SoylentNews is people
SoylentNews
Kieren McCarthy at The Register has an interesting article discussing the inclusion of encryption backdoors in the recently passed Investigatory Powers Act, also knows as the Snooper's Charter.
Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors.
As the bill was passing through Parliament, several organizations noted their alarm at section 217 which obliged ISPs, telcos and other communications providers to let the government know in advance of any new products and services being deployed and allow the government to demand "technical" changes to software and systems.
[...] As per the final wording of the law, comms providers on the receiving end of a "technical capacity notice" will be obliged to do various things on demand for government snoops – such as disclosing details of any system upgrades and removing "electronic protection" on encrypted communications.
Thus, by "technical capability," the government really means backdoors and deliberate security weaknesses so citizens' encrypted online activities can be intercepted, deciphered and monitored.
[...] In effect, the UK government has written into law a version of the much-derided Burr-Feinstein Bill proposed in the US, which would have undermined encryption in America. A backlash derailed that draft law.
[...] To be fair, there were some fears that Blighty's law would effectively kill off the UK software industry as well as undermine Brits' privacy, and expose them to surveillance and hacking by criminals exploiting these mandatory backdoors. This mild panic did bring about some changes to the UK's Investigatory Powers Bill before it was passed.
The question is: were the changes sufficient?
(Score: 4, Insightful) by Unixnut on Monday December 05 2016, @08:55PM
That is what they want. Back when free encryption was in its infancy, and they could hack to their hearts content, everything was good. The problem is the open source movement, which resulted in a push for better and better software, including better encryption, being available to general public.
I suspect we are reaching a point where the main intelligence agencies have trouble breaking encryption, hence this new push to allow deliberate weakness and "side-channel" attacks, rather than attacking the encryption itself.
I am not sure how this law will work with existing open source software (unless it becomes illegal to download a copy of veracrypt, or crypt-dm for that matter). What I think it will affect are "appliances" like your phone, and proprietary software. The government can prevent the sale of devices not deemed compatible.
If this law forces people to make their own weak encryption algos, then it is a win for them, we are back to the 90s with the 56-bit key length DES equivalent which they can break into to their hearts content.
(Score: 2) by bob_super on Monday December 05 2016, @10:35PM
Someone needs to write a dumbed-down generator of random 2048-bit primes.
You don't need much of an algorithm to be safe with a huge key, shared out-of-band.