The article focuses largely on the technical difficulties and implementation risks that make this goal impractical. I would like to point out that the goal in question is explicitly Orwell-style surveillance.
If we assume that May is competent and not exploiting a tragic attack to engage in jingoistic gesture politics for the election on Thursday, then this can only be about making sure that law-abiding dissidents cannot communicate with each other in secret to hold the powerful to account.
The rational response is, more people die from falling off ladders than domestic terrorism. Can we look at this problem seriously in a way that includes the economics, without insisting that people be scared little bunny rabbits? Apparently we're not so inclined toward Vulcan logic, this silly primate species.
Consider two countries at war with the other. Now imagine that both are part of the same territory but the planes still fly and the bombs still fall on the same places. It is clear that this is economic and political madness. So as a combined system, the two warring countries are better off not engaging in war. But if one country can make money from war then it is beneficial for it to be at war.
The answer is for those who govern to think in terms of the whole system, i.e. both countries. That is unpopular with patriotic voters who accuse such leaders of being traitors.
It seems to me more and more that people are living in some kind of lala land today.
They seem to believe that military action against some group of people will not result in some kind of recoil. Especially when part of the group they are engaging military action against is living among them or has free access to enter the country.
I think that this is pretty disconnected thinking.
Asking intelligence agency to do better job feels is kind of ridiculous. They just have to follow too many people to be 100% effective.
The problem with calling this a war is that the right-wing press are calling this a war. This is not an existential threat to us in the way, say, WW2 was to the Soviet Union or to the UK once we had engaged militarily. We could withdraw from bombing campaigns in the middle east tomorrow and see almost no immediate detrimental domestic repercussions. That is probably a sign that this is not so much a war but something else. If it was domestic we would call it a massacre.
The more we go down the road of annihilation, the more costly that peace process will be and the more people will die purely for war. That includes our own.
WW2 was an existential threat to the Soviet Union. It was so existential that this became the largest part of the identity of Russians.
But WW2 was not an existential threat to UK. UK could have exited from the war at any time. No battle took place on the soil of UK mainland.
I am not saying the people in UK did not suffer - they just did not suffer comparably to the people in the middle of the conflict. In a way the war was rather distant to the people living in UK.
Well, that's because the battle eventually took place in (mostly) France. But it's not as if that battle would not have eventually happened in the UK if the Germans had managed to gain air supremacy over the UK or if they had managed to pull a reverse Normandy. The UK could not have exited from the war at any time at all, their shipping would have been sunk and they would have been under siege from the moment they did so.
The larger cities were receiving a good number of aerial bombardments and V2's (ok, also a form of aerial bombardment). And then there was the shipping tonnage sunk with all hands.
War very much came to the UK, even if the eventual battle took place in France, Belgium, NL and eventually Germany (where whole cities had been obliterated).
Not so for the USSR, since it had been designated as "Lebensraum".
This kind of verbal white-washing causes all kinds of problems when the inevitable adjustment happens which shows that we can play word games all we want but it won't make an actual difference.
A draft would change this. But the military is a product like anything else. It's not civil service. It's not something that every family suffers from. The U.S. professional military is overwhelmingly middle and lower class. There's no meaningful representation of aristocratic families in the military. They have nothing to lose by supporting politicians who in turn support interventionist policies abroad.
When discussing foreign policy on an internatioal medium it would be helpful to formulate your responses by specifying the hypothetical combatants and coalitions explicitly rather than implicitly (i.e 'we' is an ambiguous definition in this context).
For example, China/Taiwan, North Korea/South Korea, which no longer fight.
We saw similar pushes for strengthening Canada's Surveillance State when they had two terrorist acts. Canada's PM didn't even hesitate.
When an attack or an event happens that puts people in a state of shock and fear, politicians know their nefarious ideas have a higher probability of slipping through the public's filter. UK's PM is doing what has now become an automatic response to any kind of act. Expand government's power at all cost.
...falling on deaf ears. I have been saying for years that hacker culture needs to develop greater emotional intelligence and meet people where they are instead of lecturing them with arguments that make their eyes glaze over. Politics is not a function of logic.
Your best option, if you live in the UK, is to roll your eyes eyes and vote for the beardy communist despite his obvious faults. Logical arguments are not compelling to people in the grip of an emotional rush. The inability to assess and adjust to peoples' emotional states is a kind of social stupidity.
You say it like it's a major indictment - people just don't understand probability and low probability events occur all the damn time. On the flip-side people also play the lottery.
A lot of factors contribute to poll errors: sample group is never perfectly representative of actual voters, people lying on their voting intention if they feel it's not socially accepted, &tc. That does not make polls worthless.
Now I don't believe this makes any sense in this era (criminals will have crypto, ordinary people/dissidents/journalists etc will not) but I can very much appreciate where they are coming from. It's not a simple issue.
It's obvious to me that cryptography shouldn't and realistically cannot be outlawed. That doesn't make any sense. On the flip side, I think that most people would accept that targeted surveillance of criminal suspects is a reasonable tool.
The thing is, if it becomes the default for all messages to be encrypted end-to-end – obviously a good thing – then this effective tool becomes useless.
I think any proposals to restrict cryptographic software are obviously wrong and doomed to failure, and I will continue using such software regardless of what laws are passed in the UK. But it is a complex issue, and I wish there was some more acknowledgement of how the field of surveillance has changed.
We need more actual police officers to do more actual police work.
- Running investigations, police officers being known and trusted "faces" in their community, and surveilling people in meatspace
- Running grep on every TCP packet of 65 million people, then asking a relatively small number of LEOs to "do something" when analysts see something that could be suspicious
The former seems more likely (to me) to succeed.
There was no ability for the government to read everyone's (or anyone's) mail at once in the past.
> capable of being monitored when there was a reasonable
> suspicion of a crime about to be committed.
Trying to pretend you can is one of the most dangerous things a politician can ever do.
I look forward to whenever politicians work out that people not under their legal jurisdiction can muck about on their internet thereby making their intent of constraint irrelevant.
Does is imply that politicians will have crypto?
Because that's the only politically correct thing they can do.
This is not even wrong. There is a long list of 'politically correct' things the government could do which are inconvenient (timing-wise) as they would highlight their fallibility/incompetence. First on the list is to stop the drastic cuts they instituted to the police force. A close second is to stop exporting jihadists (that's right: exporting civilian British nationals) to wage war in Islamic countries. It is unfortunate that saving face in light of the impending snap-elections is preventing real solutions from being implemented; instead, we get security theatre that sounds good to the electorate but wouldn't even have prevented the previous attacks - a necessary factor for the action to be considered as an improvement at the very least. Right now the issues are totally unrelated; just opportunistic legislation.
All that being said, how do we the tech community solve Theresa May's problem? Her philosophy is "if we knew more, we could have prevented this." Is that the right philosophy? Is there some other mechanism to authorize "legitimate" access to encrypted data?
there's absolutely nothing substantiating her claim. terrorists seem to have done just fine in the absence of encryption -- the bataclan attackers coordinated with ordinary sms. governments still make this push _all the time_, witness the doj going after apple after san bernardino.
the UK is literally the most surveilled society in the history of the world in terms of communications of its inhabitants intercepted by its own government, comparable perhaps only to the stasi. this is mode of action is not working. two attacks in two weeks, and their answer is "the same but more"?
Even if the UK somehow managed to illegalize use of AES and other "professional" encryption algos, it would still be trivial to communicate using simple innocuous sounding code words over plain SMS. There's practically no way to detect it. The entire effort is futile from the very beginning.
You can't allow images, sound, or video at all if you want to prohibit steganography.
terrorist attacks: "we told you so! expand the surveillance!"
yes, and this is very weird. She must have a chain of reasoning going on in her head before opening her mouth, right? We always only get the conclusion, that is: "we need more access". Any normal person looking for a solution to a problem would generate loads of ideas and then, when pitching an idea, present the pros/cons of their various ideas to finally argue why they have chosen solution x. We don't see any of that wrt to this topic.
- I want more power/money/whatever
- suerveillance can give it to me
- I just need to pass the bill once to get it to work for years in my favor
- they have to reject it at every attempt I try to pass it
- therefor I should try to pass it everytime the news let me do a bold claim
- nobody is going to do shit against it anyway
Control thoughts -> No bad thoughts
There are countless studies that get conducted every year by universities, think tanks, NGOs and journalist style organisations on this topic. And these are tabled in parliament, reviewed by ministers and debated in intelligence committees and within cabinet. In Australia for example we have Senate Estimate Hearings which are freely available online for you to watch.
To think that governments are not exploring every avenue in order to protect their citizens is a bit ridiculous.
Could you name me one credible source that advocates the banning of encryption? At Harvard, for instance, they concluded that banning encryption is futile. 
In reality, if a terrorist used encryption, they most likely would use a non-backdoored encryption no matter if it's legal.
What is there to solve? This statement is wrong in its core. Its like you looking at blew up grenade and scratching your head "how can we put this back together".
There is nothing to fix. Since they yelled "Allah Akbar", they were clearly motivated by their religion and "holy war on infidels". Unless you can read people's mind, I don't find access to their communication relevant if they've been practicing said religion since crib times and one day simply decided to go and stab few people with knifes.
For this to put in motion, you don't need a cellphone or any sort of communication at all!
Explain THIS, May:
"Another fanatic slips through the net: Killer jihadi, 27, 'radicalised by YouTube' was known to police and filmed arguing with officers after unfurling an ISIS flag in a park in a Channel 4 documentary" 
How on earth open plain-text communication will help prevent something that alread is clearly in their FACES??
When "collateral damage" in the form of death and suffering inflicted upon innocent people is shrugged off as the cost of achieving your goals, you're still a terrorist no matter what those goals are and which flag you plant atop the mountain of bodies.
No. This philosophy is essentially saying that in order to make it easier to find all the needles in the haystack, we need to add more hay.
It's a ridiculous notion if you actually stop and think about it.
You call out the current Trump Administration...
Do you think the Obama administration was any better? Do you think the "other side" is more trustworthy? Especially considering all the scandals that surround the last 8 years?
Why do you think the Left is more trustworthy than the Right?
If the government has a back door to read all your messages, they are saying they don't want you to have any secrets at all -- but electronic messages are the only ones they know how to pry open.
You might be on to something! To lead the way to a secret-free world, they might wanna start by dissolving MI5, MI6, etc..
if the question is "What is the key to this encrypted disk?", then they can already do that which surely already means that the keeping of secrets is illegal whenever a policeman says it is.
I am not sure that a society without any secrets would be a bad thing - it certainly would be very different.
Catching the madmen on the wrong side of the curve makes much less economic sense.
Go ask anyone in Hungary, Poland or Czech Republic, or even Romania who complies with migrant quotas and is generaly an EU cheerer, unlike Hungary or Poland.
Or to anyone who happens to get their hands on the police technology. And oh, once leaked, the technology is incredibly cheap and easy to duplicate and distribute among criminals.
This exact thing happened with NSA hacking tools a few weeks ago!
Because an individual choosing privacy implicitly chooses privacy for everyone, but an individual choosing 'safety' (in this context) implicitly chooses no privacy for everyone else, and implicitly unsafety for people who needed that privacy while not actually doing anything illegal. (Or maybe doing something technically illegal but still just or reasonable or morally right).
It's an "I have nothing to hide, so you cannot hide anything", "I'm alright jack", "everyone should trust the people I trust because I agree with them" approach.
This also isn't just privacy - they want to ban websites with content they find extreme on. Democracy doesn't work without the ability to discuss ideas.
They talk about Islamic extremists, and you say "sure, that ideology is evil", then maybe they go after proponents of assisted suicide - after all, it's illegal and they are suggesting doctors kill people! Then maybe someone else gets into power and they ban abortion - can't set up a website suggesting people kill babies! Or perhaps someone else gets in and says "This party wants to defund the NHS! People will die, better ban that!".
Of course it raises the question of what constitutes forbidden speech. To answer that I would look towards the opinions you are already frightened to voice publicly.
(brief excerpt from a much longer piece: "Holmes' famous quote comes in the context of a series of early 1919 Supreme Court decisions in which he endorsed government censorship of wartime dissent — dissent that is now clearly protected by subsequent First Amendment authority. The three cases in question arose from socialist criticism of conscription during World War One. The criticism at issue, to modern tastes, was a clearly protected and rather mild expression of opinion.")
Don't be silly! I understand the interpretation of information in a conversation; if someone were doing this I could tell. But I don't understand cryptography mathematical mumbo-jumbo. Therefore these two situations are nothing alike. Let's ban crypto.
I agree that steganography can be a solution to sustain open communication. It's less brittle than crypto but offers weaker guarantees. I know of a suitable system design. Not plain English, rather plain bitfield.
Don't get me wrong - I'm completely against backdoors. But when you shift the argument into "we won't do it because it's impossible", you're already agreeing that it should be done, while your argument won't hold because it is in fact possible.
There's three kinds of people:
1. Non-technical people (theresea may) that want backdoors are don't care about whether it's possible or not.
2. Technical users, with a vague general knowledge of cryptography, and the imprinted thumb rule of "backdoors are bad"
3. People with actual knowledge in cryptography which had already been doing research about why it is possible for years. Just a teaser: https://en.wikipedia.org/wiki/Kleptography
Of course, the real issue would be the scale and the distribution of access to the backdoor to various agencies.
>And with the fact that the NSA had so many bad leaks, yet still everyone except the NSA can't crack it, proved that backdoors are not only possible, but were going on behind our backs.
How do you know that no other intelligence services have broken it? You don't show someone you've broken their ciphers unless you have to.
>We've had the DUAL_EC scandal, for once, as an example of NSA backdoor which as far as was proved, only the NSA could crack.
I am not a cryptographer but I understood this a little differently from the wikipedia article https://en.wikipedia.org/wiki/Dual_EC_DRBG
> proved that backdoors are not only possible...
This is not disputed. What is disputed is that there is some safe way of doing it
> but were going on behind our backs...
A number of people outside of the NSA had identified the possibility of a backdoor. It seems some decided to overlook it or felt powerless to do anything. Indeed some others patented it, thereby making it public. Maybe the $10M grant affected some peoples judgement
> only the NSA could crack
If I understand correctly the flaw weakened the selection of key parameters in a way that made it easier to brute force, by dramatically reducing the possible start points. If another nation state had brought their resources to this, maybe they could have exploited it and, most likely, they wouldn't have made that public. Moreover the Juniper scandal (mentioned at the end of the same article which was rather convenient) suggests that a third party did indeed make use of this backdoor.
> the real issue would be the scale and the distribution of access to the backdoor to various agencies.
Which was a point discussed in the original article at some length
Your second point in particular is highly significant. In general, "it's impossible" should be avoided as an argument when one's true objections are ethical. You don't want to be left standing naked because of some clever engineering.
I think it is perfectly reasonable to say that that is impossible.
Same argument, just as ridiculous.
Now consider there are people who feel exactly the same about your thing as you do about theirs. Civilisation absolutely requires that for them to leave you alone, you must be willing to do the same.
Of course, then nobody "leaves us alone" on these things, but we agree by majority on first principles and then argue from those to collectively decide what is allowed and what isn't (i.e. allowed from the people and allowed from the government). Free speech and privacy are examples of such principles. So you can definitely have a social contract where mass surveillance is unacceptable, but rules on not hunting endangered species or owning certain type of weapons can exist. I don't think May should be prevented from arguing for surveillance, but by the same token, people also have a right to oppose her on it.
Yes, this opens us to the possibility of losing the debate on encryption, at particular times and historical periods. Whereas having the iron clad rule that all can do as they please does not. But the later rule, applied in extremis, makes civilization impossible. Because again, we do want to ban people from doing certain things, that is what civilization means. The point that we need to argue is that banning people from having privacy causes more harm to what makes us human than a few horrific crimes do.
The anarchist posture is... complex. But the (absolute) libertarian posture is hypocritical. It wants a very particular set of rules to apply and be enforced by the state (e.g. private property), whereas decrying rules and state enforcement in general.
 And U.S. gun-owning folks agree on having rules against owning some kinds of weapons, I would think. At the very least I have never heard one argue for their god given right to own an ICBM on 2nd amendment grounds... is just that we disagree on the type of weapons that should be controlled.
You'd be surprised. There's an absolutist argument that goes like this: back when 2A was founded, it was common for private people to own artillery and warships, which were the pinnacle of that era's military technology. Therefore, the authors of 2A did not envision any limitations. Therefore, this should still be the case.
Granted, this is very much a fringe view even in the gun owner community. But there are enough people holding it, that you can actually see it argued on American gun forums etc occasionally.
It also springs up in fiction sometimes. In Vinge's "The Ungoverned" short story, there are privately owned tactical nukes. Which are actually used. Granted, that is considered an extreme case even for the described anarcho-capitalist frontier society, enough so to warrant an immediate all-out attack by other people on anyone discovered possessing them. And Vinge is actually ancap himself - and, so far as I recall, he actually said something along the lines of that story describing a society he wouldn't consider undesirable.
Consider nuclear proliferation: in theory it does not affect people 'directly', until it does (note that any logic about increased potential risk applies to gun ownership too, at a different scale). Now consider pollution: affects people directly, but in a diffuse degree. Vaccinations? (I was born in a country where a specific set of those are mandatory, I approve of that ). There is a limit to how much a man is an island.
I am a firm believer in having a right to privacy; a strong, fundamental, constitutional right. I would consider forms of deflection or civil disobedience in a society that aligned itself too strongly against that right. But that doesn't mean is not ultimately a matter of societal values of societal construction.
 Obviously they are mandatory to those with a healthy immune system who can be vaccinated, and a number of other caveats, but still, the state makes it its business whether or not you vaccinate your kids, and we are better off for it...
Many of us object to gun control on that basis, and the same reasoning can be applied to encryption.
In fact, there's really not a lot you can say about one that you can't say about the other. No private citizen "needs" access to encryption so strong that even intelligence agencies can't break it, any more than any private citizen "needs" to own a weapon whose only purpose is killing. Right?
> A good place to draw the line is one that places
> responsibility on the tool-wielders [...] many of us
> object to gun control on that basis.
Or do you think private people should be allowed to buy hydrogen
On what planet do you anticipate gun control laws having any effect whatsoever on the plans of someone who is inclined to acquire a hydrogen bomb?
I'm just taking your argument to its logical conclusion. I think that argument makes no sense, since it clearly leads to absurd outcomes, such as being able to purchase nukes, armed fighter jets, tanks, MRAPs, mines, chemical weapons etc.
You're in good company, though, because the ACLU does the same thing in attempting to wriggle out of supporting Second Amendment rights.
It's an interesting question, all right. I'd ultimately have to throw up my hands and classify it as one of the ever-growing threats to human existence over which I have no control. Frankly I'd be more comfortable with Tim Cook's finger on the big red button than Donald Trump's or Mike Pence's.
I could totally see Woz building a nuke in his garage, just to see if he could do it...
Yes of course any country trying to cell hydrogen bombs or chemical weapons to its citizens couldn't do so without international sanctions. The example is clearly ridiculous, but it's brought up in the context of illustrating that your argument is equally outlandish.
With a single gun, a man can only kill as many people as he can see with the number of bullets on his person. With a computer and a connection to the internet, his reach and potential scale is much greater. That is why such powerful encryption is required for your average citizen.
I wonder if the encryption dilemma will ultimately be resolved with blockchain-like techniques. Cryptocurrencies work because their underlying trust processes are deliberately designed to require ever-increasing amounts of CPU time. They can be attacked, but only by spending enough resources to out-mine the other nodes. While possible in theory, it's simply not worthwhile for an attacker to marshal the kinds of resources that would be required to attack Bitcoin or similar blockchains.
So, while back doors for government access are stupid and unworkable for all of the reasons that people have stated, what about requiring a hypothetical encryption standard with no known backdoors or attack surfaces, but that is just strong enough to be broken by agencies like the GCHQ or NSA who can throw gigawatt-hours of computer time at the problem? Basically, if the government really wants to read my mail, they can, but it will cost them. It might take them hours to discover a given key, while nobody with a room full of GPUs or even a botnet could do it in less than several years.
In such a scenario, we'd be sufficiently safe from attack by cybercriminals, and most of the time, from our governments as well. Governments would still be able to target anybody, but unlike the case where a back door is mandated, they wouldn't be able to target everybody. That could limit the amount of harm that bad actors in the government could do.
It would be similar to the rationale of banning ownership of high-capacity magazines, except unlike that sort of feel-good measure, it might actually work.
But ultimately, the real question is - how do you enforce this, short of a massive censorship effort (and even then)? We already know how to make strong crypto. You can make it illegal, but unless you have a specific plan as to how to prevent me from coding, say, AES from scratch, I don't see how this would actually help prevent secure communications between terrorists and other high-risk criminals (and I would argue that criminal activity that is not severe enough that its perpetrators wouldn't invest into crypto even if it's banned, is not the kind that can be reasonably used to justify banning crypto in the first place).
So it is actually a lot like the high-cap mag bans - it's so simple to make them, that someone who would really derive benefit from having one would just do so. Same thing here.
I see this as the equivalent to governments having access to tanks, artillery, airforce and nukes while civilians have mere access to guns and knives.
Whether civilians should have access to guns is a discussion I would like to remain not a part of.
Suggestion: reduce the size of the haystack further so that limited manpower can be concentrated on those cases where it is actually useful rather than to chase each and every 16 year old with a twitter account or a facebook page.
Giving other governments backdoors would actually hurt the original country more than the backdoor could ever help it.
Segmenting the software according to which government is given backdoor will freeze the whole industry, and you would still have the unsolvable problem of imported protocols with different countries backdoors.
If the problem was only "good guys"-"bad guys" it would be solvable, but there are no good guys. There are so many countries, and each of them trust only themselves.
Code to encrypt using one (of the many) algorithms shipped in .NET (which is open source right down to the compiler, and so hard to tamper with):
RijndaelManaged RMCrypto = new RijndaelManaged();
CryptoStream CryptStream = new CryptoStream(NetStream, RMCrypto.CreateEncryptor(Key, IV), CryptoStreamMode.Write);
As long as the algorithm to write the data is unknown and secret, this is essentially a cryptographic algorithm - you can't read the information on disk without the secret, unless you invest a lot of time. Weak crypto, mind you, because we'll probably be able to decrypt it in polynomial time.
So suddenly, all storage formats need to be openly documented?
As long as the situation that's being created is more favourable for them than the current one it's a net benefit.
Short-term politics is the biggest threat to UK society at the moment and the current government is particularly good at it.
One of the main threats to these large organisations and the people at the top of them ate journalists and whistleblowers. Because those are two groups of people that can provide critical data and reasoning on bad and evil things that are done within such large organisations.
So having the ability to find out who said what to whom will allow them to crack down or reporters and journalists before they can get their stories out. And it will allow them to trace and find out who the people are leaking sensitive information outside and deal with them.
In some way this is about protecting the people, just not the people we are all thinking of.
So, the legal system in most countries is that if you post something explicitly (not in jest, or metaphor, but quite deliberately and with the intent of other people's death) asking people to murder other people, that is something that you perhaps ought to be charged with an offence over.
Meanwhile Facebook, etc, essentially argue that ok, they posted a request for the murder of a lot of people, but hey, we took it down after only a few thousand people read it, and we've closed the account (until they open another one), so that's job done, no need to prosecute any further, you shouldn't ask us to cooperate with police, we've got adverts to sell here.
Small wonder that governments are changing the law, when tech companies regard requests to kill people as something that, if really pushed, they'll treat as equivalent to how they handle copyright infringement, but actually there's less money in it for them so would you mind if it was a bit further down the planned feature list.
UK PM: We'd like you to make it so that 2 + 2 = 5.
Mathematicians: That's mathematically impossible
UK PM: You just need to try harder
I don't think May's suggestion has any way of ever working - but her listeners don't understand that. This is populism in its purest form.
So why demand ever more intrusive powers? I think its just an excuse, and that they dont have great ideas to preempt attacks.
Canada is becoming hostile to speech and the family with M-103, C-16, and Ontario Bill 89. Britain had to choose between a man who doesn't understand the nuclear deterrent and who would screw them in their biggest negotiation for decades, who would probably end up controlling the internet for antisemitic causes rather than ostensibly counter-terrorism causes; and a lady who doesn't understand any of the technical implications of the whoops-tyrannical policies she presents (in the middle of a campaign no less, are they all daft?). And because the UK Tories didn't do the smart thing and hang on to their popular moment for dear life to secure a supermajority, there's a hung parliament, which is only slightly better than the probably-antisemitic national socialist labour party getting a majority.
Prime minister doesn't even pretend to be meritocratic, denigrates his cabinet by saying that they were picked for their gender. The Social Justice Tribunals (actual name of the institution, not hyperbolic slur) are out of control. At least the U.S. has a real constitution, which at least purports to protect freedom of speech, the right to petition, and the right of the people to keep and bear arms.
Britain and Canada are sinking into the earth's core under smiling faces, and DJT is somehow making America better despite being a rough buffoon. Every day is opposite day.
It will launch the geek equiilivelent of the Manhattan project to find the master keys, and whoever does find them will become incredibly rich and powerful.
Good point. I have the same issue in my building. The postman has a master key to open the mailboxes. Apparently, these master keys are now well-spread and I can't order packages anymore as they get stolen.
End game: Society will be none the safer, and the government/puppet masters will have total surveillance.
On the whole other point of this don’t you think there’s a chance to the possibility that certain terror/cyber attacks were made by some intelligence agency? Timing on this is too convenient.
Besides, there is no known method that can resolve all types of cryptographic methods thus it makes it useless spending of taxpayers’ money.
Easy solution: Ban Islam and Muslim migration.
There is no difference in the communication over the internet, over the letter mail, or verbal communication with voice. The encryption can be used in any form of communication. And the problem of banning it is always the same.
Banning the encryption is impossible simply because detecting the encryption is impossible. When you see two persons on the street, one says that the weather is nice, and the other responds that the grass is green, you can never know if there is some hidden message in their communication. Encrypted information can always be "tunneled" through unencrypted channels. Even if you ban all computer apps with encryption, you ban people from making own apps, make every person wear a microphone and a camera 24/7, there will always be a way to deliver information from one person to another without anybody else knowing about it.
Actually, banning encryption apps may be good for privacy, because you never know if the app maker made some backdoors in their encryption method and he already sells your information to somebody.
IMHO, the answer to this lies in Open Source + reproducible builds/compilation. Not in banning/not using apps that promise privacy.
If what you're trying to achieve is awareness about the possible false sense of security (when not appropriate), then the answer is educating people about it.
"The issue of payments to families of suicide bombers and others who commit violence has become a frequent complaint by Israel and its supporters.
The Palestinian Authority spends about $315 million a year to distribute cash and benefits to 36,000 families"....
Only last week the Palestinians named a women's center after Dalal Mughrabi who hijacked a bus on Israel’s Coastal Road and killed 38 civilians, 13 of them children, and wounded over 70.
I feel the pain of the British from the terrorist attacks, but why don't they stop all funding to the Palestinians until we can be certain they are no longer funding terror nor glorifying terrorists? Why doesn't President Trump stop all funding if he is truly serious about combatting terror?
Israel made him Prime Minister and, in honor of his centenary in recent months, has named research institutes and hospitals in his memory to add to the streets and parks that already bore his name.
How much funding and incentive has Israel received from US and UK taxpayers?
> "hundreds of civilians, politicians, policemen, and scientists"
Please cite your sources. The British had appointed the head of the Palestinians a terrorist who was responsible for the deaths of 73 Jewish students in Hebron in 1929 including 10 Americans. It was this man who became "The Grand Mufti of Jerusalem" who later spent WW II as a guest of Hitler's in Berlin. This man who was appointed by the British wanted Hitler to bring "The Final Solution" to the Middle East.
It was Israel which bombed the Iraqi Nuclear Reactor which made Operation Desert Storm far easier than it would have been if Iraq would have had nuclear weapons. Israel is committed to fighting terror and not letting terrorists get away with terror. See Steven Spielberg's movie, "Munich" about how the Palestinian terrorists that killed 11 Israeli athletes in the 1972 Munich Olympics were tracked down and killed. Or see how once prevalent airplane hijackings were stopped by the Israeli "Raid on Entebbe" which itself was featured in 3 different movies.
There has to be zero tolerance for terror. The Palestinians, instead of combatting terror embrace it. They honor terrorists and they pay them and their families over $300 million per year of US and British taxpayer money.
"Palestinian Media Watch, which first brought attention to the naming of the women’s center, recently quoted a local village leader saying that “the center will focus especially on the history of the struggle of Martyr Dalal Mughrabi and on presenting it to the youth groups, and…constitutes the beginning of the launch of enrichment activities regarding the history of the Palestinian struggle.”
In addition to the women’s center in Burqa, the PA has named a number of events and facilities in honor of Mughrabi and the other terrorists who died during the massacre in a firefight with Israeli security forces, with the ruling Fatah party repeatedly hailing them as “martyrs.”
There will never be a Palestinian State until the Palestinians elect leadership that denounce terror instead of embracing it.
How can one be sure that the content their luggage has not been tampered with? I assume the answer is no but would love to hear otherwise
Controlling speech or disabling crypto is very Orwellian.
obfuscating crypto is trivial. God Kay must either be as dumb as Trump acts or think we are all stupid.
Ten seconds later, someone else is posting under your license and you have no clue how and you're stuck talking to a scripted call centre employee who can't help and a police force that isn't interested.
5 billion people around the world are ignoring a "UK driver's license" for internet communication, particularly including potential terrorists. And domestic terrorists are communicating with a license out to an ordinary seeming server and not tripping any flags.
and how would it even work when you take into account free public wifi and carrier grade NAT? There's no equivalent to a single car with an easily tracked registration plate that each person drives over and over and over.
And the internet is explicitly not a public space, it goes from your computer to (say) Comcast's computers, to intermediate carrier computers, to Facebook's computers. There's absolutely nothing public in the same way that highways are public.
You can cause a lot of damage there
We're talking pictures and text. What damage? Do you also want a license to write on paper or post letters or send SMS or make phonecalls or draw paintings or write news or pamphlets or speak where more than two people can hear you?
License so you don't run an exploit on someone else's computer? That's already illegal.
That's not a solution, that's a failure and a regression. There is nothing wrong with the way the internet works right now.
Anyways, disabling crypto is super stupid. We all agree on that. Terrorists will just embed crypto in images.
Kay also wants to restrict access to pron but that's her hang up.
It works fine for me. I view the pseudo-anonymous nature of the Internet as a feature, not a bug.
I think we agree fundamentally that attempting to ban or restrict math is ridiculous. For the sake of discussion - what specifically about the current structure of the Internet is broken? You allude to accountability, but it's fairly easy for law enforcement to track someone down (in the "not-using-7-proxies" case - and even then, just repeat step 1 below):
* Subpoena a site for IP records
* Subpoena their ISP for subscriber information
Now, whether that person is actually located somewhere actionable is another question - but that's a geopolitical problem, not an Internet problem. The first point - sure, maybe a site doesn't keep IP logs. Are you saying it should be mandatory to track the source of posts? (Should it be mandatory for physical establishments to log the biometrics of visitors? If the answer to these questions is different, why?)
How would your proposal for tying Internet access to physical identity (e.g. drivers' licenses) impact access for those in developing nations? There are already a lot of hoops for them to jump through to get online.
Edit: I didn't downvote, by the way - I do still believe in the HN ethos of only downvoting spam/meme posts. People should have a chance to read both sides of a discussion.
Much as I agree with the general principle, this argument is flawed (except insofar as 'good guys' do not remain 'good'). What exactly is a crypto key, if not a "back door that only lets X go through it"?
The hard part is managing keys, access, storage, networking etc. The security on a lot of "lawful access" systems for cell networks is not as great as one would hope, and the LI system is sometimes the goal of attackers in a telco.
Just the capability (click n clone or tap to disk) is dangerous even when turned off. Of course, no one actually makes a telephony system without LI...
Also, wouldn't this require severely limiting the number of permitted encryption algorithms?
As to your second point, yes. It would require severely limiting a great deal of things. Consider that "impossible" at your peril.
So, we heard about a recent terrorist that he was banned from his Mosque (for being too radical), reported by other Muslims, and that the FBI also reported him to the UK.
What do you guys think that the UK should do in this case?
I mean let's take an absurd example of a petition by 50 people from mosques and community saying, "Hey, this person is not a member of our community but is spouting radical nonsense and wants to commit terror."
In this case what should be done?
I am drawing a complete blank, because it doesn't take long to prepare terrorist acts but until you do them you aren't really a terrorist.
The only thing I can think of is something that even I can see would be a joke. If the government came to me and said, "hey we received over 12 people asking us to watch you because you are a terrorist. We'd like you to voluntarily participate in civilization training to better understand why terrorism is wrong. You'll get £200 for participating."
But I can hardly type that without it sounding like a joke. I mean there's politeness but this sounds just absurd. (I added the £200 part because I think there is no way they would agree otherwise. But if it's not voluntary then that doesn't sit right with me either.)
So in this actual, real-world case, what should the UK have done?
I don't think increasing surveillance so that you catch someone between the 45 minutes it takes them to inform themselves how to perform terrorism, and going and doing it. People are pretty strong and powerful and have a million tools of every kind, more surveillance couldn't possibly help here, I mean the reaction time would have to be like seconds from when someone chooses to start googling how to do terrorism to making a concrete enough plot to be criminal. It's just not a solution.
So returning to my question -- for the case I mentioned, what should we done?
Note: I understand that it is easy to make a flippant, knee-jerk response. For example, it is easy to say, "if someone reports a muslim for radical speech the reported muslim should be thrown in prison without a trial, and throw away the key". I really don't want to start a thread like that so please don't respond if you have attitudes like this: I've represented your response in this last paragraph and ask you please not to derail this thread on this subject. Yes, it is very easy to deal with if totalitarianism is okay. I specifically say this because I know people in real life who would make exactly this response or one exactly like it. That is not my question and I've represented this position in this paragraph, no need to repeat it, and you would just get downvoted. In this comment I am asking for people's practical ideas that are close to the center, if they have any.
We should man up (metaphorically speaking) and accept that a few attacks from violent nutcases every so often are the price of living in a free society.
Obviously you do agree that at some point there is a line to draw. so the argument for finding the solution to this early on is not without merit.
"a stitch in time saves nine." Maybe two pamphlets sent twice a year to every address in the UK, describing why civilization and a free society is great and explaining why it means not blowing people or yourself up, would solve these people. If that costs £70 million per year but cuts terrorism down by 85%, how many people need to die before you would say, hey that's worth doing: 100 people a year? 500? 1,000? 5,000? 10,000? At that point it costs taxpayers around £7,000 per victim and since fatal victims of terrorism stop paying taxes at that point it is free.
I Googled how many people died from Terrorism in the UK. This article from literally yesterday says....
Well, that article says:
- 13 people died because of terrorism in the UK between 2010 and 2015.
So obviously we are very far from that metric. Actually this kind of supports your assertion.
It doesn't mean nothing needs to be done but your point is a lot stronger than I thought! Thanks for the response.
And that is more or less what they do. The problem, apparently, is that they don't have the resources for this level of surveillance for all the "persons of interest".
And I disagree that increased surveillance wouldn't possibly help here. In all cases that I'm aware of so far, there had been some advanced preparation - and not "45 minutes" advanced. E.g. in the recent London attacks, apparently, the guy was inquiring about how to rent a truck in the past days. If he had been monitored, that alone would have likely triggered an even higher readiness level for a while (to the point of "SWAT team on standby in a van outside of the residence").
Presumably he has to make some plans and if he does that with someone else then they are both guilty of conspiracy to commit a crime. If the police had the resources to follow this up (physical boots on pavement type resources that is) and the courts had the time they could follow this up and have a chance of preventing the planned crime by using the laws we already have.
And perhaps your £200 idea could even work. Not everyone who gets frustrated, angry, and violent is a committed radical. The problem is that we all want this problem to be fixed without it costing us any money, time, or effort.
As for the £200 thing. I know I "floated" this idea but I can't try to evaluate the idea I mentioned without it sounding like a joke. But if I try really hard and set aside my reaction to it: if it really did work than £200 a handful of times per year is nothing. I didn't realize just how few cases of terrorism there are every year, see the cousin comment. It's like, 13 people killed since 2010. How many people do you think are reported multiple times by multiple agencies and citizens? This expense would not even be a rounding error on a rounding error. (But I just can't get over how absurd it sounds.)
I was extrapolating to the more recent events where there were several killers but it applies often to the case where there is a lone wolf because often there is someone else who enables them, perhaps not enough to pin a formal charge of conspiracy on them but close.
Today's cryptography is like the ice sculptures art, we could show a lot, but on unstable timeline.
The true art is going to come with the quantum computers and the governments will have to have legislative for someone sending messages to someone else because they won't have any other tool available.