We're a very long way from being a totalitarian state and likely to remain so for quite some time but, make no mistake, this is the thin end of a very long and ultimately very fat wedge. It therefore behooves us well to hold the government to account when they try to get us to swallow more of that wedge.
Sure, encryption helps terrorists as well as ordinary citizens but it's my belief that freedom and privacy are more important than that. The work of police and security services has never been easy in a free society, but protecting and upholding that free society is the very essence of the job. Dilution of that freedom is therefore counter to the purpose for which these agencies exist, and so when the government tries to move in that direction we, as citizens, should voice our resistance, and keep voicing it until they understand.
Every time a person in a position of power calls for the intentional weakening of cryptographic systems - be it via backdoors, limits on key length or whatever, I long for a gutsy interviewer to ask them - preferably live - whether they advocate that position out of ignorance or malice.
I would rather interviewers asked if that means that Jo Public should also be allowed the tools to read the politicians private messages as well.
I'm all for a Utopian society where nobody needs to encrypt private messages, but so long as there are people in power who feel they need special treatment, then I will continue to demand the same level privacy as them.
I believe they do it because they've been elected to do so.
It takes too much to reply: "Tell you what, I'm going to educate you better instead". Because you can educate all you want, you will not have results that helps your re-election 4-5 years down the road.
More likely they would say they want to do it because it would be "helping the police and security services to do their job" and be "protecting the people".
We're a very long way from being a totalitarian state and likely to remain so for quite some time
The scary thing is that the difference between the UK and the kind of place we might describe using words like "totalitarian state" is now more about how our laws are used in practice than what the laws actually say. The government and its agents already have very broad powers, our courts have already taken surprisingly illiberal positions when some of those powers have been challenged, and we lack the constitutional checks and balances often found elsewhere, more so if the government uses Brexit as a mechanism to remove those deriving from Europe without replacing them. We're basically just trusting that the government and its agents will be decent people and use the powers they have responsibly at this point, but as we've seen with the likes of Trump, that's a dangerous strategy when you don't know who the government will be in the future.
I agree with this. The last thing we need is more laws and new powers for the surveillance state.
For example, Australia's Lindt Cafe siege - the guy was already under "24 hour surveillance" by ASIO (Australian Security Intelligence) - which did nothing to prevent the attack. Despite this, AFAIK there was not much blame placed on ASIO. I'm sure there are many other examples. I'm not saying it's an easy problem to solve, just that more surveillance is probably not the answer.
Sure, the attacker is the real culprit, but adding more laws and surveillance will not prevent crazies from doing crazy stuff.
At some point, some politician is going to have to man up and speak the truth. The public will have to either accept that the government can try and protect it from low probability events by invading every aspect of our lives or people will have to accept the idea that there is a sub 1% chance of being killed by a crazy person.
Labour leader Jeremy Corbyn said authorities already had "huge powers". There had to be a balance between the "right to know" and "the right to privacy", he said. [1]
Unfortunately when it came to actually doing something he provided practically no opposition to the Investigatory Powers Act.
A long way? Real democracies do not spy on their people because it isn't a democracy anymore when you do. Whether that was always just a... well it is another matter. Business had a reasonable expectation of safe-passage. Who will want their traffic coming through the UK now? What multi-national/trans-national wants all their IP belong to the UK government? They will just go elsewhere. It's the economy stupid. Rudd is using the recent murders to her own twisted ends.
> The work of police and security services has never been easy in a free society,
I think the work of security services have never been easier as it is now thanks to the massive use of social networks and mobile phones, CCTVs everywhere, GEOINT, etc. At least for the Five Eyes.
Just my opinion, but I think now they are having problems because they are getting too much information in, so separating the wheat from the chaff is difficult.
I'm not sure that's even true. This seems more like a clipper chip moment, and more than being the beginning of a slippery slope, it made the government a laughing stock and probably sped up the pivot to encryption.
Even looking at the recent Westminster attack, is it realistic to think that monitoring of his WhatsApp messages would have prevented anything from happening? Was he already under surveillance? Could the attacker really have written anything so specific and unequivocal that it would have actually made police go to Westminster and stop his car? Police with limited resources can't just go investigating everyone who sends messages, so I doubt it would have helped anyway.
I hope you're right, but I don't think so.
The next time there is an attack, I don't think there will be an outcry that the all-pervasive surveillance has failed us, only an outcry against the terrorists (who, let's face it, are the real offenders).
Suppose we came upon a time where some new technology had emerged allowing anyone with an average intelligence to be able to create a virulent bio weapon from materials so common and available that their restriction is impossible. In this world, we are almost surely doomed, but perhaps the only hope for survival on earth (ignore space diaspora for the moment) would be from instituting an all pervasive surveilance presence. In this scenario, I do not see the value of privacy trumping survival.
One might counter that the scenario I lay out above is not possible. However I would posit that technology enables our capacities to create/preserve and to destroy. However, perhaps stemming from thr laws of thermodynamics, it does seem that our capacities to destroy is always outpacing our capacities to create or preserve, and eventually the gap between these capacities will unsettle the center which cannot hold.
> I do not see the value of privacy trumping survival.
Survival is not a value. Survival is a prerequisite for a lot of other values, but it's not a value in and of itself.
As many people have difficulty grasping what living in a world without privacy would be like, let me propose a different solution: We'll put everyone into solitary confinement, to ensure everyone's survival, as I do not see the value of freedom of movement trumping survival.
Would you agree with that as well? If not, why not?
Also, you might want to realize that surveillance does not ensure that your set of values gets enforced. It's the values of whoever manages to obtain that power, and whose power as a result of the surveillance might be impossible to challenge. The idea that you could create such a power structure and then guarantee that it's going to be used exclusively to prevent that bio weapon from being built and used is extremely naive. You would instead most likely find yourself alive, living in a world that makes you constantly wish for being dead, but thanks to the surveillance unable to kill yourself.
That's a happy Sunday afternoon thought, but we are not at that point yet. The point we are at is one in which corrupt governments seek to control us not for our own safety, but because they crave power and control.
I understood that UK IP Bill already mean that she already has the ability to e.g. demand a backdoored version of Whatsapp be sent to a target device, but that's not covered in the interview.
The thing that concerns me about this perspective that everyday use of encryption is bad is that it makes no damn sense. Pandora's box is opened; if you force software solutions to backdoor their technology, someone will just step up who doesn't care about your laws. There are no global treaties on software development, and we aren't going to be signing any such thing any day soon. Even if we could force something like that down the throats of every country on Earth, the knowledge exists, and anyone can roll out their own solution with a high-school level understanding of the topic.
It's absurd to think this can be resolved through legislation or cajoling companies into cooperation. But what really bothers me about this whole issue is that we already have laws in place that handle this situation, at least in the USA. In the USA, if you refuse to hand over an encryption key (or can't) and are being compelled to by a court, you can and will be held in contempt of court, and possibly convicted of destruction of evidence. The only thing that forcing people to backdoor their crypto does is allow government entities to investigate people without having sufficient evidence to compel them to give up their keys, and destroy the marketability of large scale, centralized end-to-end encryption solutions.
I mean, you could make the argument that end-to-end encryption restricts the ability to wiretap people, sure, but a wiretap warrant should require a decent amount of evidence, and at that point, there are most likely other options.
UK's best shot at surviving Brexit is become stronger on value added industries. They have a very good head start over any other EU country in IT and in some research areas.
Amber Rudd seems hell bent on destroying their only chance.
They all are intent on crippling any chance the UK has at becoming stronger in high tech industries.
I'm so sick of getting "this is an adult resource and you can't view it" anytime I search for information about a drug (pharmaceutical, not just "weed LSD and lols").
Great fucking way to encourage your future chemists. Maybe ban keywords like JavaScript, PHP and SQL while at it, them's the powerful drugs maaan.
Being ahead of all other EU countries in some field can be something significant while they're inside the EU, in those cases when an investment or purchase needs to be made inside the EU for any reason. But when they're out, what difference does that make?
From [1], linked elsewhere in this discussion, and referring to a failed plot in India:
"The Hindi-speaking handler guiding the men in Hyderabad also insisted on using a kaleidoscope of encrypted messaging applications, with Mr. Yazdani instructed to hop between apps so that even if one message history was discovered and cracked, it would reveal only a portion of their handiwork."
"the handler taught Mr. Yazdani how to use the Tails operating system, which is contained on a USB stick and allows a user to boot up a computer from the external device and use it without leaving a trace on the hard drive."
Even if the British government is successful with WhatsApp, can they do much against free, open source tools?
"Even if the British government is successful with WhatsApp, can they do much against free, open source tools?"
Why would they care about open source tools and niche use of encryption? Of course they don't. They are after mass surveillance and use fear of terrorism to push for it. It's very logical of them.
That's the beauty of it; even with their more restrictive measures and massively increased surveillance, they won't make a significant dent in these sorts of attacks.
So they'll never run out of reasons to push further. Hooray.
I'm surprised I haven't heard the IP bill mentioned other than here in this whole matter. Why all the fanfare? Especially if it's something they can already just do quietly; the public controversy from that law has mostly passed over.
I watched Amber Rudd interviewed by Andrew Marr this morning and the scariest thing about it was that Marr completely agreed with her. Rather than providing an opposing viewpoint and counteracting her points, he agreed with the idea that it was unacceptable for people to be allowed to use encryption and that it was terrible these companies were using it as a selling point. All he pushed her on was if she would enforce cooperation from tech companies.
This isn't all that surprising, given that the government has repeatedly threatened the BBC with the loss/alteration of their charter for being critical of the government and not sufficiently jubilant about Brexit. ITV owning the BBC would arguably be a greater disaster than watered down coverage.
For a corollary see the paucity of coverage on the mass demonstration in London yesterday.
It isn't all that surprising to me either. But for different reasons. They have no idea what they are talking about.
Do we think they know our online banking software uses the same kind of encryption? Probably not. Andrew Marr not knowing this is annoying. But an entire government being ignorant of it is deeply worrying.
We saw prominent features on the BBC, furious headlines from the Daily Mail and self-congratulation from the Guardian. What would you have considered sufficient coverage for yesterdays demonstration?
How do they want to prevent someone from creating his own end-to-end encryption app? It may use other protocols to encode content (images, tweets, fb posts etc.).
For me it seems to be more in a direction of so called "Big Brother" than real counter-terrorism.
She's probably being led by the intelligence services on this, and of course they have ulterior motives, their ultimate project is to collect all signals, or as many as they can manage, which apps like whatsapp are thwarting at present.
Why can't we collect all the signals all the time?
This is incredibly dangerous for our society, no-one should have that much power. That power isn't about terrorism (or even very useful against terrorism), but about subverting governments, judiciary and businesses.
Yes, this: she might as well just be ignorant (not that it is any justification), but her supposedly competent advisors are actually frauds, fakes and spooks, that's what truly scary to me.
An intelligence led response to terrorism is a result of learning from Northern Ireland. Internment caused harm; talking to the terrorists brought peace.
Don't forget that while they were talking to the IRA politicians were saying in public "we don't talk to terrorists".
> How do they want to prevent someone from creating his own end-to-end encryption app?
It's basically impossible. One can also use steganography to hide messages in lolcat pictures, or music files. The only way to prevent this, I think, is to start a totalitarian surveillance state where using Free or custom software or hardware is punishable by death. Even then, I'm not sure this will be enough.
Given that even the most totalitarian states eventually fail and don't ever have complete and total control over the entire populace, I think you're correct that it will not be enough.
What they really need is to invent time travel, and murder Ada Lovelace.
> How do they want to prevent someone from creating his own end-to-end encryption app?
They can't. The US tried it in the 90's when SSL sites could not use strong encryption outside the US and you'd need a license to "export" PGP... That went well! :-/
Exactly, and given we live in a "walled garden" society now, all they need to do is require google or apple to remove from the app stores any app that implements encryption for messaging.
It's actually easier than ever to ban encryption for messaging.
Would that stop determined people? No, but it's never been about that anyway. Just make the pool small enough and it becomes too difficult to use. (See PGP / email).
Also, if you genuinely legislate against encrypted messaging then it's easy to pick up on the relative handful of people who go outside the app stores to get encrypted messaging applications.
And it shouldn't come to technical solutions, we should have people challenge the notion that two people should never be allowed to share a private message, because that's why Rudd and the government is suggesting.
Not "we" as in "we the general public with no specific interest in staying hidden". But of course criminals, terrorists or secret services do have the right incentive structure to always benefit from circumventing encryption bans.
They wouldn't prevent you from making encryption apps. It would be about regulation. You can regulate kinds of encryption (the strength of the algorithms/keyspace etc), and you can regulate who can use it (licensed copies only, or specific businesses only, or types of businesses, non-messaging platforms only, etc).
Then there's how you use it. They could mandate all of X businesses could only use encryption that could be inspected by the state, so either weak encryption, or PKI where you send the government your site's private key or use the state's CA or something. They can also mandate backdoors in encryption used in certain ways. And they can mandate that weak encryption be used outside their country's borders.
All of these are real parts of US laws on cryptography from WWII to 2000 to prevent "export" of "strong encryption", because of course evildoers around the world might make use of these "munitions". US law still regulates how we can use or distribute cryptography around the world. It is illegal in the US to release open source crypto on the internet without notifying the Bureau of Industry and Security. And 41 other countries (including the UK) have similar laws.
The one thing the US has going for it is the 1st Amendment, which makes it illegal for the US to prevent its citizens from making or using crypto within the US.
If you ban encryption and monitor all traffic in the world then you can easily flag messages you can't read as suspicious.
You can then hunt down people using the encryption.
How do they want to prevent someone from creating his own end-to-end encryption app?
That's not an issue. Writing solid encryption software is very difficult on its own. You will hear "do not roll your own crypto" all the time from security experts. We don't live in a James Bond universe and it's beyond the reach of terrorist organisations.
You don't have to roll your own crypto to create an own end-to-end encryption app. You can use existing crypto. Writing a user interface around it is not so difficult.
Beyound the reach of the terrorist organisations? We have already seen pretty sophisticated operations by relatively small crime organizations (like exploiting pseudorandom generators in casino slot machines). There's an established black market for exploits. I think writing an end-to-end encryption app is not much more difficult compared to this. What's more, it will even be perfectly legal in many countries, meaning you could legally hire professionals to do the job. Terrorist organisations won't need to esablish a development office in SV to write the app, they will only need to know how to use Tor and wire money to the app producer. Which isn't such a huge competence to ask for.
You don't really have to roll your own crypto to create such an app. There's always openssl and the signal protocol, which you'd only need to implement without designing anything.
Sure that can go wrong as anything can, but it's far from rolling your own crypto and makes things a lot easier.
> Writing solid encryption software is very difficult on its own.
It's not. You can use existing software, reuse existing protocols, and stick to safe languages as much as possible. Even implementing your own crypto isn't all that difficult¹. I have written my own crypto library², and I can almost recommend it for production use.
I think you've missed the point.. Not talking about writing own crypto.. Talking about not using applications which the western security services have ability to force backdoors.
Are you suggesting gpg has been backdoored? A simple wrapper around gpg is not-beyond terrorist organisations.
You vastly overestimate the difficulty. The reason we're commonly told not to roll our own crypto is because it's easy, and also easy to get wrong and possibly catastrophic if you do. But many perfectly serviceable algorithms are simple and public knowledge. Arguably a scenario where everyone's using their own crypto and half of it's broken is still better than everyone using the "industry standard, pre-backdoored for your convenience" version.
Of course it's utterly trivial to make a one-time-pad cryptosystem, and more practical in 2017 than ever. So what if the keylength must match the message length, my phone has a 32gb uSD. That's a lot of text messages.
We hear most terrorists ate with forks so all forks are now banned.
Also, we were shocked to discover that virtually ALL criminals rely on something called Oxygen to perform their work so this is now a controlled substance that will be heavily regulated.
We were then terrified to learn that after banning forks, terrorists were able to successfully eat with spoons or even their hands.
/s
Seriously, you cannot ban tools. Lawmakers have to approach this with a firm grounding in statistics (how LIKELY is a risk, relative to the magnitude of the measures to prevent it?). They also have to realize that some things are just necessary for society to function. Stop being paranoid.
It's perfectly legal to use a fork, if you choose to take that risk. We absolutely haven't banned forks, we just urge special precautions due to the clear and obvious terrorism risks. If you want to use a fork or fork-like object (various devices that can be used for stabbing crimes like pencils or pens), just put your name on this watchlist...
Seriously though. Next step would be to force people to install locks that have a master key that only intelligence services have and can only use for good reasons.
If you're ok with encryption back doors you should also be ok with govt master keys for all your stuff (house, car, bank account, etc)
So they get a backdoor into WhatsApp and terrorists just move onto some other non-compromised tool. Rinse and repeat. You can't ban maths ffs.
TBH I am surprised attackers do not better destroy their electronic equipment just before they carry out their attack. Pop your phone and SSD/flash drives in the microwave on high for a few minutes is pretty much going to destroy all evidence on them, and if not then chances are you are dead anyway so whatever data they might be able to get off will most likely be useless to them anyway.
I think this is not about terrorists (that is just a side effect), but for state ability to know what people think and talk about. That is very powerful thing to have.
Not sure about banning maths, but back when I was in school I had to suffer through a couple of maths teachers who were so bad that they might as well have been trying to instill a life long hatred for maths.
I seem to remember in pre-inet news, rogue actors with mental disorders seldom made national headlines. Now an individual with no affiliation with organized hate-based groups and some twisted logic can dream of international recognition for their actions if they manage to fulfill loose criteria under the "terrorists" FUD umbrella. Dead or alive, they want to be significant in some way different from their previously banal existence, consequences be damned.
The British gov is looking more and more like the Finger from V for Vendetta. The US president more and more like the one from Idiocracy. That we tend to live up to caricatures should be an alarming sign, but I only see worries on sites like HN. Most people still don't see the catastrophy in it.
> I only see worries on sites like HN. Most people still don't see the catastrophy in it.
I'm not in the US. I have actually been very impressed by the outspoken actions of anti-Trump people in the US, with the massive protests and constant (well-deserved) media scrutiny. Also I never knew I could have so much respect for Hawaiian judges.
Why they didn't bother to vote is beyond me, though. Trump is a buffoon, but he was able to successfully motivate other buffoons to actually vote.
I did hear the description of their vote as being force to choose "between a disaster and a catastrophe" though, so that might go some way to explaining it.
Readit News
Sure, encryption helps terrorists as well as ordinary citizens but it's my belief that freedom and privacy are more important than that. The work of police and security services has never been easy in a free society, but protecting and upholding that free society is the very essence of the job. Dilution of that freedom is therefore counter to the purpose for which these agencies exist, and so when the government tries to move in that direction we, as citizens, should voice our resistance, and keep voicing it until they understand.
There really aren't many other alternatives.
I'm all for a Utopian society where nobody needs to encrypt private messages, but so long as there are people in power who feel they need special treatment, then I will continue to demand the same level privacy as them.
It takes too much to reply: "Tell you what, I'm going to educate you better instead". Because you can educate all you want, you will not have results that helps your re-election 4-5 years down the road.
Deleted Comment
The scary thing is that the difference between the UK and the kind of place we might describe using words like "totalitarian state" is now more about how our laws are used in practice than what the laws actually say. The government and its agents already have very broad powers, our courts have already taken surprisingly illiberal positions when some of those powers have been challenged, and we lack the constitutional checks and balances often found elsewhere, more so if the government uses Brexit as a mechanism to remove those deriving from Europe without replacing them. We're basically just trusting that the government and its agents will be decent people and use the powers they have responsibly at this point, but as we've seen with the likes of Trump, that's a dangerous strategy when you don't know who the government will be in the future.
For example, Australia's Lindt Cafe siege - the guy was already under "24 hour surveillance" by ASIO (Australian Security Intelligence) - which did nothing to prevent the attack. Despite this, AFAIK there was not much blame placed on ASIO. I'm sure there are many other examples. I'm not saying it's an easy problem to solve, just that more surveillance is probably not the answer.
Sure, the attacker is the real culprit, but adding more laws and surveillance will not prevent crazies from doing crazy stuff.
Labour leader Jeremy Corbyn said authorities already had "huge powers". There had to be a balance between the "right to know" and "the right to privacy", he said. [1]
Unfortunately when it came to actually doing something he provided practically no opposition to the Investigatory Powers Act.
[1]http://www.bbc.co.uk/news/uk-39396578
Please don't attribute homicidal political views to insanity. These people don't have schizophrenia, and people with schizophrenia aren't terrorists.
If I need a communication to be secret, I will encrypt it, and I don't need special software.
I think the work of security services have never been easier as it is now thanks to the massive use of social networks and mobile phones, CCTVs everywhere, GEOINT, etc. At least for the Five Eyes.
This too will fail spectacularly.
I hope you're right, but I don't think so.
The next time there is an attack, I don't think there will be an outcry that the all-pervasive surveillance has failed us, only an outcry against the terrorists (who, let's face it, are the real offenders).
One might counter that the scenario I lay out above is not possible. However I would posit that technology enables our capacities to create/preserve and to destroy. However, perhaps stemming from thr laws of thermodynamics, it does seem that our capacities to destroy is always outpacing our capacities to create or preserve, and eventually the gap between these capacities will unsettle the center which cannot hold.
Survival is not a value. Survival is a prerequisite for a lot of other values, but it's not a value in and of itself.
As many people have difficulty grasping what living in a world without privacy would be like, let me propose a different solution: We'll put everyone into solitary confinement, to ensure everyone's survival, as I do not see the value of freedom of movement trumping survival.
Would you agree with that as well? If not, why not?
Also, you might want to realize that surveillance does not ensure that your set of values gets enforced. It's the values of whoever manages to obtain that power, and whose power as a result of the surveillance might be impossible to challenge. The idea that you could create such a power structure and then guarantee that it's going to be used exclusively to prevent that bio weapon from being built and used is extremely naive. You would instead most likely find yourself alive, living in a world that makes you constantly wish for being dead, but thanks to the surveillance unable to kill yourself.
I'm not sure what point you're trying to make, are you saying we need more surveillance to protect us because weapons are becoming easier to produce?
"We need to make sure that our intelligence services have the ability to get into situations like encrypted Whatsapp."
She has said she is "calling in" technology companies this week to try to "deliver a solution".
Marr asks if they refuse to do that, will you legislate to force them to change? She's not drawn on that.
Interview is here:
http://www.bbc.co.uk/iplayer/episode/b08l62r7/the-andrew-mar... [from 45:18]
I understood that UK IP Bill already mean that she already has the ability to e.g. demand a backdoored version of Whatsapp be sent to a target device, but that's not covered in the interview.
https://www.theregister.co.uk/2016/11/30/investigatory_power...
It's absurd to think this can be resolved through legislation or cajoling companies into cooperation. But what really bothers me about this whole issue is that we already have laws in place that handle this situation, at least in the USA. In the USA, if you refuse to hand over an encryption key (or can't) and are being compelled to by a court, you can and will be held in contempt of court, and possibly convicted of destruction of evidence. The only thing that forcing people to backdoor their crypto does is allow government entities to investigate people without having sufficient evidence to compel them to give up their keys, and destroy the marketability of large scale, centralized end-to-end encryption solutions.
I mean, you could make the argument that end-to-end encryption restricts the ability to wiretap people, sure, but a wiretap warrant should require a decent amount of evidence, and at that point, there are most likely other options.
Amber Rudd seems hell bent on destroying their only chance.
I'm so sick of getting "this is an adult resource and you can't view it" anytime I search for information about a drug (pharmaceutical, not just "weed LSD and lols").
Great fucking way to encourage your future chemists. Maybe ban keywords like JavaScript, PHP and SQL while at it, them's the powerful drugs maaan.
"The Hindi-speaking handler guiding the men in Hyderabad also insisted on using a kaleidoscope of encrypted messaging applications, with Mr. Yazdani instructed to hop between apps so that even if one message history was discovered and cracked, it would reveal only a portion of their handiwork."
"the handler taught Mr. Yazdani how to use the Tails operating system, which is contained on a USB stick and allows a user to boot up a computer from the external device and use it without leaving a trace on the hard drive."
Even if the British government is successful with WhatsApp, can they do much against free, open source tools?
[1] https://www.nytimes.com/2017/02/04/world/asia/isis-messaging...
Why would they care about open source tools and niche use of encryption? Of course they don't. They are after mass surveillance and use fear of terrorism to push for it. It's very logical of them.
So they'll never run out of reasons to push further. Hooray.
For a corollary see the paucity of coverage on the mass demonstration in London yesterday.
Do we think they know our online banking software uses the same kind of encryption? Probably not. Andrew Marr not knowing this is annoying. But an entire government being ignorant of it is deeply worrying.
For me it seems to be more in a direction of so called "Big Brother" than real counter-terrorism.
Why can't we collect all the signals all the time?
This is incredibly dangerous for our society, no-one should have that much power. That power isn't about terrorism (or even very useful against terrorism), but about subverting governments, judiciary and businesses.
Don't forget that while they were talking to the IRA politicians were saying in public "we don't talk to terrorists".
Dead Comment
It's basically impossible. One can also use steganography to hide messages in lolcat pictures, or music files. The only way to prevent this, I think, is to start a totalitarian surveillance state where using Free or custom software or hardware is punishable by death. Even then, I'm not sure this will be enough.
What they really need is to invent time travel, and murder Ada Lovelace.
They can't. The US tried it in the 90's when SSL sites could not use strong encryption outside the US and you'd need a license to "export" PGP... That went well! :-/
https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
Install a device on one's head?
I expect it's quite likely this one was using WhatsApp because that's what he used; not because he read about its end-to-end encryption.
Don't think we can "tech" our way out of this.
It's actually easier than ever to ban encryption for messaging.
Would that stop determined people? No, but it's never been about that anyway. Just make the pool small enough and it becomes too difficult to use. (See PGP / email).
Also, if you genuinely legislate against encrypted messaging then it's easy to pick up on the relative handful of people who go outside the app stores to get encrypted messaging applications.
And it shouldn't come to technical solutions, we should have people challenge the notion that two people should never be allowed to share a private message, because that's why Rudd and the government is suggesting.
Just because something is illegal doesn't mean it is enforceable.
Then there's how you use it. They could mandate all of X businesses could only use encryption that could be inspected by the state, so either weak encryption, or PKI where you send the government your site's private key or use the state's CA or something. They can also mandate backdoors in encryption used in certain ways. And they can mandate that weak encryption be used outside their country's borders.
All of these are real parts of US laws on cryptography from WWII to 2000 to prevent "export" of "strong encryption", because of course evildoers around the world might make use of these "munitions". US law still regulates how we can use or distribute cryptography around the world. It is illegal in the US to release open source crypto on the internet without notifying the Bureau of Industry and Security. And 41 other countries (including the UK) have similar laws.
The one thing the US has going for it is the 1st Amendment, which makes it illegal for the US to prevent its citizens from making or using crypto within the US.
That's not an issue. Writing solid encryption software is very difficult on its own. You will hear "do not roll your own crypto" all the time from security experts. We don't live in a James Bond universe and it's beyond the reach of terrorist organisations.
Beyound the reach of the terrorist organisations? We have already seen pretty sophisticated operations by relatively small crime organizations (like exploiting pseudorandom generators in casino slot machines). There's an established black market for exploits. I think writing an end-to-end encryption app is not much more difficult compared to this. What's more, it will even be perfectly legal in many countries, meaning you could legally hire professionals to do the job. Terrorist organisations won't need to esablish a development office in SV to write the app, they will only need to know how to use Tor and wire money to the app producer. Which isn't such a huge competence to ask for.
Sure that can go wrong as anything can, but it's far from rolling your own crypto and makes things a lot easier.
It's not. You can use existing software, reuse existing protocols, and stick to safe languages as much as possible. Even implementing your own crypto isn't all that difficult¹. I have written my own crypto library², and I can almost recommend it for production use.
[1]: http://loup-vaillant.fr/articles/rolling-your-own-crypto
[2]: http://loup-vaillant.fr/projects/monocypher/
Are you suggesting gpg has been backdoored? A simple wrapper around gpg is not-beyond terrorist organisations.
Of course it's utterly trivial to make a one-time-pad cryptosystem, and more practical in 2017 than ever. So what if the keylength must match the message length, my phone has a 32gb uSD. That's a lot of text messages.
Deleted Comment
Sure, but what's to prevent someone from building something on top of OpenSSL or PGP or whatever? Can't be that hard.
Also, we were shocked to discover that virtually ALL criminals rely on something called Oxygen to perform their work so this is now a controlled substance that will be heavily regulated.
We were then terrified to learn that after banning forks, terrorists were able to successfully eat with spoons or even their hands.
/s
Seriously, you cannot ban tools. Lawmakers have to approach this with a firm grounding in statistics (how LIKELY is a risk, relative to the magnitude of the measures to prevent it?). They also have to realize that some things are just necessary for society to function. Stop being paranoid.
If you're ok with encryption back doors you should also be ok with govt master keys for all your stuff (house, car, bank account, etc)
TBH I am surprised attackers do not better destroy their electronic equipment just before they carry out their attack. Pop your phone and SSD/flash drives in the microwave on high for a few minutes is pretty much going to destroy all evidence on them, and if not then chances are you are dead anyway so whatever data they might be able to get off will most likely be useless to them anyway.
Terrorists just use something else while the populace feels gradually more oppressed/controlled/...
In a way they get something for nothing.
Wow, that sentence got away from me.
(Then again, a 4 Lions moment where an intrepid terrorist slits his own throat with a molten SSD wouldn't be the worst thing in the world...)
Thats it guys. Mommy says no more maths.
Agreed. I'm terrorized when I hear gov representatives talking like that. Who's the terrorist, I wonder.
Deleted Comment
I'm not in the US. I have actually been very impressed by the outspoken actions of anti-Trump people in the US, with the massive protests and constant (well-deserved) media scrutiny. Also I never knew I could have so much respect for Hawaiian judges.
Why they didn't bother to vote is beyond me, though. Trump is a buffoon, but he was able to successfully motivate other buffoons to actually vote.
I did hear the description of their vote as being force to choose "between a disaster and a catastrophe" though, so that might go some way to explaining it.