Sure, encryption helps terrorists as well as ordinary citizens but it's my belief that freedom and privacy are more important than that. The work of police and security services has never been easy in a free society, but protecting and upholding that free society is the very essence of the job. Dilution of that freedom is therefore counter to the purpose for which these agencies exist, and so when the government tries to move in that direction we, as citizens, should voice our resistance, and keep voicing it until they understand.
There really aren't many other alternatives.
I'm all for a Utopian society where nobody needs to encrypt private messages, but so long as there are people in power who feel they need special treatment, then I will continue to demand the same level privacy as them.
It takes too much to reply: "Tell you what, I'm going to educate you better instead". Because you can educate all you want, you will not have results that helps your re-election 4-5 years down the road.
I have a feeling that some top level FBI people are properly informed, but still want this kind of legislation.
The interviewer could explore the impact of online fraud or identity theft or cyber-bullying, and look at how fast these problems have been growing in recent years. Then challenge the advocate of weakened encryption or mass surveillance over why they want to require security vulnerabilities or create huge databases that will make great targets for criminals. If they claim everything would be securely held and strictly for police use or similar, go with Snowden and Wikileaks.
If the advocate brings up their other favourite argument about protecting children, the interviewer could ask whether it's really a good idea to make it easier to intercept private picture messages between teenagers.
They could ask why the government wants measures that would inevitably undermine investigative journalism that holds the government and the police and the security services to account. Then start listing past controversies relating to the behaviour of those groups to demonstrate why that public interest reporting matters.
It's not as if privacy and security advocates only think these things are important because they don't like the government or something. There are real, serious consequences in play several different ways here.
The scary thing is that the difference between the UK and the kind of place we might describe using words like "totalitarian state" is now more about how our laws are used in practice than what the laws actually say. The government and its agents already have very broad powers, our courts have already taken surprisingly illiberal positions when some of those powers have been challenged, and we lack the constitutional checks and balances often found elsewhere, more so if the government uses Brexit as a mechanism to remove those deriving from Europe without replacing them. We're basically just trusting that the government and its agents will be decent people and use the powers they have responsibly at this point, but as we've seen with the likes of Trump, that's a dangerous strategy when you don't know who the government will be in the future.
For example, Australia's Lindt Cafe siege - the guy was already under "24 hour surveillance" by ASIO (Australian Security Intelligence) - which did nothing to prevent the attack. Despite this, AFAIK there was not much blame placed on ASIO. I'm sure there are many other examples. I'm not saying it's an easy problem to solve, just that more surveillance is probably not the answer.
Sure, the attacker is the real culprit, but adding more laws and surveillance will not prevent crazies from doing crazy stuff.
> Dr Barrett placed Monis on anti-psychotic medication after he told her he was under surveillance 24 hours a day from ASIO and Iranian authorities, including in the bathroom of his home. 
> Mr Abbott conceded Man Haron Monis was not on a security watchlist, despite his long criminal history and known "infatuation with extremism". 
Still, the whole thing demonstrates how useless more surveillance would be.
If they can't even watch someone with a long criminal history and infatuation with extremism, why do they expect us to believe that looking at my dick pics will somehow stop terrorism?
Labour leader Jeremy Corbyn said authorities already had "huge powers". There had to be a balance between the "right to know" and "the right to privacy", he said. 
Unfortunately when it came to actually doing something he provided practically no opposition to the Investigatory Powers Act.
It's one reason I left the UK in the first place; not because of facing personal discrimination for being Irish (I did face some but most British people are pragmatic and fair-minded), but because of the whole securitized atmosphere with security cameras everywhere - it was like being in prison.
However, I have little hope of this changing. As far as I can tell the vast majority of people value security over privacy or autonomy, and of course they never think Bad Things are going to happen to them because they're Good People - like the woman in the news the other day who voted for Trump and is now surprised that her husband is being deported even though he's not a 'bad hombre.'
It's unlikely that there will ever be a mass movement for privacy and autonomy, because the genius and failure o democracy is that it's harder to blame your problems on some antipathetic Other - foreign invaders, aristocrats, an elite social class or whatever. Democracy really depends on people thinking about issues, and most people want to be firmly embedded in a social context, perhaps because were a eusocial species. It's hard for them to conceptualize an oppressive state in the same way that it's hard for most people to imagine hating their parents or the people int heir community.
Happily, as far as digital technology is concerned there is not a whole lot the UK government can actually do about the issue, and May's speechifying is more directed at appeasing the drooling tabloid-reading class than it is reflective of any serious policy initiative. the likely effect sit aht operating systems on computing devices sold in the UK won't be allowed to have built-in encryption and the smart set will be using mods of some sort. Pretty much how it was with PGP 25 years ago.
Please don't attribute homicidal political views to insanity. These people don't have schizophrenia, and people with schizophrenia aren't terrorists.
The only difference is in who they answer to.
Murder is unjust killing. Killing civilians to make a point or to cause chaos is, by definition, murder. Let's not equate that with all the legitimate things armed forces are for.
And coalition is also killing civilians for political reasons, more than thousand of them a month ATM. It is obviously calculated. It's just that someone determined murdering perhaps 5-10 thousands civilians is a OK to give power over Mosul back to Iraqi government, and gave it a go.
The Catholic Church is a good example. The fifth commandment is thou shall not murder. And the Catechism clarifies this by saying
> The fifth commandment forbids direct and intentional killing as gravely sinful. The murderer and those who cooperate voluntarily in murder commit a sin that cries out to heaven for vengeance.
In international arena, there's no universal law.
Some idiots killed a few thousands Americans, and then some Americans did go on a killing rampage as a revenge, murdering 10s of thousands mostly unrelated people. That's about how it looks from the outside.
Pretty much every single person involved in, say, the Iraq war was indeed a murderer. Most of the battles the West has engaged in since WWII were unjust and ill-founded. The people involved in those wars are murderers.
There's a semantic discussion about whether "lone gunmen" type attacks count as "terrorism", but categorizing motivations in real life as politics or insanity isn't so simple.
The lack of adoption of Chinese services elsewhere has more to do with cultural and technological issues than anything related to censorship.
If I need a communication to be secret, I will encrypt it, and I don't need special software.
Even if posession of encrypted messages without the ability to decrypt carries a 10 year prison sentence?
(Yes, this has serious enforceability problems, but that doesn't mean it can't become law)
The "Terrorists" really don't care about the law or the prison sentence behind breaking it.
Law is social code and it runs not on logic but on the belief of a sufficient majority of the public. If technological factors cannot be overcome, social ones can. You are very naive to think that a governmental entity has to care about logic with regard to individual humans, just as ants would be naive to think they could dissuade you from stepping on them when you walk through the garden. The fact that encryption is technically possible under almost any circumstances (even in prison you could conceivably exchange encrypted messages tapped out in morse code through the walls, say) doesn't matter because the calculus of criminal responsibility doesn't depend on some objective process int he way that an encryption algorithm does.
Nerds are very logical, but people in general are not, and appealing to their sense of logic or consistency is dangerous because you cannot rely on them to change their behavior or attitude for cognitive reasons. Organized religion epitomizes this; people may or may not believe in the actuality of an inaccessible personal divinity, but a) the social rewards for professing to do so may vastly outweigh other considerations, and b) the people who do believe will abandon logic before they'll abandon a belief structure that makes them feel good about themselves.
The UK Home Secretary isn't applying for a job in network security or at a tech company. She's telling people what sort of trouble they're going to be in if they insist on deploying or using strong encryption. And since she's in charge of the police, she is capable of making good on those claims. She is perfectly competent - not at the consistent management of information systems, but at wielding political power.
Your idea of winning an argument is a logical demonstration that would be accepted by your peers. A social entity's idea of winning the argument (by social entity I mean an organized collective intelligence, from a village to a superstate) is to simply remove you physically from the field of play. Societies are coordinated in the same manner as insect swarms or other eusocial structures; They are no less distinct for being distributed, and logical arguments have no meaning to them except insofar as they impact the swam's environment, which is not at all the same thing as the environment of the individual swarm members, even the most senior ones.
This is why a 'privacy first' app/platform/protocol will never succeed on those merits alone. The social body can always make arguments against privacy, for exactly the same reason that you don't care about the feelings of any cancerous or invasive cells that spring to life inside your physical body. What's needed are tools that are built to include privacy from the ground up, but whose use case is better speed and functionality, such that people cannot bear to go without the tools they confer an overwhelming economic advantage.
Thus, fax machines were more 'private' than telex machines insofar as fax transmissions were harder to decrypt, plus they could just be plugged into any telephone socket. But if that had been their only advantage they'd have been banned. the overwhelming benefit of a fax machine was that you could just feed a sheet of paper into it - almost any kind of paper - and send it to someone else by pushing a single button. This was a massive time-saver for business - much cheaper and simpler than installing a Telex system, much cheaper and faster than sending documents around by courier, and much more practical than relying on verbal agreements and notes from telephone conversations.
(I'd like to make it clear that fax machines were never designed or marketed to be secure comms channels, but as a purely practical matter they filled that function for many people, and people who still use faxes often do so because they feel somehow more 'secure' than email.)
I think the work of security services have never been easier as it is now thanks to the massive use of social networks and mobile phones, CCTVs everywhere, GEOINT, etc. At least for the Five Eyes.
This too will fail spectacularly.
I hope you're right, but I don't think so.
The next time there is an attack, I don't think there will be an outcry that the all-pervasive surveillance has failed us, only an outcry against the terrorists (who, let's face it, are the real offenders).
One might counter that the scenario I lay out above is not possible. However I would posit that technology enables our capacities to create/preserve and to destroy. However, perhaps stemming from thr laws of thermodynamics, it does seem that our capacities to destroy is always outpacing our capacities to create or preserve, and eventually the gap between these capacities will unsettle the center which cannot hold.
Survival is not a value. Survival is a prerequisite for a lot of other values, but it's not a value in and of itself.
As many people have difficulty grasping what living in a world without privacy would be like, let me propose a different solution: We'll put everyone into solitary confinement, to ensure everyone's survival, as I do not see the value of freedom of movement trumping survival.
Would you agree with that as well? If not, why not?
Also, you might want to realize that surveillance does not ensure that your set of values gets enforced. It's the values of whoever manages to obtain that power, and whose power as a result of the surveillance might be impossible to challenge. The idea that you could create such a power structure and then guarantee that it's going to be used exclusively to prevent that bio weapon from being built and used is extremely naive. You would instead most likely find yourself alive, living in a world that makes you constantly wish for being dead, but thanks to the surveillance unable to kill yourself.
I'm not sure what point you're trying to make, are you saying we need more surveillance to protect us because weapons are becoming easier to produce?
"We need to make sure that our intelligence services have the ability to get into situations like encrypted Whatsapp."
She has said she is "calling in" technology companies this week to try to "deliver a solution".
Marr asks if they refuse to do that, will you legislate to force them to change? She's not drawn on that.
Interview is here:
http://www.bbc.co.uk/iplayer/episode/b08l62r7/the-andrew-mar... [from 45:18]
I understood that UK IP Bill already mean that she already has the ability to e.g. demand a backdoored version of Whatsapp be sent to a target device, but that's not covered in the interview.
It's absurd to think this can be resolved through legislation or cajoling companies into cooperation. But what really bothers me about this whole issue is that we already have laws in place that handle this situation, at least in the USA. In the USA, if you refuse to hand over an encryption key (or can't) and are being compelled to by a court, you can and will be held in contempt of court, and possibly convicted of destruction of evidence. The only thing that forcing people to backdoor their crypto does is allow government entities to investigate people without having sufficient evidence to compel them to give up their keys, and destroy the marketability of large scale, centralized end-to-end encryption solutions.
I mean, you could make the argument that end-to-end encryption restricts the ability to wiretap people, sure, but a wiretap warrant should require a decent amount of evidence, and at that point, there are most likely other options.
I don't think it's a good solution, though. This is going to sound like an argument that you hear about privacy by people who don't understand why privacy matters, but I think on this issue, it holds a little more truth: To be honest, I think the people who are likely to care to do this are people who are advocates for privacy and are tech savvy, and people who have something to hide. I don't think it's terribly difficult, with the resources the global Intelligence Community has to build a profile and dump people into those two buckets with a fair degree of accuracy. Everyone who's not generating random garbage data would still be observable, so it wouldn't really change much outside of the group that's acting. But for those acting, suddenly there's a red flag that they can look for, and then when they see it, start building a profile to figure out if you're a tech person with an interest in privacy, or someone doing something they don't want seen, and act accordingly. In the mean time, we waste time generating garbage instead of just using good enough encryption, and making it so easy to use that people don't even have to know they're using it.
Now, if we could somehow implant babies with a chip that causes them to generate random noise (something babies are already pretty good at, mind you) from birth, that might be worth something. There's no profile building if the noise is just something that humans make by being alive.
Amber Rudd seems hell bent on destroying their only chance.
I'm so sick of getting "this is an adult resource and you can't view it" anytime I search for information about a drug (pharmaceutical, not just "weed LSD and lols").
Switch ISP, or contact your current one to disable this. They don't all do it by default, or at all.
Usually you can have it disabled while you sign up (and they usually ask if you want it). As for giving personal info - they're you're ISP. They have your name, address, billing details, have done a credit check...what else are they going to ask for that you haven't already supplied?
compare BT (£44.99 for 12 months, then £53.99) with AAISP (£45)
once you add on "a couple of quid VPS a month", you could even go for the AAISP 1TB package at £60/month
Those filters, if they're ISP supplied, are optional. You can turn them off.
A VPN is a way to circumvent surveillance but make no mistake: We must press with all our power for legislation which guarantees privacy, all over the world. This is a battle that in the long run, we can't win with tech. We need to become more privacy-aware.
"Those who surrender freedom for security will not have, nor do they deserve, either one."
With the current trend, how long until VPNs are made illegal? "For the children!"
Non-physical so selling to America, Africa or Asia is as cheap as selling to Europe and added value to absorb the new cost of doing businesses (in case the UK does not remain in the Single Market).
If e22 encryption is outlawed in the UK, their businesses would be less trusted (harder to sell expensive things) and will be at the mercy of other countries' intelligence and espionage services.
"The Hindi-speaking handler guiding the men in Hyderabad also insisted on using a kaleidoscope of encrypted messaging applications, with Mr. Yazdani instructed to hop between apps so that even if one message history was discovered and cracked, it would reveal only a portion of their handiwork."
"the handler taught Mr. Yazdani how to use the Tails operating system, which is contained on a USB stick and allows a user to boot up a computer from the external device and use it without leaving a trace on the hard drive."
Even if the British government is successful with WhatsApp, can they do much against free, open source tools?
Why would they care about open source tools and niche use of encryption? Of course they don't. They are after mass surveillance and use fear of terrorism to push for it. It's very logical of them.
It's not entirely by accident that the UK current ramp up of legalized government surveillance coincide with Brexit, as the UK doesn't actually have a democratic constitution limiting government surveillance outside of the ECHR treaty they signed as a prerequisite for joining the EU/EEC.
The UK signed the ECHR in 1950 (and were involved in writing it); the EEC did not exist until 1957.
The court http://www.coe.int/t/democracy/migration/bodies/echr_en.asp is what makes the ECHR significantly more effective then the unenforceable UN Declaration of Human Rights signed in 1948 only came into effect in 1859 and was only explicitly acknowledged as superior in British law with the still controversial Human rights act of 1998 https://www.supremecourt.uk/about/the-supreme-court-and-euro....
The fact that EU membership demand actual rather then pretend ECHR compliance is a fairly big deal in the anti-EU Tory circles currently running the show in the UK and some of them seem to presume that leaving the EU will absolve the UK of any duty to submit to the ECHR court http://www.telegraph.co.uk/news/2017/01/26/theresa-may-prepa... even though I am sure they think otherwise in Strasbourg.
but you are correct in stating that officially the ECHR came into dejura effect in 1950 under the Council of Europe where the UK unlike for the ECSC(1951) and the EEC(1957) was a founding member, but it's worth nothing here that the Council of Europe is a far more toothless organization(like the UN) then either the ECSC and the EEC.
Edit: fixed links
So they'll never run out of reasons to push further. Hooray.
For a corollary see the paucity of coverage on the mass demonstration in London yesterday.
Do we think they know our online banking software uses the same kind of encryption? Probably not. Andrew Marr not knowing this is annoying. But an entire government being ignorant of it is deeply worrying.
This is just populist bullshit. It follows on from other populist bullshit.
I don't doubt that someone in government knows. Probably an entry level staffer. But whenever technology comes up (such as blocking types of content from the internet) the policy is always utterly ham fisted.
How would you achieve the goal of coming up with a non-ham fisted technical solution to a ham fisted problem?
For me it seems to be more in a direction of so called "Big Brother" than real counter-terrorism.
Why can't we collect all the signals all the time?
This is incredibly dangerous for our society, no-one should have that much power. That power isn't about terrorism (or even very useful against terrorism), but about subverting governments, judiciary and businesses.
Don't forget that while they were talking to the IRA politicians were saying in public "we don't talk to terrorists".
(There was a great documentary about this on TV, but I cannot remember the name of it)
Links to any credible sources?
It's basically impossible. One can also use steganography to hide messages in lolcat pictures, or music files. The only way to prevent this, I think, is to start a totalitarian surveillance state where using Free or custom software or hardware is punishable by death. Even then, I'm not sure this will be enough.
What they really need is to invent time travel, and murder Ada Lovelace.
They can't. The US tried it in the 90's when SSL sites could not use strong encryption outside the US and you'd need a license to "export" PGP... That went well! :-/
Install a device on one's head?
I expect it's quite likely this one was using WhatsApp because that's what he used; not because he read about its end-to-end encryption.
Don't think we can "tech" our way out of this.
It's actually easier than ever to ban encryption for messaging.
Would that stop determined people? No, but it's never been about that anyway. Just make the pool small enough and it becomes too difficult to use. (See PGP / email).
Also, if you genuinely legislate against encrypted messaging then it's easy to pick up on the relative handful of people who go outside the app stores to get encrypted messaging applications.
And it shouldn't come to technical solutions, we should have people challenge the notion that two people should never be allowed to share a private message, because that's why Rudd and the government is suggesting.
+1. This is the crux of the matter, although unfortunately I don't think the average person realises it.
Just because something is illegal doesn't mean it is enforceable.
Now, the UK isn't at that point obviously, but if they really wanted to use draconian measures against encryption, it probably would be somewhat effective.
Then there's how you use it. They could mandate all of X businesses could only use encryption that could be inspected by the state, so either weak encryption, or PKI where you send the government your site's private key or use the state's CA or something. They can also mandate backdoors in encryption used in certain ways. And they can mandate that weak encryption be used outside their country's borders.
All of these are real parts of US laws on cryptography from WWII to 2000 to prevent "export" of "strong encryption", because of course evildoers around the world might make use of these "munitions". US law still regulates how we can use or distribute cryptography around the world. It is illegal in the US to release open source crypto on the internet without notifying the Bureau of Industry and Security. And 41 other countries (including the UK) have similar laws.
The one thing the US has going for it is the 1st Amendment, which makes it illegal for the US to prevent its citizens from making or using crypto within the US.
That's not an issue. Writing solid encryption software is very difficult on its own. You will hear "do not roll your own crypto" all the time from security experts. We don't live in a James Bond universe and it's beyond the reach of terrorist organisations.
Beyound the reach of the terrorist organisations? We have already seen pretty sophisticated operations by relatively small crime organizations (like exploiting pseudorandom generators in casino slot machines). There's an established black market for exploits. I think writing an end-to-end encryption app is not much more difficult compared to this. What's more, it will even be perfectly legal in many countries, meaning you could legally hire professionals to do the job. Terrorist organisations won't need to esablish a development office in SV to write the app, they will only need to know how to use Tor and wire money to the app producer. Which isn't such a huge competence to ask for.
Plus, they don't have to write it. They could just 'pivot' from an existing open source messenger.
If all you do is pushing the buttons of the slot machine in the right order with the right timing, that's hardly a crime —and I don't care about court judgements to the contrary. If a slot machine has a crappy pseudo random number generator, they're just asking for it. I'd rather sue the slot machine's maker for providing a machine that's not fit for its intended purpose.
You provided it as an example of "organized crime", and doing so heavily suggests that it is wrong.
We tend to conflate "wrong" and "unlawful", and for good reason: the law is supposed to prevent wrong things from being committed. There are exceptions however, and this is one of them. I'd rather use another example if possible.
Speaking of moral issues, cheating on casino is pretty much off limits on my personal moral compass. That the attack was possible within the normal mode of operation does not make it less of a fraud. Imagine if the casino would reverse-engineer a slot machine and find a way to abuse it within the normal mode of operation, making odds (even more) in their favor. That would be fraud, plain and simple, and I don't see why a player should be held to a different standard.
You are absolutely right, not everything unlawful is wrong. But I fail to see which benefit we as a society would have by allowing exploitation of technical deficiencies in slot machines for profit. It is a crime and it is wrong in my book.
The rules for slot machines are ostensibly very simple. As long as you're only pushing the buttons that are supposed to be pushed without deteriorating them, you are acting within the rules of the slot machine, and as such cannot cheat.
The presence of hidden rules such as "don't push the buttons in this particular order and timing", or "don't push the buttons in a way that reliably causes you to win", are just silly and unfair. Especially considering casinos are exploiting gamblers' minds in the first place. Don't like slot machine exploiters? Fix your slot machines.
Likewise for counting cards: the player is merely acting upon information naturally gathered buy observation and play. Asking players not to act upon such information is intrusive —and unheard of in competitive play. Don't like card counters? Invest in a continuous shuffling machine.
"you're only pushing the buttons" except they were not only pushing a button, they were also recording sequences and sending them abroad for analysis.
But as you directly say that exploiting the flaws of a slot machine is not cheating and that it's fair, I guess I won't be able to persuade you otherwise.
Either you meant something along the lines of "that shouldn't be a crime" or you're essentially saying "it's not crime even though it is a crime" - which doesn't make terribly much sense.
Anyone have a link about this story? I'm curious to read about it.
Sure that can go wrong as anything can, but it's far from rolling your own crypto and makes things a lot easier.
It's not. You can use existing software, reuse existing protocols, and stick to safe languages as much as possible. Even implementing your own crypto isn't all that difficult¹. I have written my own crypto library², and I can almost recommend it for production use.
Are you suggesting gpg has been backdoored? A simple wrapper around gpg is not-beyond terrorist organisations.
Of course it's utterly trivial to make a one-time-pad cryptosystem, and more practical in 2017 than ever. So what if the keylength must match the message length, my phone has a 32gb uSD. That's a lot of text messages.
If we outlaw encryption, then only outlaws will have encryption.
Sure, but what's to prevent someone from building something on top of OpenSSL or PGP or whatever? Can't be that hard.
Also, we were shocked to discover that virtually ALL criminals rely on something called Oxygen to perform their work so this is now a controlled substance that will be heavily regulated.
We were then terrified to learn that after banning forks, terrorists were able to successfully eat with spoons or even their hands.
Seriously, you cannot ban tools. Lawmakers have to approach this with a firm grounding in statistics (how LIKELY is a risk, relative to the magnitude of the measures to prevent it?). They also have to realize that some things are just necessary for society to function. Stop being paranoid.
If you're ok with encryption back doors you should also be ok with govt master keys for all your stuff (house, car, bank account, etc)
TBH I am surprised attackers do not better destroy their electronic equipment just before they carry out their attack. Pop your phone and SSD/flash drives in the microwave on high for a few minutes is pretty much going to destroy all evidence on them, and if not then chances are you are dead anyway so whatever data they might be able to get off will most likely be useless to them anyway.
Terrorists just use something else while the populace feels gradually more oppressed/controlled/...
In a way they get something for nothing.
Wow, that sentence got away from me.
(Then again, a 4 Lions moment where an intrepid terrorist slits his own throat with a molten SSD wouldn't be the worst thing in the world...)
Thats it guys. Mommy says no more maths.
Agreed. I'm terrorized when I hear gov representatives talking like that. Who's the terrorist, I wonder.
Obviously it's all more complicated than I could quickly write, but to me there's a big difference between the self-radicalized generally disconnected persons in the US or U.K. versus those on the ground overseas.
I'm not in the US. I have actually been very impressed by the outspoken actions of anti-Trump people in the US, with the massive protests and constant (well-deserved) media scrutiny. Also I never knew I could have so much respect for Hawaiian judges.
Why they didn't bother to vote is beyond me, though. Trump is a buffoon, but he was able to successfully motivate other buffoons to actually vote.
I did hear the description of their vote as being force to choose "between a disaster and a catastrophe" though, so that might go some way to explaining it.
Attacks of the past have shown that terrorists don't have a need to resort to encryption. The people involved in the Berlin attack last year, for instance, were monitored. Authorities knew they would strike but they didn't have sufficient incriminating evidence that would count in court to lock those guys up.
Even if encryption on messaging services were forbidden (which would make millions of law abiding people vulnerable in some way), terrorists could use throwaway email accounts from internet cafés and wrap their messages in password protected attachments.
The latter her and the precious home secretary (now PM) have been banging on about how under threat we are from the terrorist hoards for years now - all so they can erode freedoms and increase mass surveillance under the guise of 'keeping Britain safe'.
The idea that banning encryption of private conversations will prevent these few crazy people from causing damage is of course ridiculous.
They must know enough to know that this won't actually fix the problem, so I would have to surmise that they are just trying to do something and stay somehow relevant before their term comes to an end.
"Never mind the collateral damage, I'll be retired on a government pension by then."
If people knew the damage these idiots do, they would be in the streets.
Oh wait, they already are in the streets...
> That is my view - it is completely unacceptable
You know what else is completely unacceptable? Technologically illiterate, authoritarian jobsworths capitalising on tragedy to push through their agendas. But that's just my view.
Home Office always seems to attract the nastiest and dumbest of politicians, but this is a whole new level of dumb, and sadly will only gain her more support, because the general public either have no idea about the implications of backdoored crypto, or simply don't have any expectation of privacy and are happy to give up what little they have left in order to feel safe.
Then some genius will come up with what's essentially an "encryption is illegal for terrorists" bill and we'll have the best of both worlds: full use of encryption where we need it, whilst the terrorists can't use it because it's illegal!!
It is our duty, as the public, to continuously say "no".
Disregarding any negative consequences, their motivations are pretty transparent - there's little doubt that being able to read everyone's private messages will enable the intelligence services to better do their jobs. However, as Edward Snowden and others have already shown to us many times over the last few years, the UK government can't be trusted with this responsibility - and that this is probably the thin end of the wedge. Britain is already the closest thing that Europe has to a surveillance state, and the number of people killed in the UK by terrorism is vanishingly small - we are hundreds of times more likely to die in a car accident. Is it really worth giving up the last vestiges of our privacy for a little bit more security?
On the contrary. The Home Secretary is literally the holder of the ministerial authority that is required for police and security services to use a lot of the powers they have, and is supposed to be providing oversight and ensuring that those powers are used responsibly.
Unfortunately, that means the Home Secretary spends several hours every day just looking at cases presumably involving some very nasty people. You have to wonder how anyone could keep a balanced perpsective if they're doing that for 20, 30, 40 hours every week for months or years. Everyone who becomes HS in the UK turns into a severe authoritarian within a few months of taking the job, regardless of their prior political views or how reasonable they might be about other matters.
Seriously, this argument is FUD. I'm sorry for picking on this quote, as I agree with the rest of your post, but allow me to go on a short rant..
We've seen this argument used many times over. It was used to introduce surveillance cameras on every UK street. What has it achieved? Less parking lot crimes.
The EU used it when introducing the data retention directive. Which was "nullified" eight years later due to violating fundamental human rights. Of course, the infrastructure is still in place, and everyone is still using it. What has it achieved? AFAICT nothing except a blatant danger to society. The ability to know everything about anyone and actively take over their private devices is not something that should be taken lightly.
The GCHQ even admitted that the London terrorist was "on their radar". Well duh, who isn't. If that's not admitting mass surveillance is ineffective, I don't know what is.
It is impossible to prevent all crime before it occurs. The world isn't NP complete. Get over it. Or, to paraphrase Gödel: "I would rather live in a world that is inconsistent, than one that is incomplete".
The intelligence agencies are just bored. They have no wars, except drugs and "terror". They use this "downtime" to get more data sources by influencing politicians.
Guess what, gathering more of the same shit data won't increase your signal.
 Not an actual quote, but I'm sure he would agree.
Now, private conversation is illegal.
I guess it leads to "ownlife".
Our Government is an absolute disgrace; and unfortunately, one to which there is currently no credible, strong opposition.
Labour were supporters of the recent IP Bill (it actually applied restrictions to some of the crazy powers the last Labour government gave to the police, which gives you an indication of their general position on these things). Labour have had authoritarian positions on crime and policing issues since Blair became shadow Home Secretary (1992). It has been part of their 'tough on crime' strategy of attacking the Conservatives from the right since that point and was a core part of the New Labour strategy.
The only thing a "stronger" Labour opposition would get you in this situation is a parliament even more united in support for restrictions on encryption.
Because that's where we're at currently.
Since the current prime minister supports her, I doubt it. It's an absurd position, but not without support in the current administration, just like her outspoken views on immigration.
And, I'm sorry to say, a large chunk of the public, who have for years been force fed rubbish from politicians and the media alike about the huge terrorist threat that threatens to destroy our country (when in reality just about anything else you can think of is more of a threat than the odd crazy with a knife and car...)
They can track his purchases via his debit card, his movements via CCTV + cell tower records, intercept his emails... but there's one bit of his digital life that's inaccessible and we're "going dark?"
We are burning bright with data. More data does not necessarily mean less terrorism.
The English might be better served by posting some armed officers in high value areas. The French do this at major train stations and tourist spots like the Eiffel Tower. This doesn't stop terrorism, but vastly reduces the body count.
Frankly, I think it's laughable that countries which resisted the Nazis will let 10 people dying make them consider rolling back civil liberties.
For most of history, governments have not had the ability to easily monitor the communications of their citizens. Widely available, user friendly encryption tools are just returning us to normal. Well, except for the massive trail of metadata everyone now leaves.
However, can't they already find out who the message was sent to? Whatsapp obviously has to have that information, and it appears they will give it to law enforcement:
I'm not sure that knowing the contents of that message will really help more than knowing the person who it was sent to.
It seems that they had this guy on their radar a few years ago, but didn't think he was worth keeping an eye on, so even if they could decrypt whatsapp messages it wouldn't really have helped them.
* The UK government leads the "free world" in ignoring its own warrant process, and pursuing a "collect it all" strategy for commsec. UK citizens have no reason to trust that their government, given such access, would not abuse it. They've abused all their other access thus far.
* Privacy and Security help normal citizens and criminals alike. This is as true for a locked front door as it is for an encrypted message. We grant governments the ability to violate privacy under warrant - they may snoop, spy, enter our homes, and read our mail. We do not grant them the ability to violate security, however. They still have to pick the lock, steam the envelope, and crack the safe. These are important distinctions. We do not engineer a backdoor into all encrypted messages, for the same reason we don't mandate a government master key for all doors.
* The idea that you can legislate math out of existence is a joke.
There is one reason to cry at her position.
* They will eventually legislate this way anyway.
Yes, and then he went and did something stupid with easily accessible tools and acted alone.
You might have an argument if he was part of a coordinated attack against something but lone-wolf terrorism has always been defined as unpreventable by security services such as SIS. Once radicalised it's impossible to prevent individuals doing stupid stuff.
The only thing she has revealed his the conservative parties desire for totalitarian control. :(
Even ignoring the erosion of privacy angle, this just doesn't work. Outlaw encryption, and only outlaws will use encryption. Provide government backdoors into the popular commercial messaging apps, and people coordinating terror attacks will just use custom, unknown, private encrypted messaging apps.
But you _can_ make the argument that if only outlaws use encryption then they're painting a target on their back, which leads to greater scrutiny by security services.
This is reasonably achieved by the current dragnet surveillance systems in place, along with ISP's logging everything.
I don't agree with it, of course I don't, but that's probably an angle people could take- But the angle Amber Rudd took is even more starved of sense.
It's like she didn't ask the appropriate question: "What could we have done to prevent this attack" and the follow up "If we had direct access to his phone and all of his communication information, what could we have caught" and the answer is _nothing_. He used tools commonly available to him, acted alone, probably told nobody.
Anyway, tell the bad guys you're watching the comms and they'll figure out how to talk, they're motivated and smart.
Actually there is a lot they could have done to help him in his obviously troubled life but that doesn't fit with conservative ideology.
Even the most socially progressive system on the planet will have people slipping through the cracks- we have to be able to deal with that eventuality too.
More important is his time in prison - where most UK terrorists were radicalised - and if you were saying that UK prisons don't rehabilitate I'd agree.
In this specific case there's no suggestion he had mental illness, and it's ignorant to suggest he did.
Perhaps it doesn't fit under the "common" mental illnesses of depression, anxiety, etc. but it lines up well with thought disorders. A sane and well person would not jeopardize themselves, and their fellow species.
Sane (by the usual definition, though it's possible you are using an unusual definition of your own) people jeopardize themselves to harm other members of the species all the time.
In fact, societies tend to have organized groups of people who are expected to do this when the targets are enemies of the group, and who are honored for it; they also not infrequently honor people who independently do it against people theor society has decided are "the enemy".
It's a bit odd to pretend those are the actions of a well-adjusted, sane person.
You cause harm to people with mental illness when you ignorantly link violence to mental illness.
I don't think it's ignorant to ask the question if someone who did that is right in the head.
You are saying two things:
1) He is violent because he has a mental illness.
2) People with mental illness are violent because of their illness
The reality is very simple: he was a violent man. He had always been a violent man. He had a long history of violent behaviour. He doesn't have a long history of contact with MH services, and he never had (as far as I know) any contact with secure MH units. Some men are remarkably violent, but most of them know exactly what they're doing and they're not controlled by an illness.
The prevalence of violence, and mental illness, means that obviously there's some overlap between "people who are ill" and "people who are violent", but you need to be really careful not to say "the violent people in that overlap are violent because of their mental illness".
When looking at predictors of violence we see that mental illness doesn't give you much if any predictive power.
Substance misuse does; previous episodes of violence does; and any (especially all) of these combined does.
The reason it's important to avoid incorrectly linking violent behaviour to mental illness is seen in the stats of people shot and killed by US police: about half the people shot and killed each year are people with mental illness. The vast majority of them pose zero risk of harm to other people, maybe some risk to themselves, but they get killed because people like you keep pushing the "mental illness == violent and dangerous" myth.
Just by virtue of his actions, and also because the news mentioned that he's been in jail, I think he's probably got some kind of mental illness or thought disorder. I could be wrong or I could be right, but for the moment I'm going to stick to that opinion.
I never said all mentally ill people are violent or dangerous, because I don't have some concealed anti-mentally ill agenda.
I do however have a bias in thinking that mass-murderers are generally mentally ill, and a quick google implies I'm factually correct in having that bias.
> He doesn't have a long history of contact with MH services
Hmm. Just the fact that he has had contact with mental health services strengthens my opinion that he's probably mentally ill.
As you've said yourself, some mentally ill people are violent and dangerous, some are not. I am aware of that.
When people are around trigger-happy US cops with guns pointed at them, they get shot, which is no surprise with such a militarised police force. Unfortunately that's the society some people live in.
If cops shoot mentally ill people, that's a problem with the cops and the society that tolerates that behavior, not me for speculating about whether or not a single mass murderer has a mental illness or not.
Don't try to imply that my opinion of a single case is in some way responsible for trigger-happy police in a country I don't even reside in.
I'm neither in the US, a cop, nor mentally ill so none of those are my responsibility.
Once again, I'm talking about this particular mass-murderer, and I think he's probably mentally ill. Nothing you have mentioned has swayed me from that opinion.
I think we're done here.
Well, if only outlaws used encryption and you sent a non-plaintext message then the police would knock on your door at 04:00 the next morning. That's what happens in Morocco if you like something related to terrorism on Facebook. A bit extreme, yes, but that's how some countries do it.
Sure, technically sophisticated enemies know not to like things on Facebook and know to use steganography, but most don't know and those that learn it through terrorist networks have a long vulnerable period where they are malicious but before they become sophisticated.
Obviously privacy is something that HN holds very close to its heart. But I'm interested in what do people here have to say about the privacy features are used by terrible people to do terrible things.
And I want to share something that I think is one of the best arguments for privacy, complete privacy. I do agree with this completely: https://moxie.org/blog/we-should-all-have-something-to-hide/
Regardless of what delusional politicians want, encryption is here to stay. It's just a matter of how much people are willing to give up to feel safe.
So we have to live with some level of crime. It doesn't mean we shouldn't be tough on criminals, but we have to accept that it is not possible in a free society to reach zero criminality.
I think the paradox is that people are reasonably relaxed with some level of criminality but are absolutely intolerant to any form of terrorism. And this intolerance is a new phenomenon. Terrorism isn't new. There isn't more terrorism in Europe than 20 or 40 years ago. In fact a few months ago I compiled the number of incidents and victims from a wikipedia page :
As you can tell, the 70s and 80s were rather more brutal, with far-left, IRA and Palestinian terrorism. And our democracies resisted much better the temptation to introduce more surveillance.
Now why have we become intolerant to terrorism? There are literally tens of thousands of knife attacks every year just in London. Most don't even make it to the local news. Why would this particular incident be treated as a state affair? Terrorism is the buzz of a mosquito. In itself pretty much harmless. But most people will not sleep in a room where they can hear the buzz. I don't have a good explanation. The only thing I can think of is the 24h news cycle where the media will make a big deal of anything that can push the audience up. But that doesn't explain everything. They do the same with plane crashes, but still repeat over and over that though spectacular, plane crashes are extremely rare and flying is extremely safe. Whereas when there is a terrorist attack, the message is "this could happen to YOU!"
Like this? https://www.youtube.com/watch?v=RIuf1V1FhpY
(Tom Scott's "Oversight" from 2013)
I have to ask, what's up with the domain name? Is that some sort of public windows share folder?
As the saying goes, "insecurity is freedom." I've always found it somewhat disturbing that people have welcomed the walled-garden ecosystems popular today, which are essentially the cyber-equivalent.
One difference is that airlines advertise in mass media, terrorist organizations don't.
Baxter and Clarke: The Light of Other Days: https://en.wikipedia.org/wiki/The_Light_of_Other_Days
People should be careful what they wish for.
However, this is the real world, and I'd want the serious trust issues fixed first. Surveillance of journalists. Invasion of privacy by journalists with the complicity of corrupt police. Surveillance of peaceful left-wing and environmentalist groups.
Let's not be ignorant of history either, of secret prisons and unaccountable courts. Let Martin McGuinness' death remind us of H block and the Maze. Who here is old enough to remember the bizarre compromise where Gerry Adams appeared on TV with his words read by an actor, because he was deemed too dangerous to listen to?
Then there is the business of foreign intelligence agencies. If some communication isn't completely private, can it be compromised by the Russians? Remember the US election?
We need to have a conversation about radicalisation, but much of it happens in public or verbally, and it's not at all limited to Islamic fundamentalism. It needs to include the far-right too.
The expectations you have are something I'd agree with too, but many other don't. So how do you reconcile this? Again the reconciliation process you will come up with is perfect according to you but most likely not according to others.
No one can ever win I guess.
A hammer, a knife or a government can be pretty useful, or pretty violent - depending on how you use it. This alone does not imply that a hammer, a knife or a government should not exist or be banned.
Well, that's a very evasive argument in my opinion. It's absolutely true that objects are neutral, but you can't make a blanket argument with topics like these. That argument has been made lots of times by many (including me).
But it eventually breaks down. You can't give a child a gun and when the kid shoots someone say it was the kid's fault. Whose fault is it? I'm guessing you're going to say the adult responsible for putting the gun within the reach of a child. You're still taking away an object from the kid. In this case it was a kid who didn't know better.
Now this isn't a narrow argument. This becomes interesting when you get to powerful things, like say nuclear weapons. They aren't inherently evil too. But if you look around, UN is trying to ban them. Shouldn't UN ban them?
What I'm trying to get at is that you can't always but the blame on people. Just like you can't blame a child for not knowing better, you can't blame a person for knowing better (although people do). Sometimes you just have to take the gun (or nuclear weapons or encryption) away.
You rightly said that I will answer that it was the adults fault. The bad act done with the weapon was giving it to a child, not the childs shooting someone. It gets clearer if the adult hands the weapon to a monkey or a randomized shooting machine. All three scenarios change nothing in regard to the moral responsibility of the adult.
I do not know whether the UN should ban nuclear weapons, but if someone uses a nuclear weapon and we would check out who might be morally responsible for the attack, I'd point at the attacker.
Well I meant evasive argument as in statements which directly avoid the question. Because the thing is, we don't live in a perfect world. So putting the blame on agents doesn't solve the problem. That's why I brought up that sometimes things have to be taken away from people. The question is when and how.
> The bad act done with the weapon was giving it to a child
I didn't say the adult gave the weapon. I just said the adult left it within the reach of the child. One is direct, the other is indirect. I wouldn't even say indirect, but lets go with it.
> I'd point at the attacker
It gets blurry deciding who the attacker is, depending on whose side you are on. Things aren't always so clear.
But we both believe that the world is not perfect. This is why we need to talk about moral responsibility in the first place. Blurry definitions might only make us even more humble while proposing new, disruptive power centralizations like an encryption ban.
With their utterly poor understanding of encryption and the harms of compromising it, people in governments who want to do so might as well be monkeys.
By providing backdoored encryption products, we would as you put it be handing out randomized shooting machines to monkeys.
What if the huge nuclear arsenal was in the wrong hands? That begs the question, what is 'wrong'?
Your definition of peace was probably characterized as oppression/dominance by the people who did want to revolt. You don't account for the extremely subjective nature of things, especially when it comes to nationalistic actions of people.
I was with you up until 'government'. I regard states as exercising unjust authority over people and defenders of private property which is why I'm an anarcho-Communist. The way in which the modern world is divided up means that one must be a subject of some state, which I believe makes there no way to provide proper consent to be governed.
You can flip this for privacy too. The more governments can spy on everyone, well sure we may catch more terrorists and terrorism might even decrease. But at what cost? Totalitarianism? Shudder.
As always it's a trade off, some people loose the right to arm themselves at home but that means other people may not loose their life to a shooting.
It's whole purpose is, to hurt someone; i think that's some point to acknowledge first.
//Playing devil's advocate
First of all, I don't want any company in transit, from my ISP, to the message broker, to the receivers ISP to mine my data and use/sell it for profit.
Secondly, there are a lot of messages which are not illegal, but can be personally embarrassing if they were to become public. Think of sexually-tinted messages, psychological help, a kid who lives in a very conservative community and has doubts about their religion, discussions about a candidate for a job position, etc.
The problem with backdoor is that the question is not if they are exploited, but when they are exploited. And this is all assuming that the organization that has backdoor access is not of ill will.
Giving up such a valuable right to possibly stop attacks which, in the grand scheme of things actually harm very few people, is idiotic. Terrorism is obviously awful but the number of people in the UK actually affected by it is far, far too small to consider forgoing such an important right. And IMO, once you do that, the terrorists have won.
Take the attack in London last week for example. It doesn't require planning. Anyone could get in a car and mow down a lot of people in seconds. It doesn't need discussion on WhatsApp. It doesn't require purchase of weapons. It doesn't require you to do anything shady that could give you away more than a second before you do it. No amount of intelligence gathering could figure it out. You could force every citizen to wear a mic and body cam and you still wouldn't be able to stop it.
How about tackling the actual problem - terrorists seem to have resorted to using cars and trucks to kill people. Lets put up some metal/concrete bollards alone the edge of pavements that have no 'escape route', such as the one on Westminster Bridge.
Nice post. I agree almost entirely with you, but you can't put a bollard everywhere, and even if you could, bad people would find a way around or between the bollards, or simply another way to hurt people. It would be like playing a futile game of whack-a-mole.
At the end of the day, there are people who are so mean-spirited that they want to hurt innocent people for no reason, and they will find a way to do that no matter what we do. Honestly I think a lot of it is mental health more than anything we can really protect against.
It's not possible to wrap everyone in cotton wool, and in order to have some freedom we risk a small percentage of harm. There is no way around that. Without that freedom, there's also the IMO much larger risk of harm from the authorities themselves.
There's no way around it, living in the world involves some risk. It's unrealistic to not accept that risk and fantasize that all outcomes are preventable.
Like another comment mentioned, there are literally tens of thousands of stabbings in the UK every year. Why are we even talking about removing fundamental freedoms (the right to privacy) in order to probably not prevent a few unfortunate deaths per year? The payoff is so small and the cost is much too great.
I agree, this wasn't my suggestion. I was thinking more of areas like a bridge where if a car does start speeding along the pavement, even if you are further along and see it, there is nowhere for you to go. Your choices are stay put (and get hit), run into the road and probably get hit by traffic, or jump off the bridge (dangerous). Bollards along pavements like that would be useful. Even just one at each end and one in the middle would halve the damage by 50% at least. My greater point though is that something like bollards tackles the problem directly and is much more effective than SIGINT for these type of attacks yet nobody is talking about it.
I do think that the bollard solution is a bit unnecessary though, as there'll always be a place where pedestrians would be vulnerable, and many other ways that people could be hurt besides.
At least it's something that could have an effect though. Snooping on emails would have almost no effect, and I hope everyone knows that. Snowden/William Binney, etc, should have made it patently obvious to everyone that there is no shortage of data flowing in, and I'm sure any successful preventative efforts would have been trumpeted to the rooftops with the way those agencies love to pat themselves on the back to justify bigger budgets.
More crap data, from millions of law-abiding innocent citizens, is not going to make it any easier for them to separate out the signal from the massive amount of noise.
The fact the media is not presenting real solutions to either of the actual problems - people being run down by cars or trucks, and people wanting to hurt other innocent people, or even questioning the imaginary solutions makes me strongly suspect there's ulterior motives at play.
To be quite blunt, this is such a blatant and transparent power grab by the authorities that I can't help but think that if the average person cannot see that our media is not interested in presenting the true story, with real facts that make sense, and our government representatives aren't addressing any of the real issues and just trying to remove our freedoms at every turn in order to not even solve imagined problems, then our society is already doomed, and not at the hands of terrorists.
Although we should have mechanism to protect from mass random surveillance.
Saudi Arabia punishes rape victims. We should help with that?
China punishes people who try to air grievances about government abuse and corruption. Again, we should enable them to be more effective in their invasive prying into those individuals than they already are?
In North Korea, your entire family can be punished if you dare be disobedient to the government.
In the US, we recently elected Donald Trump.
Etc. etc... why do you think governments can be trusted with this power?
On top of all that, once the technical means exist, they will also be discovered, cracked, and used by fraudsters, extortionists, and anyone else who can figure out a way to abuse the information.
Nowadays here are other more efective ways, than encrypted WhatsApp (secrecy), to fight bad governments and ridiculous laws.
North Korea and Saudi Arabia are obviously very extreme examples. Internet encryption must be the least of their worries.
Governments with working justice systems should be trusted with power to provide security.
There should be No technical means or backdoors globally accessible.
Information should be provided on request basis, based on a warrant for that suspect. And data stored should follow data protection laws.
If you think you country justice system is not working properly there are ways to fight that. And probably there will be people and institutions already doing.
North Korea and Saudi Arabia and China and the UK would claim that their justice systems are working just fine.
As would my local sheriff jurisdiction where they can't even manage to hire anybody who bothers to do so much as use turn signals. If they can't even manage to do that tiny thing, greatest country on earth or no, I don't trust them with the temptations of the kind of power you're talking about.
>If you think you country justice system is not working properly there are ways to fight that.
LOL! Good luck! Strictly speaking, you are correct that "there are ways to fight that" but the consequences are brutal! It's a pretty big ask for most people. And that possibility will be eroded and, more likely, wholly negated by such systems.
There is no temptation if they need a warrant issued by judge authorizing for the officer to request to the company information related with that suspect. Upon which the company might charge administrative costs to handle the request.
I am saying suspect of a crime committed or with complaint filed against. As stated before I am against mass surveillance and crime "prediction". Even terrorism is a small problem compared with economic/political corruption.
Otherwise the governments might block applications. Or secretly spy on us, with the company help if needed. All done without any supervision.
That includes you, so... be careful.
But I cannot feel safe just because one application company is saying everything is encrypted.
I am just afraid the day security is so good, there will be no more corruption leaks, and the ruling classes can do whatever they want with total privacy.
My unfair imprisonment is less important, than a fair imprisonment of a corrupt politician. I think...