Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.
G20 calls for 'lawful and non-arbitrary access to available information' to fight terror
The meeting of G20 leaders decided to do something about the internet. The final G20 Leaders' Statement on Countering Terrorism included the following plan: We will work with the private sector, in particular communication service providers and administrators of relevant applications, to fight exploitation of the internet …
COMMENTS
-
Tuesday 11th July 2017 03:19 GMT dan1980
The governments of the 'free' world want access to all communication occurring over the Internet
For this discussion, it really doesn't matter why they want this access or under what circumstances (e.g. whether directly or indirectly; whether with or without a warrant).
What matters is that they are asserting that such access can be achieved while maintaining the security of the communication being accessed and that is just a not truthful claim.
The tech industry has been pointing this out ad nauseam but our governments are, privately, undeterred. The reason they are undeterred is because they don't seem to care if they cripple encryption because they want access to this data more and view any detriment to public security and privacy as a lesser concern.
Our governments know (they must) that it isn't possible to provide this ad hoc, on demand 'illumination' without fundamentally weakening encryption as a whole so they are attempting to legislate their desired end-result, leaving the 'tech industry' to make it work.
The problem is that - as everyone should know - it can't work they way the governments are assuring us it will and the tech providers will have to cripple encryption to give the governments what they are demanding.
The tech industry will be forced to break encryption to fulfill the legal requirements the governments impose and the governments will then wash their hands of any responsibility - claiming that the decision to weaken encryption was all on the companies.
* - It really doesn't matter for this conversation.
-
Tuesday 11th July 2017 06:34 GMT Richard 12
Except they won't, because they can't
Encryption is maths.
If WhatsApp introduce backdoors, then people will simply move to Signal, or Bimble or Maytalk or F-U-G20 or or or or or....
The cat was out of the bag in the 1970s. It's had over forty years to deposit mouse heads behind the furniture, and it's not going back.
-
Tuesday 11th July 2017 09:16 GMT Doctor Syntax
"Our governments know (they must) that it isn't possible to provide this ad hoc, on demand 'illumination' without fundamentally weakening encryption as a whole"
I'm not sure that they do. As a group they include few with any technical nous and probably reckon that the experts are telling them it can't be done simply because it's a bit hard and they, the experts, just don't want to be bothered doing it. After all, they, the governments, are legislators and fully entitled to say what has to be done, the rest is just implementation for the ordinary people to get on with.
-
-
-
Tuesday 11th July 2017 07:40 GMT Paul Crawford
The problem is not even so simple. Yes they can block, for example, WhatsApp servers, but they would be stumped by any alternative app that simply used encryption over other channels such as SMS or email and banning those would be a step too far for even our muppets due to the impact on pretty much everything else.
It would also be pretty trivial to write a word-substitution app so the resulting cypher text had similar statistics to plain text and so would not be found by looking for high-entropy test.
-
-
Tuesday 11th July 2017 04:38 GMT Meph
The only way this is going to go away is if someone(s) in the tech industry authors a very public, and very descriptive impact statement of the implications behind what they're asking for.
Write it in terms that Joe Q. Public can understand. Highlight the risk to loss of personally identifiable and/or financial information. Highlight the risk to small and innovative businesses that only exist due to the safe, robust and easy way to currently trade online without the need for expensive brick-and-mortar shop frontage.
Most importantly, write it in a way that shows everyone that regardless of intentions, there is nothing to stop the (nominal) targets of this legislation from authoring and using their own encryption tools that don't suffer from the limitation of being breakable. Highlight the fact that they are essentially insisting on putting an axe through the fabric of the internet for precisely nothing.
-
Tuesday 11th July 2017 06:31 GMT Pen-y-gors
No point, no-one in government could be arsed to listen to someone who knows what they're talking about. Why should they? - blind prejudice, gut-feeling and unfounded belief is so much more reliable when making policy.
Interesting that a former head of GCHQ has just said it though. Bet they ignore him too. La-la-la-la, I can't hear you!
-
Tuesday 11th July 2017 08:58 GMT Graham Cobb
...nothing to stop the (nominal) targets of this legislation from authoring and using their own encryption tools that don't suffer from the limitation of being breakable
And I am sure this is well underway. Pick your favourite "state sponsor of terrorism" (Russia, Saudia Arabia, China, The Great Satan, Iran, ...): they all have plenty of smart computer scientists who can create a secure encrypted messaging system, with secure distribution (and, probably, a reasonable cover story for using it - like building it into a "community values dating app" or something).
Those who are not terrorists, but who may fear interference from major vested interests (political monitoring, state industrial espionage, etc) need an equivalent.
It is time we, in the global open source community, really invested in creating an open equivalent, where you can be confident that (i) if the endpoints are secure messages cannot be decrypted, and (ii) if the servers are secure metadata is also secure. And make it federated (so you can communicate with people on other servers if you want to, at the cost of possibly exposing your metadata).
Bitmessage was a good attempt, but does not scale. It is time we created a project like the Tor project to do secure messaging properly.
-
-
Tuesday 11th July 2017 09:48 GMT Graham Cobb
Sure, PGP is great. But the remaining very hard part is the infrastructure that goes around it. Particularly ease of use, key management, and avoiding leaking metadata. PGP-encrypted email, for example, makes no attempt to hide the source and destination, the length of the email and most implementations don't even drop all the optional clear-text headers (such as Subject).
Also, messaging, as it has evolved from chat to today's messaging apps, has very different design priorities from email (such as little interest in store-and-forward or the large amount of metadata in email headers, and a tolerance of centralised or federated servers instead of complete decentralisation).
The lack of an open-source version of WhatsApp, Telegram, etc is proof that PGP is not enough and we have a lot of work still to do.
-
Tuesday 11th July 2017 13:03 GMT Adam 1
@grahamcobb
Signal is open source too and guess who uses that.
-
Tuesday 11th July 2017 14:17 GMT Doctor Syntax
"But the remaining very hard part is the infrastructure that goes around it. Particularly ease of use, key management, and avoiding leaking metadata. PGP-encrypted email, for example, makes no attempt to hide the source and destination, the length of the email and most implementations don't even drop all the optional clear-text headers (such as Subject)."
That was my point about it not being part of the protocols.
Take, for instance, key management and email. There's nothing in SMTP that provides for it If a hypothetical ESMTP were to replace SMTP and specified a requirement for hosting the public key (e.g. on the server pointed to by the MX record) and the mechanisms for setting and retrieving it then existing email software would be extended to provide that ease of use.
In the absence of anything to mandate the infrastructure encryption will remain an awkward add-on at best to popular email clients and mostly unused because nobody knows anyone who uses it because nobody knows anybody who uses it.
-
-
-
-
-
Tuesday 11th July 2017 05:51 GMT Infernoz
Lawful my ass..
Lawful only correctly applies to Common Law, not imposter laws like legal statutes, despite state legal BS!
E2E encryption totally fracks up in-line interception because that is the dialectic for it's existence and use, and statist technocrates exposed abuse caused it's use to explode, but frustrated statists keep spouting useless, sophist, rhetoric! Tough, cryptography is deliberately build from solid mathematical rules to be secure, and no amount of illiterate wishful thinking, tantrums, BS, and authoritarian demands will change this!
As the ex-GCHQ boss said, they can now only seek to try to compromise the end point devices.
If they attempt to force an end point compromise by businesses offering E2E services, this will get leaked and those businesses will go out of business, and people will then only trust vetted OSS E2E!
-
Tuesday 11th July 2017 06:05 GMT Mark 85
One can only presume that if this were to pass, the bad guy/gals would be rolling their own encryption without a backdoor. So would that make any of us guilty of being a terrorist if we used encryption that was, say something older but un-backdoored ? I'm also believing that the governments would really like to read our thoughts too.....
-
-
Tuesday 11th July 2017 08:11 GMT Dan 55
Re: A G20 spokesman explains the groups position.
Wasn't it more like...
We don't want the precious. That would not be free and democratic.
Silicon Valley must collaborate with us and show us the precious or else.
But we don't want the precious. That would not be free and democratic.
... and similar cognitive dissidence?
-
-
Tuesday 11th July 2017 07:18 GMT Paul 195
We know that GCHQ, NSA, etc have plenty of secret tricks for compromising the endpoints of anyone they are interested in. So in the same way that you could get a wiretap in the past to listen to someone's phone communications, you can now still spy on someone of interest. In fact, you can probably spy on them more comprehensively since a compromised phone can be recording and transmitting all your conversations.
Wanting to compromise encryption has got much more to do with mass surveillance than targeting individual suspects. And you have to ask yourself what use mass surveillance is, as it must throw up huge numbers of false positives, further overstretching your ability to concentrate on what's important.
-
Tuesday 11th July 2017 08:50 GMT John Smith 19
" you can now still spy on someone of interest."
And that's always been the case.
The honest truth is the G20 just want to be lazy about finding the evidence that would justify the resources to compromise a specific device.
Police work is only easy in a police state (according to a former police officer).
IRL there are very few people who can completely secure a device. Android is incontinent with data by design for example. Exploits exist for iOS and WinPhones. The Snowden files show such software phone taps already exist, even without the assistance of the service providers. I guess it would depend on the encryption architecture if recorded data could be stored and a previous session key recovered and used to play it in clear. Once law enforcement software is loaded on the device everything going forward is compromised by being logged, at a minimum by having who they are talking to being logged, up to full recording of all outgoing calls and data and active infection of who's being contacted.
The security services (of any of the G20) are in much better shape to handle these issues than they want to let on, provided there is actual evidence that it would be worth their while to compromise the device.
-
-
Tuesday 11th July 2017 08:38 GMT Graham Cobb
So treat online like offline then
We affirm that the rule of law applies online as well as it does offline.
Thank goodness for that. I thought for a moment that they were going to suggest intrusive and excessive monitoring of private conversations.
Enough of this "Going Dark" nonsense: this is a pure power grab to try to use the online world to get a much higher level of surveillance than was ever possible in the past and eliminate freedoms we have had for the last century or so.
In the "offline world", private, unmonitored conversations are not only possible, they are the norm. Mass surveillance of private conversations is literally impossible and even targetted surveillance is hard, dangerous and very expensive: it involves placing spies very close to the targets, often in their personal lives, combined with sophisticated, expensive and often ineffective bugs. That cost is exactly the reason that we (society) allow it at all: we know it can't be abused too much because we deliberately limit the resources available so the authorities prioritise its use.
What the spooks see now is an opportunity to use the online world to completely remove those costs and barriers. Clearly they could do their jobs much more effectively if they could, in practice, have a tail and a bug recording every conversation on every man, woman and child 24 hours a day!
-
Tuesday 11th July 2017 09:03 GMT Sir Runcible Spoon
Cognitive Dissonance in a pure form
"You must ensure that these dark places can be illuminated by the law so that the freedoms you hold dear will not be stripped away by criminals"
Instead *we* (the government) want to be the ones to do it. Ignorant bastards.
It won't be long before they bring back a Phorm of SSL interception and signature re-write so you can't see it happening.
-
Tuesday 11th July 2017 09:09 GMT Doctor Syntax
"In line with the expectations of our peoples we also encourage collaboration with industry to provide lawful and non-arbitrary access to available information where access is necessary for the protection of national security against terrorist threats."
Translation: people expect us to be up to no good.
-
Tuesday 11th July 2017 10:09 GMT Anonymous Coward
The solution...
Seeing as the UK Conservative Party have a WhatsApp group for their MPs, then don't we just get a nice friendly hacker to record and dump enough of that to embarrass at least a few of their MPs. After all, they seem to be perfectly happy with the tech companies *and* the other G20 governments having access to their internal discussions...
-
Tuesday 11th July 2017 10:45 GMT Redstone
Hmmm
Turnbull's speech singled out Whatsapp, Telegram and Signal, asking why they should “be able to establish end-to-end encryption in such a way that nobody, not the owners and not the courts, has the ability to find out what is being communicated”?
Well, maybe because that's the f'ing point of it. If I want you to know what's in my communications, I will copy you in, mate. Until that time, it's not yours or anyone else's business.
-
-
Tuesday 11th July 2017 12:07 GMT Susan Vash
""You have created messaging applications which are encrypted end to end, they are being used by terrorists and criminals to hide their murderous plans. You must ensure that these dark places can be illuminated by the law...""
Forgive me for being blonde but ... surely if my sister Alice writes and encrypts a letter using a <insert funky cipher here>, and sends to via snail mail to her brother Bob who then decodes said letter using a previously agreed phrase/key the powers at be are quite simply royally shafted?
As far as I can see that is end-to-end (albeit slow, esp. given the UK's stunning postal service) encryption that simply cannot be broken assuming <funky cipher> is indeed decent.
Now, I cannot see that the authorities will a) know about said missive being sent, or indeed b) be in a position to intercept and read all communication (and in fact to determine my sister's ramblings are that of a mad-woman or a sophisticated "attack" on society).
Or have I have just given clue #1 to all the would be "terrorists" out there ?
-
Tuesday 11th July 2017 12:29 GMT MacroRodent
...surely if my sister Alice writes and encrypts a letter
That is precisely how clandestine communications were conducted before the internet. Various embellishments were also widely known and used, like photographically shrinking the message onto a tiny piece of film, and putting it under the stamp. Of course, counter-intelligence agents learned to look for these tricks.
-
-
Tuesday 11th July 2017 12:41 GMT theOtherJT
I'm going to keep doing this...
...because it cannot be repeated enough. This remains possible. The content of the message isn't even important. Unless they're going to ban maths, this shit ain't going anywhere.
jA0EBwMCsfpb0np+H8Jg0usB+zF8Ob54g/g0/3ApM4xytr5GFfWacUmUaRrOTUgnAVNnNJ3lz268
YIDE8E1qYFzHALlLgBB2pyRXDwvmoaoazcYwM/L1mYrLhLQ6+qqfp7v6iZhIIm9OA0GUYvJhAvG9
1T3A0bklxlBETllqO/jErA4WgoS1k/j5vc7NCGlr4KX/di+tbH8ibRIZkNGxw67kugEpEvP6HGXO
dIYixCTVm0hpktr6drbR+JuSx8JY2ppsxMrZcXi1wRQi9qlYLSmDSb/hEXeMdNsyVUwLyjtvbs3e
g5zrtpmEnVFeKD5+yNKXaIZ4tFk23iVL/PwZmenHOzxHXLXxMhirk5SBmXx2OFsW6RAG0eJ5zbpP
qRfp8mJfEg8gnKaxjSSfpN1YpDXzSEQA6fj7UreKApopeEAF2kxuArfxHrh5ymClboPHa7v5obMi
+4j+7bioP1oE45XnuR+bdUzknIsHUcvUseF7iq9N2d+OU4tZej/QXYkQ6f/EX14DQ8qy9eFxeFmr
dGUSZEilrLJaSCl/xyvc8YbtGP9w2TkJtfu32m+1pvpp1zYC+XMYyG82DpONBMmYtC22EkVbFMuT
wqusWikF14qhUBl5xhQD1m9QomukLJoiQOO9NZjg5DY/q+tIBUupH+LaeXK28kMIg9BbOfb1vnAW
3UQIaUh3tO1iP4PLeUR0vH9kKhp/lIUcSbz30x8/RZtNOatM2qH0cSoSoW37Hrda8nmXDm/7j9WF
aEGgDeLo83Rn9IUaOJodKBa4PlyApree8/Cr+ohDM62CjT3U2aqIBcv9CuWcZDqIp1eCdWtW0GSx
SwY1GcXZNykpT4cpHndGF+hvG8L/zYS/1Mo78mhRiiQ3pzysoB9S++ExBLizbuaMmxk++BcJ6VGN
j/OYJIXMbHIBJtPlIVnJmHG1qLq9Bn1VOMLk6XQT1NRdnh3B27p0DAoM4M5SviBfk7pFIMDUhH7v
OTC+s39li3krK6MUONHIfjq8MSvi1chjnA45w0TFJUdagE8XHpxONG8WqXz4zyalZhRK2ERV5d+3
kxOZk3WmEZMGm17jEcu9dnNwexmKE8QHqayL0NKMFMzDbqrZU67yvSG2l/3KowPMGWKAb5/hfuMN
2TV2qObZE69RiIJrB71f2EMW9mgQmEkiXPSLay6TLLJu12NNAReLe8iNJz9c37BWSEAoKhlQ8qtr
b6xcz230WFMNQga17MorV6NP9l6tu9l79Y5IXfTeYJVjEdrsgJfYhxie4WFNjbIqSiAuRo7egSvs
P+t48b5rCTMOKn5dk45gU6s36ZpM3BrORmCYwtEjLRDbuKEMnSq+o3P1cL/xlAHXWWkfLQkr7LQO
2Kf6yCeU9PzK4G5YbdeAkRUrXxlov/YQ+3X91Gob93ARE6aiZryr/uRDQWWpccJEZbsI3Gx+apOx
IuGumM6FgfuY759uRCIRqHacrR8TYA1ZvRuYCZRi5qSpQFShexDdS9XiYb2E3giwG4Yqwl1/dqmB
Pb3mV3RWp+5l7w5H0HltlBL1YbOO39uWl2jObSM0TTlJvLORiER+nbSwC2+8seWY5KER37/rWvgc
Ddq1g08Zb7pLPm8utBZGzE9McMjh47yFrgiiu8gk7c/LN3BFQcMdImaPy9k93N+Fv6ROR1Y8PSS2
2yuwNOTzju1SIl0jFUN7NyRsEA8QFVpkB60PVuDO0ns5PDVFNOtz9lQ/PmkBiFggiBNvqTUeS6n8
1DGW+CglyJ/dHRcjmnDWSGAZTz9afr2PxrhpcwN+iv95HC7W4nvKsgFS0GGRsePWFM2GApDJeR20
VqCry1DID2qZivV5w6LXb+i+yOJ2rOl76VlMmxCj8IkvuHZ9XIlUTWo1iunmme7mEIe7tzn1JXFZ
6o1dVQGvpSZwd5fBHNnwQZmZnfqY5vEjJdP8Lnnrm7Yi+NGeGgC6pMBMKVy82Eob6lV63emd+u8j
3W+tph/r7lODvKCxcW5YxjtJlPVDqq2xLX7AECHqG/4mP3/Db4Lx61JbwNiZMhHZ2rCTaBWeu5fi
8MC8vv4aufLvbqdBpS2XFOi6MCk5q+z1jNn3vf02yWdpFEXYoc7OCJeeqYOm+hUrJlikr4SiAfEO
ZZDioFiD+Hp15kDCxKn6Rt19CFBllGtT77ylKgNy8nlHwMAzx+oy3byc8gdzafoJPHmcluN8El7P
D49HTtLj6IKh+otIZczHMP/svN9Nj7Z31/x6VIB1MM3i3hPe1UF8fIUKbPo3JGexoVNQLFL7NlMG
GJDz5UrWDPdfD2CHHZKNMx5vlB6SdlarWMSvkX0L41AQtXysbpzDPVvxveWUnJdP00iUGsI1IHbY
CkD09d8JzlMDKiqVpmtTcb610c76hv4Vowl0xYnEjadOmo/8omlf7ATG1KmrZrnZsDpeaQ4bRDa7
jvyNABfcQ0qNXTs8Of3qeRV3XIOE9zLnYhA0MK1BCILHjw5qQSjkWfB5TIen1Lqvskoh6hzN+TvB
TUbqOE6r6he6kauJTVtJusa18rNNyWiX+QOkDiUZpa5iQIlpcxybHQThQTjvghl5slBtnoLSNLsv
5TNkHgJMljETPzNBb9Wib6vNk7rNbCdFtio4OmqCne+vwqaT1W6lo/F0zlJ6UkaH5Xf9KdS+RDau
xQZgCcWuewP17ttqmBCzMoNKFcSliD7f6cLUNw6/nqeWqkGJ6HxJbdopJwqyh6+rboO487y1cO05
RSl3IKaZaQqtM9/MlMCbA84Bni/dPzBU+qxIMsoOj989Y6EAsaXAl0Bc2zslMXE7sJ/906dmMoMH
TBOn2WnGTiiT23Z6WEo2Sn+lmrT+SLATyy4wWKJEro0Dz5HMk6BRMxeXcIonhMFY6Z+kv7KZ07vQ
0iX01PlkuwhDhmII3UEJBvgmKiXNYJ4xTzs5/ej4m4pQpOA/FP8onTp6gCgWnqrgLA1+H7T4ft7n
n50zkyE3w3dHucpIEBcCGx7RKD0UPIXcTr/8SahrmabNd7anV51DvRCfxZLIkXwX1fc/BCxcmogd
X52qn9Thmo4tWafkrsnPMmjoWNHE7fd74FR86l8WK+d5bufNoVrTH3TPWZRmdAeOErewNC7qhSH6
4HJtMVMnpnufUEkEASxERzqD1BMvfFetGh3QW/UV4S8JSNLmZ5q5Y5MLQQqjZ78NCGuwFkDNVm4w
9ayOFjeTPumjszWMCF46JTt4OWI=
-
Tuesday 11th July 2017 17:31 GMT wrangler
“You must ensure that these dark places can be illuminated by the law so that the freedoms you hold dear will not be stripped away by criminals your technologies have made undetectable.”
I don't understand the lack of embarassment that allows the expression of this inherent contradiction.
****
Turnbull's speech singled out Whatsapp, Telegram and Signal, asking why they should “be able to establish end-to-end encryption in such a way that nobody, not the owners and not the courts, has the ability to find out what is being communicated”?
This seems the argument of a police state, where the question in a free country is rather, "Why should the government be able to eavesdrop on private communications?" Scary.
-
Tuesday 11th July 2017 22:30 GMT PaulR79
Re: Top Failure is MS Windows 10.
“You must ensure that these dark places can be illuminated by the law so that the freedoms you hold dear will not be stripped away by criminals your technologies have made undetectable.”
When I fear governments stripping away my freedoms far more than any potential criminals and they don't realise this / don't care about this (delete as applicable) it's time to seriously look into as much encryption as possible without adding too much burden to myself. Nothing to fear, nothing to hide bullshit in the extreme.
"Trust us, we have your best interests in mind." If that were true the world would be a far better place. Greed rules, greed and power.