The UK government will tomorrow publish draft legislation to regulate the use of encryption and require ISPs to log which websites their customers visit for a year. The government has previously expressed irritation at the idea of some communications being out of government reach. There is an (inevitably toothless) petition.
The silver lining is perhaps that the government still cannot comprehend that not all secure communications involve a communications provider. The government appears to be using the door in the face technique, making the bill as over the top as possible so they can appear to compromise later.
Related Stories
from the tyrant dept.
UK Home Secretary Theresa May is favored to become the new leader of the Conservatives and the UK's next Prime Minister following a first round of voting, the elimination of Liam Fox, drop out of Stephen Crabb, and the earlier drop out of Boris Johnson:
Home Secretary Theresa May has comfortably won the first round of the contest to become the next Conservative leader and UK prime minister. Mrs May got 165 of the 329 votes cast by Tory MPs. Andrea Leadsom came second with 66 votes. Michael Gove got 48. [...] Further voting will narrow the field to two. The eventual outcome, decided by party members, is due on 9 September. Following the result, frontrunner Mrs May - who campaigned for the UK to stay in the EU - received the backing of Mr Fox, a former defence secretary and Brexit campaigner, and Mr Crabb, the work and pensions secretary, who backed Remain.
[...] Mrs May - who has said she will deliver Brexit if PM - said she was "pleased" with the result and "grateful" to colleagues for their support. She said there was a "big job" ahead to unite the party and the country following the referendum, to "negotiate the best possible deal as we leave the EU" and to "make Britain work for everyone". She added: "I am the only candidate capable of delivering these three things as prime minister, and tonight it is clear that I am also the only one capable of drawing support from the whole of the Conservative Party."
Update: The race to lead the Conservative Party and become the next Prime Minister of the UK is down to two women: Theresa May and Andrea Leadsom:
Some things in life are very predictable... the Earth continues to orbit around the Sun and Theresa May is trying to crack down on the Internet and ban/break encryption:
In the wake of Saturday's terrorist attack in London, the Prime Minister Theresa May has again called for new laws to regulate the internet, demanding that internet companies do more to stamp out spaces where terrorists can communicate freely. "We cannot allow this ideology the safe space it needs to breed," she said. "Yet that is precisely what the internet and the big companies that provide internet-based services provide."
Her comments echo those made in March by the home secretary, Amber Rudd. Speaking after the previous terrorist attack in London, Rudd said that end-to-end encryption in apps like WhatsApp is "completely unacceptable" and that there should be "no hiding place for terrorists".
[...] "Theresa May's response is predictable but disappointing," says Paul Bernal at the University of East Anglia, UK. "If you stop 'safe places' for terrorists, you stop safe places for everyone, and we rely on those safe places for a great deal of our lives."
Last month New Scientist called for a greater understanding of technology among politicians. Until that happens, having a reasonable conversation about how best to tackle extremism online will remain out of reach.
End-to-end encryption is completely unacceptable? Now that's what I call an endorsement.
[more...]
(Score: 4, Insightful) by Absolutely.Geek on Wednesday November 04 2015, @07:38AM
It seems that they just don't get that privacy is a basic human right; or that it is completely possible to have unbreakable encription that there is no "service provider" or "tech company" involved at all.
But then again maybe they do and if you use self signed keys to encrypt stuff then you will be arrested..
Glad I am not living in the UK....I hope NZ is very far behind the curve on this one.
Don't trust the police or the government - Shihad: My mind's sedate.
(Score: 2, Informative) by Anonymous Coward on Wednesday November 04 2015, @10:04AM
In the UK you are required to provide your keys or face 2 years jail: https://en.wikipedia.org/wiki/Key_disclosure_law#United_Kingdom [wikipedia.org]
As for NZ where you presumably are: http://www.stuff.co.nz/technology/digital-living/67449940/customs-downplays-password-plan [stuff.co.nz]
Popular Linux distros should allow filesystem encryption AND whether you enable it or not they should also create an encrypted container: https://bugs.launchpad.net/ubuntu/+bug/148440 [launchpad.net]
If millions of people don't actually use that encrypted container nor have the key to decrypt it then you're more believable when you go "What key?" ;).
Otherwise just the presence of something that looks like an encrypted container means you have to hand over your keys or get 2 years jail. Even if it isn't actually an encrypted container! Could be a result of a cat /dev/urandom you did some years ago to test stuff or wipe data and never bothered to delete.
I wonder what will happen if it's someone else's encrypted stuff - I recall Wikileaks having an encrypted "insurance" file. Or you are keeping a friend's encrypted backups. Perhaps you should start making friends in countries with no extradition treaties with your country and offer to store their encrypted backups.
Then you can say this encrypted file is not mine. And he/she can say the same thing :).
(Score: 5, Informative) by Anonymous Coward on Wednesday November 04 2015, @10:40AM
Well, with one-time pads, you can create as many "decrypted" versions as you want. It works as follows:
Step 1: You have your secret data (S), create a one-time pad and encrypt it with that pad. Now you have an encrypted text (E) and a big key (K).
Step 2: You have harmless replacement data (R). You use the encrypted text E as "one-time pad" on R, and get a "fake key" (F).
When E is found on your hard disk and you're asked for the key, you give them the fake key F. That will decrypt the text to R. There's absolutely no way to prove that R is not the actually encrypted text (you should, of course, use something that one might reasonable go to the hassle to encrypt, or else you'll have a hard time to explain why you encrypted the one-digit multiplication table).
Step 2 can be repeated as often as you want (for example, in some countries encrypted porn might be a good explanation why you encrypted it; in other countries it will be a bad idea to show that you are carrying porn with you; therefore you might generate one fake key producing porn, and another one producing something else).
(Score: 2, Funny) by Anonymous Coward on Wednesday November 04 2015, @02:38PM
Sure, just memorize two 4GB one time pads.
(Score: 2) by tonyPick on Thursday November 05 2015, @12:23PM
Today I can find 8GB USB sticks for under a fiver, and the pad is indistinguishable from random noise.
(Score: 0) by Anonymous Coward on Wednesday November 04 2015, @08:42PM
This is all great information.
The problem is that only the intelligent and the people that care will take these steps, and even have alternate partitions for the concerns you cited.
The law will most heavily fall upon those that have no defenses, much like how cattle have been domesticated and are readily culled from the herd as needed to provide food and luxury goods to others.
(Score: 0) by Anonymous Coward on Wednesday November 04 2015, @10:07PM
Otherwise if you do significant updates to the encrypted file when they seize all your stuff and require you to produce the "F" you may not have access to an up-to-date "E" to generate the "F" from "R". You might not even have access to an "R".
(Score: 3, Informative) by edIII on Thursday November 05 2015, @12:06AM
Well... more accurately OTP has as many decrypted versions as the possible permutations of the dataset itself .
It's not big key (K) and encrypted text (E), it's Key (K) and CipherText (C), and they are perfectly equal in size. Therein lies the truly unbreakable encryption, of which to my knowledge, OTP is the only one that claim that title.
The why is simple.
0 1 0 1 0 1 0 1 1 0 (P)
1 0 1 0 1 0 0 1 1 0 (K)
0 1 1 0 1 1 1 0 0 1 (C)
I know they don't line up without a monospaced font (I'm too lazy today), but the unbreakable part comes from the fact that the first pair of PK (column) is wholly disconnected from the 2nd, and the 10th pairs. The operation is purely non-deterministic because of this. Typical encryption is not, and because Key (K) is a small insignificant size compared to CipherText (C), the 1st, 2nd, and millionth pairs are related and deterministic. Hence, they are mathematically provable to be breakable under the right conditions. Doesn't matter that science says multiple stars are required to break it either. It's nearly impossible to securely exchange your keys when they are the same size as the dataset, which is why we use Diffie-Hellman, and because of poor implementations of it, encryption is routinely broken.
In court, it's 100000000% impossible for a mathematician to state that any dataset is more probable than any other dataset when using OTP correctly. Meaning, ALL cases of Plain Text (P) are equally possible from CipherText (C) where Big Key (K) is missing and unavailable.
Big Key (K) is the proof itself of which dataset is actually contained in CipherText (C). So, without decrypting OTP, you can't prove the contents of OTP. Where you show designs for a bomb, I can show you a picture of monkeys writing Shakespeare. Or your mom blowing Putin. Or Putin blowing your dad. Anything is possible. That's the point :)
Mathematically pure unbreakable encryption
I'll leave it to other experts to explain why OTP will sadly never be widely used for anything....
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Thursday November 05 2015, @12:20AM
With a OTP, why not just memorize the actual file? It's exactly the same size.
(Score: 2) by maxwell demon on Thursday November 05 2015, @11:45PM
For the same reason why you don't memorize the key for your RSA encrypted file?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Wednesday November 04 2015, @11:32AM
The Brits have never gotten basic human rights. Magna Carta, after all, was a statement of landed baron's rights versus the crown and didn't free any serfs. The English Civil War was about religion, not parliamentary authority per se.
(Score: 2) by turgid on Wednesday November 04 2015, @08:51PM
The Brits have never gotten basic human rights.
Not really (from Liberty [liberty-human-rights.org.uk]'s web site):
The current bunch of fascists [conservatives.com] in government want to scrap that and "replace" it with a British Bill of Rights.
Just like before the recent General Election, Irritible Duncan Syndrome [conservatives.com] wouldn't tell us which particular welfare/benefits he would cut in his massive £12 billion programme and suprisingly kicked supporters of his own party squarely in the teeth [telegraph.co.uk].
But as the right-wing loonies are so frequently heard to rant, "Yooman rights! Yooman rights! I don't need no yooman rights cause I ain't done nothing wrong!" I dare say they're heading for another kicking along with everyone else.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 2) by turgid on Wednesday November 04 2015, @08:53PM
I missed out a link there. The second blockquote is from the Independent [independent.co.uk].
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 5, Insightful) by jdavidb on Wednesday November 04 2015, @02:49PM
It seems that they just don't get that privacy is a basic human right
Governments do not get rights. Governments do not care about rights at all. When it comes to securing your rights, government is not your friend and it is not your defender. It is the biggest enemy of your rights in existence. Other criminals may also pose a danger to your rights, but only government can do so with legal impunity.
The assertion in the U.S. Declaration of Independence, "That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed" is a complete fiction with regards to all governments in existence today. Governments only care about rights as much as they need to to keep their farm animals happy and healthy, preventing revolt. Individual politicians only pay lip service to rights to get elected, and the rare exceptions rarely get elected (and if they do, once they get a taste of the power they have, they become corrupted addicts just like all the rest of them).
If you are hoping to persuade your government anything at all about your rights, you will hope until you die and never see your hope fulfilled. You are the farm animal and they are the farmers.
ⓋⒶ☮✝🕊 Secession is the right of all sentient beings
(Score: 1, Funny) by Anonymous Coward on Wednesday November 04 2015, @01:51PM
Public key cryptography is not unbreakable. It will just take you a very long time to break it. Moreover, if you have a working quantum computer, you can break it in reasonable time. Therefore I conclude public key cryptography is safe from this law. :-)
(Score: 4, Informative) by Rich on Wednesday November 04 2015, @02:33PM
There's an interesting history bit from the development of DES: It was known to _some_ that a new technique, differential cryptanalysis (https://en.wikipedia.org/wiki/Differential_cryptanalysis [wikipedia.org]) could be used to attack such ciphers. IBM conferred with the NSA and the DES released to the public was made secure in that respect.
The conclusion is that someone must have decided that it's overall advantageous if the public can encrypt securely. Otherwise they would have released an attackable variant and used a secure variation for military and official use (maybe with the excuse of having a few more bits of key, without revealing the true reason behind it, of course).
It would be interesting to know the reasoning behind the decision and whether that still would be valid. The current issue goes even further, because if it is fully known in the first place that a state has unlimited access, no one would be doing (serious) business under the rules of that state anymore, if they could be secure elsewhere.
(Score: 0) by Anonymous Coward on Wednesday November 04 2015, @10:00PM
So back then they probably wanted it weak enough for them to break but not weak enough for others to break.
(Score: 2) by Runaway1956 on Wednesday November 04 2015, @02:38PM
I've got a log for them - they better get it quick before I flush.
WTF does anyone put up with this crap? I mean, even if you grew up in a country where the crown can put you in prison for stupid crap, WTF put up with it? Have yourselvses a nice little revolution, and tell the successors they better learn a lesson.
Maybe I'm just a violent man. If I were a black guy living in New York City, I'd have been trying to organize an insurrection when Stop and Frisk was put into effect. That's it, I'm just a violent person.
We're gonna be able to vacation in Gaza, Cuba, Venezuela, Iran and maybe Minnesota soon. Incredible times.
(Score: 2) by Phoenix666 on Wednesday November 04 2015, @03:23PM
The UK exported all the people that would think of such a thing a long time ago. Those people did have a little revolution and formed the United States, though where all their descendants have gone since then is a mystery. Meanwhile back in the UK the Scots had an excellent opportunity to break away from the crown and they didn't even have to pick up a weapon or shed a drop of blood, but they demurred.
Washington DC delenda est.
(Score: 0) by Anonymous Coward on Thursday November 05 2015, @11:04AM
"WTF does anyone put up with this crap?"
Human beings don't have any free will.
See the science on human reasoning:
https://www.youtube.com/watch?v=PYmi0DLzBdQ [youtube.com]
(Score: 4, Interesting) by bradley13 on Wednesday November 04 2015, @04:02PM
Is this what the former British Empire has come to? Pathetic...
As I recall, some thirty eight classes of agencies are intended to have access to the data, all the way down to local councils (i.e. local town governments). The justification for the legislation is, of course, fighting serious crimes like terrorism and child porn. However, in actual fact, access granted for simple crime prevention and a host of other reasons. In a nutshell: basically anyone can look at the data for any reason.
If this passes, and I were in the UK, I would immediately set up an encrypted proxy to some server outside the country, and route everything that way. With AWS, this is dead easy. Put your server in Ireland, or in Germany, and tell the UK government to fob off.
Everyone is somebody else's weirdo.
(Score: 0) by Anonymous Coward on Wednesday November 04 2015, @09:04PM
They will find you and put you in jail for violating their laws.
This is not a game like sidestepping DRM where you upset a recording studio. They will charge you with data crime laws, conspiracy to commit terrorism, and any number of fabricated charges to frighten those with the skills to do so to not do so OR LEAVE.
If they get the people who can do this to leave, then by proxy only the criminals who can will be the ones remaining that are doing it. Merely exercising your non-existent right to privacy can have you thrown into solitary confinement and you can be private for 23 hours a day. The wikileaks guy will appear to be luxuriously free in comparison.