Politicians
Most politicians haven't a clue about computer systems, or computer security. Mind you, they haven't much of a clue about anything, except their own priorities.
The UK government has set in train plans to introduce legislation requiring tech companies to let it know when they plan to introduce new security technologies and could potentially force them to disable when required. The measures were announced just minutes ago in the King's Speech – when the country's monarch reads out a …
It's not about having a clue. We have probably the most corrupt government in history and they just want to know business and personal secrets.
What do they need these for?
Sell IP to foreign states?
Harass undesirable groups?
If only people could learn from history. Even a proposal of Stasi-on-steroids level of surveillance should have people proposing it given P45 and perhaps getting them sectioned.
They could be better at doing that, especially from those paying larger amounts. Of course, with all the "trickle down" bollocks (which has pretty conclusively been shown to be bollocks) that they push, it means taxing the poorest the most, but hey-ho, vote Tory, get a Tory. There's a reason the origin of that word is the Middle Irish tóraidhe, which means robber. When Ireland won its independence from Britain, the real achievement there was to get independence from Tories.
probably the most corrupt government in history
Probably not. That's a very high standard to meet. (And an arbitrary one unless you have a specific, measurable definition of "corruption".)
But I agree that the continuing spiral down into authoritarianism, yet again, among various "democratic" nations is depressing. The UK has long had a keen surveillance regime (e.g. the fetishization of CCTV), but it's getting worse. Half the citizens in the US are eager to see a would-be strongman dictator (in his mind; a puppet in reality) in power. Israel's just gutted its judicial branch. And so on.
These things tend to come in cycles, and if history is any guide we should eventually see a backlash that rolls back some of the worst offenses. But it may be decades away, and there's always the chance we're not going to make it there.
If only people could learn from history. Even a proposal of Stasi-on-steroids level of surveillance should have people proposing it given P45 and perhaps getting them sectioned....... elsergiovolador
Given the present fact that so much relevant information about such people is freely available to whoever would need it, for nowadays is there really no safe and secure hiding place for anyone/anything to reside in or preside over, methinks are probably much greater fears for them entirely valid whenever so worthily earned, and so dismissive or ignorant of past dire but nonetheless extremely valuable historical lessons.
echo "U2FsdGVkX185WSn42PIqjIEiRYpf8M2qpeb+tnTPaat3hikN4Z//LAEyF8A5hPAznOnRyYMitPmbUizJFqrnVWizwS7yDqr4M2dmWzu0Gyqn4wVR50xKHINzabgz+xJ2" | openssl aes-256-cbc -a -d -salt
And I'm going keep posting this every time this bloody stupid topic comes up.
It'll just endanger legitimate users and do precisely nothing to prevent people with genuinely nefarious intent from encrypting their comms.
Yes, this has been a complaint about the Reg style sheet for at least a couple of decades, if memory serves. For some reason they're determined to keep it that way.
It'd be nice if text inside a BLOCKQUOTE element wasn't double-spaced either, so that verse could be posted correctly.
do precisely nothing to prevent people with genuinely nefarious intent from encrypting their comms
Unfortunately, this isn't true, so there's always some empirical evidence to support the surveillance fans.
The reality is that the vast majority of people, whether they're malicious or not, are too lazy to observe good operational and communications security. As we saw with EncroChat (or AN0M, which was an earlier version of the Exact Same Thing), or with various cases of SIGINT discovering plots (such as they were) from unencrypted communications, most malefactors either won't bother with encryption or will use only the most convenient of tools.
In principle the so-called "masterminds" could ensure their henchpeople used readily-available encryption technology without backdoors, particularly since a conspiracy more or less presupposes opportunities to establish temporary secure channels to exchange keys, solving the PKI problem. But in practice they so rarely do. And even when they do, they often screw up some other way, as in the El Chapo case.
None of that justifies backdooring consumer encryption or the surveillance powers so eagerly adopted by various governments, in my mind; but the "criminals will just do the smart thing" argument doesn't hold water.
become the worldwide arbiter and enforcer of who does what, when, where, and how in the global IT world?
I'm sure they have some say locally, and are entitled to express an opinion globally, but if 'Corporation X', based in the United Republic of Erewhon, decides to release an app that can be installed anywhere someone has unrestricted access to the internet what do they care about what the UK Govt. thinks or says?
Unless they have assets in the UK 'Corporation X' probably doesn't give a shit what the UK Govt. thinks or says.
It's just more political posturing from a political party in the late stages of senescence and facing an immanent election.
This post has been deleted by its author
The MP's are not part of the IPA which requires all internet connections and e-mail contacts to be logged. The very people who can damage the UK seriously are exempt from scrutiny.
As we have seen, Baroness Mone has finally admitted those allegations put to her.
The Tories have removed rights to protest in many areas, are looking to allow police to invade your home without a warrant, are behaving in a fascist manner by creating false enemies whilst setting people against one another. The Tories are excluding people who make any comment against the Tories, and this has included a range of people from chemical weapons scientist, all the way to teachers and assistants.
The level of monitoring is increasing in our daily lives, and people are sleepwalking into a dystopian future.
The Tories are lying just about everything, not doing what is right for the people (NHS, schools, energy, rivers etc), yet proceeding with laws which are draconian.
If they had an ounce of integrity, they would realise that they are failures, and call a general election to get themselves out of the way, such that they cannot damage the UK even more.
I expect more of this crap from them about surveillance or removal of rights before the next election. (unless they decide on a coup).
> The MP's are not part of the IPA which requires all internet connections and e-mail contacts to be logged.
The spooks did once plant IMSI catchers round Parliament. I guess with 5G and Signalling System 7, they're not needed anymore.
Why the downvoter?
We may be going bankrupt but the Government and the public are spending record amounts on pointless tat doing it.
What happens with the next failed southern European/North African harvests? People dying of starvation in the Horn of Africa while we suffer the great crushed avacado shortage ...
More to the point there will be a crippled version for the UK
Considering I compile all the code on my machines from sources hosted outside the UK, the idea that some HMG twattery would stop me using the same security code as the rest of the world is away with the fairies, even if they can pass the legislation.
"reduce the risk of the most serious offences such as child sexual exploitation and abuse or terrorism"
Bullshit. They will be using ring cam footage to fine people for leaving their bins out a bit too long. Don't toe the government line online (or in the real world it seems)? That's you fucked. I find it amazing that they are now equating terrorism to opinion. I may not like what some people say but I'll fight for the right for them to say it. My grandad fought in the second world war as an RAF pilot but he didn't fight for this bullshit.
It's probably going to be used by the police to stalk their partners, exes or "love interests".
Wouldn't be surprised if poorly paid police officers sold access as a side gig to burglars or other miscreants.
Add to that, today announced, more powers for police to enter without a warrant, they could probably become burglars themselves. Knowing when people are not home and know that they talked where they hide money or what expensive they bought recently.
"reduce the risk of the most serious offences such as child sexual exploitation and abuse or terrorism"
They may catch a few low level reprobates but those who they really want to catch, the big cheeses, will use good encryption, etc, with all the latest security features. If you are doing something that, if caught, will have you eating porridge for years do you really care if you break another law ?
Government must either realise this or they are stupid.
The "big cheeses" of any sort of organised crime will by definition, be very rich. Did our government ever go after anybody very rich for wrongdoings of any kind? Can you think of one example? Nope, didn;t think so.
The fact that some of them are, themselves, very rich, should in no way indicate that they might be crooked, of course. They all just worked very hard to become multimillionaires, or billionaires without cheating or exploiting anyone. You could do so too, you're just lazy, etc.
I cannot believe people buy those bloody Amazon sold spy cams. My sister-in-law bought one and I said you do know Amazon can tap in and see and hear everything right? She checked and found a load of reports about how insecure those bloody Ring things are. When I take my daily walk each day around town I see more and more of those things glued onto door frames, morons.
I refuse to have anything like Echos or Ring in my house, they want to spy on me then they will have to do it the old fashioned way, through my browser history!
Well, no one except the pervs and terrorists obviously, and they don't count. What do *you* have to hide and whatnot.
I go out to dinner sometimes with a friend, and a couple of years ago, she admitted that when she first met me, she thought that I was a paranoid tinfoil hat wearing type. And then followed it up with "and I think that you're probably right".
"King's Speech – when the country's monarch reads out a speech that is written by the ruling political party"
Disclaimer, being from abroad I'm totally unfamiliar with the British political system, but after reading this fine article I'm kinda curious whether the monarch has the option of saying to whoever is handing the text "Nope, I won't read this shit"...
Queen Anne refused the Royal Assent to (i.e. vetoed) a bill in 1708. Since then, nothing much.
There is this thing called the "Royal Assent" by which the monach can refuse to enact a Bill thus preventing it from becomming law.
However, it being done would cause major constitutional problems:
https://en.wikipedia.org/wiki/Royal_assent#:~:text=The%20only%20situation%20in%20which,the%20bill%20from%20becoming%20law.
Damn - Ken beat me to it!
He's waited his whole life for a crack at the to spot, now he's there he can't fart without 9 royal lackeys recording it and advising him on the correct way a monarch should fart! He's a puppet, just like Sunak, Starmer and the whole damn bunch.
You want to know who's really in charge? Watch "Yes, (Pri)Minister" and you'll learn that it's a bunch of Sir Humphrey's in Whitehall that are really calling all the shots!
Whilst the Sir Humphreys do undoubtedly exist in Whitehall, those are far from the people in charge of the current government. Look to where the money is coming from, always.
If anything, the Sir Humphreys provide a useful scapegoat for the culture war against the vast majority of actual, low paid, overworked, civil servants.
This post has been deleted by its author
It came to light a few years ago that parliament was passing laws (Queens consent) to the Royals before putting them through parliament and letting them make adjustments to protect their interests and hide their wealth.
https://www.theguardian.com/uk-news/2021/feb/08/royals-vetted-more-than-1000-laws-via-queens-consent
I'm sure that still goes on to this day.
As is detailed (if you read hard enough), if this "consent" for the legislation is requested by the Government it is always granted. Whether or not changes are lobbied for behind the scenes is another issue but it is up to Parliament to debate whatever is presented to them and suggest changes as it goes through the Parliamentary procedure, sometimes including those suggested by lobbyists who may or may not be visible to public scrutiny.
"No we will not require companies to backdoor their security"
law passes
"We will however require advance notice before they implement (any?) data security system! Oh and don't forget, think of the children and screw terrorists!"
I do hope this will be as vaguely worded as the rest of the bill, because that will allow tech companies to take advantage of that...
"rolling out of technology by multinational companies that precludes lawful access to data." Leaves a lot of potential to spam the government with the most inconsequential changes.
Prothero: Do you believe this crap, Dascombe?
Dascombe: It's not our job to believe it, Lewis. Our job is to tell the people --
Prothero "Exactly what they tell us." I Know but do you think that people will believe it?
Dascombe: They will if it's you that's telling it to them. Now let's try it again.
Agreed. It's not my favorite Moore work, but I'd call it far superior to the film. Which isn't surprising, really; adapting print to film is difficult enough, and when the result is meant to be an action "popcorn" movie the compromises will likely be severe.
And if you want to savour one/many of the flavours that AI can favour for you, "Colossus The Forbin Project” (1970) is well worth an educating and entertaining watch. Not so easily come by, but freely available from here ....... https://archive.org/details/colossus-the-forbin-project-1970
And to realise it was released over half a century ago is quite remarkable.
If the UK keeps up their "trust big brother" strategy, I can see the country's isolation from the rest of the world reaching the point where their Internet peers unplug the connections leading to the UK. It's probably the right thing to do. Let the island descend into its dystopian future while the rest of us carry on without it. I certainly can't see tech companies keeping any presence in the UK when law after law gets passed which aim to turn every tech company into the UK's bitch and make them complicit in the dismantling of privacy, freedom of expression and freedom of thought.
This kind of crap makes me ashamed to admit that I was born in and grew up in the UK. Thank $deity I don't live there any more. I will not ever be returning.
Kind of irrelevant, if it's only through-traffic then these laws can't be applied and strong encryption can still be used. Unless the UK wanted to bang any strong encryption coming via the UK and also own up to packet-inspecting everything going through, in which case people might start finding alternative routes sooner rather than later. Whether GCHQ can break strong encryption? With enough computing power thrown at it we know it's possible, but they couldn't decode all traffic. Do they have any exploits? Aside from whether we'd have this nonsense if they did (possibly to keep it secret), it's long past Turing's day I think.
El Reg, an icon update will help ... I've suggested a new "pair of wire-cutters" icon appearing for years now to illustrate total network security. That's the only way to enable tech companies to create security technology that is 100% effective - certainly it can be disabled when required but it's a security option that can be "reinstalled 100% effective" in a second.
I don't see any other methods that are totally effective, these days everything in the Internet has more people working to hack and bypass the security than the programmers working fantastically hard in every company to try and make security work for them ... but too often it's just a little effective and the upgrades can create new problems. I'm currently working to install and verify two pfSense firewalls - one works but the other "updated" firewall has an issue ... I'm not going to document or discuss it to keep all the risks lower.
You seriously think anywhere else is any better? What are you a 8 years old?
Where there's money there's power and vice-versa, the US, Germany, Australia, Russia, you name it. Wherever the ruling elite can screw we peasants for taxes and make themselves rich, they're making sure we all remain stupid, docile and ignorant. Heck the modern education system is only in operation at the behest of powermongers as they need a tech literate workforce in order to make more money!
Stop fooling yourself and realise we're all in system and not one of we peasants gets out of here alive ( nor with little more than we arrived with! ).
Yes, if you want it to. All that's necessary is to legislate suitable curvature for space.
Enforcement will be easy. Every new building and every new mechanism constructed after the Act is passed which fails to topple down or seize up will be evidence of criminality by architects and designers.
If Turnbull says so, then yes:
Although as everyone knows the value of pi=1 (in base pi)
If you need to send a message that needs to be kept secret - encrypt it with a one time pad. (That is the normal bit.)
Then the twist - take an innocent message of the same length and derive a one time pad as the exclusive OR of the innocent message and the encrypted message.
If forced to decrypt the message by the police - use the derived one time pad to give the innocent message.
One defining feature of a one time pad is that the encrypted message gives no indication apart from the size of the original message content.
An encrypted string "bivbh jwhxjpwnkhtesq23" could decrypt to "Birthday party tomorrow" or "Bomb Moscow on Monday." depending on the one time pad.
It's a shame your downvoter didn't comment: I'd like to hear their reasons.
Granted the exchange of one time pads is not always easy and, in this case you'd also need to prepare innocent messages so that both sides' versions agreed. (The real message would probably need to be padded to match length.) But it is a solution, albeit an ugly one.
I've been saying that for years as long as this shit has come up - as soon as encrypted channels are backdoored anyone doing things they shouldn't be doing will (assuming they aren't already, which they probably are) encrypt their payloads.
And as usual Joe Public has nothing to fear, as long as they have nothing to hide. Can't remember where I saw it now, might have been here or in one of Dabbsy's columns, but someone shot this argument down by pointing out that everyone has frosted glass on their bathroom window because they legitimately have something to hide.
It’s a shame that the Numbers stations of old are not still around because they were a great example of the successful use of the One Time Pad. I was explaining years ago once about encryption to someone who was doing a school project on that topic. The thing was supposed to be based on historical i.e. the ancient examples they had been learning about in class e.g. scrambling such as done by writing on a long thin piece of paper that is wrapped round a stick, substitution ciphers etc. but they lacked any for the time modern examples. This predates the internet as we know it today by a long time and I took a shortwave radio with me to their house. I explained that at the top of the next hour we would listen to a radio station.
Picked up the Lincolnshire Poacher broadcasting loud & clear with a message encrypted using a One Time Pad. Having explained the OTP system and how it was used on air I then mentioned that this required random data to begin with and reuse of the data was a serious no no. I explained that the Russians had reused material and that it had allowed the Americans to decrypt various cables in a project known as Venona. My copy of Spycatcher was well read and in that Peter Wright had done a lot of explaining. She got an A for her project and the teacher wrote on the thing, whoever taught you about the modern stuff knows more than me.
When the online safety bill passed, I commented that I suspected that those in government would find a way to get their snooping desires over the line despite the "when possible" clause. And here it is.
Tech companies told the government they couldn't change things to suit political agendas, so the government preempts that in future. Persistent little shits, aren't they.
Microsoft, Google and Apple are going to have ensure that their software updates, especially virus checking (which might block snooping) fully geocheck before working, so they cannot function in the UK. So no updates for UK users on their operating systems or browsers. The USG will support this, as they don't want a foreign power to have a back door into their systems, even an ally.
The aggressive stance against backwards compatibility in browsers will soon lock UK users out of much of the net.
It will be an issue for UK banks, as users will rapidly have browsers that are not secure, so a reversion to offline banking will be required - cheque books, paper statements etc.
Foreign companies operating in the UK would not be able to use insecure systems that allowed the UK government to snoop on them, and most software would no longer be available here anyway, so they would have to up sticks and move out.
Privacy will be an issue for things like medical data, if a back door is enforced. The NHS, which isn't that secure as it is, will have to move back to paper records, and it then won't be flogging data to US companies. Unless it pays folk to type it all in from paper records on disconnected systems.
You could still develop next gen tech in the UK (if you were crazy enough, or too poor to do it elsewhere), but should not release it in the UK, as it wouldn't be considered safe internationally and insurers wouldn't permit it for corporate use. Again, geocheck out functionality in the UK with an ISP check, with GPS as a second line of defence.
There could actually be a few quid to be made licensing code that reliably blocks functionality in the UK, if you get your skates on.
The reality is, as you make all common encryption weak/backdoored everyone seeks alternate solutions and so you cannot get want you want. I look at the parallels to the huge taxes Australia places on tobacco these days forcing the price of a packet of smokes to ~US$25 a pack. Unsurprisingly this has fueled black-market sales. Whether you agree with the policy or not is irrelevant as I'm merely referring to the consequences of the action. Weakening the encryption of regular products will drive the use of those not willing to play the game. Ne'er-do-wells will already have their own means of avoiding this.
It's both stupid and pointless.
It will be an issue for UK banks, as users will rapidly have browsers that are not secure, so a reversion to offline banking will be required - cheque books, paper statements etc.
This is the UK. If someone loses money thanks to that it will be their fault, never a bank's fault.
Foreign companies operating in the UK would not be able to use insecure systems that allowed the UK government to snoop on them, and most software would no longer be available here anyway, so they would have to up sticks and move out.
They will get exemptions for VPNs etc. It's all about brown envelopes coming, these types of legislation.
Privacy will be an issue for things like medical data, if a back door is enforced. The NHS, which isn't that secure as it is, will have to move back to paper records, and it then won't be flogging data to US companies. Unless it pays folk to type it all in from paper records on disconnected systems.
I think it is going to be "It is what it is" and nobody is going to care about privacy anymore. Big pharmaceutical companies are going to love that.
You could still develop next gen tech in the UK
Government could always deploy the nuclear option and create a law that any citizen could be "asked" and couldn't refuse to spy for the government and they wouldn't be able to tell anyone about the request.
This way UK workforce would no longer be trusted worldwide and anything developed here.
We may not have outposts in Umma Gumma land anymore, but we do run about 50% of the dodgy offshore tax havens in the Carribbean though. The City of London isn't just a bunch of offices and bankers, it's a powerhouse of finding the most efficient ways to hide rich sods money out of the clutches of whatever local taxman is coming after them and we do a damn fine job at it too!
Is patching a security hole a "security feature"? Is fixing a bug found in key exchange a "security feature"? Is making it so group chats are end to end encrypted instead of just person to person a "security feature"? Is strengthening or replacing an encryption algorithm a "security feature"?
They would either require notification of almost every software release/patch, or leave enough gray area that companies notify of nothing and courts uphold their (in)action.
And what are they expecting, the ability to approve/disapprove of each one? Probably moving at typical bureaucrat speed so they'd say "let us know about your upcoming features and we'll get back to you in six to nine months with whether you're allowed to use them or not."
Hopefully big tech gives them the big finger, and once everything from Microsoft, Apple, Google, Linksys etc. is stops getting updates in the UK and it becomes a hacker's paradise, enough citizens show up with pitchforks and torches that whoever thought up this dumb idea is forced to flee the country!
"Is patching a security hole a "security feature"? Is fixing a bug found in key exchange a "security feature"? Is making it so group chats are end to end encrypted instead of just person to person a "security feature"? Is strengthening or replacing an encryption algorithm a "security feature"?"
Don't you worry your pretty little head about that, my dear, we'll set up a new arms-reach (hah!) non-governmental department in order to determine, on a case-by-case basis which of those are classed as "Security Features". Which will then be swiftly passed on to our in-house "technical experts" in order to "analyse" the feasibility of deployment of said feature, along with some "recommendations" in order to get it moved along.
Or Else.
> "rolling out of technology by multinational companies that precludes lawful access to data."
The guidance notes don’t restrict this to the IT industry, so any multinational company eg. A pharmaceutical company, or even a company with a UK and say a Paris office, would need to get UK government consent to the rollout of new digital communication security arrangements…
You can see where this is going.
Meta announce plans for you to undelete WhatsApp messages. UK Gov see this, and ask how far back does this go? Meta says "well, 2014 I suppose".
UK Gov: "Nah mate, you can't do this. You can't allow users to undelete WhatsApp messages".
Meta: "Eh, why?"
UK Gov: "Because everyone will see what we were up to during COVID".
The United Kingdom of Great Bullshit and Tyranny.
Cruella Braverman is emulating the crass stupidity of a previous harridan who held the same Office of State. I refer to Teresa May. Oops! Did I mistakenly mention a porn star? Never mind, said 'star' most likely betters her insignificant namesake with respect to intelligence, charm, and photogenicity.
Cruella and her boss would more convincingly hold posts as Whitehall chaiwallahs.
0.84% of the world's population lives in the United Kingdom.
That's it, we are less than 1% of the world. We account for just 3 and a bit percent of the world's GDP and this figure is rapidly decreasing.
Yet our government wants to do this.
Why should any international care about the government of a small country in Europe?
We are 0.17% of the land area in the world excluding Antarctica and Greenland. Less than 0.2%!
It will be easier to ignore the UK than to comply with its laws.
Facebook: "Here's a million quid we found down the back of Zuck's sofa."
Britain: "On second thoughts, off you go. No problem here."
This is nothing whatsoever to do with protecting people from padeoterrorists or about reining in big tech (Sunak is literally married to a big tech heiress). It will only ever (adversely) affect users, and ordinary people like you and I.
In France, our lawmakers want to protect everyone from the bad things on Internet too, so they want to oblige browsers makers to implement a filter directly in the applications. Who decides what the filter would contain is a 'council' with no democratic control named ARCOM . Of course, this council is 'independent', on the 9 members, 3 members being nominated by the President of the National Assembly, 3 by the President of the Senate (giving indirectly to the Legislative branch Judiciary powers, something totally undemocratic), 1 by the Conseil d'Etat ("State council", an administrative instance made of public servant), 1 by the Judiciary branch, 1 by the President of the Republic. Don't worry, it's for your own good, and of course to protect the children.
"L'enfer est pavé de bonnes intentions" ('Hell is paved with good intentions" => "The road to hell is paved with good intentions")