
Message encryption a 'problem' – UK home secretary - luxpir
http://www.bbc.co.uk/news/technology-40788180
======
jstanley
> When pressed on what kind of metadata she wanted, she replied: “I’m having
> those conversations in private.”

Well I would like to know who she's having those conversations with, when
she's having them, and how long they last. I think it's important that she
share this information with us. So that we can catch criminals.

~~~
tomfitz
Are you law enforcement with a warrant?

~~~
PeterisP
If you remove the technological protections, the communications become
accessible not only to law enforcement but also to malicious people -
cryptography doesn't care if you have a warrant or not.

A particular communications channel either is secure from anyone or it's
vulnerable to everyone. If UK home secretary argues that we shouldn't be
allowed to use secure channels, then that does imply that all such
communications will be vulnerable to all kinds of criminals as well.

~~~
cookiecaper
The superficial solution to this is not to outlaw cryptography completely, but
to require those who make cryptography available to keep master keys and/or
logs.

I know that these are not a real solution as they can be leaked or abused, but
it's best that we don't pretend not to hear this argument. We should make
clear that these are insufficient and that there's nothing wrong with private
communications truly remaining private.

~~~
dv_dt
> The superficial solution to this is not to outlaw cryptography completely,
> but to require those who make cryptography available to keep master keys
> and/or logs.

The infrastructure keeping those keys then becomes an irresistible target to
compromise. The government has already lost critical data such as the
application data for most/all Classified personnel in the military and
contractors. If that kind of data cannot be kept safe then you can be sure
that a legally centralized infrastructure to keep keys will be attacked, and
likely compromised at some point.

------
DropbearRob
There is a growing misconception that it is the role of the government to
"keep their citizens safe".

Although that it is often the intention of legislation to prevent behaviour
which may lead to unsafe situations. For example, making it illegal to drink
and drive. You can arrest someone for breaking the law, but never can you
arrest someone right up to the point of breaking the law. For example, You
cannot arrest someone for being drunk and having their car keys in their
pocket, or even being asleep in the car while drunk.

This is the problem with the government demanding to read all
communications... the idea that they have the right in order to prevent you
committing a crime. Its not only impossible to prevent someone committing a
crime (anyone can snap and do truly horrible things without prior communique),
its insane to think that you can arrest someone for pre-crime.

The role of the government is to pass laws. The role of the police and the
justice system is to enforce these laws. It is not their job to spy on all
their citizens for events which historically kill fractions of a percent
compared to something as trivial as car accidents.

~~~
solatic
> There is a growing misconception that it is the role of the government to
> "keep their citizens safe".

What misconception? This is the basis of the social contract between society
and its government, to safeguard the natural rights of society, the foremost
of which (Life, among Life, Liberty, Property/Pursuit of happiness) is the
safety and security of members of society. Read up on Locke and Rousseau
[https://en.wikipedia.org/wiki/Social_contract](https://en.wikipedia.org/wiki/Social_contract)

> The role of the government is to pass laws

This is a tautology. Legislation is but a means in which some forms of
government (excepting, for instance, dictatorships) act to secure the natural
rights of society. Legislation is not a goal in and of itself for government.

> This is the problem with the government... the idea that [the government
> should try] to prevent you [from] committing a crime

See natural right #2 - the right to liberty, which in context means the right
to act as you please until you actually cross the line by committing a crime.
The right to liberty is not mutually exclusive to the right to life;
legitimate governments act to secure both in tandem.

~~~
qubex
Rights aren't _natural_ , they aren't inherent, they are _assigned_ (or
_granted_ ) by a given constitutional context. In some systems there are
rights that do not exist in other systems, even very fundamental ones.

Governments are extending their mandate and they are curtailing/" _ungranting_
" certain other rights (principally, the uncodified "right to privacy").
Insofar as Parliament is sovereign in the UK and is the ultimate source of all
rights, this is within their remit and requires no exceptional super-majority
or constitutional amendment process.

Whether this is desirable or otherwise is quite another matter.

~~~
jrs95
While that may be true, it's not the philosophical basis of our current system
of government. The concept of natural law is, though. And in general, the
majority of people seem to believe in rights under that definition (albeit
more likely due to religious beliefs than having read Enlightenment
philosophers).

~~~
qubex
Philosophy is codified nowhere. Simply the fact that people can operate under
a presumed ”philosophy” while, as you admit, the reality of the matter is
quite distinct, would seem to confirm that whatever prevalent philosophy may
from time to time exist is irrelevant.

~~~
jrs95
But this stuff actually is codified. It's essentially the basis of our legal
system. When it's working "correctly", it's working along these lines.

------
dm319
I feel like the people who understand encryption and privacy advocates (myself
included) are not engaging enough (or maybe effectively enough) with the
public in communicating the concerns around trying to 'backdoor' encryption or
giving up more of our privacy.

While I think these political statements are often ridiculous, they actually
have widespread public support, if my cohort of friends and family are
anything to go by.

Do we have people who are better communicators? I don't think even Cory
Doctorow's posts/talks are aimed at the non-technical audience.

~~~
gargravarr
I've read so many arguments advocating strong encryption, all of which I agree
with, and many of them are simplified as best we techies can - check out some
of Troy Hunt's posts. But even avoiding the tech aspect completely, there is
one thing the government simply refuses to accept.

Banning strong encryption _will not_ stop people using it.

It will stop the 'good' and generally innocent populace using it and severely
infringe on their right to privacy, but the 'bad' people will just fork an
open-source messaging system that uses E2E encryption and start using that.

As commented in the article, strong encryption cannot be 'de-invented' now
it's out in the open. Each and every one of these government statements is a
drastically oversimplified knee-jerk reaction to the problem. Bet they think
they can get tech companies to implement RFC 3514 to stop hackers.

~~~
zebrafish
I think the strongest argument for an American audience who is unfamiliar with
technology is that encryption should be included under second amendment
rights.

"Guns don't hurt people, people hurt people", "blaming the manufacturer for
the actions of the operator", "even if we ban them, bad guys will still use
them", etc.

If the right to bear arms is defined as the right to protection against
totalitarian government I would think that encryption falls into that bucket.

Maybe we should get the NRA involved in this argument...

~~~
gargravarr
As predicted by Randall Munroe some years ago:
[https://xkcd.com/504/](https://xkcd.com/504/)

~~~
zebrafish
Granted, guns have serial numbers and there is a list of registered owners. My
argument falls apart there.

~~~
Zak
In most of the US, no registration or license is required to legally own a
gun, and the Federal government is barred from attempting to create a
registry.

~~~
eric_h
They literally can't even use computers to match weapons to owners. It's all
on paper.

------
Fifer82
Oh god, I despair of this country. After a decade of conservative I have never
been so disillusioned. I feel like I am stuck in a rut or like, I don't belong
here. It is a horrible feeling. Deep down I know that the government is stuck
in 1740 and by the time that millennials walk the halls of power, their
parents will have signed away all their rights.

The very last thing I love is my country, that is for sure.

~~~
fredley
I am in the same boat. I am staying at the moment because of my work situation
and my family, but I have an inevitable sense that should either of those
situations change, particularly the former, I'll be actively looking to move
out. The war on reasoning and facts is too intense, and even though I'm
largely sheltered from it where I live and work (almost everyone I know has
similar views to me on these matters), it's becoming too much to bear. I _do_
love my country, and it has a lot to give the World, which makes it all the
more painful to see it go through such a transformation.

~~~
beagle3
It is happening simultaneously almost everywhere. Different countries are at
different stages, but it doesn't look like anywhere is a safe haven. Having
lived in several countries over the years, the grass is rarely greener as a
whole - some parts are, and they may matter more to you, but the western world
is mostly on par on everything.

Where did you think of going?

~~~
fredley
Germany or Holland are contenders. While they may not have a perfect political
climate, almost anywhere in the Western world is an improvement on the UK.

~~~
Havoc
Germany isn't far behind on their monitoring stuff. Not sure about Holland

------
raesene6
ah more security cluelessness from the UK Government.

The frustrating piece is that they're ignoring their own internal experts on
this. The people running the National Cyber Security Centre are very bright
and have stated that they think backdoors are a bad idea

from [http://www.newstatesman.com/politics/uk/2017/05/problems-
end...](http://www.newstatesman.com/politics/uk/2017/05/problems-ending-
encryption-fight-terrorism)

"Ian Levy, the technical director of the National Cyber Security, told the New
Statesman's Will Dunn earlier this year: "Nobody in this organisation or our
parent organisation will ever ask for a 'back door' in a large-scale
encryption system, because it's dumb." "

~~~
proactivesvcs
The UK government has a habit of ignoring its own experts, to the degree of
firing them if they give advice the government don't like. Drug policy is
another area that suffers from this approach.

~~~
k-mcgrady
I was just about to mention this. For anyone interested Professor David
Nutt[0] was fired from his role as the government's chief drug advisor after
claiming ecstasy and LSD were less dangerous than alcohol.

[0] [https://www.theguardian.com/politics/2009/oct/30/drugs-
advis...](https://www.theguardian.com/politics/2009/oct/30/drugs-adviser-
david-nutt-sacked)

~~~
stordoff
The comments from Alan Johnson, then Home Secretary, are rather telling:

> He was asked to go because he cannot be both a government adviser and a
> campaigner against government policy. [...] As for his comments about horse
> riding being more dangerous than ecstasy, which you quote with such
> reverence, it is of course a political rather than a scientific point.[0]

[0] [https://www.theguardian.com/politics/2009/nov/02/drug-
policy...](https://www.theguardian.com/politics/2009/nov/02/drug-policy-alan-
johnson-nutt)

~~~
k-mcgrady
>> he cannot be both a government adviser and a campaigner against government
policy

It's hard to believe he can say that with a straight face. Is he supposed to
advise on topics he understands that the government doesn't or is he supposed
to be a 'yes man'?

------
pimmen
As was circulated recently on HN, this basically stems from the government
thinking computers are appliances.

"Hey! Your device creates and sends packages, could it just _not_ create and
send packages of this type? We'll even help with the quality control if you
can't do it yourself! All we need is a backdoor!"

How is this not the same as messing with people's mail?

"Hey, you know this pen, paper and stamp thing? Can you just make the pen
_not_ write these kinds of letters, that terrorists usually writes? Ok, but
can't we have a human (in lieu of AI) read through people's mail to make sure
these types of letters aren't sent around with the intent to provoke violence?
If you can't do it, we'll gladly send some agents to help you with quality
control!"

------
libeclipse
The tale of The Orwellian Kingdom continues...

No really. I've written about this before, but I sincerely refuse to believe
that the government are doing this out of ignorance anymore.

There's been too many people telling them how it actually is, but they
persist.

That leads me to conclude that either they're severely mentally dysfunctional,
or there's another reason for doing this. PR maybe? Votes? Something more
sinister?

~~~
mmjaa
GCHQ are the only reason the UK are able to maintain their grip over the world
economy. If it weren't for the UK's massive spy industry, it'd just be another
irrelevant European state.

(Yes, I know: Londons' Finance Industry is a big reason for the UK's reach
around the world - well, I happen to believe that GCHQ and The City work hand
in hand to maintain that power.)

~~~
branchless
Totally agree. These two are all that keeps the UK at the big boy table. And
all the UK establishment care about is staying at the big boy table, whatever
the cost.

------
justinjlynn
Ah, great lie of metadata. What those in power don't want us to know is that
metadata is just a weasel word for incomplete data. It tells a story about you
and those with whom you associate or intersect. What's worse is that
incomplete data cannot tell the whole story by design. All incomplete data
lies as all summaries, to some extent, do. Some would like us to believe that
this incomplete data is somehow less harmful. It is not. Incomplete data can
only accuse, it can never convict nor can it exculpate - it can only implicate
and paint false pictures on massive scale. To filter the false positives and
turn incomplete data into data, I seriously doubt that less work than
traditional police work is required to process the output. It is only a
benefit to those who wish to retroactively target known and presently target
unknown individuals, matching a particular signature, and assassinate them
unjustly. As such, at its worst, a danger to every one of us and, at its best,
a lethal distraction to those who would otherwise protect us. When they say
they only gather incomplete data they lie. They gather all of it - would you
believe someone who tells you "just the tip and only for a second"? I
wouldn't.

------
317070
> "However, there is a problem in terms of the growth of end-to-end
> encryption. "It’s a problem for the security services and for police who are
> not, under the normal way, under properly warranted paths, able to access
> that information.”

What surprises me about this argument, is that their stance is that terrorists
are accidentally starting to use encryption. So, by consequence, that in the
past terrorists simply did not bother with encryption?

In that case, I wonder whether the terrorists have been triggered by the
simplicity of current day cryptography, or simply by the knowledge that the
governments are always listening in on everything everyone is saying.

It seems to me that someone started an arms-race, be it government or
terrorists, and both are willing to cause massive amounts of collateral damage
in order to keep one-upping the other.

~~~
rwmj
The vast majority of terrorists are clowns who, if they happen to use
encryption at all, will mess up infosec in ways that are trivial to
compromise. So if the Home Secretary is saying that message encryption is a
"problem" then there must be something else going on which has little to do
with terrorism.

~~~
marcus_holmes
thanks for the mental image of clown-terrorists :( as if either weren't bad
enough on their own.

Isn't it obvious? This has got f-all to do with terrorism. The bad guys have
always hidden their communication.

What's getting the security services all riled up is that ordinary law-abiding
citizens are suddenly encrypted.

And, of course, there's no way out of this. Either encryption is secure, or
it's broken. If it's secure, it's secure for everyone. If it's broken, it's
broken for everyone. Now we have open-source encryption methods that are
trivial to implement, anyone can build a securely end-to-end encrypted
communication system. [1]

The cat's out of the bag, spooks. You can't read people's mail any more.
You'll have to find other ways of gathering intelligence.

[1] within reason - clown-like incompetence will always mess up. Or even just
ordinary-coder levels of incompetence. But it's still harder than plaintext.

~~~
stefs
i'm not even sure about that. i think i remember the story about islamic
terrorists in europe last year using plain old SMS to coordinate their attack.
didn't make a difference though, their communication was only analyzed after
it happened.

so for the average imbecile just using whatsapp, signal or a self-hosted
service would actually make a difference, but if it'd make a difference for
law enforcement is a different matter. having access to billions of messages
and actually doing something with them are two different kinds of beasts.

------
benevol
> Ms Rudd is meeting with representatives from Google, Facebook, Twitter,
> Microsoft and others at a counter-terrorism forum in San Francisco.

Well, these will simply be the companies whose tools we won't be using
anymore. The World does certainly _not_ depend on any US companies or the UK
government's approval to securely use encryption.

------
Aoyagi
It's like Rudd and Abbott are competing in which will come up with more
ridiculous notion. And you'd think they would choose someone competent for
bloody home secretary and shadow home secretary respectively.

~~~
yen223
For a minute there I thought you were talking about Australian prime
ministers. What a coincidence!

~~~
H4CK3RM4N
I feel like that phrase would've been perfectly applicable to their time as
PM/opposition leader though.

~~~
yen223
It doesn't help that our prime minister recently made a laughable comment
about this: [http://www.independent.co.uk/news/malcolm-turnbull-prime-
min...](http://www.independent.co.uk/news/malcolm-turnbull-prime-minister-
laws-of-mathematics-do-not-apply-australia-encryption-l-a7842946.html)

------
barrkel
There's something deeply dysfunctional in the UK Home Office. People who've
been through that mill seem to come out with a really weird myopic perspective
on the world, May included.

~~~
ebcode
We've known this for quite some time:

"Doublethink means the power of holding two contradictory beliefs in one's
mind simultaneously, and accepting both of them." \--- George Orwell, 1984

------
junkculture
The Paris attacks were coordinated over plain old encrypted SMS. Didn't see
that coming.

The Australian PM thinks the laws of mathematics can be bent to those of
Australia.

Now this genius.

Fact is, communications are ubiquitous now, and even if every byte was
unencrypted, they won't be able to catch every crook.

~~~
dpedu
Don't you mean UNencrypted SMS?

~~~
junkculture
I did. Typo. Thanks.

------
diego_moita
In UK, Murdoch's "News of the World" hacks into the phones of hundreds of
people and politicians continue the debate about privacy as if it doesn't
matter.

In US, Russia hacks into Hillary's email server and politicians on Capitol
Hill start using Whispering Systems' Signal and begin to understand why strong
encryption is necessary.

Don't worry too much, someday Vladimir Putin will show to the UK government
why strong encryption is a good idea.

~~~
firmgently
I heard someone explaining how the phone hacking worked the other day (Steve
Coogan in a great chat with Adam Buxton on YT for anyone who likes them). Two
journalists would phone the target at the same time. One kept them talking,
the other could be sure to get their voicemail because the line was busy.
They'd try the default password of 0000 which 'nobody bothers changing' (I may
have the number wrong, I'm going from memory and don't use voicemail) and
frequently, it worked. So in terms of skillz it's somewhere up there with the
fappening... default passwords, encryption wouldn't have prevented it.

(not that I disagree with your general point btw)

~~~
nthcolumn
Not being able to disable the voicemail service entirely is a sore annoyance
to me.

------
cryptonector
IIRC the Bataclan terrorists didn't use any crypto at all.

Using crypto makes you stand out, and doesn't really complicate traffic
analysis.

Corollary: not using crypto makes it easier to look like hay in a huge hay
pile, even if you're a needle.

Ad-hoc-but-disciplined plaintext comsec for small committed teams is not that
difficult to establish and master, and can work very well for them.

But for the rest of us, plaintext comsec just doesn't work. And defending
privacy relative to state actors, foreign and domestic, is a legitimate
activity within the bounds of due process (e.g., your affairs can get searched
with a legal warrant, and so on).

It's important to understand that when the State wins the crypto wars, not
only does it ensure for itself access to people's data pursuant under Due
Process, but also without Due Process at all. It's like making all houses and
walls out of glass just so people can't hide from the police: it's insane.

And worse than that: the State winning the crypto wars does not make it easier
to prevent attacks. If anything it can make mounting attacks easier for
terrorists, depending on the particulars of the crypto war outcome.

~~~
hd4
1.3 bn people are using WhatsApp. If we assume that only 70% of those have
encryption enabled, that's a _billion_ people whose data is standing out,
therefore no one is really standing out any longer.

------
snakeanus
The civil liberties in the UK are a big joke. It's like they are in a race
with China on who will have the biggest censorship and on the control of their
citizen's internet activities.

------
pmlnr
“Legislation is always an alternative.”

Yeah, sure. Because people who actually have something to hide will follow all
the rules.

I wonder what they are trying to redirect the media coverage from with ideas
like this.

~~~
stuaxo
Well there was this: [http://www.independent.co.uk/news/uk/politics/theresa-
may-fo...](http://www.independent.co.uk/news/uk/politics/theresa-may-foreign-
terror-funding-report-uk-extremists-saudi-arabia-isis-security-
intelligence-a7822121.html)

------
skiman10
I love the footer with the author's contact information!

> "You can reach Dave securely through encrypted messaging app Signal on: +1
> (628) 400-7370"

Felt like a small little needle pointed at the UK's government.

------
throw2016
Western identity has become so enmeshed with liberalism, progressiveness and
democracy that few are willing to step out of that safety zone to question the
reality on the ground while those in power continue to rehash tinpot ideas and
hysteria about safety.

A similar statement from a third world official would be met with an
unequivocal flood of ridicule and accusations of backwardness.

Too many value the comfort of easy judgements. This will be met with
apologism, muddying the waters and sophistry.

------
raverbashing
Meanwhile people can support ISIS and advocate for attacks in plain sight and
that apparently isn't a problem

So I see how "worried" they are about that

~~~
gargravarr
More than one of the terrorist incidents in France were arranged by simple,
unencrypted SMS, and the security services couldn't catch them beforehand.

We don't need to give the security services more data. We need them to focus
on better dealing with the data they currently have access to.

------
Freak_NL
This is another statement that is part of a trend in many countries, and it is
worrying to be sure. But I suspect that the aim of these audacious statements
is not to actually ban the technology of strong end-to-end encryption. Rather,
it is to force the Google, Apple, and Facebook to provide backdoors in their
popular messaging platforms (e.g., WhatsApp) that can be used by law
enforcement.

They don't care about someone using GnuPG to mail someone something private
(because that would be impossible to legislate effectively), but they do care
about the big honey-pot of always-on end-to-end encryption offered to anyone
with an off-the-shelf smartphone.

The call for legislation and a ban on strong encryption is meant to put
pressure on Google, Apple, and Facebook to cooperate with the Five Eyes
without too much fuss, and simply let them in. I can't see it making any sense
otherwise.

Whether that access is to act on signals of religious radicalisation and
planned acts of terrorism or something much more encompassing (big data
predictive crime analysis and other scary stuff) I don't know.

------
westmeal
It sounds to me like she believes throwing legislation at an issue will fix
it. I mean, everyone obeys the law right?

~~~
EvilGrin
Despite countless protests from politicians, the laws of mathematics trump the
laws of the land.

------
bllguo
This is absolutely horrific. The path the UK is on is terrifying. On the
bright side they are quite far ahead down this road compared to other Western
countries, so when the UK inevitably collapses first, other governments can
learn their lesson.

~~~
type0
I don't think it would collapse but we might see a terrible junta dictatorship
there in a near future

------
titzer
See also: envelopes considered 'a problem' by tyrannical government.

------
andreasgonewild
It's only a problem if you insist on knowing everything, leave people alone to
mind their own business and the problem magically disappears. We all know who
the "real" terrorists are.

[https://github.com/andreas-gone-wild/snackis](https://github.com/andreas-
gone-wild/snackis)

------
syrrim
>extremists should not be allowed to upload content at all.

If this is what they want, then they should convict the extremists first, and
then make sure they don't have internet behind bars. Until then, they are
still citizens, and you have no right to treat them specially.

------
rcthompson
I wonder if the only reason we have unrestricted access to good encryption
tech now is because politicians don't understand it and underestimated how
inconvenient it would be for governments, and are only now realizing their
error.

------
paradite
Now we finally have the complete comparison on how different governments try
to tackle terrorism:

[https://news.ycombinator.com/item?id=14827837](https://news.ycombinator.com/item?id=14827837)

------
b3lvedere
>Home Secretary Amber Rudd wants harmful content to be auto-blocked

What IS harmful content exactly?

------
voidz
It's only a problem for Orwellian / Brave New World type states.

------
almonj
Get rid of all government programs. Instantly a huge amount of wealth will be
gained and productivity will skyrocket. It is very important to remember:
nothing the government does is good. What is the minimum amount of
manipulation and lies it takes to cover up a problem? This is the question
every government worker ponders every day of their job. Every one of these
people are lying, scheming, delusional people. They manipulate and they lie,
they shuffle things around and create busy-work for disgusting twisted crab-
people.

~~~
paradite
That's way too cynical and oversimplified to be considered a substantial
comment.

~~~
almonj
Or for this reason, because it may be questioned whether the same simple
essence can be expressed by many diverse attributes. There are, indeed, many
definitions of compound things but only a single one of a simple thing, nor
does it seem that its essence can be expressed except in a single way.

~~~
paradite
I think you will enjoy conversing with this user:

[https://github.com/payingattention](https://github.com/payingattention)

------
magicfractal
If something decreases the power of the state (e.g. Encryption) you can bet
state officials will be against it.

------
pstuart
How about a GoFundMe to pay for crackers to accesses the politicians' personal
data and distribute it?

------
gumby
"how will we issue ASBOs automatically if our computers can't read everyone's
texts?"

------
mtl_usr
No secure communication AND Brexit ?

Hope Europeans bankers will enjoy their new offices in Berlin, Amsterdam and
Paris.

~~~
detaro
Eh, banks pretty much are on the side of backdoored encryption - e.g. see
recent proposals to make it easier for them to MITM TLS in their own networks,
and compliance requirements for the messaging products they use.

------
thrillgore
"I'm having those conversations in private"

Ah yes, the old "Fuck you, we got ours" mentality.

------
jlebrech
how about arresting known terrorists first, then focus on what normal people
are doing.

------
petre
If privacy is outlawed, only outlaws will have privacy.

------
cjsuk
Home secretary a 'problem' \- me.

------
AJRF
“I’m having those conversations in private.”

The irony.

~~~
nthcolumn
That's what she thinks.

