phrases."

        But they were able to without warrants, do that to mail they suspected. But even those restrictions in peoples rights required a country to be at war and fighting for their very survival. "Think of the children" hardly falls into that category.

  14. Anonymous Coward
    Anonymous Coward

    Hording vulns

    > officials talking to the press raised the spectre of vulnerability disclosure by governments drying up as frustrated law enforcement agencies hoarded vulns for their own use, out of public sight or legal control.

    Translation: "Our police forces are so out of control and lacking transparency that nobody has any idea what they're up to behind closed doors, so they might start doing even more bad things if we don't make life easy for them."

    1. Wellyboot Silver badge

      Re: Hording vulns

      Indeed, under that principle we should never lock our doors!

  15. Chris Hills

    One time pads

    Our mobile phones are now powerful enough that is entirely feasible to use one time pads. All it needs is an app that makes it simple. Unless the phone itself is compromised (avoid android or iOS), it is unbreakable. The downside is you have to exchange them in person which could be difficult if you need to converse with someone a long way away.

    1. jonathan keith

      Re: One time pads

      Surely you could just encrypt the OTP using a prearranged key such as Fuck-U-R0zzer5! and email it to your correspondant, who decrypts first the OTP and then your SMS informing them that you're on your way but you'll be ten minutes late to the pub?

      1. Chris Hills

        Re: One time pads

        Sending the OTP electronically defeats the point of using a OTP. You might as well just use encryption to begin with.

    2. Anonymous Coward
      Big Brother

      Re: One time pads

      Is not even wrong. OTP requires so few computational resources can be done with computer made of cardboard and string. Even if cardboard is wet and string is weak.

      Problem with OTP is distributing the pad as you say. You must be able to do that securely or OTP is useless. So either you meet your friend secretly and exchange pad by some method which does not involve public network ... or you securely encrypt the pad and send it to your friend over public network who then securely decrypts it. But wait wait: if you must do that then you obviously have good encryption program on your phone-computer. Probably it will be nice fancy public key one so you do not have to share a passphrase with your friend. You could ... just use that program to exchange messages instead of the OTP.

      The *only* case where OTP is useful is where you have a completely secret way of exchanging as much data as you will ever want to exchange secretly later: OTP is way of time-shifting the existence of a secret communications channel, is all. Is useful if you are spy and have very secret channel when you are living in big building near Vauxhall bridge with your spy friends but then later, when you are doing secret spy things in far-away countries you do not have secret channel.

      1. G R Goslin

        Re: One time pads

        can't you send your new OTP on the final page of your old OTP? That would only require the creation, by other means, of your initial OTP.

        1. Charles 9 Silver badge

          Re: One time pads

          The catch with OTP is that it's very resource-intensive and logistically daunting. The pad is consumed on a one-to-one basis against your ciphertexts, so it requires a very large pad or an easy means to regularly produce a new one at both ends. This raises the risk of an adversary getting wise to the scheme and eventually coming upon it. Another problem is that it requires perfect synchronization or the message gets lost in transit. An adversary in control of public lines of communication and aware of the use of OTP might intentionally introduce slight losses of data that can throw off that synchronization.

          Basically, there's a reason OTP isn't used except in the most extreme of communication circumstances. Put simply, it's a headache.

        2. SCP

          Re: One time pads

          You can, but it would not be of great value for privacy (assuming you are attempting to send a second OTP that is greater than one page) - see <https://forums.theregister.com/forum/all/2016/08/16/researchers_crack_homomorphic_encryption/#c_2945575>

          In this case Eve would be able to capture both your [encrypted] transmission of OTP2 and your transmissions using OTP2. That allows the possibility that Eve could combine these two transmissions to leave her with a transmission that is repeatedly encrypted with the last page of OTP1 (effectively re-using the page and losing the "one time" nature).

          The complexity for Eve will depend on how the OTP is used - but then you are starting to rely on encryption algorithms and you might be better off skipping the OTP bit and just using a decent algorithm.

      2. Jonathon Green
        Boffin

        Re: One time pads

        Does OTP work if you start with an OTP which is only ever used as a means of sharing other OTPs?

        My (possibly/probably naive) assumption here is that because you are only sending things with a very high level of entropy (basically long sequences of random numbers) with no meaningful clear text and, ((assuming the random number generation is halfway decent) no possible way of getting a knife into a metaphorical crack using frequency analysis or similar, so, as long as you only ever use the initial OTP for distributing further OTPs ((and don’t reuse those) it *should* remain secure…

        1. Charles 9 Silver badge

          Re: One time pads

          But for one snag. OTP is consumed one-to-one with your data. It's a requirement for OTP;s strong data security (defined as the idea that a ciphertext encrypted using a OTP can literally be decoded to anything of that size or smaller). A 4K message requires at least a 4K OTP. This also makes it redundant to use one OTP to send another one: you use up the same amount of pad either way.

  16. FuzzyTheBear
    Mushroom

    load of crud

    the cops are basically saying that they're doing nothing with the 100000 pedos on facebook and they want them not to use e2ee so they can sit still looking at everything while still doing nothing ? .. this is beyond idiotic .. if they know of crimes being committed and do nothing about it then they are responsible for what happens to the children they ( alledgedly ) want to protect . Do your job , take em down , then we'll see about this based on merit.

  17. Anonymous Coward
    Anonymous Coward

    preparing to launch a full-scale policy assault against Facebook

    First, they came for Facebook

    - but I didn't give a shit, because facebook

  18. genghis_uk
    Stop

    "Rather than being proactive, we're told, police forces would end up being reactive, responding to reports instead of proactively patrolling what they see as the digital streets of the modern era."

    This is exactly how they should work otherwise we are in a surveillance state!!

    An online variant of predictive policing is only going to expand.

    1. John Robson Silver badge

      Someone needs to tell Prati Patel that Minority Report is not a documentary.

      1. Yet Another Anonymous coward Silver badge

        Somebody should tell her that the Cthullu Mythos isn't a manifesto

    2. Cav Bronze badge

      No, it isn't the way it should be. Why should we suffer the effects of very serious crime and only mop up afterwards? People always whine about the police and security services not being able to stop terrorist attacks but then do everything they can to make that more difficult.

  19. MrDamage Silver badge

    What fucking bollocks

    > "Rather than being proactive, we're told, police forces would end up being reactive, responding to reports instead of proactively patrolling what they see as the digital streets of the modern era."

    You mean like the proactive policing that replaced foot patrols with thousands of cameras?

    1. JohnMurray

      Re: What fucking bollocks

      "You mean like the proactive policing that replaced foot patrols with thousands of cameras"

      Which didn't do much for the crime figures, but dramatically increased the sale of hoodies..

  20. revenant

    Not convinced

    The ad campaign will run online, in newspapers and on radio stations with the aim of turning public opinion against E2EE

    Given that most of the UK population is very much anti-paedophilia and would be quite happy to see paedophiles dealt with in ways that the law just doesn't allow any more, it seems odd that the Government are going to run a propaganda campaign to persuade the populace that what they want to do needs to be done.

    The only logical conclusion is that they know that the public don't trust their word (a) that removing E2EE is necessary and (b) that they are really thinking of the children.

    My 2p: as the Saville case shows, quite often paedophiles are operating in plain sight and are getting away with it. No need for E2EE if you have a network of well-placed enablers to help out.

    1. Yet Another Anonymous coward Silver badge

      Re: Not convinced

      They were probably too old and highly placed to use computers.

      So the police are being extremely fore-sighted and assuming that the new generation of DJs, TV presenters, politicians, minor royals who will become the paedophiles of the future will be more computer literate.

    2. Cav Bronze badge

      Re: Not convinced

      "No need for E2EE if you have a network of well-placed enablers to help out." which most perverts will not have.

  21. DS999 Silver badge

    How can Facebook be encrypted end to end?

    They can do that for Messenger, but they can't do it for Facebook itself. When you post something on Facebook, it is seen by more than one person. Either you'd have to encrypt 1000 times (meaning 1000 separate copies) if you have 1000 friends who might see your post, or more likely you'd encrypt it once and all your friends would have the same key to decrypt your post.

    Either way I suspect Facebook could slip in a 1001th key, or 1001th copy of the same key. If for no other reason than that's the only way Facebook moderators would be able to do their jobs...

    So law enforcement would still be able to subpoena records and Facebook would still be able to deliver them.

    1. Inkey
      Holmes

      Re: How can Facebook be encrypted end to end?

      Thats what i thought ....well i thought it was just bs...

      A thought did cross my mind though, about the hash functions on CSAM images being incorporated into the encryption algorithm ...such as to make it a massive flag...

      Well i thought if they can encrypt a public forum like fb making CSAM images stand out like glow in the the dark sore thumb would be a walk...

      What is interesting is now that fb trafic is ETEE how the goverment is spaffing ad money to chalange it ...yet when whats app was taken over by fb and claimed to maintain the end to end arrangement not a peep....

      1. Anonymous Coward
        Anonymous Coward

        Re: How can Facebook be encrypted end to end?

        As for whatsapp, remember, anyone working for the government who was savvy enough to know about this, would also be savvy enough to know that the government wouldn't understand the implications.

        Unfortunately, facebook itself was noticed.

      2. big_D Silver badge

        Re: How can Facebook be encrypted end to end?

        Apple wanted to do that (checking CSAM on the iPhone, before it was uploaded to iCloud), that kicked up such a stink about the sanctity of the personal device, that they have put the plans on hold, for now.

        The problem isn't just CSAM, it is, if you start looking for CSAM, why not look for homosexual images for certain Eastern Block countries? Or anti-government posts in China? Or anti-royalist comments in Thailand? Anti-abortion talk in the USA?

        Here, in Germany, the Constitutional Court backs E2EE and the state has to get a search warrant and install the "Staatstrojaner" on suspects devices in order to monitor messenger traffic.

  22. Adrian 4 Silver badge

    Potential abuse

    We have often heard criticisms of laws and the attachment of oversight because 'some future government might abuse them'.

    The current government is that government.

  23. Anonymous Coward
    Anonymous Coward

    you forgot one..

    Anybody considered annoying by someone else

    1. the Jim bloke Silver badge

      ... I really hate those people...

  24. Winkypop Silver badge
    Devil

    Rozzers Vs Facebook

    Invest in pop corn now, avoid the rush!

    1. TimMaher Silver badge
      Windows

      Re: popcorn

      So foresighted @Winkypop.

      My covfefe shipment has now left Rotterdam but is stuck in Dublin awaiting border clearance to be shipped to Belfast.

      After that it needs to be shipped to Anglesey before onward carriage.

      Brexit eh?

  25. big_D Silver badge
    Big Brother

    Lead by example...

    and, presumably, driving home the message that encryption itself is something inherently bad.

    Then all cabinet members communications should be open and transparent. And if encryption is inherently bad, could I suggest they start doing their online banking over http instead of https?

    If that is successful for them, for say 18 months, we can then talk about banning it for everyone...

    No? Didn't think so.

    On the other hand, Germany has been saying that private communication is sacrosanct and should be encrypted. If the law wants to monitor suspects, they need to get a warrant and "tap" the devices of the suspect using approved trojan software, the "Staatstrojaner"

  26. big_D Silver badge

    Not Facebook

    Officials suggested that the greatest threat to child safety from Facebook is that abusers can discover a safe space that normalises the sharing of CSAM and helps encourage depraved newcomers onto the platform.

    I'm not a fan of Facebook and it can curl up and die, for all I care, but this is just stupid.

    From all the recent big busts of paedophile rings that I've heard about, the images were swapped over their own forums on the dark net. The big scandal last year in Germany was a world-wide net run out of an allotment shed, with racks of servers. Those servers didn't belong to Facebook!

    I'm sure some criminals and registered sex offenders are on Facebook. But, a lot of the actual CSAM material seems to be on private forums, from what I've seen in the news.

    1. JohnMurray

      Re: Not Facebook

      "I'm sure some criminals and registered sex offenders are on Facebook. But, a lot of the actual CSAM material seems to be on private forums, from what I've seen in the news."

      ....or on the House of Commons intranet....

  27. PRL

    End-to-End

    The way the terminology is used is a bit rubbish - I mean all encryption in transit has 2 ends and all VPN tunnels or transports have 2+ endpoints.

    The only distinction is whether both ends are on users own devices or one end is controlled by a [social media] company.

    Whenever governments or TLAs talk about this it always comes across as wanting all the benefits of VPNs for themselves just not in the hands of civilians.

    It's silly as the you can demonstrate methods purely on paper so they ultimately arrive at defending a position where you say a particular branch or application of maths is not allowed, or at least "when you do this type of maths on a computer you have to let us see all your working on demand or else it's unlawful".

    Besides I thought the various authorities has already decided they would have legally backed rights to gain access to data on a device after it's already decrypted and collect it in the cleartext there rather than trying to access it en-route.

  28. steviebuk Silver badge

    Same old bollocks

    "Think of the children" and if you don't then you must be hiding something.

    Considering I've given the police a hand full of USB sticks with encrypted CCTV footage on it of our sites and then never had those fucking sticks returned annoys me. So I'd no longer be allowed to encrypt them? But I do it for security incase they loose those sticks. "But that won't happen, its the police". Really? So I stopped providing the sticks and made them supply them instead. What happened with the first stick they provided me? I checked if they'd bothered to secure wipe it as it looked used. Oh look, no they fucking hadn't and I was able to restore someone elses old CCTV footage of a crime, that had never been encrypted.

    1. steviebuk Silver badge

      Re: Same old bollocks

      Not to mention that stick clearly wasn't theirs and had been provided to them but they'd obviously never returned that one to the owner either.

  29. scrubber

    Think of the Children

    We used to have this group whose job it was to look after the children, I think they were called parents.

    Of course, authorities have been overlooking real world child abuse for years, lest they be called "racist", so I guess we can see where their priorities actually lie.

    1. lostsomehwere

      Re: Think of the Children

      I think that group is still around, trouble is their job is made harder by Facebook.

  30. Tom 7 Silver badge

    They're encryting the news feeds anyway

    Recently they modified FB so FBP stopped working properly. 90% of my feed was Sponsored and if someone hadn't mention the fix for FBP I'd have stopped using it.

  31. HAL-9000
    Pirate

    What a jolly coincidence

    It's not often that a side effect of seemingly providing the end user with enhanced personal security also effectually reduces the ability to police the users of such an anti-social media platform. Win-win kerching, assuming they can maintain a happy relationship with the advertisers. One more point, I might be missing something, but for an anti-social media platform like FB which operates by connecting people that know each other... how does E2EE and the ability to conceal identity/geographic origin enhance the anti-social media platform experience??? I must be missing something (I have a hunch this is about getting former FBers back... the ones that fled to Parler perhaps).

  32. Anonymous Coward
    Anonymous Coward

    Misdirection........again...............

    Quote: "The British government is preparing to launch a full-scale policy assault against Facebook as the company gears up to introduce end-to-end encryption across all of its services......"

    *

    My approach is to encrypt messages BEFORE THEY ENTER ANY CHANNEL.

    *

    And use Diffie-Hellman to agree a random secret key for every message -- WITHOUT ANY KEY EXCHANGE (see Diffie-Hellman, 1976). Unlike PGP, this method has NO PERMANENT PUBLIC/PRIVATE KEY PAIRS.

    *

    So........it DOESN'T MATTER if FB (or Twitter, or Proton, or Telegram) implement so-called "end-to-end encryption".....if there's a backdoor (of course there's a backdoor!!!).....then all the snoops will find is my IDEA encrypted message. It might be a photograph....it might be a birthday greeting.....and if the plod turn up and ask me what's going on, I can quite truthfully say the keys were randomly chosen by the software and were destroyed after the message was sent and/or received.

    *

    Does anyone really think that this sort of process is beyond the reach of the "bad guys"? So......as I've said before......simple misdirection. More snooping on the 99% of the citizens who are doing absolutely nothing wrong!!!

    8zyulRBW9KfgITZB47OaRsayNagpdRZKBgCw5DRbFN+Iqbog+UaXFZbf0nlXBzMvRr6D34JjtBBY

    x3mMdL6bwRNA1NNyn9z04K9Rqdl1u+ZzfmKP0kb7QEHRuEmJEmhk9NMVmHzyVIXHhfWmTRcYk/kA

    uktoceFpr0QD8zNuwP9EEtcDIGnxDBhaNDrV082mIDc+t7XcVFg7x3yL4hbECidfOYP+G7Wn94yc

    uheJ1o0LfpNMtJaRHbUbjTDibygLmX0psP+mRDWIpopStUnZoWg3U+vABrk0BhfWjL8vxLljv5y+

    2ZjQm8nvXsj+O5j47oKlbqZEqjOUznow8/4zU7PvpB6+lWnML7LLO8v7LOD/kEqubdo90TTRtK+L

    xJug44vc90IVwvP2qKs/WwL0L5sF342TPrUu2eaa/GFvd8MrKz8asAa2X7yJ74pMjUbx8AiCL2jY

    LUwnBUQ8zPIjz6dyXn6bCUof905VKiBw9AghzfLJ3TFXcPT/UeDADThGkfIw6d0lROBZvIOLCmyo

    Z7QayHNHYztG8BDwKN8HJKtdtCPNf7MYKLxNTMusS0NP6GpY7Eja2qBxY2NHupCjGkqPuMK9KqV/

    VmUSRCimhzg5VqSE+ofBRTGqTDJf8yBZiuIEd6Zu66gLjnIDHdkpVp7VAduVe/PwUZcC1x5SKs2Q

    XhoJEdkK27WF6XCue6BvgbJd/opt4PC/eRZ4MS1FetrJhm2JqH4MVGfwSNoz/Hrfltg9jmWPxGYJ

    9vNF2MoX0+6eT84U+OCLOqZg9MVWz1nHpqXnbz0v40Vqn9vjM9k+Q13A1y/DuNdv70xZLnBx1TuI

    scQI3RVUmx2JtGOSniBwwmE/nmuLP2Upw9VPWWWorenYkdmiFFq45vVl5mI74hUlDC+nxQAsldSn

    APxjufeOP3HQ1fGXWiZRVLgdDQghIR40An7/TZFBC4LOSq0kOpQR1ziWzZszAAjVOPbSrDhNM58M

    yF/PFV2TFuengc5GDOo6bG+FGGOXaulmbbLxKvjYS6jHd05iWUERJQVzgiZaW9A8X+2V2Pei2Oav

    eHcYikAwY+/yVYNrcMjGeoOwCBd/WNgbwBAR66flGibVXBP3Q4qB7QS27PaeA1Ah0ntJVOfwV4BO

    ErrhSP/JmflTqAd73/niuNBvBTDTxc0gd6orb47Q6ZyykhvDST3LitZRH71h52Ma5DSIai9l5Ppl

    0YkTbaPf7fccC9+7sB8vDubsP8JdjuPPCwOnAHUyGl4=

    *

  33. StrangerHereMyself Bronze badge

    Mass surveillance

    I'm getting sick and tired of this mass surveillance being more and more part of our daily life.

    Instead I dare the police to come and hack my computers, most of which run Linux or "some other secure operating system."

  34. Howard Sway Silver badge
    Big Brother

    The ad campaign will run online

    I wonder where. Surely not on the Zuckerborg, they couldn't possibly be paying the target of their ire could they?

    According to research from fact-checking non-profit First Draft, 88% of the Facebook ads the Conservatives posted in the first four days of December were deemed misleading by Full Fact, one of the U.K.’s biggest fact-checking organisations.

    Ban these evil organisations funding all this online harm!

  35. Fruit and Nutcase Silver badge
    Black Helicopters

    There's always a way

    to skirt around privacy laws

    https://www.theregister.com/2021/06/08/operation_ironside_anom/

    See how the Australians made available their trove to the FBI (who had the keys but not the data), by giving a 3rd country the data, but not the keys)

    https://www.theguardian.com/australia-news/2021/sep/11/inside-story-most-daring-surveillance-sting-in-history

    1. Anonymous Coward
      Anonymous Coward

      Privacy Laws Don't Apply To Private Encryption

      @Fruit_and_Nutcase

      *

      Quote: "Privacy laws"

      *

      Well.......privacy laws don't stop anyone using encryption BEFORE messaging enters any channel. So the message is encrypted AND the keys are private.

      *

      The users of this approach are perfectly capable of generating interesting keys using pathetic laptops. See below for a number which is the product of two very long prime numbers.......less than twenty seconds to identify two long primes and then multiply them together. I have no idea how long it will take the Aussie supercomputer to factor the number. Someone here can let me know. After that....the snoops need to determine the keys based on this long number............................

      *

      1005524435168422216054609538852694180686838835559234881185926599480572971249609214039510416019827442607633568531066286501977559714524194939480850534471577638720587129658227050907840264003346245100065668772353975785943931752903700169881095943644673052749577453677662321845632355999805160961479648935227247485494926796333618280351155626531745713922280871665350542967746551458323996854838728687793294613

      *

  36. K

    The more they assault it...

    The more people will want it!

    Government is missing 1 key thing here, people are sick of all the privacy scandals, being tracked and where X has been hacked and data leaked .. it's not only private or commercial website, it government as well...

    So let them keep making it high profile, cause in the end, all they're is raising awareness - and as the famous saying goes, there is no such thing as bad publicity.

    1. Fruit and Nutcase Silver badge
      Alert

      Re: The more they assault it...

      It could also be that they want us to think that they are dead against E2EE, because they means to get hold of the keys. After all, this is a government that has a behavioural/nudge unit to swing people round to what they want you to be thinking

  37. xyz123

    All of this is the governments own fault for abusing public trust for so many decades. Now people don't believe any of the "think of the children" narratives true or not.

    The UK government lets bin men (seriously) have full warrantless access to your government records due to RIPA. Thousands of people get sexually stalked by council workers checking through their data every day. The government illegally sells data for the NHS, councils, banks etc whenever they can (and individuals such as the Chancellor personally pocket the profits as "wages" for work done)

    Loyalty has been destroyed, trust is gone. No wonder the public is in favor of hiding their data.

  38. lostsomehwere

    The trouble is not the Government

    it's Facebook which has under invested user safety for decades preferring to rake in the cash.

  39. Binraider Silver badge

    Rather than encrypt comms, perhaps they could do something about the oodles of misinformation circulated on the platform. Or perhaps pass on the details of miscreants that is sees itself onto the security services? Rather than wallowing in the advertising revenue associated with it and coating their hands with blood.

    I'd close the FB account down however it is the only universal means of connection I have for a lot of contacts.

  40. Herring`

    I thought that paedophiles already controlled an area of the internet the size of Ireland.

  41. StrangerHereMyself Bronze badge

    Trust in the government

    I, as an American, find it difficult to believe that the British population isn't more critical and pushing back at government policies like these, which are clearly a road to intrusive and continuous mass surveillance of the population.

    Brits have a misplaced trust in their government which is bordering on naive.

    1. Cav Bronze badge

      Re: Trust in the government

      And Americans have a distrust that is sheer paranoia. For the majority of people, you just aren't that interesting.

      1. StrangerHereMyself Bronze badge

        Re: Trust in the government

        How would you know? If you just shut up and do as you're told they'll say: "Go on with your life, little man!"

        However, as soon as you speak up they'll start taking an interest in you and maybe decide your life should end.

  42. Cav Bronze badge

    "It's a difficult and nuanced topic made no simpler or easier by the fact that government officials seem hellbent on painting it in black and white." Rather like most of those commenting on such articles, but from the opposite side.

    1. Charles 9 Silver badge

      Which hints that governments act that way because that's what the voters want. Most people aren't geared for nuance and subtlety. This is the danger of applying a KISS principle to something like a government.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like