
Encryption ban: David Cameron is teetering dangerously close to authoritarianism - rossiben
http://www.information-age.com/technology/security/123458952/david-camerons-approach-cyber-security-teetering-dangerously-close-authoritarianism
======
flurpitude
_" Would Britons be required to avoid software from creators that fall outside
of the UK’s jurisdiction? Would visitors to the UK be expected to replace the
software on their laptops, and have all messages to and from the UK be
scrutinised by the government for contamination by encryption?"_

Clearly it's not possible to enforce any such law generally. So what would
actually happen would be that the law would be enforced only for people whom
the government dislikes - e.g. investigative journalists or political
activists. It's just another pretext on which to lock up inconvenient people.

------
thissideup
Dangerously close? We've already gone down the rabbit hole.

It will take a long time to undo the damage these people are doing to our
society.

~~~
miander
I really hope it can be undone, but it might be too late. When the general
public doesn't understand what end-to-end encryption is or how important it is
in their daily lives, who is really in the position to stop them? It's not the
public's fault either. They never learn about this in the course of their
regular studies, even in college. The EFF is working hard to educate people,
but as the NSA has shown once you fall into the hole climbing out is much
harder.

------
gnoway
Has Cameron or the UK gov't actually taken actual steps to ban encryption, or
is this entire article extrapolating that from the 'no safe space to
communicate' quote?

~~~
jackgavigan
It's an extrapolation.

If you listen to the speech[1], what Cameron is actually saying is that he
believes that it should be possible to intercept the content of communications
via the Internet in the same way that letters and phone calls can be
intercepted (when authorised by a warrant from the Home Secretary).

My interpretation is that this is aimed at companies like Facebook[2] and
Twitter. There's been no specific mention (to my knowledge, at any rate) of
banning encryption or forcing companies to backdoor encryption software.

1: [http://www.independent.co.uk/life-style/gadgets-and-
tech/new...](http://www.independent.co.uk/life-style/gadgets-and-
tech/news/whatsapp-and-snapchat-could-be-banned-under-new-surveillance-
plans-9973035.html)

2: [http://www.telegraph.co.uk/news/uknews/terrorism-in-the-
uk/1...](http://www.telegraph.co.uk/news/uknews/terrorism-in-the-
uk/11255039/Lee-Rigby-report-Facebook-still-withholding-details-of-five-
accounts-held-by-Michael-Adebowale.html)

~~~
nly
> My interpretation is that this is aimed at companies like Facebook[2] and
> Twitter.

And to retroactively legitimise GCHQs unfettered access to Skype calls.

~~~
AlyssaRowan
Not to mention that awful Yahoo! webcam spying thing, OPTIC NERVE - a
particularly distasteful one, that. Petabytes of JPGs of private (unencrypted)
webcam streams, simply hoovered up _en masse_ and untargeted - a not-
insignificant number of them _extremely_ intimate and personal, many between
people of absolutely no intelligence relevance or value whatsoever - and used
as a dataset for face-recognition experiments, amongst other things. They've
got an extension you can call for counselling if an analyst happens to be
selecting/browsing through it and sees 'something that may disturb them'
(underage sexual acts, for example). I seriously doubt any of it has ever been
deleted, either, even since.

When GCHQ spout their boilerplate, what they're pointedly _not_ disclosing is
that GCHQ have a _general_ interception policy for all communications they
believe _might_ be useful for intelligence purposes in the future (I've never
quite been clear myself whether that's under some sort of actual general
warrant, or they just _do_ it under An Understanding - quite possibly the
latter, because spying on MPs could be rather legally thorny!). And they try
doing just that, limited only by the practicalities of storage space and
processor power - hence the 72-hour ring buffers on full-take feeds on major
links like Level3 and GlobalCrossing, progressively filtered down by highly-
specialised lexers and parsers.

Data point: There were apparently mentions of WhatsApp at the conference, but
not on transcript. It uses the TextSecure protocol now, which is remarkably
good and has forward-secure ratcheting. (It's closed-source, so I'd never
recommend it over TextSecure/Signal itself, but it does not appear to me to
have been compromised, and the huge number of people using that app getting
this sort of pretty strong encryption for free is great news overall.) So yes,
it seems he _does_ (at the moment, before any potential U-turns! - I mean,
"clarifications") want backdoored encryption, and to ban any end-to-end
encryption that isn't backdoored. He plans to raise it after the election, if
he wins, and he wants to do this specifically because GCHQ and The Security
Service ("MI5") asked him to.

It's almost like they don't realise they're doing anything wrong, and they're
doubling-down on their tactics - because, save for a few very brave
whistleblowers, they actually, really, don't think they are. Road to hell's
paved with good intentions and all that, even if you're still buying the good
intentions. Their reaction to the rise of stronger encryption since Snowden
has so far been to get their friends/ex-bosses to make vague threats that this
would mean they'd have to hack more (like making them need to work to do
_targeted_ interception in specific, more justified cases instead of bulk
collection is a bad thing?!). Ugh.

~~~
dmix
You seem the most knowledgable on subject, I'm curious what type of
legislation could they possibly employ?

Sure they intercepted HTTP traffic from Yahoo but Cameron has not yet
officially said he wants to ban encryption. It could easily be further legal
basis to automatically exploit phones and retrieve WhatsApp msgs.

~~~
AlyssaRowan
Until they draft it, I'm not sure I'd want to hazard a guess.

------
nakedrobot2
The UK with its anti-libel laws, banning of books, etc. has been totalitarian
(when it feels the need) for decades.

This is really nothing new. I don't know how anyone can claim that the UK is
anything resembling a "free country" for a very, very long time now.

~~~
Accacin
I agree, but where did you hear books are banned? They made it so people from
outside couldn't send books into prison, but the prisoners could access books
from the in-jail library. And anyway, that whole thing got changed today (I
think) and you can send them books again.

------
k-mcgrady
I just read this quote from him. When he views his job in this way what more
should we expect?

"I think my first job is to try and keep this country safe from terrorism and
if that means you have to build strong relationships sometimes with regimes
you don't always agree with, that I think is part of the job and that is the
way I do it." [1]

[1] [http://www.bbc.co.uk/news/uk-
politics-31098378](http://www.bbc.co.uk/news/uk-politics-31098378)

------
paparush
Screaming Headlines We Should Be Seeing:

Cameron Trying to Kill Online Banking

Cameron Trying to Kill Online Retail

------
cm2187
The most relevant objection to these plans is that it is trivial to relocate
any server outside of the UK. In fact most cloud datacenters (amazon, azure)
are already outside of the UK. How is he going to influence the web
protocoles? Are we going to have a "UK TLS" with a system of double key? If
not that means handing out all private keys. If the server isn't in the UK, I
don't see how they can control that.

~~~
themartorana
I imagine it would be much like the new VAT rules. Big companies would put
profit over privacy, and small businesses that can't afford to deal with the
UK silliness would just stop doing business in the UK.

~~~
cm2187
That assumes they will block all foreign traffic to which they do not have the
key. I just don't see them doing that.

Some businesses need to have a legal presence in the UK to operate in the UK.
I don't think most messaging/webmail services need to. What is going to
prevent a UK customer to sign up to a web service based in Norway?

------
tmmm
I don't get it... What about a simple https request?

~~~
nickthemagicman
They view it as an avenue for terrorists to communicate. Also probably
pedophiles.

A vote for https is a vote for pedophiles and terrorists.

------
avodonosov
It's totalitarianism, not authoritarianism.

~~~
simonh
just because someone is talking about passing a law, through a democratiocally
elected parliament and to be administered by an independent judiciary, you not
liking it doesn't make it totalitarian.

Having said that, I'm utterly furious at Cameron. I'm not actualy afraid
they'll pass such a law, it would be ludicrous to try to enforce it and I'm
sure cooler heads will prevail. IMHO that's not the real problem.

The issue is that by mooting the idea of such a law, he is creating the
impression in a non-technical public that such a law might be reasonable to
even discuss and debate. He has established a basis for future, similar ideas
to become an acceptable subject for public discourse. That is a pernicious and
deplorable act. It creates space within which less infeasible but still awful
ideas along similar can seem 'more' acceptable.

~~~
avodonosov
The definition of totalitarianism is not me liking / not linking something,
but total control of even personal, non-political aspects of life by state.

As for "democratically elected parliament", FYI, Hitler came to power by
democratic elections.

------
disputin
Would I be right in suggesting that it's not encrypted data unless someone can
decrypt it to prove so? In other words, we're free to send garbled nonsense to
each other.

~~~
nacnud
It depends where you live. In some countries you are required to disclose an
encryption key when required to do so by law enforcement:

[http://en.wikipedia.org/wiki/Key_disclosure_law#United_Kingd...](http://en.wikipedia.org/wiki/Key_disclosure_law#United_Kingdom)

.. and if there is no key then you may be in a very difficult position.

~~~
ominous
Civilization should have collapsed the moment a large group of people agreed
that one element should disclose a specific piece of knowledge, or face
punishment. If everything else if my life fails, I want to become a martyr to
this cause.

~~~
PJDK
You'll find it rather difficult to enforce a tax code with that attitude.

------
mcs
Do these people understand that encryption is just software, and you can't
prevent software from proliferating just by passing some legislation? It would
make all legitimate purposes of end to end encryption illegal, and leave it
only for the criminals. Have we not learned anything from the conversation on
gun control?

~~~
oliwarner
Bad example. Gun control is fairly total in western Europe. In the UK you can
own certain guns but to own anything other than a 3-shot shotgun you need a
"good reason" to own it and can only use it in certain places.

And I think _most_ people are happy with that situation. Some aren't but any
of their arguments are quickly smothered with a "look at the US where they
can't go 18 minutes without shooting (and killing) somebody"... It's a hard
argument to counter. There's no right to arm yourself, there's no enshrined
want to overthrow a government... Simply put, safety wins.

So yeah... I guess they'd seize on that and say that it's all for the best. I
know it isn't, you know it isn't... But if they say it enough, and find an
example of 20 where encryption is costing lives, it won't be long before the
public thinks it's the right idea.

~~~
thaumasiotes
> arguments are quickly smothered with a "look at the US where they can't go
> 18 minutes without shooting (and killing) somebody"... It's a hard argument
> to counter

Sometimes I go for up to 30 minutes without doing this ;)

