Lets ban all encryption coz protection!!!

That seems to be the gist of it anyway. http://arstechnica.com/tech-policy/2...hell-ban-them/

This really is quite pathetic yet depressing at the same time, for what I assume are pretty obvious reasons. But just in case you didn't already know, it's worth knowing.

I really, really try not to get involved in anything political on forums as it's rare you get anything positive out if it, but this goes beyond the level of the usual politician-level-insane, both in terms of how it would be possible, why it would be useful, and why it wouldn't cause immeasurable harm in the process of of not living up to its goals.

Sigh...

Wow, because it being illegal will stop all those nasty terrorists going about their otherwise perfectly law abiding lives. Not only would it be incredibly easy to mask (just needs a client that communicates over https, looks like any other kind of https transaction) its also impossible to implement.

I for one will be presenting a false positive everytime I logon to my work laptop at home. The alternative is you have everyone that doesn't know what they're doing using the 'uk' version of backdoored apps and everyone else using encrypted versions.

This even puts the 'adult'-filter saga to shame on so many levels. Between even the politicians supposedly responsible for it not understanding what it actually did, or what it was blocking, or confusing it with IWF when answering criticism, and the sheer ease of bypassing the whole thing and the false-positives blocking innocent websites, and so on.

But still, this eclipses it. By far.

Oh... dear! I've no idea how I managed to post this in the hardware forum; if a mod sees this could they please move it to GD (or anywhere they feel is most appropriate)? :(

Moved to GD

The terrifying thing bout it is that people buy into it. They repeatedly try and do the same kind of thing under the guise of protecting the children from peados and every time there are elements of society who lap it up.
I personally find it revolting that they have the guile to use these atrocities to their advantage, yet not at all surprising.

This offers ZERO protection against the things they claim it will, especially if you announce to the world you are going to do it :rolleyes:
Nothing more than another step toward a right wing police state.

Quote:

---

Originally Posted by Biscuit

Nothing more than another step toward a right wing police state.

---

Why a 'right wing' one?

Labour wanted ID cards

Nazis were socialists.

Still, live in Cameron's constituency and am a floating voter. He has just lost my vote, not that it will count for much.

It's incredibly frustrating, as Mr Cameron has decided to put this in his manifesto for the election and is making a point of this in his campaign. I doubt it will actually get through (but all sorts of stupid laws get passed I guess..), but the most frustrating thing is that I cannot vote for the Conservatives with this sort of drivel being spouted. For me, this is a bigger issue than immigration, overseas aid etc etc.

That means Lib Dems get a vote - the only other options are the nutters and the idiots (ukip and labour) and I am not daft enough to give either of them a free vote.

Quote:

---

Originally Posted by Biscuit

The terrifying thing bout it is that people buy into it. They repeatedly try and do the same kind of thing under the guise of protecting the children from peados and every time there are elements of society who lap it up.
I personally find it revolting that they have the guile to use these atrocities to their advantage, yet not at all surprising.

This offers ZERO protection against the things they claim it will, especially if you announce to the world you are going to do it :rolleyes:
Nothing more than another step toward a right wing police state.

---

All precisely my thoughts. And if you don't like it, you must be one of those terrorist or child-abuser types of course!

I think he's just given the Lib-Dems a free pass to a load of votes it was seeming increasingly unlikely they'd get. If they're smart about it, they could easily use this to their advantage. Perhaps they could start by explaining to people how incredibly stupid it is. Either way you look at it, you end up with a government seeking to do something like this, and you end up with a government so incompetent to not realise how idiotic the proposal is.

If they're going to treat everyone who uses encryption as a criminal, the prisons are going to get a bit crowded. Might as well just build a wall around the country and be done with it. If they're not going to do it that way, then what's the point? Any real criminal I imagine would be a least smart enough to stop using a known-compromised service.

There are plenty of other ways to effectively communicate criminal activities, even without encrypted emails. I know naff-all about The Dark Web and encryptions, VPNs etc, yet I still know how to manage it. These are not exactly new technologies either and are available free to all people.

If you're being caught through the likes of FB and email, you're just being dumb and deserve everything you get!!

Quote:

---

Originally Posted by wasabi

Nazis were socialists.

---

Not quite...

Quote:

---

Hitler and the Nazis outlawed socialism, and executed socialists and communists en masse, even before they started rounding up Jews. In 1933, the Dachau concentration camp held socialists and leftists exclusively. The Nazis arrested more than 11,000 Germans for "illegal socialist activity" in 1936.

---

Quote:

---

Originally Posted by Smudger

Not quite...

---

Half true. They were anti Marxism-socialism.

See http://en.wikipedia.org/wiki/Nazism#Anti-communism

But all a bit of a distraction - I don't want to derail the thread with Nazi stuff. Just get annoyed when people throw the term 'right wing' as abuse when those on the left are often equally guilty of creating police states.

Quote:

---

Originally Posted by wasabi

Half true. They were anti Marxism-socialism.

See http://en.wikipedia.org/wiki/Nazism#Anti-communism

But all a bit of a distraction - I don't want to derail the thread with Nazi stuff. Just get annoyed when people throw the term 'right wing' as abuse when those on the left are often equally guilty of creating police states.

---

But the conservatives are right wing, they are in power, they are pushing the country farther right... and its their policy...

I think you are reading too far into the adjective.

So expecting the National *Socialist* German Workers Party to actually be Socialist.... well, since when has a politician ever told the truth?! :D

On the one hand, I think Cameron really is making a stupid move if this goes ahead... on the other, it seems like something people would so easily get all riled up over, which makes me wonder if this is being done to distract us while he sneaks something else far more serious under the radar...

Steganography (which I cant pronouce) will be the way forward.

Same message wrapped up in a boring long email. Same data hidden in a spreadsheet. Etc

OK - a little bit of perspective...

First ly, it isn't a ban on encryption as such, but an ability for Law Enforcement Agencies (LEAs) to have a back door into encrypted communications. However, the vast majority of e mail communication is not encrypted (or not particularly strongly) so it is only that which is encrypted would come under a new law. The law already requires someone suspected of a crime to reveal passwords, and failure to do so is an offence with a two year maximum prison sentence - a bit low imho as someone concealing a crime carrying - on conviction - a prison sentence more than that may wish to take their chance with the lower punishment.

Given the large number of communication, it is unlikely that every e mail or other communication is read or, more importantly, analysed in real time, hence the requirement for storage, It is likely that only if a person comes under suspicion from other intelligence that e mails etc might be read. however there is the question of timeliness - if the contents of a message contain details of some serious crime, it needs to be read before the event takes place.

There is also the question of a Government discharging its duty to protect the population. There has been criticism of Governments when a terrorist attack has taken place because intelligence wasn't in place. Is it right that criminal activity should be hidden from LEAs? Where does the balance lie?

What checks and balances should there be? Some form of judicial oversight to ensure the LEAs are acting within their legal framework, and transparency about that framework.

And the measures need to be proportionate to the threat. And there is little doubt that there is a threat from terrorism as the recent events in France, the murder of Fusilier Lee Rigby, the Glasgow Airport attack, the 7 July London bombings all demonstrate. I have left out Child abuse - but an equally unpleasant crime exploiting children, not only images, but the grooming of children. |But all crimes operate under some cloak of secrecy, should they have the protection of secure communication?

Of course, the facrt that some criminals may use encryption is not the same that all who use encryption have criminal intent - but some may, and that is where proportionality and judicial oversight plays a role.

How workable would a ban be? Not at all - which is why a requirement for a backdoor is the proposal. But that requires international coo-operation, or stiff penalties for anyone detected using encryption mechanisms without - and if everyone started using them, the enforcement would be impossible - but most people won't because it is too much effort.

There are many other forms of encryption or protection that carry plausible deniability. A one time pad is unbreakable and can be made to be plausibly deniable - but it is a manual process and a lot of faff. Coding is another - substitute one innocuous word - say sausages - for - say - nuclear warheads, and a shopping list takes on a whole new meaning. But that all involves extra work for the ne'er do well, and as Enigma showed, cider breaking often results in operator or user error.

The other danger is if the backdoor becomes known to others outside Government, and that is, IMHO, where the real risk and threat to privacy lies.

So there is an element of sabre rattling or knee jerk in all this. For what its worth I suspect most publicly available crypto system as decrypt able given enough time and resource, but that raises the question of timeliness.

But in the end it is a question of the balance between the public's right to privacy and the publics right to protection.

Nah, the old ways will return - Veiled speech, one-time cypher pads and the like.

I personally prefer the Christoper Lambert approach in Fortress 2: Playing a game of chess and conveying the secret message whenever you touch the King ... which is then spoken so blindingly blatantly, the cops would NEVER find out, eh!!

Steganography doesn't tend to work brilliantly in digital communication unless you combine it wit encryption. And even then, it might throw off casual observers but it's possible to find the extra payload if you know what to look for.

So much of the world we live in relies strongly on cryptography, it cannot be done without. There are no sensible arguments to that.

A backdoor in a protocol is a catastrophic security flaw. Even if you have utmost trust in security agencies (which you shouldn't have - a contractor managed to steal tons of top secret level documents without anyone blinking), what's to stop others finding and exploiting the backdoors? It's been tried. It doesn't work.

Of course, the details are lacking as is to be expected for such a stupid proposal, because no-one with the slightest understanding of how these systems work would come up with something like this, but what may be more likely is that popular messaging services may be required by law to effectively stop using end-to-end crypto, and instead use a client-server model like is used by SMS etc. But that's also stupid because, why would any criminal use a known-compromised communication channel?

There's really no way of looking at this that makes any amount of sense, regardless of your feelings on giving up privacy. At best, it's utterly useless. At worst, well, it's hard to even begin imaging the damage it could do.

One time pads often get thrown up in crypto discussions. They're not a solution. Rather than explaining myself, Bruce Schneier does a brilliant job of it: https://www.schneier.com/crypto-gram...02/1015.html#7

@peterb: Criminals also use telephones, pens, pencils, screwdrivers, wires. Under the justification of 'criminals use encryption so ban it', what other common items should we add to the list for good measure? Banning something because it is also used by criminals is nonsensical.

From what I've heard, intelligence was in place for the recent attacks. The perpetrators were known to security services. Fat lot of good that did.

And how exactly would an encryption ban, or even a backdoor to common protocols help that in any way whatsoever? How many major criminals are stupid enough to use a communication channel they know to be compromised? Like a lot of things, this just harms everyone else, and pushes crime underground. Zero net benefit.

Do you mean knee-jerk on the side of gov't, or the negative reaction to it? If the former, I agree. Perhaps as others have said, exploiting terrible events to promote your government before election time. If you mean the reaction, then it's more than justified; surely anyone with any remote understanding of technology can see how idiotic the whole thing is, along with the reaction to gov't wanting to strip more freedoms without justification.

Quote:

---

Originally Posted by watercooled

One time pads often get thrown up in crypto discussions. They're not a solution.

---

No, I didn't mean they were a solution for us, the mass market - I meant that this is what the criminals/terrorists would simply resort to if we start dropping all the encryption on messaging - In the same way that banning handguns and knives just means they start using bows and hammers.

They can work, but you still need to distribute keys effectively, and have a good way of generating keys.

If they key generation is flawed, or if the method of sharing the key is compromised, the whole system is broken. As I said, a ban doesn't break existing encryption, and it works fine, so why change to something where you're far more likely to mess up the implementation?

But either way, it goes to show how useless a ban would be when there are trivial ways around it.
Oh of course, no amount of telling criminals they should be good boys and not use something, if they'd be so kind, is going to make any difference. OTPs aren't necessarily needed though. However provided they're used properly, which is no small feat, they do provide plausible deniability - once the keys are destroyed, no-one can prove what the original plaintext was.

But even a full-on ban wouldn't mean regular encryption stops working. A ban doesn't alter or break mathematics.

Quote:

---

Originally Posted by watercooled

One time pads often get thrown up in crypto discussions. They're not a solution. Rather than explaining myself, Bruce Schneier does a brilliant job of it: https://www.schneier.com/crypto-gram...02/1015.html#7

---

Schneider is talking about automated systems. His article goes on to say

Quote:

---

Originally Posted by schneier

An early Teletype hotline between Washington and Moscow was encrypted using a one-time pad system. One-time pads were also used successfully in WWII by the English; spies in locations with radios but no other encoding equipment were given pads printed on silk, and were able to encode messages for transmission faster and more securely than by previous methods involving memorized poetry.

---

The problems lie with key management and distribution, but for simple hand encrypted messages, they work.

Quote:

---

Originally Posted by watercooled

@peterb: Criminals also use telephones, pens, pencils, screwdrivers, wires. Under the justification of 'criminals use encryption so ban it', what other common items should we add to the list for good measure? Banning something because it is also used by criminals is nonsensical.

From what I've heard, intelligence was in place for the recent attacks. The perpetrators were known to security services. Fat lot of good that did.

And how exactly would an encryption ban, or even a backdoor to common protocols help that in any way whatsoever? How many major criminals are stupid enough to use a communication channel they know to be compromised? Like a lot of things, this just harms everyone else, and pushes crime underground. Zero net benefit.

Do you mean knee-jerk on the side of gov't, or the negative reaction to it? If the former, I agree. Perhaps as others have said, exploiting terrible events to promote your government before election time. If you mean the reaction, then it's more than justified; surely anyone with any remote understanding of technology can see how idiotic the whole thing is, along with the reaction to gov't wanting to strip more freedoms without justification.

---

To ban everyday tools would be disproportionate. However, explosives are not readily available, and while that does not stop the amateur bomb maker, it is a deterrent and procuring explosives or the materials to make them leaves a trail. Using your example, explosives and weapons of any sort should be freely available without any restriction.


So if a ban on encryption could be enforced, anyone using it might automatically come under scrutiny.

But is it right that criminal acts should be facilitated by the use of technolgy? And if not, how is it countered?

As for knee jerk, yes the Government as posturing, but the response is also knee jerk. Civil liberties are always balanced with security, the question is the balance point and the oversite, which I referred to in my earlier post.

Temp close while I sort out a merging mess

Reopened - I was merging mutiple sequential posts (including my own) and selected wrong one - I think I have attributed posts to the right people.

My apologies. Thread re-opened.

Err. Encryption is an everyday tool. Knowing you, I can only assume you're playing Devil's advocate and speaking hypothetically when comparing explosives and weapons to encryption. Because that really is a poor, poor argument. For starters, when are weapons and high explosives used daily by every citizen? Because encryption is...
Replace explosives and weapons with knives, hammers, screwdrivers, cars. Because all of those can be used as devastating weapons in the wrong hands, and are essential everyday tools, just like cryptography.

How is technology explicitly 'facilitating' criminal acts exactly? What about two people, you know, using their mouths and talking? How is this technology allowing something which was previously not possible? At most, it's allowing an alternative way to go about one part of the process. That's like banning only AK47s in USA and thinking it will eliminate, or even reduce, gun crime. Or another analogy, you don't ban MS Word because somebody wrote a particularly offensive letter on it.

As for civil liberties vs security - that argument only has any credibility when a proposal offers a swing from one to the other. This doesn't. It strips one with zero benefit to the other.

Edit: Your last post is still a bit messed up WRT quotes etc.

There is an element of devil's advocate, but the answer isn't a ban, and that has not been proposed. The proposal is (as I pointed out in my original post) a back door (master key if you like) to allow rapid decryption of communication that may be suspect.

How that could be enforced is another matter. But if it could, that might be a suitable compromise, with suitable judicial oversight.

As for two people talking, the fact that a meeting between two people is taking place may be significant in an investigation, which is two perpetrators might use some other form of communication. Letters are another, and reasonably private, although I suspect less so with electronic sorting and hand writing recognition algorithms.

LEAs have powers to intercept communications, the proposals extend that to encompass digital communications. The Internet isn't a sacred cow, it's a communications medium, no more or less, and there is no reason why it should not be subject to the same oversight as any other - provide it is proportionate and overseen. How that oversight is implemented is another matter.

(Think I have corrected the merge error, btw :) )

my solution

http://vinnykumar.com/wp-content/upl...nd-SD-card.jpg

There is no way things like whatsapp will get banned, I'm not worrying too much.

But back-doors have been tried in the past, and don't work. See the Clipper Chip as an example. An enforced back-door is essentially a ban on effective encryption. Encryption with a deliberate way to break it, just isn't encryption, it's a toy.

Even in terms of implementation, it's not as straightforward as just throwing in a back door. Even if the more sensible option of having server access to popular messaging apps, and using client-server transport encryption rather than end-to-end encryption, is pretty much useless because like I said, why would anyone who cared about security still use it?

If the idea is to break implementation of encryption (key escrow), that's pretty much a non-starter. It's not like encryption is something only select people are able to implement; anyone can implement common ciphers from source code, and easily see and remove back-doors were they added somehow. It's just not workable.

So, say for a personal OVPN tunnel, would I somehow be required to send a form to the government with any material necessary for decrypting the ciphertext? Because that uses strong end-to-end encryption, and would not be breakable by some sort of large-company-server-access policy. It's ridiculous.

The Guardian have a few sensible articles up about it (along with every other media source with half a grasp of technology it seems): http://www.theguardian.com/commentis...ssaging-terror http://www.theguardian.com/commentis...eron-not-safer

Quote:

---

Originally Posted by peterb

However, explosives are not readily available, and while that does not stop the amateur bomb maker, it is a deterrent and procuring explosives or the materials to make them leaves a trail.

---

Actually, many types *are* readily available...
We're lucky in that the knowledge of them is not as common here as in other countries, but things like ATM bombings by quite petty criminals happens frighteningly often in places like Cape Town.

That said, we were taught how to make the likes of thermite in our chemistry class!! :surprised:
Actually makes me wish I'd paid more attention instead of dreaming about flying spaceships...

The difficulty is in certain explosives, which aren't majorly effective but are easily made from some very innocent items. Couple this with people not caring if they get caught because the damage will already have been done and you have some very easy crime/terrorism/activism/whatever.

For ^this reason alone, I really don't mind the government/GCHQ/MI5 reading every email I write and every website I browse. Most of it is entertainment of an adult nature anyway, so nothing beyond a bit of embarrassment and maybe an eyebrow raised over why I'm illegally downloading a film (because I'd be a fool to pay for this dull CGI remake crap, that's why), but nothing that would get me in serious trouble.
Because if they can catch someone who *is* a serious threat, then it's worth it.

What I am concerned with and what I will happily use encrypty things for is stopping companies from selling my data and identity thieves from stealing my ID!

I have nothing to hide from the government... but the human race is a different entity!

Quote:

---

Originally Posted by watercooled

But back-doors have been tried in the past, and don't work. See the Clipper Chip as an example. An enforced back-door is essentially a ban on effective encryption. Encryption with a deliberate way to break it, just isn't encryption, it's a toy.

Even in terms of implementation, it's not as straightforward as just throwing in a back door. Even if the more sensible option of having server access to popular messaging apps, and using client-server transport encryption rather than end-to-end encryption, is pretty much useless because like I said, why would anyone who cared about security still use it?

If the idea is to break implementation of encryption (key escrow), that's pretty much a non-starter. It's not like encryption is something only select people are able to implement; anyone can implement common ciphers from source code, and easily see and remove back-doors were they added somehow. It's just not workable.

So, say for a personal OVPN tunnel, would I somehow be required to send a form to the government with any material necessary for decrypting the ciphertext? Because that uses strong end-to-end encryption, and would not be breakable by some sort of large-company-server-access policy. It's ridiculous.

---

i don't completely disagree with you, although as i said, I suspect most publicly available crypto systems are breakable, otherwise a Governments wouldn't go to considerable expense to develop hardware crypto systems with very sophisticated KMS. But in crime fighting, speed may be essential.

But while I detest the phrase 'war on terror' combating crime is a conflict and the use of cryptography does have the potential to tip the odds away from the LEAs.

There is of course still some mystery surrounding Truecrypt. However that doesn't stop me using it to give some privacy to my data, but I'm more concerned about that data being exploited criminally than Government agencies reading it.

I don't regard the Government as my enemy:)

Quote:

---

Originally Posted by peterb

i don't completely disagree with you, although as i said, I suspect most publicly available crypto systems are breakable, otherwise a Governments wouldn't go to considerable expense to develop hardware crypto systems with very sophisticated KMS. But in crime fighting, speed may be essential.

---

AES, the one we all know, is certified for use up to Top Secret data by the NSA. If the NSA can break it, so can other governments. And there's no reason to assume the relatively tiny amount of people working for intelligence agencies have some knowledge advantage over the rest of the world combined. The thing with modern encryption is, it doesn't really matter how much money or hardware you throw at it. The encryption is so far from being the weak link, no sane person would attempt to defeat it over, you know, stealing someone's computer.

There's no convincing argument, even in light of all the Snowden leaks, that ciphers themselves can be broken. Beyond that, you're asking to prove a negative. I.e. prove ye olde flying spaghetti monster doesn't exist.

Quote:

---

Originally Posted by peterb

But while I detest the phrase 'war on terror' combating crime is a conflict and the use of cryptography does have the potential to tip the odds away from the LEAs.

---

No amount of banning or back-dooring will change that, like it or not.

Quote:

---

Originally Posted by Ttaskmaster

I have nothing to hide...

---

https://www.schneier.com/essays/arch..._value_of.html

And more recently, there have been reports showing people do self-censor when they believe they're being observed. So much for fighting for freedom of expression...
http://www.nytimes.com/2015/01/05/ar...ance.html?_r=0

Quote:

---

Originally Posted by peterb

I don't regard the Government as my enemy:)

---

That's a bit of a straw-man argument though, and is only a step or two away from the 'don't like it, must be a terrorist' one. As I listed above, you don't have to consider the gov't as an enemy to desire some privacy.

Though as I keep saying, this isn't even an argument of gov't access vs no gov't access. Outlawing encryption is damaging far beyond that. The privacy implications, while still important, are TBH not the main reason I started this thread. Rather, it was the absurdity (I'm running out of adjectives :P) of the whole thing. If you notice, I didn't even refer to privacy in my posts, and the Ars article I linked only briefly mentioned it.

Quote:

---

Originally Posted by peterb

I don't regard the Government as my enemy:)

---

I regard it as at best a necessary evil. But I'm a libertarian / individualist. For every piece more government there is one piece less individual freedom.

The only way that the government having back doors into encryption services would assist them in combatting global terrorist acts, is if said groups or cells didn't know that the Government had access into them. If a criminal/terrorist organisation knows the government has access, they will find another method of communication.

Either this has ZERO to do with the stated goals and the genuine purpose has considerably more sinister ramifications to the levels of snooping in society, or the government are just utter morons.

In an ideal world the government and all their organisations would be full of 100% trustworthy people who are utterly committed to serving the public and keeping us safe. The reality is that we don't live in an ideal world.

I've made enough edits to my previous post, but missed this part. New post to avoid confusion.

Quote:

---

Originally Posted by peterb

LEAs have powers to intercept communications, the proposals extend that to encompass digital communications. The Internet isn't a sacred cow, it's a communications medium, no more or less, and there is no reason why it should not be subject to the same oversight as any other - provide it is proportionate and overseen. How that oversight is implemented is another matter.

---

That's just how it is though - strong encryption now exists and is easy to use. You can't turn back time or hope to deprive people of it; you can't have it usable for some purposes and not for others. The Internet is quite a different beast when it comes to law enforcement vs past methods of communication, and as such cannot be treated in the same way.

Outlawing piracy and attempting to block sharing sites shows how hugely effective traditional methods are. :rolleyes:

And see China, Iran, etc for brilliant examples of how totalitarian Internet control ... doesn't exactly work.

Regardless of philosophy on the matter of snooping, it changes nothing about the realities of effectiveness and implementation. You don't have to be against snooping to see how this is unworkable.

I mean, I'm all for cutting back carbon emissions, reducing waste and preventing deforestation. But I can still accept it's no easy task.

I object purely on principle. The technical arguments are neither here nor there. The government has no business digging in my stuff.

At a wild concession to threats of extremism, I'd say the only situation of government spying on anyone anyhow is after a court order showing extreme probability or extremely serious offences, later (1 year max) publicly reviewable, and the investigated person also later notified of the investigation. Anything less and they're simply bullying nosey lowlife invasive peeping-Tom thugs stomping over individual rights. I literally trust Google more.

Which given I lived in Cheltenham for 5 years pretty much sums up the collective of traitor obsessed misfits and weirdos at GCHQ.

WRT backdoors, if the idea is to cripple encryption standards by weakening ciphers, then it's no better than obscuring data. As we've seen demonstrated time and time again, if there's a backdoor, it will be found by people other than those it's intended for and it will be exploited. I'm sure companies transmitting trade secrets and the banking industry to name a few would just love that. So in answer to the point about not caring about gov't access but caring about criminal access - how about both?

And, I really, really don't trust the UK government's competence in designing such a cipher (they're still a good few years off understanding what this thing called the Internet is, it would seem). Neither AES, nor any respected ciphers, have any key escrow capability, so such an addition would require either a massive rework of the algorithm, or a new one entirely. And designing secure ciphers is hard. It doesn't take much of a slip-up to completely ruin the security of a cipher.

Also, considering that in the real world, we need to know the source code of ciphers (and even in a theoretical situation without it, decompiling code or taking photographs of chips achieves the same thing), it would be pretty trivial to reverse engineer it and discover how to exploit the backdoor. The whole concept of a backdoor'd-for-one-group cipher is fundamentally broken. All previous attempts have failed quite spectacularly.

The NSA were smart enough to give up on the idea a long time ago. They also gave up on gimped ciphers like DES when it became apparent that, in order for a gov't to have access, it also destroys the credibility of the cipher for securing data from everyone else. The damage caused by using a fundamentally insecure cipher standard is immeasurable. That's why we now have strong ciphers.

And that's pretty much my original point; how absurd the whole thing is from a technical perspective.

@wasabi: Missed your last point. Oh I agree, I also object on principle. And neither am I against spying when necessary.
https://www.schneier.com/blog/archiv...ty_vs_pri.html

Quote:

---

Originally Posted by watercooled

https://www.schneier.com/essays/arch..._value_of.html
And more recently, there have been reports showing people do self-censor when they believe they're being observed. So much for fighting for freedom of expression...
http://www.nytimes.com/2015/01/05/ar...ance.html?_r=0

---

All that "Unalienable rights, freedom, liberty and the pursuit of happiness" kinda stuff that doesn't really apply outside of America, as far as I'm concerned.

Same thing for Freedom Of Speech/Expression, although people forget that it's mainly about just the freedom from persecution by the government for expressing yourself... which is also conditional, as things like Hate Speech and Incitement To [insert crime here] are also factors.
Nothing about non-government people, even if they are subject to the same/similar conditions for doing something in response to your 'expression'.

I personally don't believe in human rights as such, especially when people say they inalienable or whatever. You have no right to anything you haven't fought for and gone out to get for yourself and even then, when you finally have it, it's not a right. Even if it were actually a right and something you're entitled to, it doesn't mean you're going to have it - I and every other human has a right to life... Does the bear that attacks me or the virus that infects me gve a toss about these rights? No? Then it's not something I'm entitled to.

Thinking more about this, I can honestly say I don't think I've ever actually requested, requisitioned, demanded or asked for something or gone after it myself on the basis that I'm 'entitled' to it. There's a lot I think I should have, but I've always felt it's down to me to get it if I can.
I rather liked how Heinlein described it.


As for (part of) the reason people self-censor - I don't call someone a [redacted] in an email because the law says I can't, or because the government might be spying on me - I do so because the recipient wouldn't like it and the resulting comeback from them is not what I'm looking to achieve.

Speed limits is another one - I don't care if the government makes this road a 20, I will travel down it at 60 if I deem it safe to do so... What stops me is the fact that it's not safe and I'll likely crash and die if I try it!
Speed cameras don't really force the limit adherence as people will just pay the fine, which is why so many people still get caught for speeding these days. The government knows this and uses the cameras as a cash cow.
If you dropped the fine and double the points penalty (2 strikes = 12 points = no licence), suddenly people would be a LOT more cautious around monitored areas... but it would not bring in so much revenue, which is why it won't happen.


Yeah yeah, if I'm not doing anything wrong they have no reason to watch me... but how will they know if I'm doing wrong unless they are watching in the first place?

I also don't believe we can really do anything to stop them and that so few people actually care, that ultimately I can't afford to care unless it gets to the point where we take up arms against them... which is about all that anyone would pay attention to these days. As is, governments don't even try to hide their misdeeds - Case in point, MPs expenses. After all that outrage, how is it that ridiculous things are still being claimed on expenses?
Because no-one cares and both government and criminal alike are free to do what they want because they know nothing will likely happen.

There's more to the argument than just, 'I'm not doing anything wrong', did you read all of the article I linked? To paraphrase "Even if you're doing nothing wrong at that time, it may one day become illegal, and one day it may be used against you." and "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." as examples.

'I'm not doing anything wrong' is a deeply flawed and naive argument.

But as I was saying, regardless of your position on surveillance, you can treat that as a separate matter to the insurmountable implementation challenges.

What's the point in doing something when it has no positive, and major negatives?

In an extension to my earlier analogy, say in regards to greenhouse gasses from electricity production in New Zealand. Now, they're a fairly small country but a lot of it is fed from one coal-fired power station. Banning encryption is loosely analogous to promptly decommissioning that power station for environmental reasons with no replacement; it would be disastrous for the country, badly harming the lives and well-being of all involved, for pretty much zero net benefit towards the claimed goal of reducing emissions.

This really needn't be an emotional/philosophical/political argument; it doesn't even need to get that far as it completely falls apart at the first hurdle.

Quote:

---

Originally Posted by watercooled

"Even if you're doing nothing wrong at that time, it may one day become illegal, and one day it may be used against you."

---

That kind of thing already happens... Numerous people have been banged up quite recently because they grabbed a girl's backside back in 1965 or something - Perfectly normal back then, but highly illegal by today's standards.

As mentioned, I honestly don't believe anything would stop a government from doing this if they wanted to anyway, short of removing them from power.
My ONLY concern is how other entities and criminals might then be able to take advantage of it for their own purposes.

Very true.

And since no perfect single-entity backdoor has yet been created to my knowledge, your last point is also very valid. Like I say, even if you're indifferent about gov't data collection (and therein possibly assume gov't is some being incapable of doing wrong or making mistakes), what about the other entities/criminals who will also exploit such a vulnerability?

On a somewhat similar subject, it's been in news over the past year or so about a lot of SOHO routers having manufacturer-installed backdoors. It seems those very backdoors have been actively exploited, and apparently this has led to the routers being added to huge botnets used e.g. for the recent XBL/PSN DoS attacks.

I have great admiration for Bruce Schneier a a mathematician and cryptographer, but that does not make him an expert on moral philosophy. And the arguments

Quote:

---

"Even if you're doing nothing wrong at that time, it may one day become illegal, and one day it may be used against you." and "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged."

---

Are the same ones in different guises to support anything that the ridiculous right or ludicrous left disagree with - a prime example is the argument for the unrestricted right' to bear arms "to protect ourselves from the the Government"

As I said, I don't regard the Government as my enemy, and while I don't expect them to pry into my private communications at will - hence judicial oversight, I also have a reasonable expectation that they will use all reasonable measures to gather intelligence that will help protect me from harm.

We have data protection laws that govern how personally identifiable data can be used. We live in a society that is under threat, and in a society, no-one has the 'right' to put their 'rights' above anyone else, and if the right to absolute privacy is partially given up for the right to precaution against those that provide a threat, then that is one I would accept - subject tp appropriate safeguards and judicial oversight.

However, the implementation and enforcement of such a law would be difficult, but as I believe most publicly available crypto systems can be broken, given enough time and resource, to is a partly empty argument anyway.

Quote:

---

Originally Posted by peterb

As I said, I don't regard the Government as my enemy, and while I don't expect them to pry into my private communications at will - hence judicial oversight, I also have a reasonable expectation that they will use all reasonable measures to gather intelligence that will help protect me from harm.

We have data protection laws that govern how personally identifiable data can be used. We live in a society that is under threat, and in a society, no-one has the 'right' to put their 'rights' above anyone else, and if the right to absolute privacy is partially given up for the right to precaution against those that provide a threat, then that is one I would accept - subject tp appropriate safeguards and judicial oversight.

---

They're some rather massive and idealistic assumptions. Governments aren't perfect.

And as I said, where is there even the remotest of supporting evidence that this would help 'protect' us? Cameron saying something doesn't make it gospel.

Edit: And even if you only trust Schneier as a mathematician and cryptographer, he also says how technologically stupid the whole idea is, before politics even come into it...

This seems like a more cool-headed take on it: http://www.cityam.com/207124/snapcha...ameron-comment

And I'm inclined to agree, it probably is a case of taking a highly ambiguous speech out of context/assuming worst-case (myself included). If it is just a case of renewing existing laws and encouraging ISPs/companies to be more proactive in alerting gov't to threats then I've no problem with that.

Anyone who isn't me making decisions about my life is to some degree my enemy.

Looks like the Yanks are being more sensible about it...

http://www.theguardian.com/us-news/2...MCNEWEML6619I2

RE: OP. Terrorists would only ever have to talk about a cheese dip fetish and it could be game over for the rest of us.
I couldn't help but think of Allo Allo should this become a reality one day.


https://www.youtube.com/watch?v=HGBa...tailpage#t=667

I don't really feel I could trust the UK gov't on this. Lots of anti-terror, safety, protect the children but when it comes to protecting its citizens from itself it seems to go poorly, http://www.bbc.co.uk/news/uk-politics-28189858