Here we go again... fuck safety and security, just 'think of the children'.
MPs charged with analysing Online Safety Bill say end-to-end encryption should be called out as 'specific risk factor'
Britain's Online Safety Bill is being enthusiastically endorsed in a "manifesto" issued today by MPs who were tasked with scrutinising its controversial contents. Parliament's Joint Committee on the Online Safety Bill published the report declaring the bill would let government ministers "call time on the Wild West online." …
COMMENTS
-
-
Tuesday 14th December 2021 19:58 GMT Franco
Exactly. When are these fucking idiots going to realise that any exploit is a total one, any weakening of encryption for law enforcement is just going to lead to easier cybercrime.
Mind you, the amount of Class A substance traces found in the House of Parliament recently might explain this.
-
Wednesday 15th December 2021 05:36 GMT Geez Money
"We recommend that end-to-end encryption should be identified as a specific risk factor in risk profiles and risk assessments. Providers should be required to identify and address risks arising from the encrypted nature of their services under the Safety by Design requirements."
Since every app on Earth uses TLS for transport this is just going to become a piece of boilerplate 'pursuant to best practices in the industry we encrypt data to protect our users blah blah' that's basically just a permanent part of the form that gets filled in. If we're really lucky the boilerplate might not even have any blanks in it. Should be pointful.
-
Wednesday 15th December 2021 13:21 GMT Rosie Davies
Termintion Point
Hmmm...I'm not sure how many legs using TLS as an example would have TBH. The sane implementations that I've seen use something like n F5 as a termination point, everything inside the termination point is plain text, only outside is encrypted. Which is sort of essential if you#ve got tp do anything based on packet payload a a Good Idea(tm) if you don't want to have key handling hell to deal with and servers wasting clock cycles decrypting when they could be doing something more useful.
Other than that, agreed. This is all going to end up under the umbrella of "aligned with Good Industry Practice" and largely ignored.
Rosie
-
-
-
Tuesday 14th December 2021 16:13 GMT a_yank_lurker
end-to-end encryption
When I see a politician bloviate on banning end-to-end-encryption I wonder how much of the sum total of human knowledge has been destroyed (hat tip to Thomas Bracken 'Czar' Reed of Maine). Encryption, to be effective, has to be end-to-end as any point were there is plain text will allow someone to see the details which may be very sensitive.
-
-
-
-
-
Wednesday 15th December 2021 23:33 GMT matjaggard
Re: end-to-end encryption
End to end encryption is not required for the web to function - until recently nothing had it, you had encrypted connections from you to a server and encrypted again from the server to your friend. It seems Facebook decided most of the value was from who talks to who rather than what they say, or possibly they felt pressured into end-to-end encryption. Either way, the biggest problem I have with removing it is trusting the companies and organisations that have the data not to misuse it or be hacked. Whether that risk can be mitigated enough to be worth having access to criminal communications is debatable. The worst criminals would just move into another platform anyway and who knows which platforms use genuine end to end encryption. I think there's a good chance telegram's is broken
-
-
-
Friday 31st December 2021 00:00 GMT Starkoman
Re: end-to-end encryption
MI5, GCHQ and plenty of other government departments and teams cannot bear the thought of true public freedom of speech or, worse, genuine freedom of information protected by end-to-end encryption (which technology daily preserves their own crooked secrets and behaviours).
God forbid the day comes when government communications are exposed to the public in the same way they’re once again demanding the public surrender their every shred of privacy to them.
The Independent Human Rights Act Review is not a “quid pro quo” document, is is not an exchange in any way — it’s a one-way theft: “You give us yours and we keep ours”. Not a trade but a mugging.
The hypocrisy is right there in plain sight. Raab and the other numbskulls barely have the IQ to pretend to hide it. Besides, they know the British press and media won’t tell the public they’re being robbed of their rights, most of them won’t understand anyway.
The motivators in and out of Westminster, the connivers lurking behind this so-called “Review” of the Human Rights Act are the very people who are confounded by it every day in their ‘work’ and by the courts — chief amongst them, habitual lawbreaker and Home Secretary, Priti Patel — without doubt the most crooked evil and mendacious of todays government Ministers.
This is no “final review” of the Human Rights Act — nor are these mere “tweaks”. This is another political subterfuge — where, once politicians have got away with a little twiddling at the edge of the previously unassailable Human Rights Act without too much fuss being made, the next move is to get inside and, one swing of the blade at a time, gut every single part of it which they don’t like or lands them in court and losing most days of the week.
Before anyone knows, the Human Rights Act will be a dead, empty cadaver skin — where once existed public serving, protective restraints on government.
It would appear the motto of the entire Johnson government can been distilled to one underlying, telltale, putrid axiom:
“One rule for me — and another for thee”.
-
-
Tuesday 14th December 2021 16:32 GMT Anonymous Coward
It's OK, freedom of speech is a quintessentially British right
Apparently, freedom of speech is a "quintessentially British right, the freedom that guards all the others". At least, according to Dominic Raab (Justice Secretary and deputy Prime Minister) in a speech regarding changes to the Human Rights Act:
https://www.bbc.co.uk/news/uk-59646684
-
-
Tuesday 14th December 2021 16:59 GMT CountCadaver
Re: It's OK, freedom of speech is a quintessentially British right
Unless of course your a wealthy public figure where you can say whatever you like as everyone knows you could bankrupt them in the courts, even cowing certain media outlets into not criticisng some public personas due to their sue happy nature.
Also if your views align with those of the ruling party where the govt will extend laws to protect your right to be bigoted and offensive, while declaring a "war" on those who oppose said bigotry
-
-
Tuesday 14th December 2021 16:47 GMT Primus Secundus Tertius
Re: It's OK, freedom of speech is a quintessentially British right
Freedom of speech is a right. But in Britain you have to accept responsibility for the consequences. This is fair and reasonable, unlike the USA where freedom of speech is a cynical shibboleth used to defend outrageously harmful words.
-
Tuesday 14th December 2021 17:47 GMT Loyal Commenter
Re: It's OK, freedom of speech is a quintessentially British right
...unlike the USA where freedom of speech is a cynical shibboleth used to defend outrageously harmful words
In the UK, it's more a shibboleth used to defend oneself from criticism when you say or do appalling things. See also "political correctness gone mad" and "wokeism", terms invented by those who would like to shrug off scrutiny. Like Dominic Raab*.
*The correct pronunciation of this man's name is, I like to think, to tighten your vocal chords and let off a preternatural scream, as if doing an impression of a velociraptor. "RAAAAAAAAAAAAAAAAB!".
-
Wednesday 15th December 2021 09:14 GMT Kane
Re: It's OK, freedom of speech is a quintessentially British right
"The correct pronunciation of this man's name is, I like to think, to tighten your vocal chords and let off a preternatural scream, as if doing an impression of a velociraptor. "RAAAAAAAAAAAAAAAAB!"."
I'm more inclined to go for the "KHAAAAAAAAN!" of of Kirk.
-
Wednesday 15th December 2021 22:06 GMT martyn.hare
Forget Raab… focus on the decent people like…
Rowan Atkinson, Sean Lock, Bill Burr, George Carlin; all of whom have pointed out the absurdity of overzealous censorship. We should all be allowed to say appalling things from time to time and while people can judge us for by our words, they should not be able to use them to silence us.
Also: Fuck the children, let’s think of OUR safety and security!
-
-
Wednesday 15th December 2021 00:42 GMT VicMortimer
Re: It's OK, freedom of speech is a quintessentially British right
Here in the US you absolutely have to accept responsibility for your speech - from anyone who isn't the government.
You can be shunned by your community, you can be unceremoniously dumped off social media, you can be fired without warning.
But you CANNOT be imprisoned or fined by the government.
And that is as it should be. Speech is not a crime, no matter how despicable it may be.
-
-
Friday 17th December 2021 23:38 GMT Anonymous Coward
Re: It's OK, freedom of speech is a quintessentially British right
Publishing stolen documents is not "freedom of speech." It's theft. It's computer fraud. Whatever the means used, it was illegal to access those documents, much less distribute them.
Assange is NOT a "journalist" in any sense of the word; he is a grandstanding show-boater who should have had the 'nads to face justice over a decade ago instead of hiding in the bushes.
-
Thursday 30th December 2021 23:34 GMT Starkoman
Re: It's OK, freedom of speech is a quintessentially British right
Written by Moscow-B (msobkow), who has no interest in freedom of speech — nor whether Assange released documents owned by the public is in their best interest or not.
Moscow-B’s paid job is to search for keywords and sew division and misinformation. That’s it. Hatred and division in the West.
Pathetic, isn’t it? But that’s it, right here.
-
-
-
-
-
-
Tuesday 14th December 2021 17:44 GMT doublelayer
And yet there are large chunks of the world's population who don't eat them. Many of those could choose to and don't for their own reasons, but in some areas, it's prohibited at a higher level. I could not make you dislike the taste, but I could prevent you from eating them if I had enough power and the desire to do so.
You can't prevent encryption from existing at all, but you can prevent the general public from having access to it. You can block services that would use it. And if you do those things, you can identify those people who have created their own encrypted communication systems and target them. Nobody wants to go that far that I've seen, as encryption is still of use to some transactions, but China has taken a lot of actions to block communication systems that don't include a forward-to-government option. Other countries have spoken about desires to follow that lead.
-
Tuesday 14th December 2021 18:59 GMT Hubert Cumberdale
Point is, those who are up to no good (and of course those involved in activities that are not inherently bad but the government defines as illegal so as to try to hold on to power) will certainly find a way to use it anyway. As they do in China: they're playing constant whackamole with VPNs etc. over there. If people have sufficient motivation (good or bad), they will find a way.
I say everyone should encrypt everything just because they can. Everyone should always believe they have something to hide: you never know when something perfectly innocent today (e.g. being a Communist, Jew, Labour voter...) will be suddenly deemed problematic by someone in power. Then you'll wish you'd encrypted everything.
Think of the children? I am: I'm thinking of that baby that can't avoid being thrown out with the bathwater when banning or intentionally breaking encryption.
-
-
Wednesday 15th December 2021 19:08 GMT Anonymous Coward
Voters!!?? ... hang on a minute ... I know the word ... just can't remember what it means.
"WHAT! There are Labour voters?"
Yes .... I was suprised by that but I am assured by many local people that they know someone who voted for labour.
The harder question at the moment is ..... why !!!???
The labour party is somewhat confused 'what and/or who' it represents.
As per usual the Conservatives have their 'internal' fights in private mostly and pretend to be united when votes are at risk or to be gained.
The Labour party, when a chance for gaining votes/voters appears, will have their 'internal' fights in the streets with razor blades, bicycle chains and switch blades. Expecting the voters to not notice and happily give them their votes.
The common characteristics of both parties and their MP's is that the party comes first .... before country or anything else and that the 'Political' job is just a stepping stone to a better job in the city etc.
Not quite as corrupt or underhand as american politics BUT of late importing far too many ideas from the US of A political pit of vipers !!!
In the US of A democracy is a concept that has not seen the light of day for so long that the populace have lost any expectation of it ever happening in their lifetime.[50% don't want it to happen because they are winning as it is .... 50% want it but have no idea when it will happen] :)
The UK politicians look on longingly as they see all the ways they could line their (& their friends) pockets, if the UK was a little more like the US of A from a political point of view. :)
Rant over. :)
-
-
-
Tuesday 14th December 2021 19:57 GMT Majikthise
Not quite that easy, I think
You could, with enough power and will, make it effectively impossible for me to gain access to a pig, dead or alive.
You're going to find it harder to deny me access to AES, given that it's widely documented and even the cheap laptop I'm typing on has hardware support. I hear you argue that Reg commentards are not "the general public"; fair enough but I'm certainly happy to be one of the folks who continues to make e2e available to everyone with traffic disguised as quotes from the collected speeches of Joe Biden* with plausible deniability and forward secrecy built in.
Way back when PGP was young, using it conveniently notified NSA/GCHQ that your email** was of interest to them. The spooks now want widespread encryption for security, as long as it is back-doored (or they have access to the in-clear state via Google, FB etc) and that does make it harder for them to work out what might be "legal" vs "non-legal" payload of your traffic, especially if it can plausibly be decrypted as pictures of playful kittens or (legal) porn. If this is needed, it will be developed and widely used. I'll agree that that won't be used by most of the general public most of the time, but those that will want it will really want it; some will use it much the time, many will use it some of the time.
Like others here I'm actively working on keeping my own stuff under my control.*** This is all a bit Farenheit 451, but keeping the knowledge in our heads is prudent. Post-Snowden, reporters now know that decent e2e software is a thing, which helps.
* Greybeards out there in the Regiverse will remember that someone tweaked an algorithm thus in an attempt to demonstrate to then-senator Biden that this crypto thing was a bit harder than he might imagine.
** All your email thereafter, not just the pgp stuff...
*** Not too much of problem admitting this here as, obviously, anyone reading El Reg is suspect anyway.
-
Tuesday 14th December 2021 21:20 GMT doublelayer
Re: Not quite that easy, I think
I couldn't easily cut you off from AES, but I could identify that you're making an application that is easy to use for others and go after that. I could shut down your communication system, replace your binaries with compromised ones, or similar. If I did that, I have not prevented you from using encryption, but I have made the widespread use of it more difficult. I could also target you for building a system to evade the communications law and lock you up, gradually reducing the supply of people circumventing attempts at surveillance. Doing this is costly even for the surveillance organizations, but if one cares more about power than resources, they could try it. That's why we shouldn't allow them to try it.
-
-
Wednesday 15th December 2021 15:37 GMT Geez Money
> And yet there are large chunks of the world's population who don't eat them. Many of those could choose to and don't for their own reasons, but in some areas, it's prohibited at a higher level. I could not make you dislike the taste, but I could prevent you from eating them if I had enough power and the desire to do so.
You seem to be labouring under the impression that a beer and a ham sandwich would be hard to get in Pakistan (even for a local). If anything this comparison shows how bad and ineffective these sorts of bans are.
-
Wednesday 15th December 2021 19:25 GMT doublelayer
I didn't say it was completely prohibited with perfect enforcement, just that there are areas where it is banned and that they could put more resources into making it hard if they didn't mind wasting them for something with little benefit. Unfortunately, the world's dictators haven't always put efficiency over power. Or maybe that's fortunate after all, as they sometimes fall by doing so.
-
-
-
-
-
-
-
-
-
Wednesday 15th December 2021 15:15 GMT Hubert Cumberdale
If you were an honest vegan, you'd have to admit it's rarely that simple. In summary:
1. Assuming the moral high ground is nonsense ("it is hard to formulate a climatic argument that would convincingly create a moral obligation to strict veganism as a conclusion").
2. Ovo-lacto vegetarianism, and even a less careless omnivorous diet, can be on a par with or better than veganism in terms of climate change potential. ("A high inter-individual variability was observed through principal component analysis, showing that some vegetarians and vegans have higher environmental impacts than those of some omnivores"). Meat/no meat is a gross oversimplification: heavily processed vegan food bad, minimally processed plants good; beef bad, chicken good. Do you buy tomatoes that have been grown locally in winter in heated/lit greenhouses, or do you get them shipped from Spain? In any case, do you fly to go on holiday? Do you own a car?
3. You're not helping anyway ("[moralised minority practice identities] might paradoxically block societal shifts in practice due to a reluctance among non-practitioners to have to take on a practice that implies belonging to a particular minority group").
-
Wednesday 15th December 2021 16:02 GMT Geez Money
I'll add
4. Personal choices like this, even in aggregate across humanity, do f*** all to help climate change because they're absolutely dwarfed by commercial/industrial sources of pollution. Even if every single person on Earth made what your nearest virtue signaler insisted was the "right" personal choice at every step we'd be on the exact same path we're on now. This makes activism around personal choice multiply counterproductive since it also turns people away from doing more useful climate things.
-
Wednesday 15th December 2021 21:38 GMT Anonymous Coward
Wrong, and this is one of the more nasty ways of avoiding responsibility so please, do not do it.
As example road transport is about 12% of emissions of which passenger transport is about 60%. So if everyone stopped driving they might save 5% of global emissions. Energy used in residential buildings another 11% so if we halved that that's another 5%. Livestock another 6% or so so vegans would stop all that (I am not a vegan no axe to grind here). So perhaps 15% so far, and there are more things of course.
15% is not solving the problem but it is also not nothing. As I said: is one of the more nasty and stupid denialist lies that individuals, even in aggregate, can do nothing because some imagined other people are causing all the problem. So, well, we don't have to do any thing, how very convenient that is. This is a lie.
-
Friday 17th December 2021 23:18 GMT Geez Money
First of all I am not a "denialist"; second calling your numbers heavily fudged is beyond being polite (something you could afford to do once in a while) as you smear commercial and personal numbers together and call them all personal; third yes there is harm to fixating on haranguing people for personal choices when you yourself acknowledge it won't do enough, you need to spend capital (monetary, political, social, otherwise) in effective ways and diverting it to this task is actively harmful; lastly your slippery slope argument is not even close to a good one, choosing to change things that make the most difference is not even a step toward choosing to do nothing, much less a slippery one.
Picking your targets tactically is not worse than flailing blindly as much as possible in an effort to 'try harder' or 'look busier' or whatever. Altering your lifestyle conspicuously isn't something you do for the Earth. Whichever one of those sentences you needed to hear, there it is.
-
-
-
-
Wednesday 15th December 2021 18:00 GMT Hubert Cumberdale
You think that's a long ass list? You ain't seen nothin' yet.
-
-
-
-
-
-
-
-
-
Tuesday 14th December 2021 16:50 GMT Eclectic Man
Ofcom codes of practice
"Codes of practice issued by Ofcom to be made legally binding on social media platforms"
I have to admit I am somewhat concerned that codes of practice issued for time to time by Ofcom would be legally binding without proper democratic oversight or debate. Yes, I know that our lords and masters in the Houses of Parliament can be ignorant and stupid at times, and maybe Ofcom is peopled with exceptionally astute and wise individuals, but to make any code of practice legally binding is surely the responsibility of parliament?
-
Tuesday 14th December 2021 17:06 GMT Duncan Macdonald
Re: Ofcom codes of practice
Ofcom wise - what are you smoking ???
This is the group that rubber stamped the removal of direct copper connections (exchange to phone) thereby making sure that in an emergency causing loss of mains power there would be no way to make an emergency call (as mobile phone masts depend on mains power).
If the government had its way it would outlaw ROT13 as too difficult to decrypt !!!
Icon for what should happen to all lying politicians (99.9999% of them) ====>
-
Wednesday 15th December 2021 16:25 GMT Pen-y-gors
Re: Ofcom codes of practice
I appreciate that our Parliamentarians believe they are answerable only to a god they don't believe in, and are all-powerful in the material realm, but how exactly do they intend to 'require' Sina Weibo (or even the USA-based Twitter) to implement foreign codes of practice from e.g. Ofcom?
-
Wednesday 15th December 2021 20:35 GMT Anonymous Coward
Re: Ofcom codes of practice
[...] and maybe Ofcom is peopled with exceptionally astute and wise individuals, [...]
PM Johnson and his
cronadvisers have a penchant for rigging any check&balance process to their own benefit.The new OFCOM head selection was abandoned after the PM's intended shoo-in was rejected by the independent panel. They appointed a new selection panel - with their shoo-in candidate back on the short list. However people then refused to be appointed to be on the selection panel.
Eventually that candidate decided to withdraw to pursue other influential roles in their own media organisation.
-
-
Tuesday 14th December 2021 17:06 GMT tiggity
Ban end to end encryption...
In the spirit of no privacy I fully expect to see all MPs data (including historic deleted stuff) from all social media, emails, texts, phonecalls etc, etc..
And to have this flow of data continually updated and freely available to the public.
To cover non digital happenings, 24/7 video and audio recordings of everything they do always accessible
After all, our MPs are so morally perfect and beyond reproach that they would see no problems with this at all, as nothing to hide, nothing to fear and always think of the children.
https://www.theregister.com/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/icons/comment/joke_32.png
-
Friday 17th December 2021 23:41 GMT Anonymous Coward
Re: Ban end to end encryption...
Don't forget their online credit card transactions. If it is ok with them for Google to know what they bought, surely it is okay for the public to know.
After all, they have nothing to hide.
They keep insisting that the only reason people want encryption is because they have things to hide. Time for the politicians to start living in glass houses to demonstrate to us all how it should be done without encryption...
-
-
Tuesday 14th December 2021 17:48 GMT dogcatcher
Re: Sigh,
I presume that government ministers will not use their scrambled telephones. GCHQ can lay off half its staff because there will be no cipher traffic to monitor and let's re-establish Civil Censorship of the mails in case anyone has the temerity to send a coded letter.
(With memories of my late mother who worked for part of the war excruciatingly censoring the Irish mail)
-
Wednesday 15th December 2021 20:52 GMT Anonymous Coward
Re: Sigh,
The English public Royal Mail service was created as a monopoly by a paranoid King Charles I in 1635. All posts then had to go through a central office where they could be opened, copied, and resealed without signs of tampering. Some of the transcripts are in the archives to this day.
-
-
-
Tuesday 14th December 2021 17:44 GMT Loyal Commenter
I must be reading this differently to everyone else
The phrase "identifying end-to-end encryption as a risk factor" does not, to me, meant eh same as "ban end-to-end encryption".
Now, I'm normally amongst the first to firmly slap my palm into my face when I see politicians gig on about banning encryption, where it is usually immediately apparent that they don't know what they are talking about, but this does not appear to be what they are talking about here.
Identifying as a risk factor, to me, implies that they would like to flag up services that use E2E encryption as potentially problematic, presumably, because the content being shared through them is much harder to regulate. "Thin end of the wedge" arguments aside, it doesn't go so far as to say "ban them" though.
Online regulation is a tricky issue, and I don't actually envy them the job they have to do here. On the one hand, nobody* wants a surveillance state. On the other hand, it is clear that there are real harms being done online; from the proliferation of hate-speech, to social media echo-chambers, targeted political advertising, and the consequence-free way people can say things online that would get them punched if they said them in person. Some regulation is clearly needed, and the form, and mode of that regulation is something that we can't really agree on. Talking about how to identify areas which may be problematic shouldn't be shouted down, and we should be able to have reasoned debate about it. In the UK, the governmental process to do that is reporting at the committee stage...
*Well, some authoritarian nutjobs do, but even those in power realise that, on the whole, the administrative cost alone is too burdensome.
-
Tuesday 14th December 2021 17:52 GMT doublelayer
Re: I must be reading this differently to everyone else
I don't think that's what they mean. A lot of harmful communications can happen, but most of the stuff they've talked about is the public social media or similar services. E2E services don't really work there because every participant needs to have the keys, so it usually means a direct communication system. Regulation of social media is and should be very different than regulation of private emails I send, in that there should be a lot less regulation or perhaps none*. I therefore think that it is the traditional excuse to identify encryption as a problem in order to argue for limitations, interception, or a ban.
* Sending emails which enable a crime is already criminal activity, so no email-specific regulation is needed to make it so. Sending emails which are evidence are already discoverable as part of court proceedings which have rules for destroyed or unrecoverable evidence, so that's covered too. I don't think they need more than that.
-
Wednesday 15th December 2021 12:11 GMT Cuddles
Re: I must be reading this differently to everyone else
Read the full text. They didn't just say "identifying as a risk factor", they also said - "Providers should be required to identify and address risks arising from the encrypted nature of their services under the Safety by Design requirements.". Providers should be required to address the risk. In other words, while they won't explcitly ban encryption, they will make it so onerous to justify doing it that no-one will actually be able to provide encrypted services. Or at the very least they'll be forced to "address the risks" by leaving all the back doors open, which has been openly stated as the goal many times previously.
-
Wednesday 15th December 2021 16:09 GMT Geez Money
Re: I must be reading this differently to everyone else
My understanding of this law is that this would mean the company breached its 'duty of care' if it used encryption and would have essentially unlimited liability as a result? So the government wouldn't even go after them directly, it would just let the court system murder anyone who didn't play ball.
-
-
-
-
-
-
-
Tuesday 14th December 2021 20:41 GMT Eclectic Man
Re: Sorites problem
Ih the film about the Windmill theatre during WW2*, it never closed, the argument with the Lord Chamberlain (who regulated pays and theatrical productions at the time) was that he was quite happy for the art galleries to show very many pictures and statues of nude women, so how could he object to nude women on stage? The compromise was that the women on stage must not move.
* https://en.wikipedia.org/wiki/Mrs_Henderson_Presents
-
-
-
Wednesday 15th December 2021 16:53 GMT Dave559
Re: Sorites problem
Ah, I see that some representatives from Scarfolk Council have now joined the discussion…
This is a local forum for local people, we'll have no trouble here!
(Puts a penny in the swear jar for mixing metaphors/universes…)
-
-
-
-
Tuesday 14th December 2021 21:49 GMT EricM
It didn't work when the US tried this in the 90's, when encryption was virtually non-existing.
France gave up on attempts to severly limit encryption in '99.
I doubt it will work if the UK tries this in 2022, when encryption already is everywhere.
Honestly, who assumes british government employees (or whoever manages to intercept the traffic ) wading through customers bank transactions or online shopping records would be acceptable for international customers?
Today banning real encryption means banning business.
-
Wednesday 15th December 2021 12:24 GMT Loyal Commenter
Re: It didn't work when the US tried this in the 90's, when encryption was virtually non-existing.
Honestly, who assumes british government employees (or whoever manages to intercept the traffic ) wading through customers bank transactions or online shopping records would be acceptable for international customers?
You might assume that the same sort of logic would apply to erecting cumbersome trade barriers with our close neighbours; such a thing would have a disastrous effect on those who rely on international trade. Yet here we are, with a government which has done exactly that and crowed about how it is somehow "taking back control of our borders".
Never underestimate exactly how stupid and self-destructive government policies can be, and how, with enough propaganda, the public can not only be made to buy them, but also be made to blame someone else for the consequences.
-
Wednesday 15th December 2021 19:50 GMT Anonymous Coward
Re: It didn't work when the US tried this in the 90's, when encryption was virtually non-existing.
Well look at the last age verification law this will delayed over and over again until it is scraped because they just could not find a way to get it up and running, its also easy to see that the new Online Safety Bill could also collapse and not work at all.
-
-
-
Tuesday 14th December 2021 22:56 GMT Boris the Cockroach
Identifying end to end
encryption.... hmm
OK I boot up firefox.... and login in to my online bank account(very unlikely as I dont have one)
My password and account info are encrypted and sent to the bank ... who then encrypt the response.... and so on and so on until the session is finished and I log off
Next I boot up a custom version of IRC(remember that?) my chat is encrypted and sent to the IRC server who then relays it to the people I'm talking to.
Will this new snooping software be able to tell the difference? will it be able to tell apart what data I am sending if both programs are using the same encryption algorithm? and more to the point, will the powers have to obtain a warrent to be able to snoop on you rather like they have to if they want to intercept and open your mail?
And finally who gets to decide what harm the social media(farcebork) is causing or is not causing..........
-
Tuesday 14th December 2021 23:06 GMT Anonymous Coward
"divide and conquer" .. keep on, granualising, bit by bit.
Will society, in 20 years, be able to revoke the mistake they made today? Did they 20 years before today. No. Because rules made now, are for a moment. Everyone's attitude will completely different in 20 years as they mature. or they will deceased :(
OSB will be back and forth. for each victory in eaither direction, like always, there will be stalls and decay of the small change proposed. one that tiny bit of law is ineviteably added and assumed small enough to concede.. next is another small little update. and a little update to that... where's the end? LEGALISED Universal Auditing of every keystroke, by every online entity that collects data.
Look at the Terms or Privacy statements. EVERY SINGLE ONE says they have to provide data they have collected to law enforcement and prevent fraud etc.. OSB and extra, is already fully in place. This OSB is process to counter future culpability and formalise, from that day, movement towards online safety. Negating and absolving, for their part, that which has gone before. .. bit by bit. small advance at a time.
-
-
Wednesday 15th December 2021 13:52 GMT ThatOne
> providing them with more laws to break will not stop them
While this is true, I'm afraid it is also irrelevant in this case: Clearly the point here isn't stopping crime, but better controlling the semi-docile masses, making sure they don't get devious ideas (like voting for somebody else).
Then there is also the "showing we're doing something" aspect, so that when something bad happens it can't possibly be your fault, you clearly did all you could.
Last but not least, power and control are addictive, one can never have enough...
"Strong" regimes are getting fashionable again, and all over the world supposedly democratic governments are watching the more repressive regimes like China and dream of imitating them ("Great firewalls" are just the first, almost innocent step).
-
-
Wednesday 15th December 2021 08:51 GMT Anonymous Coward
Ah.....the STASI state moves ever closer...and some EL Reg commentards seem to approve!
Quote #1 (El Reg): "...end-to-end encryption to be banned...."
Quote #2 (doublelayer): "You can't prevent encryption from existing at all, but you can prevent the general public from having access to it."
Quote #3 (Hubert Cumberdale): "Point is, those who are up to no good ... will certainly find a way to use it anyway."
Quote #1: So what? If the end user(s) use private encryption before anything enters a publicy available service, then they have effectively implemented "end-to-end encryption" which could be even harder for "the authorities" to crack....cipher scheme unknown, key management unknown, (potentially) end-points unknown.....so actually worse than a published public service!
Quote #2: So doublelayer is into banning books as well! (See Bruce Schneier, Applied Cryptography)....and banning C programming too!
Quote #3: Sorry Hubert, but some of us law-abiding citizens want to preserve our privacy.....what we communicate is PRIVATE, irrespective of the activities of GCHQ.
Re: All three quotes -- Maybe someone here can decrypt this short message, once they have figured out the private cipher.
*
2DyDQpIFeLCpIRo3ovq7qxWLsbWreDeVmXun6jA34fGXOVUfInuVSFmfGFuDmzg5uVir65aDofyZ
8J69sjgXOHsvahs9sNwNoxWPqdEJS1Kna1K3wH2N41K7kboNA5cdWdyRgXmr8jOtilof8TADqD2z
YZ4Rgdul0JqhiJSNg1cR6Z8nU5szYTifQJGN8jiL63GJyn6dwPghY7iFOHqTCPY3er8563GVozs1
kvYpmDqtgXa7WtAdst430RCr2P0Fe7AxCRAhqN2lgr8DSlyh0TiJcDodEdoPMLE3y32HEvELy10B
4JS7E3OH89UrwpYBG7QlGbMzuvcR0RgxG9YN4vaJiVAdkvm3wXwt4x0VS9w1iBgXoRKBIV4JyV4z
4pkJoB6faHOjUFefaHavwPQ5IpWnE30zah41wvi327e3Mh2rIX4NkzqfwPOJKbAVqNOLWPEVQVup
wFWN4DAnufEt8VerKVaLwDUToXOrshSjYTcZkfm5ODa3WBkZabIJiDc5A7M3u5WH81YXG9Uxe7Wl
if2rWjQ9opInG7ULKlKx67WXgBeNqDetmLY9YLSHSZQlmNYjE7A9IZavobSjCVy1Gh49yTsFI9Ib
cJIDANiLSTmfKbk1cZqTW7YlutyjG30JqhEXiZeV0LCL03krova3KRqTyNiP0ZKdK7ITmtw305M3
MfCDQxIx0tEDIJubQX0d25yb2TyhWn6TELkvw5o3mDwPIfgtWNwZ2H8DQXmXmp4HYTyRSN2DYZEt
8rk7sjAfELaTiD67oF4nstGfcje7qTEfajYdgB4RE7yV6rWnutAN0n6Zq1mPOLQVwF67gDON4Dmf
IdM7QBKfWFsjAZInOre1gNEHWrGvUHyHoF8fqX4zal2paP6D2J2TE1GTgJWH6bwDcp4VG16x47wX
I9ihs3crQvmnQjs9UbWN0bwXc3uh8pynmfoZKfaTGHKJONmXUDAJAHC1excXKREbI5Atmt0fEpUH
cXofWvkLmPA9C74vQLgpO56F0RkNm1KPIVk7wvg1KR2nALYl2jyD6by1GDWvKJ8lkz41gr2Zwxop
GhMFat6RW10LqtUza5mDYncB2X0bsH0P21ivYnyPmT2ZonCr6jYbmLKV2hMxYHwJwbANgnKNO5G5
SV67ofgFYhsj2tMD2BOHI3gdG1atyfEraLSFcfQH0jcP83krMd0DSDEZylCVSLCBU1wtul6jgdkz
89wTiXo5yl4fGlafSzAV2b8z0d09ATELK3KFW1yHitYFyjA1OjizC5eb6d4rOtk5WVSly1szMJAV
wTWBevsP0FYJcpMFED4L2JeVYjAT8FYjeF4XSJYX6dC5MlspMrI7IZgHWhw3sd0HK9kFWf4lcfQJ
0tGfAZe9sdsxYjY3ALm5S7EXmpE7eBYjo1SNwPepArkpEFAHS9OvmJmXGTQtGFkZOJ6HCp0P6TG1
IlkvkzoRWLOb6dk5ctK7idqjglAzeNSFKhuPml8DoZaRExSPyfyJk38bghG5470Bmh2fOdSDkXi5
A9MnU74bojQRqpITct2P0j8HSNKx2V63EVAH4JML8DYtq9AlGB0nALIjOtWDMfuxulq9GbW5GPs3
8Tuf41OrI10JyjAL4HOL216xsZk7glqP0p4VWJwVi945YxGni5A7U3oBw7cB6RYngJgL
*
-
Wednesday 15th December 2021 19:34 GMT doublelayer
Re: Ah.....the STASI state moves ever closer...and some EL Reg commentards seem to approve!
Look up "could" and get back to me on my quote. Some examples that could help the point: I could hit myself with this hammer, you could eat a live frog (it could be the poisonous kind), and we all could die tomorrow. Maybe these will help you understand what the repliers to the post understood.
-
Wednesday 15th December 2021 13:35 GMT Anonymous Coward
"The British Computer Society, the chartered institute for IT"
"The British Computer Society, the chartered institute for IT"
Why doesn't the BCS actually just do the sensible thing and change its name to the Chartered Institute for IT (and, obviously, undergo whatever certifications it needs to do to formally do so), to put it on an equal standing with all of the other professional institutes?
I'm sure it does its (very limited) reputation absolutely no good for it to actually sound like it's little more than a hobbyist fan club that meets in a garden shed (notwithstanding that garden sheds, or at least, garages, have played at least some significant roles in the histories of electronics and computing)!
(Oh, and the sucky parts of this proposed legislation suck, obviously.)
-
Wednesday 15th December 2021 22:35 GMT Anonymous Coward
Have seven years gone already?
In my experience, the political attempt to break, weaken, end or backdoor traffic encryption surface every seven years or so. It appears the cycle is shortening.
Here's a remedy: make the people who try this liable for every stolen webshop transaction, every leaked credit card details and the consequences thereof (as that is always gleefully skipped over when yet another company reports that hackers were so sophisticated that they were able to locate the file customerpasswords.txt as soon as they had breached the at best inadequate good-enough-but-not-really security measures that accountants had saved money on to hand out more bonuses to those who were already so regrettably short of income).
In other words, let he/she who removes security pay for the consequences.
I bet it would go vewwy, vewwy quiet soon.
-
Thursday 16th December 2021 13:37 GMT ThatOne
Re: Have seven years gone already?
> let he/she who removes security pay for the consequences
Come on, you don't really believe this, do you... In the real world you always make the victims pay. Also in this specific case the culprits would be people of power and influence who have the means to easily deflect blame. Your ID was stolen? It's your fault, because you hadn't bought identity-theft protection (from our buddies).
-
-
Friday 17th December 2021 08:00 GMT Anonymous Coward
Yep. 'Tis year end.
Time for the uneducated politicians around the world to trot out their favorite wish list item for maintaining power and control: breaking encryption systems en masse. There is no such thing as "end to end encryption" - that is the way all encryption works - only the sender and receiver are supposed to be able to understand the messages.
I realize that makes the spies and power hungry bottom feeders among the powers that be nervous, but that is just too bad: the world is not willing to sacrifice their own online safety just to calm your nerves.