 You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
[url= http://www.pcworld.com/article/3194910/encryption/uk-seeks-end-to-end-to-end-encryption.html ]Big Brother is watching you![/url]
Does this effect the day to day lives of others, or only those wanting to use the encryption to hide things?
Not sure how effective it will be. Even if the govt make whatsapps etc add in a back door, and there are no other services that spring up in its place located in a jurisdiction that the govt has no powers over, there is nothing to stop me (or anyone that knows a small amount about data security) encrypting a file/txt/comms/whatever myself and emailing it to someone.
So anyone up to no good will just stop using the services that have backdoors built in, and either encrypt their own comms, or just use a service located in a different jurisdiction.
or are they planning to make any encryption without a backdoor illegal to supply and use?
^ Did the US not put a ban on the export of strong encryption software?
^ Did the US not put a ban on the export of strong encryption software?
they restricted key length of ssl in the early days, but now (since 2000 ish) you can use whatever key length you like.
https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States
Anyone with the nous and something to hide will use third party software encryption before any message transmission, so much open source stuff around and any amount of very good source code.
If Big Brother is watching me he must be very, [i]very[/i] bored.
So every company that accepts credit card payments has to put in a backdoor for the security services to get those credit card details if they wish.
Why wouldn't every criminal organization in the world see that as a massive invitation, that Britain is open for fraud?
Lovely more erosion of civil liberties based on teh terrorists and teh paedos. Won't somebody think of the children.
Anyone really up to no good can easily encrypt their own stuff. Hell they could even set up their own privately encypted messaging service if they really wanted to.
I look forward to reading the explanations of how this legislation will work with SSL, HTTPS, VPNs and other normal every day things that absolutely rely on secure end-to-end encyption. Not to mention the difficulty of getting foreign companies to comply to UK law.
[i]*awaits post from jamba saying he applauds this and since he has nothing to hide he is quite happy to transmit all his credit card details in plain text*[/i]
They've obviously not thought this through. Communication doesn't have to be electronic, a one-time pad is totally unbreakable.
But more importantly I consider it a basic human right that the government can't snoop on my personal communications, even if they are boring and innocuous. I shall continue to use a service which provides end-to-end encryption and particularly, one that refuses to comply with this pointless rule once it becomes law.
Not just credit cards oldnpastit, the banks too. Only a mathematical dolt and techno-dunce could recommend such a thing. Way to break the financial system in the country.
Where are the grown-ups in government?
[url= https://www.theregister.co.uk/2017/05/04/uk_bulk_surveillance_powers_draft/ ]More here on the register[/url] (As usual the comments are worth a read).
They've obviously not thought this through
This is Amber Rudd we're talking about....
a one-time pad is totally unbreakable
Then they use the rubber hose method, its quite effective!
The big this with this new law is it seems to clash badly with data protection laws and banking regulations. Every week we see some government agency/company fined for losing unencrypted data. Now the defence is going to be "but encrypting it is illegal".
It's stupid on two levels.
1) The "nothing to hide" argument is mince. Everyone has something to hide. Their bank details when they use Internet Banking; their credit card details when they buy something online; their password when they log in to websites; access to their internal corporate network when they VPN in to work from home. If you were to ban encryption, the online economy in the UK would collapse. It's like saying criminals lock their front doors when they go home so let's ban locks. Far from banning it, end to end encryption should be mandatory.
2) The genie is out of the bottle, the technology is in the public domain. If you magically removed all the existing tools tomorrow, it'd be trivial for someone with half a clue about computers to spin up something to do the job. Encryption (albeit in more rudimentary forms) has been around for millennia. You can no more ban encryption than you can ban French.
Oh yeah, and, this legislation is being aimed at ISPs. If they think an ISP is going to be able to do what they're suggesting, they've missed the point of END to END encryption. Stopping "man in the middle" attacks is the entire point of E2E encryption, and sorry ISPs and Mr The Government, but you're in the middle.
They're not banned e2e encryption. They're just saying an ISP or telecoms provider can't provide it or must have backdoors.
If you as a user encrypt something, say your browser uses a bank's public SSL cert to encrypt your online banking, and [i]then[/i] transmit it over your ISP provided infrastructure, it's perfectly within the new laws. The bank with their private key are still the only people who can decrypt your information.
The NSA/GCHQ are good, but they still won't get though a 2048bit RSA key.
What this does mean is things like standard telephone calls from mobiles are vulnerable to eavesdropping. Not that they aren't already.
What this does mean is things like standard telephone calls from mobiles are vulnerable to eavesdropping.
Been vulnerable from Day 1, GSM over the air encryption was watered down after pressure from Governments wanting to eavesdrop.
They're just saying an ISP or telecoms provider can't provide it or must have backdoors.If you as a user encrypt something, say your browser uses a bank's public SSL cert to encrypt your online banking, and then transmit it over your ISP provided infrastructure, it's perfectly within the new laws.
last time i looked whatsapp wasn't provided by an ISP or telecomms provider, so shall we just assume this is another way for rudd to demonstrate her ignorance?
Backdoors are accessible by anyone, not just the good guys. Here be dragons.
End to end encryption has been around for years, just not as prolific. PGP plugins to Mozilla are getting on 20 years old.
All this will do is alienate the innocent while not making a dent in the bad guys. We already know terrorists don't use end to end encryption in many cases - burn phones are just as effective a lot of the time.
An internet police force is what you need to combat online crime.
last time i looked whatsapp wasn't provided by an ISP or telecomms provider, so shall we just assume this is another way for rudd to demonstrate her ignorance?
The way it would work (I imagine) is that if Whatsapp want to trade in the UK then they have to play ball.
Whatsapp is owned by Facebook, so I would think it would be quite easy for a government to exert pressure on them, by way of their finances.
Pretty obviously terrorists using PGP won't be affected, and criminals will be able to use these backdoors to harvest vast amounts of data for themselves. And corrupt government officials will be able to spy on their ex-girlfriends (yes, this has happened).
They're not banned e2e encryption. They're just saying an ISP or telecoms provider can't provide it or must have backdoors.
I can't offhand think of an ISP that provided E2E encryption in the first place. It's client to client by definition, n'est-ce pas?
The way it would work (I imagine) is that if Whatsapp want to trade in the UK then they have to play ball.
And then the terrorists sack off WhatsApp (assuming they ever used it in the first place) and use any one of a hundred other apps. Or write their own. Or VPN into www.allahkaboom.com first.
Ultimately, anybody who thinks this a useful power, and will do anything but make things less secure for innocent users doesn't have a clue about online security. I'm not at all surprised by the current government introducing it.
Bit of an odd one, that technical doc. It only applies to providers with over 10,000 subscribers. Also, though, it specifies recorded post can be intercepted.
Cougar - Moderator
...You can no more ban encryption than you can ban French.
And before we had computer encryption, messages were being encrypted by being passed in plain sight. Just think of the messages being sent home from PoW camps, or passed through the govt censorship programmes in WW1 & WW2.
Or even by telegraph - my favourite is "peccavi".
This is absolutely laughable. Who let the children loose in the adult's domain? Personally, I run a trusted VPN on all my devices as I like having my data to myself. Also, I love how the focus is on whatsapp like it is the only "encrypted" messaging service (whatsapp's encryption is bobbins 😆 )
How do they go about getting the data from diy disposable VPNs?
*slow claps*
Sounds a bit like Trump setting up a task force for something or coming up with an ISIS killing plan, it's about headlines and looking tough, who cares about the implementation or that it is completely useless as a law you have to be seen to be doing something...
[quote=Cougar ]you can ban French.
You're negotiating for Theresa May and I claim my soapy tenner
I suppose that's it mike - most people have no more idea about encryption than the government do, so it looks good to them if they're fed the right disinformation about it.
I see it as a pointless waste of time and perhaps something that allows them to say 'look we're doing something'. It isn't going to make banking or other e-commerce type activities less secure. It won't allow them to catch terrorists.
I agree with the 'if you've nothing to hide ...' argument though. From the article "Its requirements will apply to ... the operators of cloud-based messaging services and social networks". Whilst data protection is an important part of my job (in education), these laws would not be applicable. Nor would they be to people talking about signing in to company VPSs or banking or other information that actually needs to be secure.
I remember when TM started with the enhanced snooping powers, if you're not happy send an email, doesn't matter who to she gets them all.
I agree with the 'if you've nothing to hide ...' argument though. From the article "Its requirements will apply to ... the operators of cloud-based messaging services and social networks".
Nothing to hide also has nothing to do with an individual's right to privacy not just from the state but from other groups who would like to access your information. Perhaps Macron and Clinton have a bit more to say on this?
Clinton's a poor example as she has huge amounts to hide. I take the point though.
Hide from who? What would turning over most peoples corporate and private commercial mean? To friends, family colleagues and customers. How does what you have change your rights to privacy?