RSS
Twitter
Just To Be Safe, UK Government To Confiscate Cryptographic Keys
from the trust-us,-well-keep-it-secure dept
As new UK regulations come into force, businesses may be compelled to hand over cryptographic keys to the police force. The explanation, surprisingly enough, is that the government needs the keys in order to effectively combat pedophiles, terrorists, and any other public menace that a politician can dream up. Defenders of the actions say there is a difference between handing over the keys and being required to decrypt private data, but it's not clear why the key can't be handed over after the police suspect illicit communication. Besides, a centralized collection of cryptographic keys would be quite the mother lode for cyber-criminals to attack. Even if they're impenetrable from the outside, they'll be hard to protect from an internal attack (e.g. a spy). Should the regulations be executed, the big loser could be the UK, as companies keep important information and keys outside of its borders. As hard as it is to imagine, it seems a regulation designed to keep people safer from predators might actually heighten their risk.
Reader Comments (rss)
(Flattened / Threaded)
wow
wow
wow
wow
This is fucking terrible.
WHO THE FUCK THOUGHT THIS UP, THIS IS THE WORST IDEA I HAVE EVER HEARD.
DUR DUR DUR UD RU.
Jesus fuckign christ on a cracker.
(reply to this comment) (link to this comment)
-----BEGIN PGP MESSAGE-----
Version: PGP Desktop 9.0.6 (Build 6060)
qANQR1DDDQQJAwIOdpcZlLBRJ2DSWQE/hp3MzzU1KGi+94MU9vUVM2mKifsATh01
HvnvCNfHhiDgX3n92C1TJN83C U3v5V+e021QCZqsQaeXacqnJ/wRKmpLaiC41Bbo
lgxG3K2c9VIwzsDx7e2B
=hKZB
-----END PGP MESSAGE-----
(reply to this comment) (link to this comment)
Re:
HOW DO I READ UR MESSAGE ??
(reply to this comment) (link to this comment)
Re: Re:
never
(reply to this comment) (link to this comment)
Faulted reasoning
This says some important things.
Firstly it an admission that GCHQ/MI5 etc lack the computer capabilities and/or resources to crack everyday crypotgraphy. That means that PGP etc really is pretty good.
Secondly it is, on the face of it quite sensible. It places the responsibility for data with the data owner. Many companies simply can't manage their internal security (hell some can't even manage basic website security) so they place their keys in escrow. The law is designed to pave the way for forcing the accused to get those keys back not tie up police time and resources chasing rainbows.
The requirement is not an a priori arrangement as many people will assume. You don't have to hand over keys for all and any encrypted data you have. It is a measure to be used when a crime is under investigation not an open door to give the police unfettered access to company and private data.
But, it falls down on two points.
It creates a crime of not handing over the keys. There are many legitimate reasons to not have keys. Any good security policy rotates keys on a weekly or daily basis for non retained info. And why would you keep old keys, especially if you are up to no good? Thus it makes no distinction between well intentioned good security policy and suspicious behaviour.
It's based on the investigators assumption. There is no distinction between random noise and encrypted data. If the police come across a block of noise from a random wipe how are they to identify it? They ask the user for the key, and of course there is none, but then a criminal would say that wouldn't they. Thus, again, there is no technical way to differentiate between illegal and legal activity. One is therefore guilty of a crime (refusing to hand over non-existant keys) purely on the basis of an arbitary accusation.
In summary it has the usual effect of making those who are truly criminal but well informed safer (they will rotate and destroy keys for nefarious reasons) while exposing the innocent to greater chance of injustice and abuse.
Now I'll tell you, I know a few good cops. They hate this crap. They are overwhelmed, lacking in expertise and resources and completely befuddled by the technicalities and the laws. Most (all normal police but a few uber geek detectives) want to abandon what they see as a huge waste of time chasing technological evidence and go back to old fashioned methods of psychology and human investigation. That's how you catch criminals.
Which is why this law was obviously not created by the needs of criminal investigation. It is an admission by government that they powerless against criminals who use sophisticated methods and an attempt to change the burden of proof. They need to acknowledge that they have lost this battle and shift resources back into manpower where it can be effective (observation, infiltration, case building).
(reply to this comment) (link to this comment)
Citizens of the UK
People living in the UK need to put their government on a leash. Far too long have they allowed their government to get out of control with their policing policies.
(reply to this comment) (link to this comment)
Re: Citizens of the UK
But all the leader of major parties are Scots, and they have different laws anyway, so what chance do everyone else have. All they do is pass one set of laws in Scotland and a different set in Westminster, just like with university fees. the public won't act because too many ppl are ignorant sheep, just like in the USA or Aus.
(reply to this comment) (link to this comment)
Mein Fuehrer in London, we in the EU and US will follow you in the interest of harmonisation.
(reply to this comment) (link to this comment)
This Doesn't Seem Plausible
I mean, it's certainly plausible that government officials will be this stupid.
However, I don't understand why governments go to such lengths to punish the law abiding while those breaking the laws will just continue to ignore the new rules as well. Idiots!
(reply to this comment) (link to this comment)
given how laws in one country often turn up in another, I suspect it's only a matter of time before similiar legislation turns on in the US. Given the amount of stories I've read about government compromised systems, or occasionally sheer incompetence, I don't have to worry about terrorist and theives. The government is doing most of their legwork for them.
(reply to this comment) (link to this comment)
Nothing we can do except sit back and watch the world destroy itself.
(reply to this comment) (link to this comment)
Totally insane.
(reply to this comment) (link to this comment)
Why do you think AOL paid billions for Skype?
AOL recieved funding from the US Gov to purchase Skype to get access all all the encryption keys. Now the NSA can eavesdrop on all your skype calls too.
(reply to this comment) (link to this comment)
ANOTHER BRILLIANT IDEA FROM THE SAME MORONS WHO CONFISCATED MOST FIREARMS NOT IN CRIMINAL HANDS. i DIDN'T NOTE TOO MUCH WHINING THEN. YOUR OX JUST GOT GORED, HOPE YOU ENJOY IT.
(reply to this comment) (link to this comment)
Stupid and stupid
First, the idea is stupid because only people with nothing to hide are going to give up their keys. Everyone else isn't. So you're going to have access to the information you don't need. The poster above pretty much outlined all the reasons this is ridiculous.
Also stupid, however, is number 14. Hey dipshit...they never had guns. The laws preventing your average everyday citizen and/or criminal from getting guns came early...before guns were really common. Thus...NO ONE got guns, and they still don't have them. Criminals or "good guys" alike.
This obviously won't work in the US because we all already have guns, so only the law abiding citizens would be likely to give them up. Which would be kinda dumb. In fact, its almost the same thing as the crypt keys.
(reply to this comment) (link to this comment)
Re: Stupid and stupid
what planet are you from. crooks buy new guns all the time. its not a matter of it being impossible to get people to give up their guns--its a matter of it being impossible to get people to quit buying them. or quit selling them.
(reply to this comment) (link to this comment)
Re: Faulted reasoning
Well said
(reply to this comment) (link to this comment)
(__/) (='.'=)This is Bunny. Copy and paste bunny (")_(")into your signature to help him gain world domination. :D ._...|..____________________, , ....../ `---___________----_____|] = = = D ...../_==o;;;;;;;;_______.:/ .....), ---.(_(__) / ....// (..) ), ----" ...//___// ..//___// .//___// ................ __ ...........__.(__)..__ ..........(__)l.....l(__) ..........l.=.ll..=.ll.=.l.__ ..........l... .ll.....ll....l(__) ..........l.=.ll==ll.=.ll.=.l ..........l....ll.....ll....ll....l __.......l. =.ll==ll.=.ll.=.l l]...)....l......................l l....|....l......................l (......_. /......................l ................................l ...............................l ..... ........................./ ..._......................./ ...l.....................l
(reply to this comment) (link to this comment)
(__/)
(='.'=)This is Bunny. Copy and paste bunny
(")_(")into your signature to help him gain world domination. :D
._...|..____________________, ,
....../ `---___________----_____|] = = = D
...../_==o;;;;;;;;_______.:/
.....), ---.(_(__) /
....// (..) ), ----"
...//___//
..//___//
.//___//
................ __
...........__.(__)..__
..........(__)l.....l(__)
..........l.=.ll..=.ll.=.l.__
..........l... .ll.....ll....l(__)
..........l.=.ll==ll.=.ll.=.l
..........l....ll.....ll....ll....l
__.......l. =.ll==ll.=.ll.=.l
l]...)....l......................l
l....|....l......................l
(......_. /......................l
................................l
...............................l
..... ........................./
..._......................./
...l.....................l
(reply to this comment) (link to this comment)
(__/)
(='.'=)This is Bunny. Copy and paste bunny
(")_(")into your signature to help him gain world domination. :D
._...|..____________________, ,
....../ `---___________----_____|] = = = D
...../_==o;;;;;;;;_______.:/
.....), ---.(_(__) /
....// (..) ), ----"
...//___//
..//___//
.//___//
................ __
...........__.(__)..__
..........(__)l.....l(__)
..........l.=.ll..=.ll.=.l.__
..........l... .ll.....ll....l(__)
..........l.=.ll==ll.=.ll.=.l
..........l....ll.....ll....ll....l
__.......l. =.ll==ll.=.ll.=.l
l]...)....l......................l
l....|....l......................l
(......_. /......................l
................................l
...............................l
..... ........................./
..._......................./
...l.....................l
(reply to this comment) (link to this comment)
Add Your Comment