Stupid see, stupid do
In this country, math will obey the laws of the land!
/s
and the earth is flat too, only 6000 years old and a man-in-the-sky in controlling every our step. Sigh.
Europe's government watchdog has found that the European Commission's refusal to disclose which experts it consulted on the proposal to scan encrypted communication for child sexual abuse material amounted to maladministration. The decision by the European ombudsman, made last month and published this week, stems from a …
Stanford Internet Observatory: A program of the Cyber Policy Center
“Addressing Viral Medical Rumors and False or Misleading Information”
“Threatening Encryption, Senate Democrats Aid GOP War on Abortion”
“Confronting the evolution and expansion of anti-vaccine activism in the USA in the COVID-19 era”
‘"Hey Beautiful"; Race and Gender on Tinder’
“A Front for Influence: An Analysis of a Pro-Kremlin Network Promoting Narratives on COVID-19 and Ukraine”
“Effectiveness of vaccination mandates in improving uptake of COVID-19 vaccines in the USA”
“Seven tips for spotting disinformation related to the Russia-Ukraine conflict”
From Follow The Money: How Ashton Kutcher’s ‘non-profit start-up’ makes millions from the EU’s fight against child abuse on the net
well, https://12ft.io/
Firefox:
Secure Connection Failed
An error occurred during a connection to 12ft.io. Cannot communicate securely with peer: no common encryption algorithm(s).
Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Chrome:
This site can’t provide a secure connection12ft.io uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Edge:
The connection for this site is not secure12ft.io uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
...
(Opera via proxy and tor - work)
yes, it's interesting, certain pages have refused to load some time back (including tor project) page. My long-term shot: it's plusnet (aha!) who have messed something up. But as I can access those sites in other ways, and since plusnet don't give a flying money (and I'm leaving soon anyway), it's only a minor, temporary hindrance.
This seems like it's your ISP's "all the naughty bits of the internet" content filtering, which would redirect an http:// URL to a block-page, but croaks on an https:// one.
Certainly, BT's acts in this way (it's not like https URLs have been ubiquitous for several years, or anything like that)
https://12ft.io/ to add the clicky-clicky
There's a very simple answer to this. Their experts should provide a proof of concept implementation and then let everyone else pick it apart.
The criteria for success would be:
- It should not present a risk to that vast majority of internet users who are going about their lawful business
- It should not present a risk to those living under a repressive regime
- It should not present a risk to those, including but not limited t, children, living in abusive relationships seeking help
- It should not present a risk to whistleblowers seeking to draw attention to some illegal activity
- It should not present a risk to journalists working in hostile environments, including those working undercover
- It should not be open to abuse by unauthorised use or access by authorised users, including, but not limited to, Cheshire police intelligence (sic) analysts
If these experts can provide a robust practice demonstration of this they will have made their point, otherwise they, like the rest of us, should think of the children public at large.
I do wonder if the people who blindly support these proposals (to break encryption, not yours) are more like the 'communists' who've never experienced communism and imagine that they'll be getting to do the oppression or if their thoughts are simply so air conditioned that they cannot perceive or imagine oppressive government.
@Catkin
Oppressive governments can be of any type - regardless of what ideology they claim* to be, too many people in politics tend to be various combinations of power crazed, narcissistic, immoral and corrupt.
UK govt is
*IMHO no country had had a genuinely Marxist govt (based on writings of Marx & Engels) - plenty of governments have claimed to be Marxist though.
Similarly many govts promote "capitalism" but it's essentially impossible to have a pure capitalist economy as need a few checks and balances (unless you particularly want just a few monopolies shafting people massively).
I wasn't saying that communism (in name) is the only form of oppressive government or even that the people envisioning being the oppressors are necessarily communists. I more refer to the standard western 'communist' being exactly the sort of person who, during typical revolutions ends up against the wall as a "counter-revolutionary". Obviously, there's wide latitude here but I think it holds true as a general concept.
Whereas the cynical might suspect that the experts they picked probably were told what conclusion they wanted them to come to and were asked how much that would cost. Or even that the experts might have turn out to be as factual as Mr M Mouse, Mr D Duck and Ms O Oyl.
But I'm sure none of us here is cynical enough to believe that.
Quote: "...fundamentally incompatible with end-to-end encrypted messaging..."
....but citizens have a perfectly legal option for increased privacy......just do three-pass private encryption BEFORE a message enters the interweb!
So....you ask....why "three-pass encryption"? Well....the experts who decipher the interweb-provided E2EE will then have three more passes to decipher!
......and of course, if each of the three passes uses a different random key then there's some REALLY heavy lifting for the experts to do!
I wonder.....do the politicians know anything about encryption.....or only what their "experts" tell them?
To be strictly accurate, it is perfectly possible for telecoms providers to decrypt your messages and comply with the law.
There are a finite number of keys and they just have to try every one until they find it. It may take several thousand years per message, but it's definitely not impossible.
I wonder if there is a time limit specified in the legislation?
@AC
Quote: "...perfectly possible..."
So...256 bit keys represent a choice of approximately 10 to the power 77 possibilities.....so that's the "finite number of values" for a single 256 bit key.
With the possibility of multiple pass encryption....the number of keys to try gets a bit bigger!
Did I mention "bigger"?
Lots of the experts were listed as their organisation being "NGO", which I have previously understood to mean "non-governmental organisation". Does it mean something else now, or is it just that these people do not want their employers to be known?
I do seem to be out of the loop on current cryptography experts, because I did not recognise any of the names on the list from the authors of international standards on cryptographic algorithms and protocols that I worked on ages ago. Anyone else know what they have done to earn the "cryptography expert" appellation?
Two considerations come to mind: the Internet's role in facilitating 'abuse' of the vulnerable, particularly children, AND the power of emotional appeal for protecting children to cover nefarious intent, or at least overreach, by governments and their agencies.
For the sake of argument, assume protection of the vulnerable is the only motivation. Then bear in mind that as regards direct physical/sexual abuse of vulnerable individuals the main, but not exclusive, role of the Internet is supporting voyeurism. The remainder wherein children are inveigled into 'performing' for particular adults, and into coming into physical contact with adults, is much the more serious matter because attention is directed at perpetrators. Adding considerable fog to the issue is a documented tendency for adolescent children to share unseemly images among themselves.
A realistic stance entails acceptance that blanket screening of Internet correspondence and transmitted images would throw up so many false positives with respect to protecting identifiable children from further direct harm that police would be overwhelmed. As at now, there would be temptation to seek easy convictions, and browny points, on 'possession' instead of the footwork entailed in identifying harmed children and their tormentors.
Powers already exist for placing named suspects under surveillance. Their patterns of Internet use can be monitored even though the content is encrypted. Suspicion of direct physical/sexual abuse by an individual should lead to a low threshold for triggering raids on premises etc.
Put thusly, there are no grounds for treating the Internet aspect of crimes against children differently from the Internet aspects of preventing/investigating banking fraud, money laundering, and a host of other illegal activities.
> In September, a report from Balkan Insight – an investigative non-governmental organization – traced how the European CASM proposal has been supported by organizations that stand to benefit by providing content-scanning software.
> The list of consultants includes five individuals from an organization providing CSAM scanning tools.
Re: Investigatory Powers Bill amendments act.
It doesn't have to be possible to do stuff. The law is simply there to scare everyone off. The internet equivalent of a 'Beware of the dog' sign, even if you haven't got a dog.
Brexit is only complete when none of that nasty foreign software can be used in the UK, and no foreign websites can be accessed from the UK. Borders sealed, online and offline. Tribe protected. All UK web content appearing under state license. No fake news via web 2.0 or social media. Just official news from the BBC, telling you what happened yesterday, what is happening today, and what will be happening tomorrow. It worked in China, so surely it will work in the UK too. The EU will then follow suit, keeping their rather larger tribe secure from bad words and other triggers. One unhappy 14 year old is one too many, as I'm sure you will all agree (unless you are an enemy of the people).
And reached their wet dream of breakable encryption and they had the infrastructure to scan everything, they still have to:
1) identify CSAM
2) have a human verify it is CSAM (worst job imaginable, and risks attracting exactly the people you are trying to stop)
3) track them down to a specific location
4) verify the perpetrator is there (e.g. not using someone else's wifi)
Each step has its own problems, so many that even if they had "key escrow" or encryption became illegal I'm not sure they'd be able to catch any more pedos than they do currently. The smart ones will find ways to evade the cops, as they always have, and the dumb ones will get caught, as they always have.
Ask any hunter and they will tell you.
You hunt predators by stalking the prey. Not by looking at predators.
Predators are hiding from the prey and hiding from each other.
Wait at the watering hole.
Wait on the game trail.
Look for big herds of prey.
Hang around them until the predator shows up.
If you want to protect children from predators,
sit next to them while they play on line,
hang out with them when they play in the playground,
converse with them when they are talking,
shop with them when they are at the mall,
be with them every day.
In other words, be a good parent/guardian for every child you want to protect.
So your recommendation is to give children zero independence by being with them all the time, which requires being pretty well off since most families can't make it on a single income. While being with them all the time would definitely work, I don't think it would prepare them very well for becoming adults.
Unfortunately, techniques like LOCKS already exist. LOCKS (Locally Operated Cooperative Key Sharing) shares the session keys with a "trusted agent" via a modified NSS library. It is feasible that that "trusted agent" would be your favorite governmental body.
I can see different approaches how to subvert this system, from sending encrypted files to posing as trusted agent. But the fact that this is actively being developed worries me.