The fundamental problem is that the government and the public do not understand that powerful encryption will exist forever now. The cat is out of the bag, and the bag has disintegrated. You can't ban the ideas, and you can't stop them from being implemented in the shadows. Even worse for them, there's nothing physical to find. You can't train a dog to sniff out encrypted data. Banning it now only hurts honest uses, like protecting financial transactions and medical records.
Passing the right laws on drugs (abuse) works (see Portugal). Prohibition doesn’t, but treatment does. (And, the truth is that the drug laws in the U.S. are working; they just aren’t working for the citizenry, but the police state. This is by design, and there’s a not-insignificant marginalization/targeting of minorities by design in these laws, too.)
Encryption is…rather more subtle to deal with, because you cannot weaken it for one purpose without weakening it for all purposes, because math and physics. Better that they work on laws that target actions and behaviours rather than technologies. Then again, any time I see a politician talking about terrorism, I recognize that they are attempting to increase their own power at the expense of those without power to begin with.
As for guns, they trot out "terrorism" as the reason for wanting to get rid of encryption. Well, gun laws have yet to stop terrorism. If they couldn't find a gun, they made a bomb, or they used an airplane, etc.
In the U.S., there have been more than one mass shooting every month in 2017 even under the most ridiculous definition (4+ people killed, indiscriminately, in a public place; this would not include someone who killed 5 people in a targeted manner). Using a looser definition (4+ people killed or injured), there have been almost 7 per week in the U.S.
There have been far fewer than that in Canada. In Toronto, there have been 26 murders total, and perhaps two “mass shootings” by either definition. The main mass shooting story in Canada this year is the terrorist attack on the mosque in Quebec. In the U.S.? Too many to say that there’s a main one (although the attack on the Congressional baseball game will probably be the one that gets talked about).
Problematic comparison. Politics aside, gun laws can definitely achieve publicly desired outcomes. E.g. handgun ban in Australia. Drug laws mean your paracetamol won't poison you.
Encryption laws where you want to have your cake and eat it are a very different matter.
I don't think Rudd, Murdoch or May think encryption ban is possible or even effective at counter terrorism. It's about controlling behaviour.
People behave differently if they think they might be being watched. Self censorship is better than any encryption ban.
?? But you can easily train a computer to. I mean, it's expensive as hell, but if all encryption is either back-doored, banned, or weaker than a newspaper cryptogram, then yeah... sure. Encrypted data is easy to find - it's the data you can't read.
The data you can't read is not only encrypted data. Most unencrypted data will be data you can't read, due to there being absurd amounts of file formats and protocols. How do you intend to be able to validate that the content of all, say, CAD and 3D model files is not malicious? How will you deal with new codecs? New network protocols?
Encrypted data is, unless the protocol is severely broken, almost indistinguishable from random data, which without context and knowledge of all file formats and protocols in the world, is indistinguishable from most real, unencrypted data. And not only that, you can hide information in almost any data type. Encrypted content can be hidden in a perfectly normal looking picture or video just fine. Look up steganography.
Encrypted communication cannot be detected in any sane manner.
Well I sure couldn't read it, but the NSA could.
> How will you deal with new codecs? New network protocols?
With a massive staff and constant influx of money. I did say it would be expensive. Still, I think it's within the reach of state-level actors.
> Encrypted data is, unless the protocol is severely broken, almost indistinguishable from random data, which without context and knowledge of all file formats and protocols in the world, is indistinguishable from most real, unencrypted data.
Sure- context is a critical tool. I don't know why you stipulated "without context", though.
> Encrypted content can be hidden in a perfectly normal looking picture or video just fine. Look up steganography.
UNencrypted data can be hidden in the same way. I know what steganography is, and sure, the art of hiding data is a great way to hide data. Separate issue, though.
> Encrypted communication cannot be detected in any sane manner.
I think the facilities and manpower for detecting unauthorized use of encryption would indeed be insane, from several perspectives. And it would require a bunch of legislative support, too. But WITH legislative support, mandated back doors, ISPs that are cooperative, shitloads of manpower and money.... Yeah, I think it would be possible to detect encrypted traffic. Could a person who hadn't already attracted the attention of the "agencies" choose to hide small amounts of data in an innocuous file? Sure, but they could glue an SD card to a homing pigeon, too. I'm thinking more of PGP, SSL, VPNs, WhatsApp and the like.
The only scenario where I can think of a setup where a filtering agency would be able to block "dangerous content", while still permitting legit use, would be one where each and every file format and protocol creation/update would require applying for a permit to the respective agencies in every country where the format is to be used. The absurd bureaucracy this would entail, such as the time it takes for the agency to write some form of verification, would kill most, if not all, innovation. The only innovation I could imagine still living in such an environment would be circumvention efforts.
Furthermore, steganography is not a separate issue. In the hypothetical scenario where this is both possible and the resources for this exercise are present, the entire exercise becomes moot once you realize that you can encode anything as a jpeg or video file with a minimal overhead. Applications would just all implement protocols that exchange JPEG's or MP4's with a small overhead, leading to no traffic being stopped as "unreadable".
And before you ask: Detecting such measures is not possible in the general case.
I expect exaggeration from Rudd and I expect her to misunderstand how certain things (i.e. encryption and the internet) really work because a) she's a politician b) she's not an encryption expert (that's what advisors are for). I don't really expect the same thing from people should be trying to counter her arguments with facts, explanation and alternative ideas though.
You should be fearful, uncertain and full of doubt about privacy and democracy if you live in the UK.
And those companies really are farming people's data and doing whatever the heck they want with it.
And removing the people's access to private communication in the digital age is both stupid and evil.
There's no bluster and hyperbole, just the sad reality.
" You should not believe a single word any of those companies tells you about end-to-end encryption or privacy on their platforms ever again. "
Well, that's going to make it hard to have any discussion about privacy on the internet.
"If you’re still not convinced and feel that the UK government should have the right to spy on everyone, you can stop worrying. Because they already do."
Well in that case, what are we talking about?
The main reason there is nothing obviously wrong is because it doesn't really say anything, just keeps repeating "Amber says X, other online news source says not X. Amber is evil".
> Given the gravity of what’s at stake – which is nothing less than the integrity of personhood in the digital age and the future of democracy in Europe
So banning encryption in online chat programs (she obviously can't and won't be banning _all_ forms of encryption) is the same as destroying democracy and will effectively stop people from existing as people on the internet?
> Translation: We want to ban encryption and if we do we will be better equipped to catch terrorists.
in response to a direct quote saying "we don't want to ban encryption" is a bold and unsubstantiated opinion at best.
> Does it matter that you’re more at risk dying from falling out of bed than you are from terrorism
All analogies are bad, but this one is especially so. Nobody worries about dying falling out of bed. And if it really did happen, then it would be "merely" a tragic accident. Should the government only act to prevent types of murder if it happens more than people falling out of bed? A lot of people die of heart disease every year. Does that mean the government shouldn't do anything to try and prevent traffic accidents?
> Translation: We want to scapegoat the Internet as the root of the problem with terrorism.
This again is clearly not what's being said. They're aiming their guns at the internet, but nowhere is it implied that the root cause of terrorism is internet encryption.
> It is not the role of multinational corporations to police the world’s citizenry.
This is true, but those corporations cannot also place themselves above the law so they do have at least some duty, moral or otherwise to do something if the government wants them to (setting aside the specifics of the laws involved).
> Rudd pivots from the government’s successful battle against the spread of public propaganda by terrorist organisations to their belief that they need to eavesdrop on the private communications of every citizen in order to keep us safe.
I assume I missed something somewhere because afaict Rudd wants to be able to listen in on and extract evidence from private communications of suspects, much like they already do with telephone systems. I can't see anywhere she claims to want to actively listen to the entire population (though I fully get that it may end up that way on the basis that they've up to this point proven that they don't understand the technology well enough).
> You should take note of the companies that are part of the Global Internet Forum to Counter Terrorism and never trust another word they say to you about the encryption and privacy features of their products.
Feel free to stop using everything that most tech companies produce but if if this is intended to be actual advice I don't think it's realistic.
> What it will do is make all of less safe and lead to chilling effects that will destroy what little democracy we have left. It will result in a surveillance state and a global panopticon the likes of which humanity has never seen.
Having just gone through a general election that resulted in a rare minority government and, potentially as a result, a fundamental change to brexit ambitions, I don't buy this at all. We have just as much democracy as we had before. It's a very very long way from where we are now to the UK government locking up leaders of the opposition for example.
No one cares about facts. "Encryption keeps you safe" is a fact but its a boring one, it won't get shared around on facebook, which means it wont get out to the people who don't know its a fact. When you don't have facts to back you up you can just make up whatever story you want "Encryption kills your kids" will get shared on facebook no worries.
> When you don't have facts to back you up you can just make up whatever story you want "Encryption kills your kids" will get shared on facebook no worries.
If the brexit debate taught us anything it's that people can see BS in arguments from a mile away and, when it happens on both sides they dismiss all the facts and go with their instincts. There are some really good arguments against what the UK government is trying to do. I think dressing them up with falsehoods does nothing to advance them.
What about the Brexit debate could possibly make you think that?
So the fact there is hyperbole is par for the course.
This sort of "tough love" probably plays well politically with most of the population, who can't really think of a reason they'd like their privacy protected.
I really can't get my head around why all politicians (across the world right now really) converge on the same draconian policies.
Assuming you mean 'Eton', I don't know if you were even trying to contribute something helpful or meaningful, but Amber Rudd certainly didn't attend a boys' public school.
In a world of total digital surveillance, steganography and traditional cloak and dagger spycraft become relatively more useful.
While steganography usually refers to the practice of concealing a file, message, image, or video within another file, message, image, or video, it can be extended to the practice of hiding information in plain sight. An example is encoding a message into what passes for street graffitti. Or laying out rocks in a formation that only a drone or satellite can make sense of.
One of the smartest people I've ever met explained to me that more or less all digital communications are compromised if the resources of a nation-state are aligned against you and that the only practical solution for private and secure messages is hiding information in plain sight.
Benevolent AIs may be an outside possibility. Otherwise, short of nuking ourselves back to the stone age, I think total surveillance societies are here to stay.
Cash can mostly be tracked unless you just trade with black/grey market sellers. Adding RFID to notes and mandating readers on cash registers would already be feasible.
Home devices (TVs, DVRs, even fridges) increasingly have microphones and other sensors, so it'll be hard to be sure you're not being recorded even when talking to friends in their living room.
So it will just happen again. (Meet the new boss, same as the old... Animal farm etc) without all of them being dismantled too. And revolutions of that scale rarely work out well for anyone in the short term.
We could at least convert them into total sousveillance societies. If regular citizens can't have privacy, nobody should have privacy.
> she reveals that she has created the Global Internet Forum to Counter Terrorism with Facebook, Microsoft, Twitter and YouTube (Google/Alphabet, Inc.) and asked them to remove end-to-end encryption from their products (remember that Facebook makes WhatsApp) without telling anyone.
This wording implies that these big tech companies would silently, without anyone noticing, drop or compromise their E2E encryption. Is this something they could do? I'd expect such a change to be noticeable in both the clients they distribute and the network traffic they generate by people in the infosec industry.
Can anyone with a deeper understanding of the matter chime in?
The apps are closed-source, and cryptographic libraries already generate keystreams that look like random data. All they'd have to do is replace the random nonces etc. with data generated deterministically from their own key and some suitable factors (device ID, time), similar to how stateless password managers work; that would be virtually undetectable.
Whether they do it, I don't know, but I'd like to point out that Google used RC4 for SSL for a suspiciously long time after it was considered broken (all in the name of compatibility, of course). A change in public policy only occurred after the Snowden revelations.
However, to make this clear, this is all speculation, they could do it but whether they do it I can't tell and no one else can without insider knowledge.
I think what's more likely, at least in the case of WhatsApp, is that they would just not make an announcement when they remove E2E encryption entirely. The security community would certainly complain, and long-term, the traffic they are currently getting from parties of any interest would move somewhere else. But in the short term, it would compromise the security of a substantial number of their target users. It's plausible that, without a public announcement, many 'nefarious' users would continue to use it for a few months.
It seems possible that WhatsApp could be persuaded by the government to implement such technology.
Of course, what that solution turns out to be is a separate issue. I trust Google et al to know what they're talking about wrt encryption far more than the UK government though, so actively working with tech companies is a huge step up from the previous position (though obviously a long way still to go).
A lot of this stuff feels like a vindication of how Indians make fun of Brits: foot stamping, bureaucratic, and out of touch with a world that has largely passed them by.
If there ever was bigger case of people in glass houses should not throw stones, I've yet to see it.
But, it can be argued: this is WHY this is such a hot issue in UK politics at the moment. Total surveillance paired with The City's financial machinations = Britain can project its power again.
You are assuming there is no collusion between states. A big assumption in my opinion considering the UK is a part of the Five Eyes.
As an example, Drunk Drivers kill more people per year than terrorism, But no one in the UK talks about surveilling everyone to prevent drink driving.