>David Cameron wants to strengthen the laws that allow the security services to intercept communications so that no method or element of online communication is out of reach of the state
>A new intercept law might outlaw services such as Snapchat, by which text, photos or video are shared for up to 10 seconds before they are deleted from the company’s servers
>Companies that offer encrypted email services could be banned or required to hand over their encryption keys to the security services
>Cameron wants a blanket law that would cover not only existing forms of communication such as encrypted services or Snapchat-style services but also any that might develop into the future. This would amount to an extremely sweeping new power.
>Exactly how the UK government could practically thwart encryption in Blighty is unclear: must software include backdoors for spies – and hackers – to exploit to eavesdrop on citizens? Would it be unlawful to possess code, source or executable, that performs a cryptographic algorithm? What counts as cryptographic – even random number generation?
>Will ISPs be ordered to drop all packets that match a given encryption protocol, even VPNs or SSL? Will specific ciphers, key lengths and protocols be banned; what if new or tweaked versions appear? Will it be as much as an embarrassing mess as the anti-porn web filtering?
>A ban is likely to prove disastrous for Blighty's IT industry, and unlikely to stop the terrorists, who are ostensibly the reason why Cameron wants an end to end-to-end encryption. If encryption is outlawed, only the outlaws will use it.
It's ok m8, only the government will be able to read everyone's traffic and they promise to not doing anything unethical with it. What have you got to hide from uncle Dave and co?
>>3597 I like to think he just sits in a room alone, playing his 3DS or browsing .gs.
Then someone calls him from the home secretary's office or something, asking asks how he's going to react to the recent stuff in the news. He looks at the clock and realises that the half hour he set aside for 'Dave time' has spilled over into 7 hours of shit posting. He's forgot to pick up the kids and missed putting the bins out. How did he not hear the bin men!? Shit.
He quickly mumbles something that sounds good, like "No more internet encryption is allowed unless we say so. That'll stop 'em, right?". He doesn't have time to listen to the response, he's got to get out of his pajamas and get the tobacco smoke off him before getting in a car to God knows where. He'll call the babysitter on the way or something, and can share the neighbors bins again. He's the PM, he'll do whatever the fuck he wants, he doesn't care how angry Mr. Anjum is that this is the 4th week in a row.
At some point later, he'll be staring blankly at himself in a bathroom mirror in some shitty school or museum. "What the fuck am I doing?" he'll mumble to himself. He drys his hands, puts on the most 'natural' smile he can muster, and leaves.
MPs are a weird bunch. They're supposed to be in charge of running the country, but it's painfully obvious that they've no idea what they're doing. They get publicly admonished for going off script, for Christ's sake. That just means that they can't be trusted to think for themselves.
As time wears on, politics is veering more towards being purely public spectacle. This whole televised debates thing, aping the American model, is proving popular amongst people that think they're clever but actually aren't. It's a triumph of sophistry over philosophy.
MPs can't be trusted to toe the party line and think for themselves, so they have to be handed stuff to say by focus groups and think tanks. It's when you get senior figures saying that encryption should be banned and stuff like that you see that handing policy-making over to publicly unaccountable think tanks and the like is not a superior decision.
MPs do not make these decisions themselves, of course.
The story has been badly reported IMO. Politicians are stupid when it comes to technology, but they're not that stupid. Cameron isn't seeking a blanket ban on crypto, but a return to the pre-Snowden world where consumer crypto technology was serviceable for providing reasonably secure commerce, but brittle enough to be easily bypassed by the intelligence services.
Cryptographic technology (software, hardware and algorithms) has been regulated as weapons since the second world war. Those of us who remember the early internet will remember when web browsers came in two versions - a domestic US version with 128 bit encryption, and an international version with 40 bit encryption. Export controls on consumer products were eventually relaxed, but specialist communications equipment is still controlled; I own all sorts of equipment that I can't legally export - routers and switches, coprocessors, entropy generators and so on.
In the early 1990s, the US tried to impose a single regulated (and backdoored) crypto technology in all non-governmental technology, commonly known as the "clipper chip". They eventually gave up on the effort, most likely because the NSA found that consumer-level encryption was sufficiently poorly implemented that they could break it anyway. The basic crypto algorithms were effectively unbreakable, but they were implemented so badly and used on systems so insecure that the quality of the algorithm was irrelevant. Once you've got a rootkit running on a target system, you can pinch the keys and crypto just provides the surveillance target with a false sense of security.
The current backlash against encryption substantially pre-dates the attacks in France, and is mainly due to Google and Apple providing strong privacy by default on their devices and services. A lot of Silicon Valley types reacted strongly to the Snowden revelations and really started to get their act together in terms of providing government-proof security. There hasn't been a change of heart on the part of government, but the realisation that encryption is actually starting to hinder their surveillance efforts.
We need to defend against this political impulse, but it's futile to fall back on old tropes like "you can't regulate software" or "the internet will collapse without strong crypto". It is perfectly feasible from a technological standpoint for governments to mandate one particular cryptographic algorithm that has flaws known only to the intelligence services. The Snowden papers showed that the NSA spend $250m a year on bribes to get vendors to implement backdoored algorithms. Current cryptographic technology is full of incredibly subtle weaknesses that are known only to the intelligence services, and politicians are keen to maintain that status quo. Our only defence is to stand up for the basic principle of privacy.
Not sure if El Reg journo or GCHQ lad, but good read either way. Except this bit which was smeared in shit
>It is perfectly feasible from a technological standpoint for governments to mandate one particular cryptographic algorithm that has flaws known only to the intelligence services.
>>3602 >It is perfectly feasible from a technological standpoint for governments to mandate one particular cryptographic algorithm that has flaws known only to the intelligence services.
It isn't remotely feasible at all. That would be textbook security by obscurity, since it relies on the existence of the deliberate flaws being unknown to anyone else. The NSA already pulled this trick with DualEC and it was seen through in a matter of months. Consensus amongst people who actually know anything about the field (which apparently doesn't include you) is that this sort of thing is a horrendously catastrophically bad idea. If the security services can read your communications without specific legal measures (warranted interception, etc.) then organised criminals can almost certainly read them too.
By far the most popular cryptographic specification in use today is AES, which was established by the US National Institute of Standards and Technology. It's the standard algorithm used in TLS (the protocol underlying HTTPS), and it has been rubber-stamped by the NSA. How confident are you that the NSA approved of the algorithm because it was secure, and not because they knew it was flawed? How confident are you that the decisions made by NIST and the IETF were made in a fair, open and honest manner?
We know that the intelligence services have been systematically degrading the quality of internet security. Thus far they have pursued this capability largely in secret in order to conceal their surveillance activities, mainly by manipulating large communications companies through threats and bribery. Now that the jig is up, what's to stop a transatlantic treaty from ruling that all large communications providers must implement cryptographic standard X? What's to stop them from forcing backbone transit providers to send traffic that isn't either plaintext or protocol X to /dev/null? How do you circumvent a set of restrictions that are enforced at the Tier 1 and peering level?
>If the security services can read your communications without specific legal measures (warranted interception, etc.) then organised criminals can almost certainly read them too.
That assumes that organised crime can compete with the cryptanalysis capabilities of government agencies. How many number theorists do you think work for the Russian mafia? The NSA have always been about a decade ahead of academia. They discovered differential cryptanalysis more than 20 years before the rest of the world; IBM later independently discovered it, and agreed to burn the research to keep it secret. It wasn't until Biham and Shamir's discovery that it eventually went public, and only then because they were Israeli.
We know about Dual_EC_DRBG because it ultimately failed, but how many other attacks on cryptographic infrastructure have succeeded? To say it was "seen through in a matter of months" is patently false - it went into ANSI/IEC standards and the BSAFE library in 2004, but was only withdrawn by RSA in 2013 when the Snowden leaks revealed the existence of BULLRUN. Schneier and others might have known it was broken by 2007, but that didn't stop it from being used by millions of customers of products incorporating BSAFE. RSA retain strong ties to the NSA.
It's all moot because I'm fairly sure the solution would be for the government to have access to all the major private keyrings. No cryptological or mathematical flaws would be needed.
>>3606 >it went into ANSI/IEC standards and the BSAFE library in 2004, but was only withdrawn by RSA in 2013 when the Snowden leaks revealed the existence of BULLRUN.
Patents on methods of breaking Dual-EC were filed in 2005, and granted less than a month after the ratification of the standard in 2006. This was a private company. There is no reason to think that black hats wouldn't have the resources to figure out the same. For instance, we know that Heartbleed was exploited by non-state actors at least a year before its disclosure. The idea that something like this could be known only to intelligence services and kept that way is laughable.
There is an easy solution to this problem, of course. The government could simply acknowledge that the form and content of private communications are none of their fucking business and stop trying to solve a non-existent problem. Did the Met ever identify a terrorist plot that succeeded because they had to release someone on day 29? No? Then they clearly didn't need 90-day detention.
I suppose a good question would be, can they be trusted with this kind of access? What if documents regarding said access, got left on trains and the like. Things like this always seem to be down to human error, whether they go wrong or not, and I really don't trust for someone to not eventually fuck up.
>In the early 1990s, the US tried to impose a single regulated (and backdoored) crypto technology in all non-governmental technology, commonly known as the "clipper chip". They eventually gave up on the effort, most likely because the NSA found that consumer-level encryption was sufficiently poorly implemented that they could break it anyway.
They gave up because nobody would implement it; the chip was prohibitively expensive, and anyway mandating its inclusion in electronic devices in an increasingly global electronics marketplace was untenable.
We can only hope that our own government wouldn't be stupid enough to try the same "government-sanctioned crypto only" approach. In any case, they probably can't afford to: the infrastructural costs alone of porting all communications networks to a new standard would be staggering, and even if they managed to strong-arm their cut-ridden IT departments into implementing such changes to their networks, the bigger corporate players like Google would probably just tell them to fuck off and route British traffic to overseas servers.
"...As they emerged, Obama performed his customary trick of patting Cameron on the back – a gesture that pretends to a friendly action but is actually a subtle way of reminding Cameron who’s really in charge."
"Then, as the two men advanced towards the cameras, we noticed Obama was doing most of the talking – while he was waving his arms around and holding forth, poor Cameron was consigned to the passive role of listener; another Obama technique for making clear to everyone who’s really in control."
Oh Dave!
>Barack Obama and David Cameron fail to see eye to eye on surveillance
>Barack Obama and David Cameron struck different notes on surveillance powers after the president conceded that there is an important balance to be struck between monitoring terror suspects and protecting civil liberties.
>Obama agreed with the prime minister that there could be no spaces on the internet for terrorists to communicate that could not be monitored by the intelligences agencies, subject to proper oversight. But, unlike Cameron, the president encouraged groups to ensure that he and other leaders do not abandon civil liberties.
I think Obama and Davycambles bring out the worst in each other. Dave looks like exactly the sort of morally bankrupt arsehole he is, but I can't help but feel the facade of integrity Obama puts on is more infuriating. The man can't control his own government and pretty much explicitly lies through his teeth about shit like drones and Gitmo. And yet there he is in every international meeting pretending he's the sole upholder of decency among the corrupt.
The arrogance alone is outstanding, somebody (apart from Putin) needs to call him out on it.
>>3587 I wonder if cuntmoron actually uses a computer, ever. Look at the slovenly and awkward way he's grasping that thing. I bet he has his fags do all that sort of thing for him.
>>3619 The "magic" of television and/or photography. You haven't lived until you've been made to open the door to someone with the same shit-eating grin half a dozen times before they call FANTASTIC RIGHT NOW LETS DO THE SAME THING FROM THE OTHER SIDE OF THE DOOR.
Look at the perspective of the ceiling and the right hand wall. The photo has been taken with an ultrawideangle lens, which totally warps your sense of distance and scale. Estate agents use that sort of focal length to make a room seem much bigger than it really is, photojournalists do it to make you feel like you're right in the middle of a scene, but in this photo it looks like two tiny people are staring at a massive monitor that is miles away from them.
>>3639 Thanks lad, I really appreciate informed input like this. Could you speculate as to why such a lens has been used in this instance? I know SFA about this sort of thing.
>>3589 You wont get any answers off the government about the exact details, the law will just say all communications, even if it is not technically possible to intercept them. On the basis that they may develop the technology to intercept them. I do think that they should be better informed than they are though. It's about time they had a whole department devoted to computer networks. In this way they wouldnt embarrass themselves quite so much every time they talk about the powers they need to look up our arseholes
>>3619>>3639 I'd add to that to say that to me it looks like this is set up as a conference table. They've got a monitor at the end, and there's probably space for 6 or 7 people or more to be sat around the table to see it. My uni had some poncy study rooms with the same set-up, although they had the sense to use a TV screen attached to the wall so that the people sitting closest can actually see it.
>>3640 I'm not >>3639, but I think this is probably just the effect the photographer wanted to achieve, a normal lens would have captured both of them without cutting off the monitor from that close. And he either wanted the effect of sitting at the desk for the photo, or there simply wasn't enough space to move further back.
It's just occurred to me that this is all probably just set up for the sole purpose of the photo.
Daves PA or the photographer decide they need a photo of him using a computer, this would be followed by 15 minutes of dragging desks around to get the desired result of a pose with both of them and the netmums logo on display, and they can't actually be facing the monitor because then it would get in the way of the photo.
>>3650 Like everyone doesn't want a backdoor into everything. No shit.
"Hey, do you want unlimited spying power into everyone else in the world?"
"Well hurrr durr no I don't want that! Why would anyschmitty else?!"
>>3654 There are good reasons for a government to not want them, though. The more data you can hoover up, the more that can go missing. Say GCHQ got infiltrated by an Esquimaux maniac, or MI5/6. Or that one of the above decided to spoon over a load of information to the Chinese or Russians. Gathering loads of iffy data can end up being a real liability for all parties concerned.
> Gathering loads of iffy data can end up being a real liability for all parties concerned.
I hate to invoke Godwin's law but the liability of gathering so much data isn't the intentions of our current government but rather the intentions of all possible future governments.
>>3664 > Say GCHQ got infiltrated by an Esquimaux maniac
>That won't happen
Can't it? There are plenty of white eskimo extremist converts. It'd be unlikely but not impossible.
Further it could just be infiltrated by someone willing to use insider data for criminal purposes, or just sell it for personal gain to alien agencies.
I don't understand your sentence about 'Godwin's Law'.
>>3665 It turns out that infiltrating GCHQ is nowhere near as easy as you seem to suggest. They put a lot of effort into making sure that nothing goes on in that building outside the chain of command, and for very good reason. The vetting procedure is the same one they use on high-level government staff - it's very intrusive, and includes not only talking to people you nominated as references, but people they think you know that you didn't nominate. You don't get to cross the threshold there until they know you better than you know yourself.
>>3667 I'm not suggesting it's 'easy'. However, the possibility can't be ruled out. Alternatively an 'honest' recruit may be turned at a later point, like an evil Snowden.
>>3671 Easy mistake to make, after all most people that had bothered to read it wouldn't have come out with silly points that were actually addressed in it already.