Departing MI5 chief: Break chat app crypto for us, kthxbai British spies are once again stipulating that tech companies break their encryption so life is made easier for state-sponsored eavesdroppers. The head of the domestic spy agency, Sir Andrew Parker, demanded that companies such as Facebook compromise the security of their messaging products so spies could read off the contents …
Okay, fine. I'll accept that if you accept that the front door to your house and to the houses of all top-level government officials, including the Queen, can be opened by a special button "only known to the authorities". That button also disables all alarms.
Deal ?
No ?
What a surprise.
'No-one employed or commissioned by HMG engage in, or faciliate, bulk data collection in the UK'
That doesn't rule out the NSA hiring someone who worked for GCHQ until last week, and will go back to working there next week, but currently is 'unemployed'. (Much in the way that the CIA employed U2 pilots who'd 'resigned' from the USAF, and were therefore technically civilians).
This 'non-GCHQ' worker then helps the NSA do some bulk collection, the results of which can of course be shared with the UK via 5-eyes, but in this scenario no-one currently employed by HMG has done anything.
The head of the domestic spy agency, Sir Andrew Parker, demanded that companies such as Facebook compromise the security of their messaging products so spies could read off the contents of messages at will.
Well, there may well be something to this. If Facebook is found to have breakable encryption, then likely fewer and fewer netizens will be tempted to drink the Kool-Aid use the "platform" for ... well, anything. This could conceivably starve the Beast of sufficient oxygen, resulting in its collapsing from its own largess.
...
What am I on about? No -- even that lofty and worthy goal is not worth the risk of allowing any government back-door access to encryption on any platform.
It was a nice dream while it lasted....
If global trawling of communications applies to members of the public (regardless of whether those communications are of a private or business nature) it should also apply to all private and official communications by government officers including those of the security agencies.
It is a fundamental principle of our laws that they apply equally to all persons.
Or is it?
UK spies are not doing bulk surveillance
One doesn't need to whenever effective targeting of certain prime and primeval assets of international security interest deliver the ability with facilities and utilities to ensure guaranteed future stability. Are MI5 excellent in that field?
Sir Andrew is stepping down in April, along with National Cyber Security Centre founding chief Ciaran Martin, whose service ends at some point this summer. Both their replacements will be appointed by the current government.
Appointed by the current government maybe but chosen by secure secret ballot of peers one presumes, for who else are as well equipped or better qualified? One of their own highly respected and considered awfully awesome would certainly be a Popular Sterling Stirling type choice. :-) You know, somebody who might actually know what the fcuk is happening and what to do about with all of the tremendously sensitive and explosive assets now freely available to spooks and straights alike for anywhere everywhere.
Who/Where/What do you imagine best placed and Top Secret Equipped to handle and deal with such Sensitive Compartmented Information with particular and peculiar attention being afforded for comment on just these two for now ......... Military Intelligence Bods or Cabinet Office Bots ...... Latter 0Day Cowboys and Injuns into Playing Advanced IntelAIgent Roles with Post Modern Saints and Sinners.
To the Victor the Spoils :-) ......which Certainly be Always All Ways Hellish Heavenly Delights when most things are done almost perfectly right and hardly ever wrong. Travel that Path Diligently and Just Dessert Rewards are Endless and Almightily EMPowering and Stealthily Surreally Supplied and Applied
So, .... now y'all know what some folk are up to and busying themselves and others with. The difficulty one might have, because it is a simply made mistake to ponder on such as a problem, is a dogged and aggressive disbelief ...... which is akin to a certifiable madness whenever one does battle against something which you believe to be not there and/or out there.
> He told the broadcaster: "We do not approach our work by population level monitoring – looking for, you know, signs of: 'Out of this 65 million people, who should we, you know, look a bit more closely at?' We do not do that."
I know it's a different agency, but the announcement that cops are going to start engaging in widespread face recognition makes this assertion seem rather dubious.
Well of course it's so much easier if instead of investigating a crime, arriving at a suspect, and determining that said suspect did the dirty, you just work on the basis that everyone is a criminal.
Then it's just a case of deciding who is guilty of what.
Remind me again - isn't the rationale for a police force supposed to be that it polices by popular consent?
That 'lawful intercept' backdoor that hardware manufacturers have to put in as part of the 5G standard which is causing the current noise about a certain Chinese company should tell them all they need to know about forcing weaknesses and backdoors in systems.
Total bollocks that its not about mass surveillance and data mining for juicy shit. Real criminals they can and do get warrants and such to investigate properly. This is just for mass surveillance and everyone knows it.
... try again. In language even a politician should understand.
Question (yes or no): You technical folks. Yes, we know 1+3 must equal 4. But surely you can come up with a clever way to make it equal 7, or maybe 2, so long as we produce a warrant? Oh, and only for us - everyone else gets 4. OK? Thanks.
Crypto. It's mathematics, not a debate, or a vote in the house.
Dear Home Secretary,
https://www.theregister.co.uk/2020/02/26/mi5_chief_itv_interview/
"Current UK home secretary Priti Patel is firmly anti-encryption, with
the social conservative having banged on about paedoterrorists shortly
after her appointment last summer."
I run Linux. It comes fully loaded with all sorts of encryption stuff
and I can apt-get even more of it should I really care.
For less hardcore paedoterrorists this sort of stuff is also available
on the Interwebs assuming you have the right #hashtags.
https://gpg4usb.org/download.html
There is no need to use the encryption available from popular online
platforms and you do not gain much from asking them to cripple it.
No doubt any backdoors you care to introduce will rapidly fall into the
hands of undesirables.... such as the [HUGE COUGH] Israelis.
Don't mention this to Sir Andrew Parker. He used to work for MI5 and
apparently they don't trust you.
HTH
Faithfully
https://www.gchq.gov.uk/information/national-technical-assistance-centre
Whilst the underyling interception is done by GCHQ it's still often the security service seeking and obtaining the warrants that underpin the spying. He may claim that MI5 isn't interested in bulk surveillance, but who'd care to bet them and their warrants are still quite happily taking advantage of it?
From their homepage:
The National Technical Assistance Centre (NTAC) is a government unit made up of staff from a range of backgrounds. It is responsible for the lawful interception of communications on behalf of law enforcement and other agencies, as well as recovering data from seized media. NTAC also offers technical advice to government and industry on interception, data recovery, and digital forensics.
[...]
NTAC does not apply for interception warrants in its own right. Rather, it manages the delivery of intercepted communications to the agencies that have a lawful authorisation in place to acquire them.
So in this instance GCHQ is often little better than an extension of MI5, and doing their bidding.
So GCHQ do dragnet surveillance of everybody (I thought we were innocent until proven guilty?), and it had been revealed some of them were perving on peoples private photos, and yet the spooks seem to be surprised at the determination to keep everything encrypted?
If you guys obeyed the law, and treated innocent people with the respect they deserve, you wouldn't be getting such a reaction. It's your fault, and tough. You can't deinvent encryption.
Perhaps you should start investigating crimes the old fashioned way, and stop acting like "Big Brother" is an instruction manual.
@Jamie Jones
"(I thought we were innocent until proven guilty?)"
Well, they did sort of get rid of that, but they worked out they're safe anyway. "We hereby define the proof of guilt as the absence of proof of innocence. Since nobody can prove they're innocent, everybody is therefore guilty! Guilty as charged! Er - as soon as we think up some charges!"
MI5, MI6, GCHQ et al are gonna do whatever they're gonna do. Regardless. But why so much time, effort and focus on breaking encryption and "authorities" only back doors?
Far far greater benefits to joe public would come from old fashioned policing. Anyone for Pizza? How hard can it be for plod/authorities to read a business card and make a phone call? The criminal comes straight to you, within minutes, along with the evidence.
https://www.bbc.co.uk/news/uk-england-leeds-51237885
Easier than Pizza, or a fast meal, at least using those services you don't get inundated with :
1) would you like to make it large Sir/Madam/They/It/**********
2) would you like additional toppings on it.
3) a queue of people at the counter demanding that staff search through the whole sack of figurines for that one elusive model because "our little brat TallulahDeLacy" already has this common figurine.
More importantly, they'd have to accept some level of transparency and accountability in their own actions. Given that even their tame secret court finds against them whenever there is an inadvertent disclosure of their activities, I can't see them clamouring for greater access to their own messaging.
They're supposed to represent us, not themselves!
If anyone should have their encryption broken, it should be the politicians
As soon as it becomes clear that FB, GGL, MS, APL or any other web service has given a backdoor to TLAs, I'll find that backdoor and give it to all my really good friends!
And that old Sea Hunt, Parker, he can just fluff off!
To be honest, regardless of what Facebook/Google/whoever say about their encryption. And what the spooks say to (outfits whose day to day job is using disinformation to achieve their end goals ....). I would only put data through the pipe that (a) I didn't care could be read; or (b) I had previously encrypted OFF the device sending it.
Any statement from the security services should be furthering their agenda - which in this case would be that they HAVE cracked the encryption, but by pretending they can't (and playing all sorts of games with courts and the like) they are luring the less bright bad guys into a trap.
And in any case, even being able to decrypt to plaintext is of limited use if what you then discover is something that makes no sense - like some sort of book code.
Good plan. In fact that should be made a condition of trade talks with the US. It's important the UK demonstrate to the US they are “sovereign equals” and will need to play by British rules. I'm sure Facebook, Google and Amazon will just roll on their bellies once they see that stiff upper lip.
Society these days is filled with fake news and idiots on Twitter, Instagram, Facebook etc putting forward memes etc that influence people. Did Joe, down the street post that, or was in Putin? No way to know thanks to encryption and "privacy" standards - they are not protecting you and me, that are enable us to be secretly attacked and influenced ... "Hello, this is your bank calling, your account has been hacked and you need to transfer your money to a new account immediately ..."
Yes, society would change in massive ways but think of a world where there is no encryption, we would all have to be honest and nobody would think that they were safe because their password wasn't written down and believe that they couldn't be hacked. TRUST would become the most important thing in life, not encryption, nobody would discuss their bank account details in the pub or via email because everyone would know that it wasn't secret. There is a positive effect to this.
> think of a world where there is no encryption, we would all have to be honest
You and I might, but not those in power. A world without privacy is a world with a huge power differential. Plebes like you and I wouldn't be the ones on the positive end of that. We'd just have to suffer from the resulting tyranny.
> TRUST would become the most important thing in life
What little trust still exists would be utterly destroyed. If you can't have confidence in privacy, you can't trust a great deal of communications with others, so such communications would either stop or consist only of things that people think won't offend those in power.
@Version 1.0
"think of a world where there is no encryption"
Um, no. I'd really rather not, if you don't mind. Encryption is just math. So 'think of a world without encryption' really means 'think of a world without math' (I'm going to put encipherment on one side for a moment). I'm afraid the implications of 'a world without math' are, I would suggest, far more horrible than anything encryption may bring. Not, I mean, a world 'where nobody knows/ has invented math'. A world 'without math'. Heck, it's hard to see how such a world could exist at all - but I'm not going to even try. Ewwwwww,
....because the backdoors in Cisco (and telco and Huawei and Jupiter stuff) are spewing out stuff THAT HAS ALREADY BEEN ENCRYPTED by who-knows-who!
*
But then, some of us have already decided that THERE ARE NO "GOOD GUYS".
*
So....here's a retirement message for Sir Andrew (no backdoors needed!):
*
0V4x0vTR0W5Y0V2E1fQL0PLH1EK10mqo0M5R1SOy
0kXT1LKd1WSq08Az0huU0AaK0HX910Tt0R1P1Tcw
1X8J1Ab21Afx0Nl20czN15iq1Qhe17FJ0v921X2m
0DNC007m1ibm0Z2g1gBA09HS07I50$=i0Odd1W$I
0cTN0ri80wLx1Y$40gap0pCI0FTr0xSc05jN1Z4V
0hkH1Yu=0w9i02EK023B1i5v1f6R1SbX00DK0=SV
05zh0Efv05420tKZ00ef1XFV0Z0W1Ik$0tDO08as
03O$00Uj0uDZ0Y5v1i9e135C0Gim1Mip0ma106Ih
0gUx1k0N0mM80INz1B3N1YEu1PMo0XV20c6E1lJW
0EiA1Bq30cBd1LlN07VW0f1H06pF0VrG01lE1P7k
0VkJ1B3S0HK20hbm1DF70dZI0QNZ0dm50ymZ1JDD
0C4Y0mbO0AHC0X9z0UxJ1ieR1W9=198B1aaH11IY
1fyZ0ESH1g$N1S7v0W7Q1EXt0V280FrI09bg11vD
1mXo0lTh1Pn010IB0Mu31ZaV07LQ1WXU1Hf71Yyh
1S820bac1lB40GvK0Uvx0pHE1P9V1Am61GLD02DE
1PHZ0xyS1IJN1OkA106x1Z3s1WOM1CIQ1m1T0a7Z
0LrT0Ila1UXo1aO3088P0R191UoQ0sfj071U0Vqp
19vk1j7A0lVw1lrD17Go1fHg0FXU0VfP0g6S0ILE
0Yco172k0sFb0UEu1HZ51b=v0ZYo1e8y1XZ50X=A
0FwH0C7M0okr0uwA0pFQ0F420K051Bl81aKS0nFC
0gkA1Qje1dOp09jH1QnX04280WJn1Rer043G0bPD
1hTB0xrf1S9T1EdQ1gn90Qzc16lC0VJQ1DBJ1T0E
0AwC18Ap1MoY0zY703Gw0SVS0ntQ0fZD1JLa19zX
0v8V0jEE1aOG0jMh04yG0khf0Kco0s18
*
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
