
Stross on Cameron's proposed UK crypto ban - cstross
http://www.antipope.org/charlie/blog-static/2015/01/ah-politics.html
======
kenthorvath
Unbreakable crypto is a genie long out of the bottle.

No amount of wishing, legislating, or fear-mongering is going to prevent
terrorist organizations from implementing these well-described, mathematically
sound, publicly available algorithms.

Since we cannot prevent terrorists from using crypto, the only ones without
crypto will be non-terrorists.

This proposal only serves to enshrine within the government the chilling
capability and authority to surveil its citizens.

------
spuz
The most interesting thing about this story is that almost no-one is talking
about what else Cameron said in his speech [0]:

 _Mr Cameron also said that a Tory Government would pass a new law to ensure
that the intelligence agencies would be able to track phone calls and internet
messages.

He said that this power to track “who made which call, to which person, and
when” was “absolutely crucial not just in terrorism but finding missing
people, murder investigations, almost every single serious crime.

“What matters is that we can access this communications data whether people
are using fixed phones, mobile phones or more modern ways of communicating via
the internet.” _

I refuse to believe our PM is so technologically ignorant that he believes the
'banning encryption' policy will ever fly. The most plausible explanation to
me seems to be that he is trying to rebalance the public's expectations of
privacy towards greater surveillance to the extent that slightly less
egregious (but still objectionable) laws can be passed in their place. I have
a feeling that this kind of rhetoric has been used before and probably has a
name.

[0] [http://www.telegraph.co.uk/technology/internet-
security/1134...](http://www.telegraph.co.uk/technology/internet-
security/11340621/Spies-should-be-able-to-monitor-all-online-messaging-says-
David-Cameron.html)

~~~
CoreSet
It's almost impossible for me to resolve the cognitive dissonance of seeing an
educated, by all means literate person completely devalue privacy to the point
that it ceases to exist.

To say with a straight face, after the events of the 20th century (and the
horrors of Russian and German domestic intelligence services, past abuses
committed by the FBI, the current human rights clusterfuck in places like
China, Iran, and Syria), that all communication should moderated and monitored
by the government?

Can anyone support that idea in good faith? I agree with you that it's an
almost unbelievable level of stupidity and one that betrays an ulterior
motive. But normally I'd say something like this played into some industry or
private-interest wish, but what bank or corporation (much less any commercial
tech venture) is pushing for this? What group could this possibly serve in
society other than the most high-ranking (and power-hungry) officials in the
intelligence establishment?

------
CoreSet
Of course Stross is right on. That Cameron would do such an about-face on the
values and ideals the Charlie Hebdo staff died for is disgusting (not to
mention, as per the author's excellent point, completely counterproductive).

------
higherpurpose
The "illegal guns" the terrorists used in France were brought from _outside of
the country_. So now Cameron thinks he can stop a freaking app from entering
the country? I mean he can't be that stupid, can he? I don't think he is,
because I think this new proposed law has nothing to do with terrorism and has
a completely different agenda behind it.

~~~
sitharus
I guess the idea is the old "Only criminals use encryption, so you must be a
criminal".

Of course, given that the big crime networks are sophisticated this won't stop
them. They'll go back to old cyphers and steganography. Same goes for the
compulsory handing over of encryption keys, there are now multi-level
encrypted filesystems, where you have n keys where each opens a different set
of files. Have a few keys protecting embarrassing but not incriminating files
and disclose those.

Surely scifi has taught us that totalitarianism never wins?

------
VBprogrammer
I don't understand why people seem to think he's talking about outlawing
encryption. From what I understand he's talking about forcing companies to
disclose your messages.

You can still have all the encryption you want on HTTPS, but it then get
stored on a server somewhere.

That said, I believe both ideas are abhorrent, so if we have to take some
technical liberties to cause enough uproar then so be it.

~~~
spuz
It's an inevitable consequence of these lines of the speech he gave. I
recommend you listen to the whole thing to understand it properly in context
[0]:

 _" But the question is are we going to allow a means of communications which
it simply isn’t possible to read. My answer to that question is: no, we must
not."_

 _" If I am prime minister, I will make sure that it is a comprehensive piece
of legislation that makes sure we do not allow terrorists safe space to
communicate with each other. That is the key principle: do we allow safe
spaces for them to talk to each other? I say no, we don’t, and we should
legislate accordingly."_

The only way to guarantee there is no "safe space for [terrorists] to talk to
each other" is to ban all means of communication that cannot be decrypted. If
we simply ask Whatsapp to record all their messages (and keep the decryption
keys somewhere), that still leaves all kinds of encrypted communication
applications available (or safe spaces) for terrorists to use.

[0] [http://www.theguardian.com/uk-news/2015/jan/12/david-
cameron...](http://www.theguardian.com/uk-news/2015/jan/12/david-cameron-
pledges-anti-terror-law-internet-paris-attacks-nick-clegg)

~~~
VBprogrammer
I still think that is a rather literal interpretation of what he is saying.
Forcing companies to allow access to data seems much more realistic, though
admittedly doesn't meet the condition "no safe space for [terrorists] to talk
to each other". But maybe he is a complete moron.

Presumably he is going to ban the XOR operation since with a one-time pad...

~~~
spuz
If he forces major companies to provide access to their data, that still
leaves minor companies or open source projects to do what they want and
therefore still leaves the bad guys with a place to hide. The only alternative
is to ban encryption for all but those who agree to allow access by the
government (with a warrant of course) which while possible is highly
implausible given how much internet traffic is currently encrypted.

------
zamalek
Is this guy just going to ban everything?

Anybody intent on breaking the law will just [continue to] use steganography
and side-step the issue completely. If anything, a cryptographic ban would
most likely result in an easier life for terrorists (especially but not
exclusively cyber terrorism). One honestly wonders if that's what he wants
because it has to be impossible to be _this_ stupid.

------
razster
A comment by Phuzz, one the webpages comment section, says it well.

You can even create spray paints in Counter-Strike which are images, these
could be used to hide secret messages.

Point being, anyone can hide a message if they really wanted to without anyone
noticing.

------
jacquesm
It's a pity politicians don't need to show even a basic understanding of the
material they wish to create laws for.

------
higherpurpose
Holy cow this was flagged fast.

