• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

End-to-end encryption on messaging services is unacceptable: UK minister

Status
Not open for further replies.
S

SteveWD40

Member
Madness said:
Terrorists are always proactive. In the end, the average citizen suffers. Whatsapp being secure isn't what causes terror attacks. Remove the encyrption and they'll find something else while your personal communications are easily taken and monitored.
Click to expand...

Yep, especially those who know what they are doing. They will go back to pen and paper or face to face if needed, you can't "fight" terror, only choose not to be terrorised.

May just wants to get to a point people who don't vote Tory are on a database, to be watched for "dissent".
 
E

ElTorro

I wanted to dominate the living room. Then I took an ESRAM in the knee.
Madness said:
The UK is as big a nanny state as China. The difference is they pretend to do it for different reasons. Pretty soon if terrorists start hiding things in their ass, these people would ask us to bend over at airports so they can check.

Terrorists are always proactive. In the end, the average citizen suffers. Whatsapp being secure isn't what causes terror attacks. Remove the encyrption and they'll find something else while your personal communications are easily taken and monitored.
Click to expand...

Agree. It's not like there haven't been more than enough easy-to-use and widely available means around for criminals to securely encrypt or otherwise obfuscate communications. Removing security features from popular at most only helps you to catch the most moronic criminals.
 
B

BajiBoxer

Banned
ElTorro said:
Agree. It's not like there haven't been more than enough easy-to-use and widely available means around for criminals to securely encrypt or otherwise obfuscate communications. Removing security features from popular at most only helps you to catch the most moronic criminals.
Click to expand...
Yup. Or it provides means for smarter criminals to victimize innocent people.
 
3

31GhostsIV

Banned
It was only a matter of time before the Tories started to spin last week's tragedy into a reason to push their privacy-killing agenda.
 
C

Colin.

Member
Just think. There are many conversations happening across the country at this moment, with no way for the authorities to intercept them.. One of them may even be a terrorist plot! It is completely unacceptable, there should be no place for terrorists to hide. No ways about it, we MUST place hidden cameras in homes nationwide. If you have nothing to hide, you have nothing to fear.™
 
F

Famassu

Member
I mean, UK's right-wing governments of recent times aim for some 1984 level dystopic surveillance & control shit, so comments like these aren't surprising, coming from them.
 
L

Liu Kang Baking A Pie

Member
Obama said the same kinds of "authoritarian, right wing" things. (Because he and America are also that. This guy defended and wants the NSA dragnet.)

Obama rejects 'absolutist' defense of encryption
https://secure.politico.com/story/2016/03/obama-apple-encryption-battle-220656
By Nancy Scola

03/11/16 07:27 PM EST

President Barack Obama weighed in on Apple's court fight with the Justice Department Friday, arguing that the government can't allow encrypted devices that are inaccessible to law enforcement.

"My conclusion so far is that you can't take an absolutist view on this," Obama said at the SXSW festival in Austin, Texas. "If your argument is strong encryption no matter what, and we can and should in fact create 'black boxes,' then that I think does not strike the kind of balance that we have lived with for 200, 300 years. And it's fetishizing our phones above every other value and that can't be the right answer."

If "there's no key ... then how do we apprehend the child pornographer? How do we solve or disrupt the terrorist plot? What mechanisms do we have available to even do simple things like tax enforcement?" Obama said. "Because if in fact you can't crack that at all, if government can't get in, then everybody is walking around with a Swiss bank account in their pocket. So there has to be some concession to the need to be able to get into that information somehow."
Click to expand...

I understand his perspective, though of course I'll never personally begin accepting any backdoor, weaker security, or government spying.
 
BibiMaghoo

BibiMaghoo

Member
As with the opening of Iphones, I don't believe a method of digital communication should be off limits for law enforcement. I realise many think that the right to privacy trumps all, but I just don't agree. There is a huge difference between monitoring a countries communications, and accessing communications that have occurred in relation to a crime. The latter should never be denied. Users of these systems are already very high, and will only increase over time. That makes other methods of gathering the information redundant entirely, and most countries have laws to access things like phone calls for good reason. I fail to see why newer methods of communication should be allowed to bypass that when the old ones are left unused in their place.

I despise Theresa May and her desire to destroy human rights in general, but police should be able to access any digital communications if the circumstances require it.
 
S

SugarDaddy

Member
Using terrorism as a scapegoat for violating consumer privacy as usual

4 people died in that attack

Don't something like 20+ people die every day from alcohol related driving accidents? (in the U.S.) I don't mean to derail or appear apathetic but I don't see events like these to be reason enough to further strip away privacy protections.
 
M

MUnited83

For you.
BibiMaghoo said:
As with the opening of Iphones, I don't believe a method of digital communication should be off limits for law enforcement. I realise many think that the right to privacy trumps all, but I just don't agree. There is a huge difference between monitoring a countries communications, and accessing communications that have occurred in relation to a crime. The latter should never be denied. Users of these systems are already very high, and will only increase over time. That makes other methods of gathering the information redundant entirely, and most countries have laws to access things like phone calls for good reason. I fail to see why newer methods of communication should be allowed to bypass that when the old ones are left unused in their place.

I despise Theresa May and her desire to destroy human rights in general, but police should be able to access any digital communications if the circumstances require it.
Click to expand...

Seems you haven't read the thread at all it seems. This is not about what you think it is.
 
BibiMaghoo

BibiMaghoo

Member
Liu Kang Baking A Pie said:
Why? We don't act like this about all physical objects or places. "No unreasonable searches or seizures" was part of why America colonized.
Click to expand...

It isn't unreasonable in a criminal investigation though. I do not condone mass data collection, just the ability to access. To deny encrypted messages being unaccessable to Police.

BernardoOne said:
Seems you haven't read the thread at all it seems. This is not about what you think it is.
Click to expand...

?

I read it already, and responded accordingly. Perhaps you misunderstood my post.
 
H

hodgy100

Member
BibiMaghoo said:
As with the opening of Iphones, I don't believe a method of digital communication should be off limits for law enforcement. I realise many think that the right to privacy trumps all, but I just don't agree. There is a huge difference between monitoring a countries communications, and accessing communications that have occurred in relation to a crime. The latter should never be denied. Users of these systems are already very high, and will only increase over time. That makes other methods of gathering the information redundant entirely, and most countries have laws to access things like phone calls for good reason. I fail to see why newer methods of communication should be allowed to bypass that when the old ones are left unused in their place.

I despise Theresa May and her desire to destroy human rights in general, but police should be able to access any digital communications if the circumstances require it.
Click to expand...

You can't ban or introduce back doors to end to end encryption without making all online security measures insecure. The problem here is politicians not understanding the knock on effects of their wet dreams.
 
Flintty

Flintty

Member
I'm probably in the minority but I don't mind UK Gov having the ability to look at my Whatsapp if it means saving a life. They're not interested in my group chat unless I've already done something to make myself a target.
 
L

Liu Kang Baking A Pie

Member
BibiMaghoo said:
To deny encrypted messages being unaccessable to Police.
Click to expand...
But that's the point. In America, you literally can hide things from the police in most scenarios, because they're not some sort of special order of gods above us. If a criminal hides their tracks well enough to not be caught, then they're behaving like most criminals through history.
 
I

Irminsul

Member
BibiMaghoo said:
There is a huge difference between monitoring a countries communications, and accessing communications that have occurred in relation to a crime. The latter should never be denied. Users of these systems are already very high, and will only increase over time.
Click to expand...

Due to the nature of encryption, you simply cannot prevent its usage. It's just mathematics, after all. All the methods how to do it are already out there. The only thing you can do is to make it a bit more cumbersome to use, meaning your everyday guy probably won't use it. Criminalising its usage probably doesn't bother criminals that much if they plan to commit a much more serious crime.

So, overall, what you're doing is making mass surveillance much easier while doing nothing against any but the most moronic of criminals.
 
L

Liu Kang Baking A Pie

Member
Recommended easy reading on the politics + history of digital surveillance and how to protect yourself:

Data vs Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneider
https://www.amazon.com/dp/039335217X/?tag=neogaf0e-20

No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State by Glenn Greenwald
https://www.amazon.com/dp/1250062586/?tag=neogaf0e-20

The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data by Kevin Mitnick
https://www.amazon.com/dp/0316380504/?tag=neogaf0e-20

Irminsul said:
Due to the nature of encryption, you simply cannot prevent its usage. It's just mathematics, after all.
Click to expand...
Yep, nailed it. I think all three of these books get into that while explaining encryption to the layperson.
 
C

Costia

Member
BibiMaghoo said:
..I don't believe a method of digital communication should be off limits for law enforcement...
Click to expand...
It's going to be the case anyway.
You can encrypt your data in a multitude of ways.
Generally if you dont have the encryption key (which only the user has), it would be impossible to decrypt.
Criminals don't follow the law, such a restrction won't harm them at all.
It will only hurt the general law-abiding public that uses encryption for legitimate purposes.
It's actually quite ironic, while the law's intention would be to harm criminals while keeping the public safe, it will actually do the opposite.
It won't do anything to the criminals, while making the general public's data less secure, and easier to access by criminals.
 
F

FyreWulff

Member
Reminder that encryption isn't like a safe where there's like computer code sitting as a "wall" around the information. It's a mathematical transformation of one thing into another. For example, with all good encryption algos you can't even actually really determine that you're feeding the decrypter a valid file, it just has go through and decrypt it and see what comes out the other side. It's possible to have a "valid" encrypted file that decrypts into what looks like random data (aka, a failed decryption) but is actually encrypted data.
 
M

Matt

Member
Liu Kang Baking A Pie said:
But that's the point. In America, you literally can hide things from the police in most scenarios, because they're not some sort of special order of gods above us. If a criminal hides their tracks well enough to not be caught, then they're behaving like most criminals through history.
Click to expand...
Not if they have a search warrant. That was Obama's point. Having something that is litterly impossible for authorities to access is a situation that has previously not really existed.
 
BibiMaghoo

BibiMaghoo

Member
hodgy100 said:
You can't ban or introduce back doors to end to end encryption without making all online security measures insecure. The problem here is politicians not understanding the knock on effects of their wet dreams.
Click to expand...

Irminsul said:
Due to the nature of encryption, you simply cannot prevent its usage. It's just mathematics, after all. All the methods how to do it are already out there. The only thing you can do is to make it a bit more cumbersome to use, meaning your everyday guy probably won't use it. Criminalising its usage probably doesn't bother criminals that much if they plan to commit a much more serious crime.

So, overall, what you're doing is making mass surveillance much easier while doing nothing against any but the most moronic of criminals.
Click to expand...

I understand the merits of this position, but still do not agree it is acceptable. Police forces in every nation in the world where it is relevant have access to more traditional forms of communication for good reason. It is easily safe to say without providing any evidence that this ability has saved many lives and solved many crimes. As we move towards newer methods of communication, this ability is lost, and so needs to be addressed.

The concern of a normal citizen keeping their redundant information private is a non concern to me in comparison to this. I am troubled that people value keeping their meaningless personal data private as more important than keeping other people alive. I know this is unpopular, but it is sound reasoning to me. I value one thing more highly than the other. If having access means no true encryption on these devices, then that is a small price to pay in my view.
 
L

Liu Kang Baking A Pie

Member
BibiMaghoo said:
Police forces in every nation in the world where it is relevant have access to more traditional forms of communication for good reason.
Click to expand...
It could be because they're insecure services by nature or limitation.

Can you cite what "good reason" you're talking about and the specific privileged access you're referring to? Feeling like you pulled this one right out of the ass.

BibiMaghoo said:
The concern of a normal citizen keeping their redundant information private is a non concern to me in comparison to this. I am troubled that people value keeping their meaningless personal data private as more important than keeping other people alive. I know this is unpopular, but it is sound reasoning to me. I value one thing more highly than the other. If having access means no true encryption on these devices, then that is a small price to pay in my view.
Click to expand...
Don't know why you think vague George W Bush era talking points about security vs liberty are going to be persuasive. Where's your research or statistics to back these points up? What exactly is the quantified security tradeoff, and why do you feel your position is correct?
 
F

FyreWulff

Member
BibiMaghoo said:
I understand the merits of this position, but still do not agree it is acceptable. Police forces in every nation in the world where it is relevant have access to more traditional forms of communication for good reason. It is easily safe to say without providing any evidence that this ability has saved many lives and solved many crimes. As we move towards newer methods of communication, this ability is lost, and so needs to be addressed.

The concern of a normal citizen keeping their redundant information private is a non concern to me in comparison to this. I am troubled that people value keeping their meaningless personal data private as more important than keeping other people alive. I know this is unpopular, but it is sound reasoning to me. I value one thing more highly than the other. If having access means no true encryption on these devices, then that is a small price to pay in my view.
Click to expand...

Criminals have been talking in code and encryption for decades. The police, amazingly, have still continued to function. Criminals will continue to do so, because you know, they're breaking the law. They don't care about the law in the first place. And they can still encrypt data under the 'required' encryption as another layer, or as i pointed out, use coded phrases that look like normal conversation.

Hell, a proper use of One Time Pads, which is just a pen and paper method of encryption, and your messages are never recoverable. You could broadcast them in the open, over the air, on giant billboards, and nobody seeing them could do shit unless they had the corresponding OTP to decrypt it.
 
N

Nevasleep

Member
Hopefully the people who understand the "necessary hashtags" are reading this LOL

“What I’m saying is the best people who understand the technology, who understand the necessary hashtags to stop this stuff even being put up, not just taking it down, are going to be them. That’s why I would like to have an industry-wide board set up where they do it themselves.”
Click to expand...
Guardian
 
C

Costia

Member
BibiMaghoo said:
I understand the merits of this position, but still do not agree it is acceptable..
Click to expand...
You are ignoring what Irminsul said.
Your agreement is irrelevant. It's math. You might as well try banning matrix multiplication.
Data encrypted by criminals will not be accessible to law enforcement. This is a statement based on math, not an opinion. It is not something that can be addressed by a law.
The only thing a law can do is make the general public (who are not aware of the problems the law will create) more volnurable to attacks.
 
I

Irminsul

Member
BibiMaghoo said:
I understand the merits of this position, but still do not agree it is acceptable.
Click to expand...
It doesn't really matter if you find that acceptable. I just described the reality of encryption to you. There is no world without it which we can magically get back to. Beside the point that if you get WhatsApp to remove encryption, messengers which include it are a dime a dozen. What are you gonna do, create a Great Firewall around the UK à la China?

The concern of a normal citizen keeping their redundant information private is a non concern to me in comparison to this. I am troubled that people value keeping their meaningless personal data private as more important than keeping other people alive. I know this is unpopular, but it is sound reasoning to me. I value one thing more highly than the other. If having access means no true encryption on these devices, then that is a small price to pay in my view.
Click to expand...

You can't have one without the other. There isn't good encryption and bad encryption, and each backdoor can (and in the past often has been) used by criminals just as well as by governments. What you're implying means, e.g., no more online shopping because the encryption couldn't be fully trusted anymore.
 
IISANDERII

IISANDERII

Member
SugarDaddy said:
Using terrorism as a scapegoat for violating consumer privacy as usual

4 people died in that attack

Don't something like 20+ people die every day from alcohol related driving accidents? (in the U.S.) I don't mean to derail or appear apathetic but I don't see events like these to be reason enough to further strip away privacy protections.
Click to expand...
The way I look at it is that if the government is allowed this power grab, then that will cost far more lives.
 
C

ClosingADoor

Member
I can understand the thought behind it. We tap phones, we intercept packages, we follow people around. As long as there is a warrant, there is nothing wrong with that. But now you have this pretty much unbreakable kind of communication that goes around the world that you can't intercept, while it would be very valuable in some cases. Personally I find the whole demand from some for absolute privacy online a bit overblown.

Problem is, there is also nothing stopping a terrorist group from coding its own app and slapping encryption on it. So how valuable is it to demand Whatsapp and others to built in backdoors for the government.
 
W

Woorloog

Banned
Face to face meetings that are not held in front of government witnesses or cameras and mikes probably should be banned. Could be terrorists.

Banning chat encryption is functionally the same thing really.
 
H

hodgy100

Member
BibiMaghoo said:
I understand the merits of this position, but still do not agree it is acceptable. Police forces in every nation in the world where it is relevant have access to more traditional forms of communication for good reason. It is easily safe to say without providing any evidence that this ability has saved many lives and solved many crimes. As we move towards newer methods of communication, this ability is lost, and so needs to be addressed.

The concern of a normal citizen keeping their redundant information private is a non concern to me in comparison to this. I am troubled that people value keeping their meaningless personal data private as more important than keeping other people alive. I know this is unpopular, but it is sound reasoning to me. I value one thing more highly than the other. If having access means no true encryption on these devices, then that is a small price to pay in my view.
Click to expand...

I'm less worried about the police force having access the our data than weakening online security so that criminals can gather sensitive information easier.

End to end encryption doesn't just cover direct text communication but also sending encrypted data through your browser to access accounts. Server encryption. User data encryption. Legislate against that and now payment details are insecure.

Legislating against this is not doable. It's not enforceable. What's stopping g a terrorist group making their own android app that encrypts their own messages. I can go make my own end to end messaging app. Someone outside the UK can do it. How can you legislate against that?
 
S

samn

Member
BibiMaghoo said:
I understand the merits of this position, but still do not agree it is acceptable. Police forces in every nation in the world where it is relevant have access to more traditional forms of communication for good reason. It is easily safe to say without providing any evidence that this ability has saved many lives and solved many crimes. As we move towards newer methods of communication, this ability is lost, and so needs to be addressed.

The concern of a normal citizen keeping their redundant information private is a non concern to me in comparison to this. I am troubled that people value keeping their meaningless personal data private as more important than keeping other people alive. I know this is unpopular, but it is sound reasoning to me. I value one thing more highly than the other. If having access means no true encryption on these devices, then that is a small price to pay in my view.
Click to expand...

Increasingly, the contents of a person's phone are *not* meaningless. They are of great interest to harassers, identity thieves, big business and malicious government actors. There is no secure way to grant only the 'goodies' access to this data on demand but not anyone else. It simply cannot be done. I don't consider the risks that this kind of scheme would open up to every single person on the planet that uses technology worth it, even for the sake of maybe (but probably not) preventing attacks like this one, which represent an utterly minuscule proportion of the death and suffering experienced even within wealthy western societies.
 
H

hodgy100

Member
samn said:
Increasingly, the contents of a person's phone are *not* meaningless. They are of great interest to harassers, identity thieves, big business and malicious government actors. There is no secure way to grant only the 'goodies' access to this data on demand but not anyone else. It simply cannot be done. I don't consider the risks that this kind of scheme would open up to every single person on the planet that uses technology worth it for the sake of maybe (but probably not) preventing attacks like this one, which represent an utterly minuscule proportion of the death and suffering experienced even within wealthy western societies.
Click to expand...

Yup. Create a backdoor for for the government. You are creating a backdoor for criminals too.
 
C

Condom

Member
ClosingADoor said:
I can understand the thought behind it. We tap phones, we intercept packages, we follow people around. As long as there is a warrant, there is nothing wrong with that. But now you have this pretty much unbreakable kind of communication that goes around the world that you can't intercept, while it would be very valuable in some cases. Personally I find the whole demand from some for absolute privacy online a bit overblown. The Dutch government for example has totally destroyed any sense of privacy in the name of anti-terror and anti-fraud.

Problem is, there is also nothing stopping a terrorist group from coding its own app and slapping encryption on it. So how valuable is it to demand Whatsapp and others to built in backdoors for the government.
Click to expand...
I think the government acting as if they need to peek into every little bit of people's lives to 'protect us against terrorism' is itself a little bit overblown.

Terrorism is combatted in schools, on workplaces and in neighborhoods. Not primarily through military endeavors and spying. Until governments learn that there they will always keep chasing the symptoms of terror instead of actually solving the causes of terror.
 
J

JonnyDBrit

Member
ClosingADoor said:
I can understand the thought behind it. We tap phones, we intercept packages, we follow people around. As long as there is a warrant, there is nothing wrong with that. But now you have this pretty much unbreakable kind of communication that goes around the world that you can't intercept, while it would be very valuable in some cases. Personally I find the whole demand from some for absolute privacy online a bit overblown.

Problem is, there is also nothing stopping a terrorist group from coding its own app and slapping encryption on it. So how valuable is it to demand Whatsapp and others to built in backdoors for the government.
Click to expand...

There's also the underlying issue that creating this vulnerability for police usage does not mean it will actually stay limited to police usage. The medium doesn't help either: tapping phones, intercepting packages, stalking - these all require some degree of physical access to the person and/or materials. Digital messaging, and the interception thereof, throws that on its head entirely; you can be on another continent, having never been in the same country as the target, but still potentially get their info. That's not just for police and terrorists, that can be for hackers wanting blackmail, and the knowledge that a backdoor absolutely exists would be quite encouraging to such criminals. Fine, you feel personal privacy does not fully trump the security needs of society - that's a pretty reasonable stance and the one people always touch on. What they're far less willing to acknowledge is that creating such vulnerabilities for the police will make them potentially accessible by someone other than the police.

To put it in terms of analogy, if it was known that the police had access to an array of skeleton keys, provided to them by every lock manufacturer, and each key would open every lock made by those manufacturers, the response by criminals wouldn't even be to try to steal those keys; it would be to experiment, knowing there was at least one particular combination that would open all locks of a given manufacturer.
 
BibiMaghoo

BibiMaghoo

Member
hodgy100 said:
I'm less worried about the police force having access the our data than weakening online security so that criminals can gather sensitive information easier.

End to end encryption doesn't just cover direct text communication but also sending encrypted data through your browser to access accounts. Server encryption. User data encryption. Legislate against that and now payment details are insecure.
Click to expand...

I understand, so maybe there are other ways to address this particular issue, like banning encrypted messaging apps from app stores. They will still exist, other places will host them where possible, but it instantly reduces the number of people able and likely to use them, and the increasing prevalence of their use if they are not mainstream. It is just not acceptable for the world to move onto communications that cannot be accessed by authorities where needed, and on this, probably just this, I agree with Amber / Theresa.

samn said:
Increasingly, the contents of a person's phone are *not* meaningless. They are of great interest to harassers, identity thieves
Click to expand...

Those two are fair points I would not dispute.
 
C

Costia

Member
JonnyDBrit said:
To put it in terms of analogy, if it was known that the police had access to an array of skeleton keys, provided to them by every lock manufacturer, and each key would open every lock made by those manufacturers, the response by criminals wouldn't even be to try to steal those keys; it would be to experiment, knowing there was at least one particular combination that would open all locks of a given manufacturer.
Click to expand...
Already happened IRL:
Master Key for TSA-Approved Locks Leaked Again.
http://www.pcmag.com/news/346422/master-key-for-tsa-approved-locks-leaked-again
 
Status
Not open for further replies.

Similar threads

  • Locked
UK minister defends CMA's decision to block MS/ABK
News
0
735
Daniel_Mallorca1985 replied
Alt-Tech. Sources, links, information
16
1K
Mistake replied
WhatsApp reportedly refused to build a backdoor for the UK government (The Verge)
19
3K
Mr-Joker replied
[HackerNews] Google Reveals What Personal Data Chrome and Its Apps Collect On You
21
13K
jufonuk replied
Australia PM claims the laws of mathematics are secondary to the law of Australia
2
86
15K
elfinke replied
Top Bottom