UK's Snooper's Charter Includes Mandatory Backdoors For Encryption
from the crypto-wars-move-overseas dept
Remember earlier this week when we mocked the silly reports claiming that the UK government had “backed down” on its demands for a Snooper’s Charter. As we noted at the time, it did not appear they were backing down at all, but pulling out a bogus publicity campaign where they decided to “ditch” some absolutely crazy ideas that never really would have been included in the first place, but still leaving in plenty of terrible ideas.
And, now we know that includes mandatory backdoors into encryption — a stupid and dangerous policy that will directly put UK citizens at risk. While, thankfully, those pushing for crypto backdoors in the US have realized that it’s a politically untenable idea, the UK’s new “Investigatory Powers Bill” has gone in the other direction, and will mandate encryption backdoors and ban any encryption offerings where there is no backdoor for law enforcement.
Companies such as Apple, Google and others will no longer be able to offer encryption so advanced that even they cannot decipher it when asked to, the Daily Telegraph can disclose.
Measures in the Investigatory Powers Bill will place in law a requirement on tech firms and service providers to be able to provide unencrypted communications to the police or spy agencies if requested through a warrant.
UK Prime Minister David Cameron and Home Secretary Theresa May will undoubtedly make a big show of this over the next few months, claiming that they need this to keep the public safe, but that’s a load of hogwash. Backdooring encryption does the opposite. It puts everyone at serious risk. It’s a technically dangerous solution by technically clueless people. If there are backdoors in encryption you are opening up a massive attack vector for those with malicious intent — and that doesn’t even get into the question of authorities abusing such powers. This has been explained over and over again, and it appears that Cameron’s government simply decided to ignore all the technical experts and go with a “but they have to!” approach.
If you recognize the long history of governments using surveillance powers for nefarious reasons this should worry you. But even if you 100% trust the government, this should worry you, because what they’re asking for, on a technological basis, is to make your information significantly less safe and much more open to hackers and online criminals.
A Home Office spokesman said: ?The Government is clear we need to find a way to work with industry as technology develops to ensure that, with clear oversight and a robust legal framework, the police and intelligence agencies can access the content of communications of terrorists and criminals in order to resolve police investigations and prevent criminal acts.
?That means ensuring that companies themselves can access the content of communications on their networks when presented with a warrant, as many of them already do for their own business purposes, for example to target advertising. These companies? reputations rest on their ability to protect their users? data.?
This belief that law enforcement needs this information to do its job is hogwash. For all of history prior to this, people have had methods of communicating entirely in secret, and since the dawn of civilization it was still possible to track down criminals and conspirators through traditional detective work. This belief that the content of these communications is absolutely necessary would seem to suggest that UK law enforcement is currently terrible at doing its job. I’d like to believe that’s not true.
The big tech companies may now face a pretty big fight in the UK. Over the last few years, they’ve increasingly ramped up their efforts to provide more real privacy solutions that can actually protect your information. The UK wants to send things back to the stone age, and that’s dangerous. Hopefully, companies like Apple — which has made a big show of pushing non-backdoored-encryption — take a stand here and refuse to give in. And, other tech companies that haven’t been quite as vocal, including Google, Facebook, Microsoft and Twitter need to speak out against this, potentially to the point of threatening to pull out of the UK if the government doesn’t adjust its policy. Without such a strong threat, it seems unlikely the UK government will recognize just how much danger they’re putting the public in with this proposal.
Filed Under: backdoors, david cameron, encryption, going dark, snooper's charter, theresa may, uk
Companies: apple, facebook, google
Comments on “UK's Snooper's Charter Includes Mandatory Backdoors For Encryption”
Pick ONE
“That means ensuring that companies themselves can access the content of communications on their networks when presented with a warrant, as many of them already do for their own business purposes, for example to target advertising. These companies’ reputations rest on their ability to protect their users’ data.”
I can only assume that the person who said this either didn’t give the quote in person, or has the most amazing poker face in history. Forcing companies to be able to hand over private data, warrant or not, does not enhance the reputation of a company for protecting their users’ data, it eliminates it. The UK government’s actions here are directly undermining the reputations of the various companies, simply so they can sate their voyeuristic fetishes.
Hopefully companies like Apple — who have made a big show of pushing non-backdoored-encryption take a stand here and refuse to give in. And, other tech companies who haven’t been quite as vocal, including Google, Facebook, Microsoft and Twitter need to speak out against this, potentially to the point of threatening to pull out of the UK if the government doesn’t adjust its policy. Without such a strong threat, it seems unlikely the UK government will recognize just how much danger they’re putting the public in with this proposal.
It’s not just that they should, but rather they have no other choice. If they give in here, if they pick the choice of the coward and stay silent, or issue the ultimatum and don’t follow through, that’s it, they’ve lost. And not just in the UK, if they allow mandated broken encryption in the UK, every government is going to be demanding the same ability, and the companies will have no choice but to comply. They either stand their ground here, refuse to give in, or cave entirely, everywhere.
The UK government has issued it’s challenge, now to see how many companies are willing to call their bluff and stand firm, and how many will fold when pressured, showing all their previous protests to be nothing but empty words.
Re: Pick ONE
Apple and Google and others might. Facebook, run by sociopath Mark Zuckerberg, will cave because this provides them with perfect cover to sell even more user data than they already do. (When asked what’s going on, they can simply shrug and say “we can’t protect it any better”.)
Re: Re: Pick ONE
Facebook, run by sociopath Mark Zuckerberg, will cave…
“Cave” suggests that it isn’t what Zuckerberg actually wants.
“Rejoice” would be a better word.
Re: Pick ONE
Re: Pick ONE
PArt of me would love to see this come into law and see the UK citizens AND the government (indirectly via money loss) being utterly screwed by it. Nothing against the British themselves but it would be a powerful example on how to shoot your own feet.
What I’ve been reading has been saying that this only applies to UK companies.
Re: Re:
Because the UK would never say ‘If you do business here you are considered a UK company.’.
Neeeever.
Re: Re:
Unlikely, as the other AC notes they’ll almost certainly take the stance that any company that does business in the UK is a ‘UK company’ with regards to having to comply. It’s possible they might try and force UK companies to comply at first, and then assuming that works, they’ll then turn their sights on non-UK companies, but I’m guessing they’ll try and force broken encryption on all companies from the get-go.
However, were that not the case that would just make this move even more idiotic. UK-based companies would be forced to break the encryption on their products, while companies based in other countries wouldn’t, giving a huge boost to those non-UK companies.
Re: Re:
Well, there’s your first problem – define “UK company”. Most of the examples being talked about are US-based companies that happen to have UK local offices, and many companies that service the UK don’t have one at all. Do you block companies without a local presence from doing business, or do you place any company that does so at a great disadvantage with those who aren’t subject to such a law?
Re: Re: Re:
You demand compliance with local regulations as a part of doing business in the country, grandstand on the global stage for a few weeks that ‘x’ company is a horrible devil getting a free ride on their economy, bring the corporation up on fines, technicalities and potentially lawsuits through a local biased court system, and after about a year or two of getting nowhere, walk back on the entire thing as people simply not understand the world they live in.
Obviously.
Re: Re:
Re: Re:
Hopefully if it passes the non-UK companies will halt operations immediately in the UK. That would be a beautiful start for the demise of this idiocy if it actually passes. The rest would be major damage to the finances as a whole once ill-intended ones inevitably find the doors and proceed to abuse them.
Re: Re: Re:
Are there any phones made in the UK? Almost certainly not.
Are there any phones made by the UK branches of global countries? Almost certainly not.
Are there any modern smart phones built that can’t have their firmware/software flashed? Maybe, but not mass market.
Re: Re:
Presuming they get UK specific builds put onto the phones, your average consumer will end up with a device that won’t be secure.
More cautious people, including the criminal sector, will flash a secure build and still be encrypted.
So who’s being protected by this, and who’s being put at substantial risk?
Turing is turning over in his grave.
The UK wants to be a logic-free, mathematics-free zone.
Because terrorists.
Re: Re:
Because nanny state.
Re: Re: Re:
Because the government has met the enemy and they is us.
All this must be doing wonders the sales/downloads of personal VPN encryption tools. I don’t have much worth spying on but I have started using more secure methods as a direct result of their policies. I wonder how many others are doing the same.
Re: Re:
Re: Re: sorry... I actually had something to say
As for what might be ‘worth spying on,’ I think the bullies are trying to convince us that, if we’re doing nothing wrong, then we have no concerns (think of the scene where the controlled Minister of Magic in Harry Potter is saying the same). However, it’s not the particular activity that is worth spying on, but that you might be communicating any activity at all. Let’s say that the ‘geniuses’ have mandatory backdoors put in. Only a fool will think that those backdoors will remain secure. It’s a matter of time that others crack the locks to begin collecting data on the average people. Such data could sadly be misused to plan something bad.
If our governments actually care about our safety, they would start requiring encryption, funding improved encryption, and taking action to fine those that do not use secure encryption methods. If our safety really mattered, we would start to have security standards required before someone connects to the Internet. Our anti-educated legislators need to understand that, if our software has weaknesses that allow them to access our information, then those weaknesses are also usable by those that would do us harm.
Re: Re: Re: sorry... I actually had something to say
if our software has weaknesses that allow them to access
our information, then those weaknesses are also usable by
those that would do us harm.
Even further: These weaknesses will not only used by criminals to do harm to people, these weaknesses will also be used by adversaries against government agencies and critical infrastructure
Re: Re: Re:2 sorry... I actually had something to say
I look forward in breathless anticipation to all the !@#$storm of lawsuits and regulatory failure this policy will cause to be tossed out, beginning as soon as the first backdoor is discovered by the bad guys. The gov’t has given these companies a golden “get out of jail card” for any hacks against them leaking PII & etc.
Popcorn time! That it’s Perfidious Albion that’ll be the showcase example of how to fail their citizenry is just gravy for me. Whoopee! Watch carefully world. We’re about to be treated to a master class show on how and why not to let your masters do this sort of !@#$.
Too bad for the British Joe Sixpack, but this is what happens when you elect idiots. Try harder next time. Guy Faulks must be giggling with glee looking on.
What’s next – mandatory CCT cameras in every room of your house
Re: Re:
Of course, after all, only criminal terrorists try and hide their most personal moments from Big Br- the benevolent government that knows best.
Re: Re:
There was a suggestion made by the UK gov. not long ago to put CCTV cameras inside council houses with microphones and speakers so that officials could “educate” parents on raising their kids. This is not a joke.
Re: Re: Re:
A lot of clueless fools in the government do tend to make ridiculous suggestions. Fortunately, there’s enough sane people to stop them. So far, anyway. Mostly.
Re: Re: Re:
Not a joke; merely untrue. A wildly inaccurate story by the Daily Express that got endlessly repeated on conspiracy theory web sites.
Re: Re: Re: Re:
That’s right! It IS very different – it’s even WORSE! Instead of putting cameras in people’s homes, they’ll ship them off to “camps” where they can be brainwa, err, HELPED in complete privacy.
Re: Re: Re:2 Re:
Do you have a link showing that it’s mandatory?
(As opposed to “You’ve caused endless problems in your government-supplied housing. If you want continued government-supplied housing, this is what you get. Take it or leave it.”)
“Camps.” “Brainwashing.” That’s quite the hyperbole there.
Re: Re: Re:3 Re:
The quote comes from the link you provided. As to “camps” and “brainwashing”, yeah, that’s a bit of hyperbole, but read what you will into “moved from their (often state funded) homes to ‘core residential units’ for 24 hour support and supervision,” but remember this is the UK we’re talking about with its recent (and not so recent) moves that would make Orwell roll over in his grave.
Re: Re: Re: Re:
Ah, there’s your problem.
Here’s a hint for overseas readers: if something appears in the Express, Mail or Sun (among others) and it’s relating to favourite right-wing topics such as immigration, the EU or council benefits, it will either be an outright lie or greatly exaggerated. There’s often a grain of truth somewhere, but if you find that grain and look at the original source, it usually doesn’t say what those rags claim they say.
No source is perfect or unbiased, unfortunately, but if you read something from the above sources your first reaction shouldn’t be outrage at their claims. You should be considering how it differs from the truth.
Re: Re: Re:
George Orwell suggested the same thing 70 years ago.
He’d be owed royalties.
Re: Re: Re:
Re: Re: Re: Re:
Public housing. Roughly equivalent to “the projects” in the US.
Re: What's next - mandatory CCT cameras in every room of your house
Of course not — that would be much too expensive!
A much cheaper and easier way (not to mention saving scarce IPv4 addresses) is to have blimps overhead with cameras pointing down at houses. Now one camera serves multiple households; think of the long term savings!
Of course roofs obscure the view, so they would all have to be removed, but … TERRORISTS!
Re: Re:
What’s next – mandatory CCT cameras in every room of your house
That’s what the Chief of Police in Houston, Texas proposed. It seems that those types are the same all over the world.
Re: What's next - mandatory CCT cameras in every room of your house
Why bother when you already have built in webcams, smart tv’s, or if your into the Xbox one, a Kinect?
What about open source?
Are openssl, gnupg, et al going to have to create a special compilation flag -D BRAIN_DEAD_UK_BACKDOORS and tell everyone that it’s illegal to compile their code in the UK without defining it? Or will they just put code in the configure program that checks for a UK locale and exits saying something like
Do to local laws, it’s illegal to use this code in the UK. Please call your MP.
Re: What about open source?
Use of strong cryptography is only liable to offer protection from this government if a significant portion of the population use it. Failing that, it just identifies machines to be compromised.
That is unless enough people use it so that the security services are swamped in their efforts to compromise machines, it will only mark people as being of special interest.
Re: What about open source?
Luckily most open source software is hosted on US servers like GitHub so it seems safe for now.
Re: Re: What about open source?
And can easily be forked onto other Git repo’s should the US do something stupid as well.
Re: What about open source?
Or will they just put code in the configure program that checks for a UK locale …
Hey! I do use en_GB.UTF-8, but that doesn’t mean I’m in the UK, It just means, I want a correct spell checker ;).
RIP UK tech sector
Seriously, what are they thinking?
Re: RIP UK tech sector
That the word “citizen” needs to be rolled back to “subject”.
The UK is becoming an increasingly scary place. They are already prosecuting people at a prodigious rate for not giving up their passwords. Now, already armed with the power to compel passwords, they also want to break encryption.
BTW – a typo in sentence:
Re: Re:
I don’t think that’s a typo. I am worried, yo.
Umm Safes?
Shouldn’t they start with the older methods of securing data and require a government “good guy only” standard combination be required to every combination lock and a similar government “good guy only” master key for all key locks. There are some really smart locksmiths I’m sure they can do it.
It ought to work out the same way as backdoors for digital will in the end. After all regardless of what the technologically clueless seem to think if electricity is added, things don’t become magical and void of principles of logic.
Re: Umm Safes?
Luckily, uncrackable safes don’t come along very often.
https://hackaday.com/2015/09/21/this-is-what-a-real-bomb-looks-like/
Re: Umm Safes?
“Shouldn’t they start with the older methods of securing data and require a government “good guy only” standard combination be required to every combination lock and a similar government “good guy only” master key for all key locks.”
…and what happens when that combination is leaked and every “bad guy” in the world can access it without getting up off their seat?
“things don’t become magical and void of principles of logic.”
Indeed not. logic would dictate a massive number of difference between accessing the contents of a physical safe and accessing data held on a device somewhere on the internet (or contained in communications between those devices). See if you can think of a few.
Re: Re: Umm Safes?
Woosh?
Re: Re: Umm Safes?
Just an tongue in cheek analogy to illustrate the astounding stupidity of it, geared way down for those who can’t comprehend if electricity is involved.
Re: Re: Re: Umm Safes?
Fair enough – Poe’s law is at work as every round here.
Foreign Phones
What about folks who travel to the UK with an encrypted phone? Will they be denied roaming service by UK providers? Will it become impossible to use the Wi-Fi system in your hotel if you’re from away? Tourism might take a serious knock — I, for one, wouldn’t go to England because I have an iPhone and would want to use it.
In addition, aren’t “pirate” services likely to spring up all around the UK? “Roam with us — we can’t decrypt your phone”. Be interesting too to see what foreign embassies have to say about this — are they to be unencrypted too?
We need this!
Not for catching terrorists or any of that other bollocks, but we need an example. Regular Joe and Jill may be ignorant of what the government are trying to do, but if Apple stand firm and withholds their iDevices and iServices from the UK market, there is going to be a lot of screaming.
It might not be the support we are hoping for but I am willing to take any support no matter how stupid the reason (almost).
I hope the big guns will stand firm and the government of the UK will learn a lesson not easily forgotten by neither the UK gov or any other. That message might be: “You may take our freedom, but you will never take our sweet tech”, but the result will hopefully be the same.
Re: We need this!
Forget Apple, what about Google?
Google gives away Android for free, so there’s no financial hit to them if they refuse to break the encryption. The individual phone vendors (LG, Samsung, etc) will have to do their own hacks to be able to sell into the UK market. Parts of Android are GPL licensed, and any changes to those parts will need to be openly released – and any weaknesses will be found.
Good luck, UK. I think your phones are going to get a whole lot less secure than most people thought.
I wonder how long it will be till someone’s laptop gets stolen that has the backdoor information in plain text for easy access.
Dear UK Government
Dear UK,
Thanks for making our job easy.
Sincerely,
The NSA
Dear UK,
Thanks for leaving us a way in.
Sincerely,
All Hackers
Nihao UK,
You honor us by giving us free access to your computers.
Sincerely,
China
Dear UK,
What good is a wall if someone left the door open?
Fuck you,
UK Citizens
Expect there will be a very long exceptions list: Every Bank and Financial service firm. Every government department. Every police organization. Teachers (because – you know protect the kids). The inclusion list will be much shorter – everyone who files an income tax.
Read the proposal if you can, but this snippet might help
This * I think * is the relevant part of the Bill that is being interpreted as mandating back door access to encrypted data.
I won’t interpret it, other more qualified than I am can do that
If you want to read the whole thing (it takes while) then go there
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473770/Draft_Investigatory_Powers_Bill.pdf
189 Maintenance of technical capability
(1) The Secretary of State may make regulations imposing specified obligations on relevant operators, or relevant operators of a specified description.
(2) In this section “relevant operator” means any person who provides, or is proposing to provide
(a) public postal services, or
(b) telecommunications services.
(3) Regulations under this section may impose an obligation on any relevant operators only if the Secretary of State considers it is reasonable to do so for the purpose of securing
(a) that it is (and remains) practicable to impose requirements on those relevant operators to provide assistance in relation to relevant 30 authorisations (see subsection (9)), and
(b) that it is (and remains) practicable for those relevant operators to comply with those requirements.
(4) The obligations that may be imposed by regulations under this section include,
among other things
(a) obligations to provide facilities or services of a specified description;
(b) obligations relating to apparatus owned or operated by a relevant
operator;
(c) obligations relating to the removal of electronic protection applied by a
relevant operator to any communications or data;
(d) obligations relating to the security of any postal or telecommunications services provided by a relevant operator;
(e) obligations relating to the handling or disclosure of any material or data.
(5) Before making any regulations under this section, the Secretary of State must consult the following persons—
(a) the Technical Advisory Board,
(b) persons appearing to the Secretary of State to be likely to be subject to the obligations specified in the regulations,
(c) persons representing persons falling within paragraph (b), and
(d) persons with statutory functions in relation to persons falling within that paragraph.
(6) The Secretary of State may give any person, or any person of a specified description, on whom obligations are imposed under this section a notice (a “technical capability notice”) requiring the person to take all the steps specified
in the notice for the purpose of complying with those obligations.
(7) The only steps that may be specified in a technical capability notice given to a person are steps which the Secretary of State considers to be necessary for securing that the person has the practical capability of providing any assistance
which the person may be required to provide in relation to any relevant authorisation.
(8) An obligation specified in regulations under this section may be imposed on, and a technical capability notice given to, persons outside the United Kingdom (and may require things to be done, or not to be done, outside the United Kingdom).
(9) In this section “relevant authorisation” means
(a) any warrant issued under Part 2, 5 or 6, or
(b) any authorisation or notice given under Part 3.
(10) Sections 190 and 191 contain further provision about technical capability notices.
Re: Read the proposal if you can, but this snippet might help
Re: Re: Read the proposal if you can, but this snippet might help
Good luck with that. If I’m a telecom company in the U.S. and the UK tries to impose one of these “obligations” on me, they’re gonna get the big middle finger.
Well, you’re not “a telecom company”. AT&T would jump at the chance to cooperate.
Re: Re: Read the proposal if you can, but this snippet might help
Damn straight. Well, unless they offered to force the BBC to kill off Clara on Doctor Who. Then I might consider it…
Re: Re: Re: Read the proposal if you can, but this snippet might help
Why? They need to brink back Pink, that’ll fix Clara.
Re: Re: Re: Read the proposal if you can, but this snippet might help
Re: Re: Re: Read the proposal if you can, but this snippet might help
” Well, unless they offered to force the BBC to kill off Clara on Doctor Who. Then I might consider it…”
Your wish has been granted, I suppose?
http://www.radiotimes.com/news/2015-11-04/peter-capaldi-warns-that-claras-doctor-who-exit-will-be-a-long–and-painful–goodbye
Re: Read the proposal if you can, but this snippet might help
Is it just me, or does that never get around to actually defining what obligations can actually be imposed? It’s just a list of vague categories. Maybe that part is specified later. Or maybe it’s intentionally that vague so almost anything can be included.
Doublethink as standard
Doubleplus good if you ask me! Weakness is strength, remember! Especially when it comes to crypto.
Stop doing business with UK.
“with clear oversight and a robust legal framework, the police and intelligence agencies can access the content of communications of terrorists and criminals in order to resolve police investigations and prevent criminal acts.”
NSA and GCHQ already have access to communications. Nowadays everybody is a terrorist or a criminal. To prevent crimes? Is this Minority Report?
Perfect candidate for ISDS?
Wouldn’t this type of action by GB be a poster child for a “good” application of an investor-state dispute settlement/corporate sovereignty case?
I mean, both the legal backdooring of encryption and corp sovereignty provisions are basically inevitable at this point, so if life is giving lemons, time to start making fruit drinks?
Apple can easily fix this
“No iPhones for the UK.” Cameron will cave.
If I were Apple...
I’d release two versions of the iPhone firmware. I’d make it explicit what the two versions are about:
1) Countries with a right to privacy and personal security.
2) Totalitarian regimes with no right to privacy or personal security.
The UK can select which version arrives with iPhones there. They can count on simple region blocking by Apple’s servers to prevent UK iPhones from getting the secure version.
But it will be up to the UK to prevent other means, VPNs etc., from being used to download the secure firmware. And it will be up to their government to explain to their people why they’re explicitly getting the China/Saudi Arabia/North Korea version.
The EULA for the secure version will have the usual “I Agree” button. The totalitarian version will require you to click on “I Obey.”
Re: If I were Apple...
They could offer the iTotalitarian version in only one finish: black & yellow “caution” stripes. Hell, give it square corners.
How does this stuff get through without a public vote?
See title. Can somebody help me understand how this can happen?
I am so gob-smacked I have no words. There will be no way to do this without making everybody totally open as the mechanism for activating the backdoor __will__ make it into the public domain, either by leaking or re-engineering, and then it’ll be all over the net and then any encryption on your devices will be useless. This is so absurd.
A complicated solution
Would be to box the encryption process into an add-on socket, to ease the process of regionizing the OS. That way, Apple / Google could insert clean encryption or government-approved encryption with ease.
…And then drop the parameters of the socket to the open source community, and see how fast they can come up with a robust free-for-EVERYbody encryption plug.
Block this, mofos.
You have to know that some idiot from the office of bureaucratic bureaucracies will send the key to the “back door” *gigidy* in plain txt in an email that will be forwarded to the department of distributions, who will make sure everyone on the planet is CC’d into the original email chain. Then, in an effort to confirm their stupidity, the Gov will then pretend it never happened and leave the key exactly as it is and not change it. Warm up your microwave’s people, your going to need a bunch of popcorn for this one…
Cameron is appearing to turn into quite the dictator! i wonder what he and his government will do when there are serious breeches in bank security and customers sue the gTory government for forcing security measures to be so lapse that hackers can get into servers and pilfer bank accounts and passwords. it wont be the banks fault if forced to leave a backdoor available for government. if it can get in you can bet anyone else who wants to will. then what will happen when people are killed because terrorists got info they needed from lapse security on web sites or mail servers? the man is a fucking menace to the citizens of the UK and his government needs replacing!
Re: Tubbed and buttered.
I expect that Banks and businesses will knowingly break the law, or just move their data offshore.
Does it say no UK encryption software packages without backdoors or no encrypted data in the UK without backdoors?
Because the former case just requires people to seek out foreign encryption kits. The latter…well that’s going to collapse in spectacular house-of-cards fashion.
Re: Re: Tubbed and buttered.
Yeah, it looks like they want the ability to take your data to the crypto company and ask them to crack it (which means the burden is on them to facilitate it) and then, I suppose fine a company who made the crypto if they can’t crack it.
Which actually might propel the socket solution, so that a fourth party can make (and be responsible for) the crypto. Apple and Google would be able to say “It’s out of our hands.”
Re: Cameron
Are you unaware of the recently held election where he was re-elected with a majority (aka carte blanche in parliamentary terms)? He’s just getting started (again).
Obviously, democracy is either far too nuanced a process for today’s electorates (blame public education or TV?) or else hopelessly rigged in favor of those contesting in them (cf. the US’ FEC). I might suggest they try burning down parliament with said contestants inside, but that didn’t work out well at all for Guy Faulks when he tried it. Aside, I’ve often wondered why Brits are even allowed to celebrate Guy Faulks Day, but they’re British; says it all.
Just enjoy the show and thank your lucky stars you’re not a Brit, or if you are, accept my heart felt sympathy. Sucks to be them.
The United Kingdom? More like the Tyrannical Isles of Plight.
fUcK
I see David Cameron is trying the age-old tactic of instilling fear and terror into the populace. The Telegraph’s article noted:
So in order to catch a handful of nasties he is demanding the the rights of EVERYbody be downgraded.
I would also note that strictly speaking the “safe space” in question would not be online but on the person’s own phone. That would be no different from an uncrackable safe a person had in their house. What the government would in effect be doing would be compelling the companies which make safes to give them access to a master combination which they could use to open every safe in the UK.
Needless to say such a combination would be a safecracker’s dream!
ISPs only
So far as I can tell right now, the bill only applies to ISPs, so actual end-to-end encryption is still legal.
I’m considering running a script that visits 20 random websites each day…
why not ban terrorism? it is faster!
UK is not banning math,
only the “terrorist- crypto- math”
Re: I still prefer installing crypto that only good guys can use.
And while we’re at it, we should make bullets that only kill bad people.
Re: Re: I still prefer installing crypto that only good guys can use.
The US already has the latter, as evidenced by the fact that every single person shot and/or killed by the police is determined by the ‘investigation’ of the incident to have been a criminal. Since only criminals are ever killed by police, clearly the police have magic ‘bad people only’ bullets, so no need to wish for them, they’re already here.
the unicorn paradox