
Real people don't need end-to-end encryption says UK Home Secretary - fischersully
http://uk.businessinsider.com/home-secretary-amber-rudd-real-people-dont-need-end-to-end-encryption-terrorists-2017-8
======
mattmanser
Basically she's saying chat apps in the UK shouldn't be allowed end-to-end
encryption.

So the terrorists will setup a chat system that look like payments.

In the mean-time, the UK government will use our chat to identify harmless
political dissidents, groom them online and then fail to incite them to
violence. Given previous performance, they will meet some of their targets,
get a few pregnant and then get sued 20 years later when someone reports on
how idiotic the police and spies really can be while everyone sane scratches
their heads about the targeted pro-solar-power "terrorists", who happened to
piss off Lord McOil who had a quiet chat with his Eton buddy in GCHQ which got
them classified as dangerous.

After 5 years, Boris, our new PM, will decide to give government departments
access to find benefit cheats and illegal immigrants. The system they'll build
will cost more than they recoup and will be a drop in the bucket compared to
what they could have recovered if they had spent 1/10th of that money chasing
rich tax dodgers.

A couple of years later, they will give councils access to the whole country's
chat to try and catch some fly-tippers.

In this time, the civil servants will actually use the system to stalk ex-
girlfriends, random crushes and celebrities or spy on wives and husbands.

Eventually, some civil servant will accidentally leave a hyper-storage-cube on
the bus containing the last 5 years of everyone's chat and it'll turn up on
4chan.

The resulting misery and damage will be justified by the government because
they once caught a "terrorist" who was standing in the street screaming "Allah
is great" and stabbed a policeman. In reality he was a normal guy who had
suffered from Bipolar Disorder but the NHS couldn't afford to treat him and
classified him low risk, so ended up having a breakdown.

~~~
abainbridge
Say a smartphone app ran both an https client and server. For users to send
each other messages, they connect to each others servers. That's end to end
encryption, right? And looks identical to the type of encryption they'd still
allow right? What have I missed?

~~~
abainbridge
I guess once it gets popular, they just force Apple and Google to remove it
from the apps store. So it has to be a web site with all the http server
running in javascript/web assembly. I guess you still need a central server to
let clients find each other in the first place. They could block that at the
DNS level.

~~~
grey-area
I'd use bank accounts, PayPal or money transfer with small transactions and a
one time pad to signal. They'll never ban bank accounts and it'd be hard to
find signals amongst the noise. Or you could just use pgp and paste it into
whatever app you want. Pandora's box has been opened, its remarkably naive to
try to ban secrets at the same time as hoarding an unprecedented number of
signals.

Obviously you can't intercept signals from someone using outlawed encryption,
a one time pad or no direct messages. I'm not sure the stated goal (stop evil
terrorists) is the real goal though - reading almost all communications and
selective leaks is just such a useful tool for things like subverting
democracy, throwing elections and controlling politicians.

~~~
cr0sh
> reading almost all communications and selective leaks is just such a useful
> tool for things like subverting democracy, throwing elections and
> controlling politicians.

Maybe someone out there needs to air her dirty laundry secrets that she's
projecting on the rest of the population?

------
nsnick
The problem is largely the UK's lack of a constitution. There are no checks or
balances in the UK. Parliament can literally do anything they want. The courts
can't block Parliament. Parliament can just abolish the courts. The house of
lords can't stop the house of commons, the commons can just override the
lords. The queen won't veto the commons because she fears parliament will just
abolish the monarchy.

~~~
ue_
As an anecdote related to this, there is a law that came into force in the UK
in 2009 which made illegal drawings showing fictional characters who appear to
be under 18 engaging in sex, or in the presence of sex. A similar law came
into force in the United States (the PROTECT act), and it was stricken down by
SCOTUS because a clause making illegal drawn pornography turns out
(unsurprisingly) to violate the constitutional to free speech. Currently there
are about 20 prosecutions per annum (and it is rising) under this law in the
UK. I don't think this truly hideous law will be stricken down by a court
(even the ECHR, which is May's sworn enemy) nor will it be repealed by
parliament, because _nobody cares about disgusting speech_.

~~~
paganel
> As an anecdote related to this, there is a law that came into force in the
> UK in 2009 which made illegal drawings showing fictional characters who
> appear to be under 18 engaging in sex

So you're saying that watching most hentai is borderline illegal in the UK?
That's crazy.

~~~
ue_
I wouldn't say _most_ , but a good proportion is, even possession of it. The
catch is that the character has to give the "predominant impression" of being
a child, so they can have non-child like features (such as slightly larger
breasts, antennae (as was mentioned during the debate) etc.) and still be
counted under the law. And you think you can encrypt to get away from it? No
chance! If you refuse to hand over your keys to an encrypted volume you can
face a maximum of 4 years in prison.

~~~
DanBC
> If you refuse to hand over your keys to an encrypted volume you can face a
> maximum of 4 years in prison.

The requirements for getting you to hand over your keys are a bit stricter
than "they ask for them". The long and complex law is here:
[http://www.legislation.gov.uk/ukpga/2000/23/contents](http://www.legislation.gov.uk/ukpga/2000/23/contents)

The RIPA sentences for failure to handover passwords is either 2 years or 5
years. It's 5 years for child indecency cases, but the relevant laws are
listed in subsection 7, and it doesn't include The Coroners and Justice Act of
April 2009. (And that only applied to England, Wales, and NI. It doesn't apply
to Scotland.)

It's not clear that most hentai is made illegal by the C&JA2009. See below.

[http://www.legislation.gov.uk/ukpga/2000/23/part/III](http://www.legislation.gov.uk/ukpga/2000/23/part/III)

    
    
      (7)Those provisions are—
      (a)section 1 of the Protection of Children Act 1978 (showing or taking etc an indecent photograph of a child: England and Wales);
      (b)Article 3 of the Protection of Children (Northern Ireland) Order 1978 (S.I. 1978/1047 (N.I. 17)) (corresponding offence for Northern Ireland);
      (c)section 52 or 52A of the Civic Government (Scotland) Act 1982 (showing or taking etc or possessing an indecent photograph of a child: Scotland);
      (d)section 160 of the Criminal Justice Act 1988 (possessing an indecent photograph of a child: England and Wales);
      (e)Article 15 of the Criminal Justice (Evidence, Etc.) (Northern Ireland) Order 1988 (S.I. 1988/1847 (N.I. 17)) (corresponding offence for Northern Ireland).]
    

I don't think RIPA mentions the Coroners and Justice Act, so I don't think
they can force you to reveal passwords for those images. But maybe I'm missing
some changes?

[http://www.legislation.gov.uk/ukpga/2009/25/part/2/chapter/2](http://www.legislation.gov.uk/ukpga/2009/25/part/2/chapter/2)

    
    
       (2)A prohibited image is an image which—
         (a)is pornographic,
         (b)falls within subsection (6), and
         (c)is grossly offensive, disgusting or otherwise of an obscene character.
    

I'd suggest it could be argued lots of hentai fails (c).

    
    
       (5)“Child”, subject to subsection (6), means a person under the age of 18.
       (6)Where an image shows a person the image is to be treated as an image of a child if—
         (a)the impression conveyed by the image is that the person shown is a child, or
         (b)the predominant impression conveyed is that the person shown is a child despite the fact that some of the physical characteristics shown are not those of a child.

~~~
ue_
Thank you for your clarification as to the law on key disclosure. I was sloppy
when I said "UK" and I did not exclude Scotland. NI also has a separate law of
their own for this, too.

> I'd suggest it could be argued lots of hentai fails (c).

I'm not so sure. Perhaps images that don't display any act of sex taking
place, and just nudity or even swimsuit (e.g ecchi) would qualify, but most
hentai does display acts of sex taking place. Either way, might the subject,
being a "child" hold sway on whether it is considered "disgusting" or not? I'd
think it would.

>the predominant impression conveyed is that the person shown is a child
despite the fact that some of the physical characteristics shown are not those
of a child.

Yes, this is the part that I was talking about when I talked about breast size
and antennae.

Either way I am wholly opposed to such a law, and I think the arguments used
to support it are weak.

------
objclxt
> Companies are constantly making trade-offs between security and 'usability',
> and it is here where our experts believe opportunities may lie.

Amber Rudd's "experts" couldn't prevent a simple brute force attack on her own
parliament that would have easily been mitigated with 2FA
([https://www.theregister.co.uk/2017/06/26/parliament_email_ha...](https://www.theregister.co.uk/2017/06/26/parliament_email_hack/))

------
mi100hael
_> Real people often prefer ease of use and a multitude of features to
perfect, unbreakable security. So this is not about asking the companies to
break encryption or create so called "back doors". Who uses WhatsApp because
it is end-to-end encrypted, rather than because it is an incredibly user-
friendly and cheap way of staying in touch with friends and family? Companies
are constantly making trade-offs between security and "usability", and it is
here where our experts believe opportunities may lie._

lol what a terrible argument.

> suggesting that E2E encryption hinders usability

> points to the massive number of WhatsApp as proof

~~~
AlexandrB
Actually I think it's a pretty devious argument. This is effectively saying
that most people value convenience over security & privacy. Given the track
record of corporate surveillance and ad supported content this is absolutely
correct. After all WhatsApp users are already OK with Facebook collecting
their metadata for advertising purposes.

~~~
TremendousJudge
>After all WhatsApp users are already OK with Facebook collecting their
metadata for advertising purposes

They aren't either OK or not OK. The overwhelming majority of WhatsApp users
simply don't know. They don't even think about it. In fact, the average user
doesn't even know that WhatsApp is owned by Facebook, or even that it used to
be a paid subscription

------
HelloNurse
"So, there are options. But they rely on mature conversations between the tech
companies and the Government - and they must be confidential"

i.e. backdoors. Trust us, we are the government!

~~~
choward
That's such bullshit. If anything only government conversations conducted by
public servants should be made public and private conversations should be,
well, private.

------
diego_moita
Dear UK secretary: your department lost credibility to talk about "real
people" needs when the UK police helped Murdoch's "News of the World" to hack
into "real people" phones.

But I don't expect you to understand your own responsibilities so let's just
wait until Vladimir Putin hacks into any server containing your private
information. Then UK politicians will understand.

~~~
netsharc
Nah, she's an "important" politician, so she's not "real people", she's
allowed to use encryption. Phone hacking? Well celebs are not real people
either, they should be able to apply to use encryption, in her mind.

~~~
MrsPeaches
Not just celebs:

[https://en.wikipedia.org/wiki/Murder_of_Milly_Dowler#Voicema...](https://en.wikipedia.org/wiki/Murder_of_Milly_Dowler#Voicemail_tampering_investigation)

------
vectorEQ
real people don't need UK Home Secretary.

------
gumby
Banning encryption won't hurt the bad guys since they can always use codes. I
believe the Sept 2001 terrorists used terms like "birthday. Are", "candles"
(for the WTC) etc.

It will simply destroy the privacy of ordinary people who set up a dinner or
buy a birthday present for their kids

------
samdung
"Having two identities for yourself is an example of a lack of integrity" \-
Zuckerberg

~~~
jacquesm
Zuckerberg lecturing anybody on integrity is really weird.

------
Joeboy
I don't think her statement actually says "real people don't need end-to-end
encryption". I'm not sure what she _is_ saying though. Not banning end-to-end
encryption, not asking for back doors, but having "mature conversations" that
have something to do with trade-offs between usability and security. What?

~~~
konradb
These conversations are about being able to decrypt the conversations without
using the term backdoor. The government will see them as mature if it is given
access.

------
gargravarr
And I thought the BBC article was bad enough. This is just appalling.

"Real people" just use ROT13...

------
DarkKomunalec
Real people keep their heads down, don't question authority, and don't cause
trouble.

~~~
gargravarr
[http://www.indiewire.com/wp-
content/uploads/2014/06/1984.jpg](http://www.indiewire.com/wp-
content/uploads/2014/06/1984.jpg)

------
logeek
As demonstrated in this camera footage, terrorists do not use WhatsApp to plan
attacks. They meet in person - without their phones:

[http://www.independent.co.uk/News/uk/home-news/london-
attack...](http://www.independent.co.uk/News/uk/home-news/london-attack-cctv-
video-terrorists-ilford-gym-before-borough-market-stabbing-ummah-fitness-
centre-a7778666.html)

------
mhkool
What politicians do not understand: \- if we are forced to chat unencrypted,
terrorists will communicate in "code": "the eagle will fly today" means
"attack now!" \- terrorists did successful attacks before the internet and
before smartphones and do not need encryption \- terrorists do harm because
they are harmed. Stop harming them and they will leave you alone.

~~~
drivingmenuts
> terrorists do harm because they are harmed. Stop harming them and they will
> leave you alone.

That is a huge oversimplification.

Terrorists do harm because they see a political value in harming others. For
proof, look no further than the domestic terrorists who have bombed abortion
clinics and shot doctors who worked there, or who have threatened to do same.
All while being backed by religious organizations, who are just as culpable
for the results.

Sure, these people might not be called terrorists, because the FBI has to
abide by laws of free speech, etc., but they are just as much a terrorist as
any person looking to wage jihad.

\----

See this article for the FBI's explanation of not calling a terrorist a
terrorist: [http://www.huffingtonpost.com/entry/fbi-terrorism-
label_us_5...](http://www.huffingtonpost.com/entry/fbi-terrorism-
label_us_594ae80ce4b0a3a837bcce51)

------
strictnein
It'll be interesting in 10-15 years when the US is one of the few countries
left that allow unfettered access to encryption, VPNs, secure messaging, etc.

How does the saying go? "The dark night of fascism is always descending in the
United States and yet lands only in Europe"

~~~
throwawaymanbot
its only a matter of time before the USA outlaws these also. I know the
agencies are itching for it. Even though it would be unworkable.

~~~
dsfyu404ed
Keep dreaming.

Forced to choose between the agencies and big business who do you think the
legislators will choose? Sure they can side with the agencies but if business
isn't on-board with that checks will get written and there will be new
legislators.

I hope the agencies force the choice. It gives the legislators a chance to do
all the things they should have done after Hoover left.

~~~
throwawaymanbot
I really do hope you are right.

I do remember Big Business complained about HTTPS use, coz it blocked them
"hoovering"/vacuuming up customer info. (excuse the pun)

Also, the Govt has liaison people with some of the Big Corps. Not to mention
big corps give big checks to both sides, as routine, there is no financial
hurt on the Pol Parties ever sadly. ATT for instance gets paid millions to
give up the data.

Update: I just read Amber Rudd (UK Pol goon) created the "Global Internet
Forum to Counter Terrorism with Facebook, Microsoft, Twitter and YouTube
(Google/Alphabet, Inc.) and asked them to remove end-to-end encryption from
their products "

------
throw2016
Hilarious! Let's criminalize privacy and ask pointed questions to those who
seek it.

Staggering double speak from Orwell's own land. Who would have thought.

Question: Is a terrorist more a threat to civilization or these closet
totalitarians crawling out of the woodwork?

~~~
gargravarr
Orwell wrote 1984 as a warning. Not an instruction manual.

------
talmand
History shows real people don't think they need things like end-to-end
encryption until after their government starts taking it from them.

------
turc1656
I realize the article was about the UK, but this entire encryption/spying
issue certainly applies to the US as well. My comments are regarding the US
because I don't know enough about the UK's laws and general situation to speak
on it.

The cat is out of the bag. End to end encryption that is very easy for the
average user to use exists. There's no going back. These terrorists that they
are so worried about are going to use it (if they have any common sense), even
if it is outlawed somehow. Making it illegal or extremely difficult to use is
the same as gun control - the criminals are still going to break the law
because their end goal is a crime far worse and if they are willing to commit
that crime then they are surely willing to commit the lesser crime of not
getting a license for a weapon or possibly using end-to-end encryption.

In the US we supposedly have the 4th amendment to protect against this NSA
spying criminality. The 4th amendment protects against both search _and_
seizure. The giant dragnet they use to sweep up all communications over
_private_ channels is supposed to be a crime without a warrant. And when done
in bulk it should be easily considered a mass, rank violation of the 4th
amendment. For example, in the case of your cell phone, you agree to allow a
private business to forward your data and communications. They theoretically
can access it all, including your GPS because of the cell tower triangulation.
That should be understood as necessary to providing the base service. But your
agreement is only with the telecom provider, _not_ the government. The
government just decided to stick it's head in and declare itself to have a
national security interest in the data of not just you, but everyone in the
entire nation, and demanded access to it all.

What's worse is that these programs have not been proven to actually stop
terrorists: [https://theintercept.com/2015/11/17/u-s-mass-surveillance-
ha...](https://theintercept.com/2015/11/17/u-s-mass-surveillance-has-no-
record-of-thwarting-large-terror-attacks-regardless-of-snowden-leaks/)
[http://www.nbcnews.com/news/other/nsa-program-stopped-no-
ter...](http://www.nbcnews.com/news/other/nsa-program-stopped-no-terror-
attacks-says-white-house-panel-f2D11783588)

In fact, based on my memory, every instance of a thwarted attack has been the
FBI actually communicating directly with alleged terrorists using undercover
agents. This is how actual investigative work has historically been done. They
followed up on tips, evidence, etc. and followed the leads and performed a
real investigation and followed the proper warrant protocols. And doing it
"the hard way" has yielded them more terrorists in handcuffs than the NSA.

The results are so abysmal for the PRISM program and it's siblings, that it
begs the question whether or not stopping terrorists is even the real purpose.
Personally, I have never thought it was the main goal. Sure, they might catch
some, but I think the real purpose is to make sure no one poses a political
threat. If anyone starts to get out of line or cause too many problems, they
can just rifle through all their data they have on you and find something to
use against you. How many people are clean enough to escape that? Ever, even
once, downloaded an illegal mp3? Ever watch a movie on an illegal, streaming
tube site or use torrents? Ever cheated, even a little on your taxes? Ever
cheated on your spouse? Have a porn fetish that others may find unsavory? In
the closet? Are you fully in compliance with every housing regulation? Have
permits for every little thing that legally requires a permit? Have any
secrets that aren't illegal but may be embarrassing? Done anything that isn't
illegal but people would look upon with disdain? It might just be used against
you.

~~~
blfr
E2E is only easily accessible to regular users because because you can install
Signal straight from the appstore. It can be made much less easy by a
sufficiently determined government.

------
cestith
Did she really use a "No True Scotsman" argument to say the Scots don't need
privacy and security?

------
m0llusk
We the people will let you know what we need, servant.

