
UK Home Secretary says encryption on messaging services is unacceptable - zepolud
http://www.reuters.com/article/us-britain-security-rudd-idUSKBN16X0BE
======
bartread
We're a very long way from being a totalitarian state and likely to remain so
for quite some time but, make no mistake, this is the thin end of a very long
and ultimately very fat wedge. It therefore behooves us well to hold the
government to account when they try to get us to swallow more of that wedge.

Sure, encryption helps terrorists as well as ordinary citizens but it's my
belief that freedom and privacy are more important than that. The work of
police and security services has never been easy in a free society, but
protecting and upholding that free society is the very essence of the job.
Dilution of that freedom is therefore counter to the purpose for which these
agencies exist, and so when the government tries to move in that direction we,
as citizens, should voice our resistance, and keep voicing it until they
understand.

~~~
lb1lf
Every time a person in a position of power calls for the intentional weakening
of cryptographic systems - be it via backdoors, limits on key length or
whatever, I long for a gutsy interviewer to ask them - preferably live -
whether they advocate that position out of ignorance or malice.

There really aren't many other alternatives.

~~~
FatalBaboon
I believe they do it because they've been elected to do so.

It takes too much to reply: "Tell you what, I'm going to educate you better
instead". Because you can educate all you want, you will not have results that
helps your re-election 4-5 years down the road.

~~~
beedogs
No properly-informed voter would want this kind of legislation.

~~~
Buge
"No true Scotsman..."

I have a feeling that some top level FBI people are properly informed, but
still want this kind of legislation.

~~~
abustamam
Simply because it wouldn't apply to them.

------
mattbee
Amber Rudd is the UK's Home Secretary not just any minister.

"We need to make sure that our intelligence services have the ability to get
into situations like encrypted Whatsapp."

She has said she is "calling in" technology companies this week to try to
"deliver a solution".

Marr asks if they refuse to do that, will you legislate to force them to
change? She's not drawn on that.

Interview is here:

[http://www.bbc.co.uk/iplayer/episode/b08l62r7/the-andrew-
mar...](http://www.bbc.co.uk/iplayer/episode/b08l62r7/the-andrew-marr-
show-26032017) [from 45:18]

I understood that UK IP Bill already mean that she already has the ability to
e.g. demand a backdoored version of Whatsapp be sent to a target device, but
that's not covered in the interview.

[https://www.theregister.co.uk/2016/11/30/investigatory_power...](https://www.theregister.co.uk/2016/11/30/investigatory_powers_act_backdoors/)

~~~
NetStrikeForce
UK's best shot at surviving Brexit is become stronger on value added
industries. They have a very good head start over any other EU country in IT
and in some research areas.

Amber Rudd seems hell bent on destroying their only chance.

~~~
prodmerc
They all are intent on crippling any chance the UK has at becoming stronger in
high tech industries.

I'm so sick of getting "this is an adult resource and you can't view it"
anytime I search for information about a drug (pharmaceutical, not just "weed
LSD and lols").

Great fucking way to encourage your future chemists. Maybe ban keywords like
JavaScript, PHP and SQL while at it, them's the powerful drugs maaan.

~~~
OJFord
> _I 'm so sick of getting "this is an adult resource and you can't view it"
> anytime I search for information_

Switch ISP, or contact your current one to disable this. They don't all do it
by default, or at all.

~~~
jen20
As far as I'm aware all new accounts in the U.K. do this unless you call to
have it disabled (and give personal information). I mean, how else would you
protect the children...

~~~
k-mcgrady
>> As far as I'm aware all new accounts in the U.K. do this unless you call to
have it disabled (and give personal information).

Usually you can have it disabled while you sign up (and they usually ask if
you want it). As for giving personal info - they're you're ISP. They have your
name, address, billing details, have done a credit check...what else are they
going to ask for that you haven't already supplied?

~~~
jen20
I can buy a 'burner' SIM when landing at Heathrow without giving any
information - paying in cash. However, to disable the content filter requires
giving up personal information.

------
SimonPStevens
I watched Amber Rudd interviewed by Andrew Marr this morning and the scariest
thing about it was that Marr completely agreed with her. Rather than providing
an opposing viewpoint and counteracting her points, he agreed with the idea
that it was unacceptable for people to be allowed to use encryption and that
it was terrible these companies were using it as a selling point. All he
pushed her on was if she would enforce cooperation from tech companies.

~~~
madaxe_again
This isn't all that surprising, given that the government has repeatedly
threatened the BBC with the loss/alteration of their charter for being
critical of the government and not sufficiently jubilant about Brexit. ITV
owning the BBC would arguably be a greater disaster than watered down
coverage.

For a corollary see the paucity of coverage on the mass demonstration in
London yesterday.

~~~
untog
It isn't all that surprising to me either. But for different reasons. They
have no idea what they are talking about.

Do we think they know our online banking software uses the same kind of
encryption? Probably not. Andrew Marr not knowing this is annoying. But an
entire government being ignorant of it is deeply worrying.

~~~
DanBC
Why do you think the government doesn't know? Why do you think they believe
what they say?

This is just populist bullshit. It follows on from other populist bullshit.

~~~
untog
I think they don't know because I've never seen any of them describe
encryption in a way that would suggest they know what they are talking about.

I don't doubt that _someone_ in government knows. Probably an entry level
staffer. But whenever technology comes up (such as blocking types of content
from the internet) the policy is always utterly ham fisted.

~~~
brokenmachine
I agree that the policies are always ham fisted, but I'm not sure how you
could have a policy that achieves the goal of blocking specific "bad sites"
_without_ it being ham fisted.

How would you achieve the goal of coming up with a non-ham fisted technical
solution to a ham fisted problem?

------
orian
How do they want to prevent someone from creating his own end-to-end
encryption app? It may use other protocols to encode content (images, tweets,
fb posts etc.).

For me it seems to be more in a direction of so called "Big Brother" than real
counter-terrorism.

~~~
blfr
_How do they want to prevent someone from creating his own end-to-end
encryption app?_

That's not an issue. Writing solid encryption software is very difficult on
its own. You will hear "do not roll your own crypto" all the time from
security experts. We don't live in a James Bond universe and it's beyond the
reach of terrorist organisations.

~~~
orless
You don't have to roll your own crypto to create an own end-to-end encryption
app. You can use existing crypto. Writing a user interface around it is not so
difficult.

Beyound the reach of the terrorist organisations? We have already seen pretty
sophisticated operations by relatively small crime organizations (like
exploiting pseudorandom generators in casino slot machines). There's an
established black market for exploits. I think writing an end-to-end
encryption app is not much more difficult compared to this. What's more, it
will even be perfectly legal in many countries, meaning you could legally hire
professionals to do the job. Terrorist organisations won't need to esablish a
development office in SV to write the app, they will only need to know how to
use Tor and wire money to the app producer. Which isn't such a huge competence
to ask for.

~~~
loup-vaillant
> _small crime organizations (like exploiting pseudorandom generators in
> casino slot machines)_

If all you do is pushing the buttons of the slot machine in the right order
with the right timing, that's hardly a crime —and I don't care about court
judgements to the contrary. If a slot machine has a crappy pseudo random
number generator, they're just asking for it. I'd rather sue the slot
machine's _maker_ for providing a machine that's not fit for its intended
purpose.

~~~
orless
It is a crime as in "unlawful act punishable by a state or other authority".
You are welcome to disagree, but I'd be interested in your definition of
"crime" then.

~~~
loup-vaillant
My point is, there is nothing wrong with pushing a slot machine's buttons,
even if it is done in a way that defeats the RNG. The difference between this
and counting cards in a game of Black Jack is, the RNG can easily be fixed to
prevent this.

You provided it as an example of "organized crime", and doing so heavily
suggests that it _is_ wrong.

We tend to conflate "wrong" and "unlawful", and for good reason: the law is
supposed to prevent wrong things from being committed. There are exceptions
however, and this is one of them. I'd rather use another example if possible.

~~~
orless
My argument is that even small organized crime groups were capabale of
sophisticated operations so it's absolutely not far-fetched to assume that
they may be able to implement end-to-end encryption apps. Whether this
"organized crime" is "wrong" does not make much difference. It might be even
easier to find people to implement it as not many would have moral issues.

Speaking of moral issues, cheating on casino is pretty much off limits on my
personal moral compass. That the attack was possible within the normal mode of
operation does not make it less of a fraud. Imagine if the casino would
reverse-engineer a slot machine and find a way to abuse it within the normal
mode of operation, making odds (even more) in their favor. That would be
fraud, plain and simple, and I don't see why a player should be held to a
different standard.

You are absolutely right, not everything unlawful is wrong. But I fail to see
which benefit we as a society would have by allowing exploitation of technical
deficiencies in slot machines for profit. It is a crime and it is wrong in my
book.

~~~
loup-vaillant
OK, so our disagreement is very simple: exploiting the flaws of a slot machine
is not cheating in my book. Neither is counting cards now that I think of it.

The rules for slot machines are ostensibly very simple. As long as you're only
pushing the buttons that are supposed to be pushed without deteriorating them,
you are acting within the rules of the slot machine, and as such _cannot_
cheat.

The presence of hidden rules such as "don't push the buttons in this
particular order and timing", or "don't push the buttons in a way that
reliably causes you to win", are just silly and unfair. Especially considering
casinos are exploiting gamblers' minds in the first place. Don't like slot
machine exploiters? Fix your slot machines.

Likewise for counting cards: the player is merely acting upon information
naturally gathered buy observation and play. Asking players not to act upon
such information is intrusive —and unheard of in competitive play. Don't like
card counters? Invest in a continuous shuffling machine.

~~~
orless
"The presence of hidden rules..." except they are not hidden. IANAL and don't
have link at hand, but there was recently a legally pretty well based argument
in a case of a player who had an assitant able of recognizing cards from the
back pattern.

"you're only pushing the buttons" except they were not only pushing a button,
they were also recording sequences and sending them abroad for analysis.

But as you directly say that exploiting the flaws of a slot machine is not
cheating and that it's fair, I guess I won't be able to persuade you
otherwise.

------
makecheck
We hear most terrorists ate with forks so all forks are now banned.

Also, we were shocked to discover that virtually ALL criminals rely on
something called Oxygen to perform their work so this is now a controlled
substance that will be heavily regulated.

We were then terrified to learn that after banning forks, terrorists were able
to successfully eat with spoons or even their hands.

/s

Seriously, you cannot ban tools. Lawmakers have to approach this with a firm
grounding in statistics (how LIKELY is a risk, relative to the magnitude of
the measures to prevent it?). They also have to realize that some things are
just necessary for society to function. Stop being paranoid.

~~~
humanrebar
More to the point, terrorists lock their doors! We need to ban deadbolts!

~~~
infectoid
Seriously though. Next step would be to force people to install locks that
have a master key that only intelligence services have and can only use for
good reasons.

If you're ok with encryption back doors you should also be ok with govt master
keys for all your stuff (house, car, bank account, etc)

------
satysin
So they get a backdoor into WhatsApp and terrorists just move onto some other
non-compromised tool. Rinse and repeat. You can't ban maths ffs.

TBH I am surprised attackers do not better destroy their electronic equipment
just before they carry out their attack. Pop your phone and SSD/flash drives
in the microwave on high for a few minutes is pretty much going to destroy all
evidence on them, and if not then chances are you are dead anyway so whatever
data they might be able to get off will most likely be useless to them anyway.

~~~
dmichulke
It's in the interest of the terrorists to get WhatsApp banned.

Terrorists just use something else while the populace feels gradually more
oppressed/controlled/...

In a way they get something for nothing.

~~~
sergior
I think this is not about terrorists (that is just a side effect), but for
state ability to know what people think and talk about. That is very powerful
thing to have.

------
s3arch
>Referring to Whatsapp's system of end-to-end encryption, she said: "It is
completely unacceptable. There should be no place for terrorists to hide.

Thats it guys. Mommy says no more maths.

~~~
atmosx
> "It is completely unacceptable. There should be no place for terrorists to
> hide."

Agreed. I'm terrorized when I hear gov representatives talking like that.
Who's the terrorist, I wonder.

~~~
tunap
I seem to remember in pre-inet news, rogue actors with mental disorders seldom
made national headlines. Now an individual with no affiliation with organized
hate-based groups and some twisted logic can dream of international
recognition for their actions if they manage to fulfill loose criteria under
the "terrorists" FUD umbrella. Dead or alive, they want to be significant in
some way different from their previously banal existence, consequences be
damned.

~~~
collyw
I was discussing this with friends. The fact that people are acting in the
name of Islam and there is a common ideology behind the attacks is why they
are considered "terrorism" rather than lone wold attacks. Admittedly this one
seems to be somewhere in between. Mass shootings in the US by contrast, do
seem to be done by rouge actors in general, and there doesn't seem to be a
common element to such attacks. As with everything such definitions aren't
black and white and more of a sliding scale, so can be interpreted differently
depending on your viewpoint.

~~~
alphabettsy
No common element in US attacks? I think in the majority of cases that's just
not true. People weren't killed, but the PizzaGate shooter was motivated by
what can only be described as a large cult of a particular persuasion, Planned
Parenthood shooter certainly had his political motives, Charleston shooter had
motives that have existed in the US almost continuously, Oregon standoff were
all anti-government types, I could go on and on. I would say the main
difference is we are not actively at war with people that share their faith or
look like them overseas. As far as I'm aware the Boston bombers and Orlando
shooter were only inspired by, but received no support from groups such as
ISIS. In that way they were just as self-radicalized as Dylan Roof the
Charleston shooter.

Obviously it's all more complicated than I could quickly write, but to me
there's a big difference between the self-radicalized generally disconnected
persons in the US or U.K. versus those on the ground overseas.

------
sametmax
The British gov is looking more and more like the Finger from V for Vendetta.
The US president more and more like the one from Idiocracy. That we tend to
live up to caricatures should be an alarming sign, but I only see worries on
sites like HN. Most people still don't see the catastrophy in it.

~~~
brokenmachine
_> I only see worries on sites like HN. Most people still don't see the
catastrophy in it._

I'm not in the US. I have actually been very impressed by the outspoken
actions of anti-Trump people in the US, with the massive protests and constant
(well-deserved) media scrutiny. Also I never knew I could have so much respect
for Hawaiian judges.

Why they didn't bother to vote is beyond me, though. Trump is a buffoon, but
he was able to successfully motivate other buffoons to actually vote.

I did hear the description of their vote as being force to choose "between a
disaster and a catastrophe" though, so that might go some way to explaining
it.

------
cJ0th
If I may ask a very naive question: Do politicians like her really think
encryption is dangerous or is it a devious way to expand mass surveillance?

Attacks of the past have shown that terrorists don't have a need to resort to
encryption. The people involved in the Berlin attack last year, for instance,
were monitored. Authorities knew they would strike but they didn't have
sufficient incriminating evidence that would count in court to lock those guys
up.

Even if encryption on messaging services were forbidden (which would make
millions of law abiding people vulnerable in some way), terrorists could use
throwaway email accounts from internet cafés and wrap their messages in
password protected attachments.

~~~
GordonS
> really think encryption is dangerous or is it a devious way to expand mass
> surveillance

The latter her and the precious home secretary (now PM) have been banging on
about how under threat we are from the terrorist hoards for years now - all so
they can erode freedoms and increase mass surveillance under the guise of
'keeping Britain safe'.

The idea that banning encryption of private conversations will prevent these
few crazy people from causing damage is of course ridiculous.

~~~
brokenmachine
It's an interesting question though, isn't it.

They _must_ know enough to know that this won't actually fix the problem, so I
would have to surmise that they are just trying to do _something_ and stay
somehow relevant before their term comes to an end.

"Never mind the collateral damage, I'll be retired on a government pension by
then."

------
fauigerzigerk
It would help the UK government's argument if they didn't grossly abuse every
single surveillance power they have:
[https://www.theguardian.com/world/2016/dec/25/british-
counci...](https://www.theguardian.com/world/2016/dec/25/british-councils-
used-investigatory-powers-ripa-to-secretly-spy-on-public)

------
sklivvz1971
Coming from the same government that wants all ISPs to keep a log of all the
sites you visit. These people are beasts and as dangerous, if not more, as the
perils they are supposed to save us from.

If people knew the damage these idiots do, they would be in the streets.

Oh wait, they already are in the streets...

------
blockoperation
I'm surprised it took this long for her to bring up the subject – Theresa May
would've had her soundbites prepared in advance and released within hours of
the attack if she was still Home Sec.

> That is my view - it is completely unacceptable

You know what else is completely unacceptable? Technologically illiterate,
authoritarian jobsworths capitalising on tragedy to push through their
agendas. But that's just my view.

Home Office always seems to attract the nastiest and dumbest of politicians,
but this is a whole new level of dumb, and sadly will only gain her more
support, because the general public either have no idea about the implications
of backdoored crypto, or simply don't have any expectation of privacy and are
happy to give up what little they have left in order to feel safe.

~~~
iliketosleep
Sure she'll get support and they may even be stupid enough to attempt to enact
this stuff. But rest assured there'll be a massive backlash from big business
and various political fallouts from the scandals that will ensue.

Then some genius will come up with what's essentially an "encryption is
illegal for terrorists" bill and we'll have the best of both worlds: full use
of encryption where we need it, whilst the terrorists can't use it because
it's illegal!!

~~~
kakarot
Yeah that'll be totally humane, just like how it's illegal to commit crimes
while wearing body armor in most of the US! Or like how street dealers and
felons aren't allowed to carry guns or vote! We are being declawed.

------
rijncur
It is the duty of the Home Secretary (and the UK's various nosey institutions
- e.g. intelligence agencies, police, etc) to continuously badger us for this
information - unfortunately, it's pretty much part of the job description.

It is our duty, as the public, to continuously say "no".

Disregarding any negative consequences, their motivations are pretty
transparent - there's little doubt that being able to read everyone's private
messages will enable the intelligence services to better do their jobs.
However, as Edward Snowden and others have already shown to us many times over
the last few years, the UK government can't be trusted with this
responsibility - and that this is probably the thin end of the wedge. Britain
is already the closest thing that Europe has to a surveillance state, and the
number of people killed in the UK by terrorism is vanishingly small - we are
hundreds of times more likely to die in a car accident. Is it really worth
giving up the last vestiges of our privacy for a little bit more security?

~~~
Silhouette
_is the duty of the Home Secretary (and the UK 's various nosey institutions -
e.g. intelligence agencies, police, etc) to continuously badger us for this
information - unfortunately, it's pretty much part of the job description._

On the contrary. The Home Secretary is literally the holder of the ministerial
authority that is required for police and security services to use a lot of
the powers they have, and is supposed to be providing oversight and ensuring
that those powers are used responsibly.

Unfortunately, that means the Home Secretary spends several hours every day
just looking at cases presumably involving some very nasty people. You have to
wonder how _anyone_ could keep a balanced perpsective if they're doing that
for 20, 30, 40 hours every week for months or years. Everyone who becomes HS
in the UK turns into a severe authoritarian within a few months of taking the
job, regardless of their prior political views or how reasonable they might be
about other matters.

~~~
rijncur
Perhaps I phrased it poorly - what I meant was that one can view the Home
Secretary's requests for less privacy as a fact of life (just as death and
taxes), and could consider refusing these requests as part of civic duty.
You're correct, the HS usually turns somewhat authoritarian (regardless of
whether it is their job to or not) - it is simply the public's duty to resist.

------
sn41
In the 1970s, an American president had to resign because of some bugs
planted.

Now, private conversation is illegal.

I guess it leads to "ownlife".

------
Doctor_Fegg
> She said it was a case of getting together "the best people who understand
> the technology, who understand the necessary hashtags"

Our Government is an absolute disgrace; and unfortunately, one to which there
is currently no credible, strong opposition.

(from [https://www.buzzfeed.com/matthewchampion/necessary-
hashtags](https://www.buzzfeed.com/matthewchampion/necessary-hashtags))

~~~
anon1385
If you are referring to the current state of the Labour party then that's
irrelevant. Even when Labour were "strong" opposition, or were in power with
large majorities, they have had very authoritarian positions on this kind of
thing.

Labour were supporters of the recent IP Bill (it actually applied restrictions
to some of the crazy powers the last Labour government gave to the police,
which gives you an indication of their general position on these things).
Labour have had authoritarian positions on crime and policing issues since
Blair became shadow Home Secretary (1992). It has been part of their 'tough on
crime' strategy of attacking the Conservatives from the right since that point
and was a core part of the New Labour strategy.

The only thing a "stronger" Labour opposition would get you in this situation
is a parliament even more united in support for restrictions on encryption.

~~~
ue_
It's a damn shame as a Communist myself to agree with Labour on various
issues, but so vehemently disagree with them on the abstention or even
outright support of spying bills.

------
drcross
It's an incredibly foolish thing for a minister to suggest. She demonstrates a
complete lack of understanding on the subject and has commited political
seppuku. Has she never read Orwell, Huxley, seen articles about tyrannical
governments or even heard about the reasons the US constitution was drawn up?

~~~
grey-area
_has commited political seppuku_

Since the current prime minister supports her, I doubt it. It's an absurd
position, but not without support in the current administration, just like her
outspoken views on immigration.

~~~
GordonS
> Since the current prime minister supports her

And, I'm sorry to say, a large chunk of the public, who have for years been
force fed rubbish from politicians and the media alike about the huge
terrorist threat that threatens to destroy our country (when in reality just
about anything else you can think of is more of a threat than the odd crazy
with a knife and car...)

------
logingone
Poorly timed opportunism. Police have said the attacker acted alone, so he
wasn't using encrypted comms to talk to anyone.

~~~
clubm8
I really hate this "going dark" narrative.

They can track his purchases via his debit card, his movements via CCTV + cell
tower records, intercept his emails... but there's one bit of his digital life
that's inaccessible and we're "going dark?"

We are burning bright with data. More data does not necessarily mean less
terrorism.

The English might be better served by posting some armed officers in high
value areas. The French do this at major train stations and tourist spots like
the Eiffel Tower. This doesn't stop terrorism, but vastly reduces the body
count.

Frankly, I think it's laughable that countries which resisted the Nazis will
let 10 people dying make them consider rolling back civil liberties.

~~~
ryan-c
I posted about this on twitter this morning, and it seems appropriate to
repeat it here:

For most of history, governments have not had the ability to easily monitor
the communications of their citizens. Widely available, user friendly
encryption tools are just returning us to normal. Well, except for the massive
trail of metadata everyone now leaves.

------
ohthehugemanate
There are a few reasons to laugh at her position.

* The UK government leads the "free world" in ignoring its own warrant process, and pursuing a "collect it all" strategy for commsec. UK citizens have no reason to trust that their government, given such access, would not abuse it. They've abused all their other access thus far.

* Privacy and Security help normal citizens and criminals alike. This is as true for a locked front door as it is for an encrypted message. We grant governments the ability to violate privacy under warrant - they may snoop, spy, enter our homes, and read our mail. We do not grant them the ability to violate security, however. They still have to pick the lock, steam the envelope, and crack the safe. These are important distinctions. We do not engineer a backdoor into all encrypted messages, for the same reason we don't mandate a government master key for all doors.

* The idea that you can legislate math out of existence is a joke.

There is one reason to cry at her position.

* They will eventually legislate this way anyway.

------
dijit
"He sent an encrypted message from whatsapp"

Yes, and then he went and did something stupid with easily accessible tools
and acted alone.

You _might_ have an argument if he was part of a coordinated attack against
something but lone-wolf terrorism has always been defined as unpreventable by
security services such as SIS. Once radicalised it's impossible to prevent
individuals doing stupid stuff.

The only thing she has revealed his the conservative parties desire for
totalitarian control. :(

~~~
kelnos
> _You might have an argument if he was part of a coordinated attack_

No.

Even ignoring the erosion of privacy angle, this just doesn't work. Outlaw
encryption, and only outlaws will use encryption. Provide government backdoors
into the popular commercial messaging apps, and people coordinating terror
attacks will just use custom, unknown, private encrypted messaging apps.

~~~
dijit
I'm going to play devils advocate here, I also dislike the erosion of privacy
(enough that I even left the UK).

But you _can_ make the argument that if only outlaws use encryption then
they're painting a target on their back, which leads to greater scrutiny by
security services.

This is reasonably achieved by the current dragnet surveillance systems in
place, along with ISP's logging everything.

I don't agree with it, of course I don't, but that's probably an angle people
could take- But the angle Amber Rudd took is even more starved of sense.

It's like she didn't ask the appropriate question: "What could we have done to
prevent this attack" and the follow up "If we had direct access to his phone
and all of his communication information, what could we have caught" and the
answer is _nothing_. He used tools commonly available to him, acted alone,
probably told nobody.

Anyway, tell the bad guys you're watching the comms and they'll figure out how
to talk, they're motivated and smart.

~~~
tonyedgecombe
"What could we have done to prevent this attack"

Actually there is a lot they could have done to help him in his obviously
troubled life but that doesn't fit with conservative ideology.

~~~
dijit
We can't help everyone. It's naïve to think we can, 100% of the time, help all
people.

Even the most socially progressive system on the planet will have people
slipping through the cracks- we have to be able to deal with that eventuality
too.

~~~
tonyedgecombe
True but at the moment we have a particularly poor record of helping people
with mental illness. This guy didn't slip through the cracks, he was totally
ignored along with many others who are struggling.

~~~
DanBC
There's absolutely no evidence he had mental illness, and you do harm to
people with mental illness when you incorrectly link violent behaviour to
mental illness.

More important is his time in prison - where most UK terrorists were
radicalised - and if you were saying that UK prisons don't rehabilitate I'd
agree.

~~~
stagbeetle
Is brutal violence against others not associated with mental disturbation?

~~~
DanBC
Violent people are violent. They may also have mental illness, but usually
it's coincidental.

In this specific case there's no suggestion he had mental illness, and it's
ignorant to suggest he did.

~~~
stagbeetle
Violent people aren't violent because they are violent. There is an underlying
cause for someone to use force against another, especially when it is socially
unacceptable.

Perhaps it doesn't fit under the "common" mental illnesses of depression,
anxiety, etc. but it lines up well with thought disorders. A sane and well
person would not jeopardize themselves, and their fellow species.

~~~
dragonwriter
> A sane and well person would not jeopardize themselves, and their fellow
> species.

Sane (by the usual definition, though it's possible you are using an unusual
definition of your own) people jeopardize themselves to harm other members of
the species all the time.

In fact, societies tend to have organized groups of people who are expected to
do this when the targets are enemies of the group, and who are honored for it;
they also not infrequently honor people who independently do it against people
theor society has decided are "the enemy".

------
ktta
Hmm, this definitely brings up an interesting discussion I don't think HN has
had before, especially something in a similar vein since Apple+San Bernardino
fiasco.

Obviously privacy is something that HN holds very close to its heart. But I'm
interested in what do people here have to say about the privacy features are
used by terrible people to do terrible things.

And I want to share something that I think is one of the best arguments for
privacy, complete privacy. I do agree with this completely:
[https://moxie.org/blog/we-should-all-have-something-to-
hide/](https://moxie.org/blog/we-should-all-have-something-to-hide/)

~~~
cm2187
Terrorism, and crime in general is a nuisance that we have to live with. You
can have a society with no crime. All you need is a super repressive
totalitarian state, total transparency with citizens reporting on each others,
state surveillance everywhere. It will work. But first I don't want to live in
such a state. And second these totalitarian states slide invariably toward
corruption and state crimes.

So we have to live with some level of crime. It doesn't mean we shouldn't be
tough on criminals, but we have to accept that it is not possible in a free
society to reach zero criminality.

I think the paradox is that people are reasonably relaxed with some level of
criminality but are absolutely intolerant to any form of terrorism. And this
intolerance is a new phenomenon. Terrorism isn't new. There isn't more
terrorism in Europe than 20 or 40 years ago. In fact a few months ago I
compiled the number of incidents and victims from a wikipedia page [1]:

[https://zbpublic.blob.core.windows.net/public/Deads.png](https://zbpublic.blob.core.windows.net/public/Deads.png)

[https://zbpublic.blob.core.windows.net/public/Injured.png](https://zbpublic.blob.core.windows.net/public/Injured.png)

[https://zbpublic.blob.core.windows.net/public/Incidents.png](https://zbpublic.blob.core.windows.net/public/Incidents.png)

As you can tell, the 70s and 80s were rather more brutal, with far-left, IRA
and Palestinian terrorism. And our democracies resisted much better the
temptation to introduce more surveillance.

Now why have we become intolerant to terrorism? There are literally tens of
thousands of knife attacks every year just in London. Most don't even make it
to the local news. Why would this particular incident be treated as a state
affair? Terrorism is the buzz of a mosquito. In itself pretty much harmless.
But most people will not sleep in a room where they can hear the buzz. I don't
have a good explanation. The only thing I can think of is the 24h news cycle
where the media will make a big deal of anything that can push the audience
up. But that doesn't explain everything. They do the same with plane crashes,
but still repeat over and over that though spectacular, plane crashes are
extremely rare and flying is extremely safe. Whereas when there is a terrorist
attack, the message is "this could happen to YOU!"

[1]
[https://en.wikipedia.org/wiki/Terrorism_in_Europe](https://en.wikipedia.org/wiki/Terrorism_in_Europe)

~~~
lozf
> "... total transparency with citizens reporting on each others, state
> surveillance everywhere."

Like this?
[https://www.youtube.com/watch?v=RIuf1V1FhpY](https://www.youtube.com/watch?v=RIuf1V1FhpY)

(Tom Scott's "Oversight" from 2013)

~~~
kortex
That gave me actual shivers. I can't believe the general populace (especially
in the USA and UK) fall for this garbage. The bread and circuses must be
really good. Ok maybe just circuses, I think Trump wants to cut SNAP.

------
partycoder
It's just reverse psychology.

They have the means to break, degrade or bypass the encryption and they emit
statements like these so people remain confident that they're not being spied
on.

This routinely happens after leaks reveal that certain type of traffic is
being targeted. In this particular case, Wikileaks.

In the past after all the PRISM collusion was revealed, all the PRISM partners
started their PR campaigns showing their "commitment to privacy", and the soap
opera with law enforcement agencies claiming they couldn't decrypt devices. In
reality they have many tricks they have used for years now, like setting up a
fake cell antenna, impersonate a phone carrier to take over a device.

~~~
LoSboccacc
precisely. I was around when only hatters and nutjobs talked about echelon,
getting ridiculed on internet and the outernet, only to be proven correct
decades later

people have very short memory, it seems.

------
callesgg
How can it be acceptable to say shit like this when you have such a position
within the government.

~~~
yellow_viper
Because we've accepted it. We know the government is watching us 24/7 and no
one cares. This is the new norm.

Stories like this fill me with a slight bit of hope that encryption works

~~~
aluhut
I wonder how they are not even busy explaining how this could happen with all
that surveillance already in place. I mean no camera jumped down the pole to
stop the car...

~~~
tonyedgecombe
She did admit during the interview that these incidents couldn't be completely
stopped.

~~~
aluhut
The point is, that they can't be stopped at all.

There is a way to suspect someone may at some point, which is what the UK
security apparatus is aiming for but this kind of profiling will end up being
a psychological analysis of whole groups of the population. The results won't
be great for any of us.

------
derpadelt
For two decades I've been waiting for popular support for a complete or at
least Clipper-chip-style encryption ban in the "free world". It always was on
the other far end of the spectrum, directly oppsite questions like IV/nonce
choice, PRNG initialization flaws, RSA attack vectors. I have great fear for
the freedom and living standard of my kids when I read these top-level news
pieces. We stand a real test and we will have to argue against hatred, fear
and terrorism. Let's just hope our leaders have no-nonsense advisors as well
as those that inspire such news.

------
slashrsm
This is a complete nonsense. Such move would simply encourage "bad guys" to
find other means of secure communication while exposing everyone else.

------
jimnotgym
When you take away our freedom in order to stop terrorism, then the terrorists
win. This is one guy in an estate car. Amber Rudd is not a democrat if she
really believes this

------
hudathun
Best ban everything that can be misused by terrorists... cars, knives,
encrypted messaging.

~~~
wiubiube
that's the blindspot isn't it ? What's the one common thing about recent
terrorist acts ? Vehicles used as weapons. Yet nobody's calling for a ban on
the use of vehicles

~~~
rorykoehler
Even one level up... Since when is a crazy individual with a knife in a car a
terrorist? He's just a crazy idiot and we should call him so. If this is
modern day terrorism we have nothing to be worried about.

------
Khaine
Reading all of the comments I am deeply concerned. Everyone who is opposed to
this is doing 'their side' a disservice.

Comments are about how stupid, or ill informed the Home Secretary and advisors
are, or that they are being blackmailed by the intelligence services.
Seriously? These kinds of comments are not going to get the broader public to
support your ideals.

I think you misunderstand why she (and law enforcement) believe that they
should have access to the messages. If the terrorist called someone they can
get a warrant for the metadata and see who he called and whether it is
relevant to the investigation. If the terrorist sent an SMS they can get a
warrant for it. However, if the terrorist sends a WhatsApp message what can
they get? Why should a WhatsApp message be treated different from an SMS?

That is what we as the tech community need to explain, why backdoors, weak
encryption, and escrow are not a solution.

I value my privacy. I want my messages to be secure. But if the tech community
keep acting like most of the comments on this, we will lose.

------
ourcat
So when they discover that he wrote and sent actual letters, will they then
demand access to open our mail?

Also: Will breaking encryption stop a man grabbing a knife and jumping into
his car? No.

~~~
gsnedders
> So when they discover that he wrote and sent actual letters, will they then
> demand access to open our mail?

Except, like, with a warrant, they can already open our mail. That's a pre-
existing power.

The difference is under the current legislation a warrant doesn't get them the
ability to read WhatsApp conversations; that's the point of contention here,
and the difference with the above is perceived to be the problem.

------
iamben
If the govt. was to force WhatsApp's hand, I'm sure we'd see democracy in
action if they prevented everyone using the app for 24 hours, replacing the
facility to message with a note telling users to contact their local MP (with
clickable email / phone numbers - and maybe links to the ORG).

~~~
JoshTriplett
Or even just put a banner at the top of the app.

~~~
bencollier49
And then suddenly Facebook find themselves legally responsible for the things
published on their platform, perhaps. They're not going to stand up to the
government, they're in too weak a position.

------
ajuc
By the same logic if we ban freedom of speech terrorism won't be able to speak
with each other.

Seriously who voted these idiots.

------
singold
Well, she could start herself publishing all her emails, how can we know she
isn't a covert terrorist?

------
sidcool
Even though the article mentions specifically about UK, there are many in the
US who hold the same belief. If you want to ban encryption because terrorists
might misuse it, what about Guns? Then it is a matter of "freedom".

------
Entangled
Dear minister, can I whisper in my wife's ear while having sex or do I have to
get permission from government?

~~~
wiubiube
can I talk to myself using my inner monologue please ?

~~~
sjayasinghe
only if it involves something deemed legal by the Thought Police and the
Party.

------
id122015
Smartness should be banmed. They are too much of a problem! Everyday
disruption disruption disruption...

Evolution should be banned too and all those books about biology or astronomy.
God made it all!

------
Asdfbla
I morbidly curious how many terrorist attacks we are away from actual laws
that will attempt to outlaw encryption as used by WhatsApp (even if it
wouldn't make sense to do that). Resistance against such measures outside of
the tech scene would probably be low. The "I've got nothing to hide" mentality
is actually quite widespread among the population, so I don't even think it
would be a risky move politically.

------
dfraser992
I assume someone has already brought this up, but it is late and I can't read
through 300 comments. From what I recall and have read, this individual has
been on the radar of the security services since 2010 and so was a known
potential threat. With a history of violence and criminal behavior. Yet
effective monitoring of such individuals WAS NOT DONE and apparently isn't.
Instead, there is this post-hoc demand that all of the public must give up
their right to privacy because the idea of 'pre-crime' prevention is actually
viable...

complete and utter bollocks.

So a blanket violation of law abiding citizens rights is more important than
actually keeping tabs on known threats more closely and effectively.
Pedophiles are viewed with less disdain than terrorists it seems. And the
threat of terrorism is trumpeted to the heavens while pedophilia is apparently
more rampant is UK society...

It is quite illogical that law abiding people suddenly snap and decide to
drive their cars into groups of tourists. How prevalent are the actual
potential terrorists - i.e. those with a history of violence, trouble with the
law, radicalization, etc? If I knew those stats, then I personally would be
better able to judge the claims of the authorities. But I don't have those
stats and so the logical assumption is that their claims are exaggerated shite
designed to drum up fear and etc etc. Meanwhile idiotic claims that all
encryption must be banned or tapped, even for law abiding businesses (does no
one remember Cameron's proposals?) are floated... nothing but Band-aids all
the way down.

I could move back to America, but at this point, that is like jumping out of
the frying pan. I really need to learn a second language, preferably
Mongolian.

------
hanselot
How difficult would it be for these so called terrorists to develop their own
end to end encrypted app? Perhaps something masquerading as something common
like any port under 1000? It is feasible that the elimination of
whatsapp/telegram/signal encryption would just lead to a way more complicated
encryption system developed internally to these organisations.

~~~
makomk
Not that difficult, but it'd almost certainly have major security flaws that
GHCQ and the NSA could exploit, because homebrew end-to-end encryption tends
to. The bigger problem is that merely using an Isis-branded chat application
is the equivalent of sending a text message to the security services saying
"hello, I'm a potential terrorist, please pay special attention to my every
movement". Even the Tor project hasn't _actually_ managed to reliably disguise
their protocol as something else, and they have a bunch of smart people
working on it with the advantage that countries tend to reveal the fact
they've been detected through blocking rather than just quietly monitoring the
people using it and rounding them up the moment they try something.

~~~
goodplay
I generally agree, but intelligence groups have to first find the signal they
want to monitor. Modern steganography techniques coupled with the free
randomness you get from the physical world gives you much to work with. And
that's assuming common tech will be used.

Also, designing a secure general purpose messaging system is much harder that
designing a system tailored for a specific use case.

Banning encryption by law is like demanding, loudly, that people not talk
behind your back. Some will listen, and some will not. Only legitimate users
and use cases will suffer.

~~~
tormeh
Well, ISPs could implement a whitelist of communication methods. Maybe all
content would have to be signed by a whitelist of apps before it's allowed
through the network. Images would have to be signed by the camera app, so no
steganography would be possible.

From a business perspective it would be like going back to before the
internet, but many of the services we associate with the internet like
Facebook, Netflix etc. would survive.

~~~
goodplay
What about using latency or throughput as a signal? What about tunneling data
over seemingly normal pictures taken by said camera app? What about switching
the "User Available online" indicators at a seemingly natural rate? What about
_all three_ at the same time?

I assure you, steganography will always be possible. The only think a ban on
encryption would do is hurt (badly) society, personal privacy, and those who
want to follow the law.

~~~
tormeh
Sure, it would be a bit of a whack-a-mole, but in the end sending concealed
messages would become extremely difficult.

It's technically impossible to do perfectly, but as we all know, perfect is
the enemy of good enough ;)

------
sergior
How about they look into their business partner Saudi Arabia first? It sounds
like as if they let this country poison the minds of mentally ill people in
hope the attacks they carry on could be used as an excuse to expand control of
the society. Use of this tragedy to do just that is simply disgusting and put
in question what government is actually doing.

------
tinus_hn
How would that have prevented anything? As if they'd have responded within 2
minutes to some guy sending weird messages.

~~~
makomk
The message he sent right before the attack will likely not have been his
first communication about it. There's been a pattern of Isis operatives abroad
guiding and supporting terrorists in detail via end-to-end encrypted messaging
for weeks or months, right up until the moment they attack:
[https://www.nytimes.com/2017/02/04/world/asia/isis-
messaging...](https://www.nytimes.com/2017/02/04/world/asia/isis-messaging-
app-terror-plot.html) Presumably the British police are assuming that this is
like those previous attacks, but they haven't managed to obtain the actual
message contents after the fact this time around for some reason.

~~~
GordonS
Come on. If this was really ISIS, then we plainly have nothing to fear.

My bet is that he's just a random crazy, but of course these days it suits the
political narrative to brand such people 'terrorists' to stoke public fear

~~~
DanBC
Stop tossing out mental health as a reason. There's nothing to say he had
mental illness, and you cause harm to people with mental illness when you
incorrectly link violence to mental illness.

~~~
GordonS
I used the word 'crazy', rather than mentioning mental health issues. 'Crazy'
does not just refer to people with mental health issues, if refers to
irrational acts.

To expand on my point, some of these small-scale 'terrorist' attacks show very
little evidence of being coherently planned, and it's difficult to believe
that an organised terrorist group is behind them. It seems more likely that
some of these acts were performed by people acting alone, or vulnerable people
provoked to it - and yes, some of these people may well be mentally ill; that
hardly means they cannot be capable of violence.

------
vixen99
Some people will simply refuse to let all and sundry (we have no idea as to
who reads and acts on intercepted emails) to read private emails and they will
therefore turn to steganography or one time pads with a seemingly ambiguous
pre-arranged code. Good luck with reading the latter or even thinking it has a
hidden message.

------
razzaj
Isnt it weird that drasticly restrictive all encompassing rules are hastily
pushed _after_ attacks? Blanket Decryption of messages, and other privacy
suppression rules will make intelligence agencies into super powers with too
much control at a very reduced cost (less messy assassinations, or physical
threats needed)

~~~
brokenmachine
That's the perfect time to hastily push them through!

------
Zenst
So a statement that he acted alone by the met police is bing utterly ignored.
Ironically no mention of banning 4x4 cars and that frankly puts this whole
situation into perspective - government ignorance of encryption, once again.

~~~
brokenmachine
If we could bundle a 4WD car ban in with the new legislation, I might actually
change my mind about the massive loss of basic freedoms. :-)

------
nbanks
One reason it's good that governments cannot force WhatsApp to disable end-to-
end encryption is that different governments have different definitions of
nefarious activity. While the British Government could arguably use a backdoor
to stop terrorist attacks, what would stop Pakistan or Saudi Arabia from using
the same back door to enforce blasphemy laws? The issue is the same: should a
private company help law enforcement by disabling encryption?

It's nice to know WhatsApp can help people break the law in places where the
law itself is immoral.

------
bvwiqvqebui
what if the guy read a book and agreed with it because he was an sad angry
teenager with no life

~~~
k_sze
Then the obvious answer is to ban books, right?

Right?

~~~
bigbugbag
This is a thing in France.

------
noarchy
_" Home Secretary Amber Rudd told Sky News it was "completely unacceptable"
that police and security services had not been able to crack the heavily
encrypted service."_

This is great news, actually. It means that WhatsApp's encryption works, and
stonewalls the efforts of state actors (or at least, hers) to break it.

That said, we don't know if she's lying about this, or not.

------
benevol
They don't need to touch encryption in any way. It's way simpler to subvert
the endpoints, as most people use closed-source operating systems such as iOS
and Android which offer closed-source applications.

All they need to do is to pressure Apple and Google to keep some backdoors
open, which is more than realistic, as Snowden's revelations have shown a
couple of years ago.

~~~
sjayasinghe
Even better, why not introduce backdoors at the hardware level?

------
ahussain
Shameful way to capitalize on the recent Westminster attack. See Naomi Klein's
"The Shock Doctrine" for more.

------
doktrin
Looking away from the fact that what they want isn't actually achievable, what
does the UK risk by beginning to go down this road? What consequences could
this potentially have for their domestic tech sector?

My intuition says that they stand to lose more than they could possibly gain,
but I'm curious to hear a more knowledgeable perspective.

------
mrkgnao
Thought-experimentally: could we potentially be able to scan message databases
for the _absence_ of certain phrases, using something like [1], but in a
probabilistic manner akin to that of a Bloom filter? This would ensure that
law enforcement would be able to flag certain keywords with a nonzero (and
nontrivial) false-positive rate. That way, repeated flags end up identifying
potentially interesting members of society, _without proof_ and with data
inadmissible as reliable evidence in a court of law.

Of course, one runs the risk of the existence of false positives being
forgotten, TLA/government pressure to reduce the false positive rate, and so
on. But I think this is a slightly interesting way to (partially) preserve
privacy while satisfying lawmakers who demand that there be some way for them
to listen in on (what should ideally be completely private) data. (This is, of
course, only possible once one drops the axiom of privacy being an absolute
right: I don't personally support doing this at all.)

[1]:
[https://crypto.stanford.edu/portia/papers/HardNDB.pdf](https://crypto.stanford.edu/portia/papers/HardNDB.pdf)

~~~
kortex
Theoretically, I'm sure some crafty solution like that exists, but then that
is no longer true end-to-end encryption. It's 'leaky' E2E, which in the eyes
of most crypto enthusiasts, is practically worse than open channel, because it
gives a false sense of security.

------
codewithcheese
In these digital always online times; its like claiming no one should be
allowed to have a private conversation.

------
hanoz
I wonder how she felt about private communication during her directorships in
off shore tax havens?

------
al2o3cr
In a similar vein, to prevent corruption and bribery we should require Ms.
Rudd et al to post all email exchanges (official or otherwise) they engage in
publicly, along with their bank statements.

After all, we can't allow corrupt politicians ANYWHERE TO HIDE. ;)

------
secfirstmd
It's going to be a total clusterf*ck when the UK leaves the EU and starts
introducing draconian intelligence gathering laws that go further than the EU
regulations permit. Think Privacy Shield style problems but much worse...

------
ianopolous
The relevant discussion is here:
[https://www.youtube.com/watch?v=8yIPuHsB8q8](https://www.youtube.com/watch?v=8yIPuHsB8q8)

------
threatofrain
I assume that the UK government has been doing these extremely pro-
surveillance, anti-encryption, and anti-porn stances because they detect
sufficient support from the UK population?

------
benevol
On BBC:
[http://www.bbc.com/news/uk-39396578](http://www.bbc.com/news/uk-39396578)

------
gjjrfcbugxbhf
Theresa May is just using the tragic deaths of some innocents to push her own
political agenda. Pathetic political games at their worst.

------
royka118
Is it technically feasible to have a back door and still be `end to end`
encrypted ?

~~~
joshvm
Yes, this was revealed by the recent agency leaks. Cracking end to end
encryption is still extremely difficult (currently impossible?). It's much
easier to get root on a target's phone and run a keylogger or break into the
app. The messages are still end-end encrypted, but you can sniff them before
they're sent and after they're received since they're shown to the user in
plaintext.

~~~
Neliquat
But then the side channel (pre enc info) is also sent, using different
encryption? Otherwise, just as broken.

------
intrasight
First global warming deniers then mathematics deniers. Where do we go from
here?

------
I_am_neo
Messaging services without encryption is unacceptable - TRUTH

------
visarga
> "That is my view - it is completely unacceptable, there should be no place
> for terrorists to hide."

I am sure a ban on encryption would work.

Hey, guys, I just had a great idea. Let's ban bombs, knifes, and driving into
people. That would fix the terrorism problem. Once it is illegal, no terrorist
would dare do it!!!

I'm wondering why Churchill didn't think to ban the Enigma machine. If only
England was led by smart people like the British interior minister...

~~~
adrianN
The difference is that it's relatively easy to detect when people use
encrypted communication. You can just arrest them. It's not so easy to detect
whether someone is planning to drive into people.

~~~
AnthonyMouse
Compare like with like. It's plenty easy to detect whether someone is driving.
Whether they're planning to drive into people has the same level of difficulty
as whether their encrypted communications are about terrorist activity, so
shouldn't we ban cars? And buses and planes and anything else with wheels or
an engine?

If we banned planes that would certainly have prevented 9/11\. What better
argument could there be?

------
techrich
as usual she has no idea.

------
vinceyuan
If I have to choose one from end-to-end encryption and security, I will choose
security. I don't mind my WhatsApp chats are scanned by police's software, if
it can reduce terrorism. Of course, we need to make sure it is used for anti-
terrorism only.

Update: One solution of 'make sure' is the source code of the monitoring
software must be reviewed by independent and trusted software
engineers/experts.

PS. Downvoting my post doesn't solve any problem. If you have any better idea,
welcome to post it out. Thanks

~~~
ktta
> Of course, we need to make sure it is used for anti-terrorism only.

See that's the problem everyone is talking about. The thing, is, turns out you
can't. That's was the ENTIRE point of the Snowden revelations.

No sane person is okay with terrorism, but at what point are you going to stop
relinquishing your rights?

First, texts with Whatsapp. Then your phone calls. Then your bags and notes
when you go through airport security. Then bugs in your house. All of these
will help curb terrorism. But where will you stop? Will you lose all your
private life in the name of law?

~~~
vinceyuan
One solution in my mind is the source code of the monitoring software must be
reviewed by independent and trusted software engineers/experts.

~~~
ktta
That's a perfect solution actually. But sadly, we aren't there just yet. There
are nuances with these things that software can't (yet) pickup.

So humans have to do it till then. We were maybe born too early. But I think
it makes things interesting.

That means there are still problems for you and me to solve.

~~~
natch
Actually it's a horrible non-solution.

Assuming these experts are perfect and infallible (a bad assumption), then
what does it prove?

That only an authorized government agent can have access?

Can you not think of any problem with that whatsoever?

~~~
ktta
I actually didn't suggest a complete solution. You seem to judge the
proposition without any further questions.

I said the monitoring software having access to the data was a solution. But
you're probably thinking of a case where there is a master encryption key
which we just hand to the government. But have you thought of a solution where
we _can_ be sure of the access that the software will have?

Something like a infallible way we can choose only the software can view the
data. Sure, you're quick to dismiss it because it doesn't exist. That's why I
said it _didn 't exist_

There needn't be centralized way of communication you're thinking of now. It
can be public software that people can choose to run.

> Assuming these experts are perfect and infallible

Well, you can have the same skepticism for the end-to-end encrypted software
_you_ use. How can you assume that it isn't broken?

~~~
natch
>I actually didn't suggest a complete solution.

Nobody is saying you did. You yourself said "that is a perfect solution
actually" in response to vinceyuan, who had a one-liner comment about "the
source code of the monitoring software must be reviewed by independent and
trusted software engineers/experts."

Maybe we are interpreting this in different ways.

How do you envision this "solution" working? It is a bit vaguely specified.

Who is doing the monitoring? What or who is being monitored? For example are
we talking about monitoring the authorities to see if their access is done
properly? Or are we talking about something / someone monitoring
communications, on behalf of the authorities? Not sure what you had in mind.
Can you explain how what you called "perfect" might work, were it to be
developed at some point in the future?

I'll say up front that I'm skeptical, but let's see if we are even talking
about the same thing. As long as you're being super vague, you don't have a
solution at all.

And if you're just saying: there's no solution now but maybe one can be
developed, fine (I believe you're wrong) but please clarify how you think it
might work.

~~~
ktta
> That means there are still problems for you and me to solve.

This was my last sentence. With which I tried to say that we have to still
solve the problem and come up with the solution. My comment "that's a perfect
solution" was about the answer "software that can effectively monitor
communications with proper privacy" to the question about properly reconciling
privacy and security, in a situation where the people are okay with their
communications being monitored.

But are you are expecting a answer to the question, "How will the software
work?" from me.

I have no clue as so how it'll exactly work. But since you're so interested,
I'll take a stab:

> Who is doing the monitoring?

The software. No humans will ever see the raw communications which haven't
been flagged. Now this is obviously the tricky part. This is not a backdoored
system with a magic decryption key. What I had in mind was a software possibly
in-built with the communications protocol, which will, with near perfect
accuracy flag suspicious communications. This is will need a leap of tech in
Machine learning with NLP.

> What or who is being monitored?

All the communications (through the node) are being monitored.

> For example are we talking about monitoring the authorities to see if their
> access is done properly?

'They' have _no_ access. Only the software does. How that is done is up to the
"engineers/experts" to figure out. This will obviously need a change in
communications architecture. When it comes to properly securing the physical
part (the servers), I'm sure something can be figured out there.

> As long as you're being super vague, you don't have a solution at all.

See my first line in this comment. I don't have a solution, but I do believe
that a solution exists to a problem. They're very different things.

As an analogy, in mathematics, that's similar to me saying the problem is
solvable, but you're talking about the actual solution.

And sure, this is a 'perfect' solution where monitoring communications is even
a possibility. I don't even support that possibility. The first comment I
replied to does, which said:

"If I have to choose one from end-to-end encryption and security, I will
choose security. I don't mind my WhatsApp chats are scanned by police's
software, if it can reduce terrorism. Of course, we need to make sure it is
used for anti-terrorism only."

So in the first place, monitoring is something that will be done. Now in that
scenario, there's a solution (In retrospect, I don't think I should've said
perfect).

I don't think you are going to be happy with this solution. I don't expect
everyone to be. I probably will be, because while I want privacy, I'm amenable
to a solution I can trust in a situation where there _has_ to be some kind of
monitoring.

Since we live in a democracy (I hope you don't live in an oppressive
monarchy), it can happen when the majority of the people (senators, actually,
because it is a Republic) agree with a situation when monitoring is okay.

Your opinion or my opinion is not enough to change everyone else's opinions.
So we might have to learn to live with it.

~~~
natch
We live in a world, not a democracy. There are many different countries, with
many different systems.

Any proposed solution has to deal with that reality, not with the little
bubble of one democracy which may arguably in the questionable opinions of
some subset of people have a good government.

The reality includes police states where the police are truly evil.

It also includes police states where the software is written by truly evil
people, to do evil things, with evil experts overseeing it all and approving
evil behavior in the software they are checking.

Please tell me how you can be confident that there can be a solution that
addresses this reality while protecting the privacy of users. Sometimes all
the user wants to do is send a message to their boyfriend, without getting
thrown off a building, burned, flogged, or killed, possibly having several
generations of your family killed as well (see North Korea).

The system has to work for this reality. I'm pretty sure that simply drawing a
line and fully protecting the privacy of users' messages, full stop, is a
better solution than whatever you and your senators will come up with.

And yes, the security of a crypto system can be verified. If it's designed to
be secure. Not if it's designed to be monitored. Even if the experts are
perfect angels and absolutely competent, if there is a way to monitor, hackers
will find a way to get access to it.

>When it comes to properly securing the physical part (the servers), I'm sure
something can be figured out there.

You're dreaming. Remember, the authorities will have full power over that
system, and even in countries where the authorities are not evil, the
authorities as a rule are inevitably corruptible if not corrupt. This isn't
just cynicism, it's reality. Look around.

~~~
ktta
> And yes, the security of a crypto system can be verified. If it's designed
> to be secure.

Theoretical security and actual security are two very different things. Once
is mathematical which can be verified by equations. Other deals with software
and imperfect developers. Software can't be verified for perfect security in a
deterministic way, no matter how hard you try. Vulnerabilities pop up all the
time. Your expectation that theoretical security translates to real world
security is something I believe you need to think about again.

>Not if it's designed to be monitored. Even if the experts are perfect angels
and absolutely competent, if there is a way to monitor, hackers will find a
way to get access to it.

You seem to miss the part where I said a new protocol, not something which is
modified, or backdoored. I'm surprised at you being so sure about the failure
of a non-existent protocol. Do you have anything to back up your claim that
any such protocol wouldn't work? Remember, it doesn't exist yet.

I honestly didn't find most of your post very coherent. There is no avenue for
free speech in North Korea and other authoritarian regimes so it is a waste of
time talking about working around the existing government for privacy and free
speech rights. The only place where the masses can bring about change is in a
democracy.

>not with the little bubble of one democracy

Last time I checked, most countries are democratic. Please show me the case
where democratic countries vastly differ in how their government is organized.

> The reality includes police states where the police are truly evil.

Again, I talked about a democracy since we really can't do anything to help
them with encryption and code. If there are no rights, strong encryption
doesn't really matter. Look up rubber-hose cryptanalysis.

> The system has to work for this reality. I'm pretty sure that simply drawing
> a line and fully protecting the privacy of users' messages, full stop, is a
> better solution than whatever you and your senators will come up with.

It is of course is a better solution for individual privacy, I thought I
talked about this at the end of my last comment. I don't have much control
over my senators.

>>>When it comes to properly securing the physical part (the servers), I'm
sure something can be figured out there.

>You're dreaming. Remember, the authorities will have full power over that
system, and even in countries where the authorities are not evil, the
authorities as a rule are inevitably corruptible if not corrupt. This isn't
just cynicism, it's reality. Look around.

Full power? I don't believe you have understood what I said.

At this point it feels like you're arguing for the sake of an argument.

~~~
natch
Looking forward to learning more about this new perfect future protocol that
you think will solve the problems.

/s

