back to article What do UK and Iran have in common? Both want to outlaw encrypted apps

Encrypted communications will be backdoored or banned in the UK if the Conservatives win the next election, Prime Minister David Cameron has pledged. Youtube Video The UK government has always had the power, “in extremis,” to read Brits' personal post and eavesdrop on electronic chatter, he repeatedly insisted on Monday in a …

Page:

  1. Steve Davies 3 Silver badge

    Ahh The dereaded VPN

    The app that allows you to connect securely to your company mothership using encryption.

    As such it is a prime candidate for being banned.

    Will gov.uk try to outlaw its use?

    They can try but they will fail. The corporae sponsors of the ConDem Gov will have something to say about that with an election looming.

    Mind you, Junos Pulse could do with being wiped off the face of the earth for interfering with VM private networks.

    1. Stuart 22

      Am I a wrung'en?

      I have my own mailserver not located in the UK. I connect direct to that by TLS from my local mail agents or SSL Webmail from my browsers. So are they going to ban https://anything.anywhere and have they told Google?

      Muppets.

      1. Anonymous Coward
        Anonymous Coward

        Re: Am I a wrung'en?

        All 'Call me Dave' is showing, along with all the other politicians and a vast amount of top and middle level civil servants, is that they know absolutely nothing about the internet and computers.

        1. Robert Helpmann??
          Childcatcher

          Re: Am I a wrung'en?

          ...they know absolutely nothing about the internet and computers.

          <TINFOIL>These sorts of pronouncements strike me as serving the function of smoke screen. That is to say that while various pols are going on about the terrible thing that is widespread use of encryption, there are any number of people working in the back room to break it. Once it has been broken, I would not expect the wailing and gnashing of teeth over enhanced security to stop. I would expect our officials to continue to complain that it gets in the way of doing their jobs protecting the people while they proceed merrily on their way with access to whatever they want.</TINFOIL>

        2. Anonymous Coward
          Anonymous Coward

          Re: Am I a wrung'en?

          middle level civil servants, is that they know absolutely nothin And why do you expect it to be any different?

          Ad on the Register: GCHQ starting salary for a trainee analyst: 17k-21.6K.

          From the same Register: starting graduate salary in Aldi - 42K.

          So what "Call me Dave' is spewing reflects the amount of money 'Call me Dave''s Government is paying for technical expertise in the key field they see as essential in the "war against terror". That's all.

        3. Jim 59

          Re: Am I a wrung'en?

          @Ivan 4 the UK government (cabinet) contains no engineers or scientists.

          unlike Mrs Thatcher (BSc Chemistry)

          1. Hans 1

            Re: Am I a wrung'en?

            > unlike Mrs Thatcher (BSc Chemistry)

            She must have been sniffing lead vapours day in, day out.

        4. HOW many?

          Re: Am I a wrung'en?

          Not only do they not know much about IT - They don't know THAT much about the people they want to vote for 'em either…….

          Frankly I don't much like the posh boy and I utterly loath May

          BUT

          All the other B'stards seem irrevocably committed to stealing the pittance I have managed to squirrel away – Apparently to offset their ****ing up of most things economic.

          And that pushes me reluctantly into having to support posh boy.

          Yet somehow everytime the blue rinse ladies of their lame focus groups come out with more ‘great concepts’ like this (when they’re not obsessing about anyone having the temerity to drive at more then 20 mph) they seem hell bent on making it impossible for me to actually vote for ‘em!

          This 1984 ‘Freedom’ to be surveilled - rather than actually have free speech (which they killed off in the 90s) - is unconscionable.

      2. Anonymous Coward
        Anonymous Coward

        Re: Am I a wrung'en?

        Yep, I think it is possible without banning SSL, as has been demonstrated by the DPRK. You simply turn the country's WAN into an intranet and mandate that all browsers (need there be more than one?) accept only certs signed by Ms May. Then you have a box that sits in the middle that intercepts all SSL traffic.

        Et voila, a computer network that is as secure as the POTS.

        1. TonyHoyle

          Re: Am I a wrung'en?

          If they MITM SSL you just wrap SSL in SSL.. they still only see encrypted traffic.

          Not that it'd happen - ecommerce and banking, and therefore a large part of the economy, relies on secure financial transaciions.

          1. Glen 1

            Re: Am I a wrung'en?

            'relies on secure financial transaciions'

            Are you so naive that you think the spooks dont [have the capability to] monitor this?

            The US openly admits it hoovers all the SWIFT banking records. All in the name of terrizm of course...

            One of the many reports on the matter

            Edit: perhaps not all, just the ones they like the look of.

            1. Ken Hagan Gold badge

              Re: Am I a wrung'en?

              The security for my online banking serves two purposes. Firstly, it stops others from seeing what transactions I am carrying out. If, as you suggest, the authorities are able to demand that banks hand over the transaction details afterwards, this still means that no-one else can spy on me. The banks probably don't care one way or the other.

              Secondly, it stops me from turning round to my bank and saying "I didn't do that". I really, really doubt that the banks would be happy with that. If Dave really did manage to enforce a ban on encrypted connections within the UK, the City of London would have to find another country to exist in. I really, really doubt that Dave would be happy with that.

      3. Joseph Eoff

        Re: Am I a wrung'en?

        Would you people please stop insulting muppets?

        Muppets have shown themselves to be consistently more intelligent, wise, and entertaining than all the politicians on this planet.

        http://en.wikipedia.org/wiki/The_Muppets

    2. Glen 1

      Re: Ahh The dereaded VPN

      They won't outlaw VPNs...

      They will probably mandate that all VPNs are encrypted with certs from 'authorised' or 'known' certificate authorites. (which the spooks can already MITM)

      cough*easily removable fig leaf*cough

    3. streaky
      Alien

      Re: Ahh The dereaded VPN

      Guys you can't "outlaw VPN" without crashing the entire economy of the entire country (because one can't tell the difference).

      By even arguing over this you're actually worse than Cameron and his clueless government. If it did come to pass I'd raise up an army anyway so..

      Also one does not arbitrarily "break encryption", and DC would never make the rich pay enough tax to even throw 1 trillionth of the required resources at the first email they want to read sooooo.. It's a funny joke but it has no basis in reality.

    4. Jim 59

      Risk vs benefit

      Would we rather give up all privacy and have no terrorist attacks, or put up with a few attacks and keep all of our encryption ?

      I would compare it to roads. About 8 people will die today on UK roads, as they do every day. The harsh truth is that we put up with this because it is outweighed by the huge benefit of roads. We do a lot to minimize the carnage, but we don't ban cars. Sorry if that comes across callous, but I am getting to a point here.

      If terrorists kill up to (say) 20 citizens in the UK every year, are we happy to put up with that to maintain freedom ? Many people might say "yes". How about 100 ? Or 1000 ? Is anybody going to stick their neck out and name a number ? If a certain disease killed 100 people in the UK a year, would we be as worried, or is that different ?

      1. CommanderGalaxian

        Re: Risk vs benefit

        You've based your figures on a seriously flawed assumption - that terrorism and encryption are the same thing.

      2. Roland6 Silver badge

        Re: Risk vs benefit

        All very logical, however, politics has gone way beyond logic, particularly over saving 'lives'.So politicians et al jump up and down if the total number of deaths go up, but ignore the data which shows that this is simply an effect of a larger population and in fact the number of deaths per 1,000 may have gone down.

        So what will happen is that encryption will be banned and all bank transactions will be conducted in person over the counter, progress!

      3. Anonymous Coward
        Anonymous Coward

        Re: Risk vs benefit

        Would we rather give up all privacy and have no terrorist attacks, or put up with a few attacks and keep all of our encryption ?

        Its not even that simple a choice.

        Would we rather give up all privacy and possibly have a few less terrorist attacks or put up with the CURRENT LEVEL of attacks and keep all of our encryption.

        Even if there were no encryption, there would be terrorist attacks. Terrorists have been able to mount attacks against governments and societies since long before the internet.

      4. Champ

        Re: Risk vs benefit

        This gets to the very nub of the argument - have an upvote.

        I maintain that the only response to terrorism is to say to the terrorists "Is that all you've got?" They'll have a hard time murdering all 60 million people in the UK. Or ~300 million in the US and/or EU.

        You only have to fly anywhere nowadays to see that "the terrorists have won". Trying to counter-terrorism immediately concedes the agenda to the bad guys.

      5. streaky

        Re: Risk vs benefit

        @Jim 59

        Yeah neither the internet nor crypto have anything to do with terrorism. If there was somehow some way to stop all internet terrorist activity they'd just switch to sending letters around or the ever classic two tins and a long piece of string or better still meet in a bar once a week.

        For damaging the security of crypto (which is so disgustingly outside the realms of the UK security services capability I've lost my earlier sense of humour on the subject) you trash the UK's economy and arguably the world because all banking, shopping, trading etc transactions have to stop while we come up with something new.

        VPNs, your connection with Amazon, banking trades, TOR etc work off the same protocols which is precisely what confers security on them in the first place - they all look the same to anybody who doesn't have the right private keys.

        "Would we rather give up all privacy and possibly have a few less terrorist attacks or put up with the CURRENT LEVEL of attacks and keep all of our encryption."

        If the level of attacks increased (much as I've been ridiculing Donald Trump over this issue) we should probably look at revisiting the relevant laws for defensive weapons before we break our entire way of life and economic system.

      6. Alan Johnson

        Re: Risk vs benefit

        It is all abour risk versus benefit but what is lost in the constant fear mongering by our government assisted by the media is that the rate of death from terrorism is very low far lower than it has been at any other time in my lifetime and arguably at an all time historic low although it is difficult to compare figures back a long way.

        The threat that we are constantly remined about whould be compared to the threat from the IRA when we had regular bombings regualr deaths yet less panic and less erosion of liberties.

        The paradox is that the rarer terrorist attacks become the more afraid of them we seem to get.

        The benefit of new powers is notional at best given how low the rate of attacks is at the moment and the fact that whatever powers are given some attempted attacks will suceeed. WIth negligible benefits the case for more powers does not exist but I expect the powers will be given anyway.

      7. NumptyScrub

        Re: Risk vs benefit

        If terrorists kill up to (say) 20 citizens in the UK every year, are we happy to put up with that to maintain freedom ? Many people might say "yes". How about 100 ? Or 1000 ? Is anybody going to stick their neck out and name a number ? If a certain disease killed 100 people in the UK a year, would we be as worried, or is that different ?

        I'll draw a line in the sand; when terrorism regularly kills more people than cars, I'll support more draconian measures to curb terrorism. If it ever did happen though, I'd have to suspect that someone was deliberately letting them through in order to support an unpopular political agenda (such as curbing or removing basic freedoms from your populace in the name of "safety") ^^;

        Je suis cynique

      8. LucreLout

        Re: Risk vs benefit

        I would compare it to roads. About 8 people will die today on UK roads....

        Sorry, but you have that wrong by almost a factor of two. 4.7 people will die on the roads statistically today. The annual total is 1713.

        Would we rather give up all privacy and have no terrorist attacks, or put up with a few attacks and keep all of our encryption

        Assuming it were an all or nothing choice, you'd probably find that the absence of encryption caused more deaths than actual terrorists. An absence of any encryption would lead to a surge in corporate espionage and a commensurate surge in job losses due to business closure (everyone else will still be encrypted, just not UK data), and correlated surge in suicides. 58 terror deaths since 2000, with NHS figures suggesting that 2008-2010 around 1000 suicides were due to job loss.

      9. Anonymous Coward
        Anonymous Coward

        Re: Risk vs benefit

        Encryption is for financial security reasons as well as just privacy.

      10. Jonathan Richards 1
        Stop

        Re: Risk vs benefit

        > Would we rather give up all privacy and have no terrorist attacks

        Bzzzt. False dichotomy. I think it's perfectly possible to surrender altogether too much privacy, or capacity for privacy, and *still* be faced with a threat. Conspiracies worked *before* the Internet, people.

      11. Cynic_999

        Re: Risk vs benefit

        I am extremely sceptical that a single terrorist attack would have been prevented if encryption had not been available. Before Blair decided to create a Muslim terrorist threat by invading a virtually unarmed country that was in no way a threat to the UK, it was the Irish that was the big terrorist threat to England. Which is very odd if you believe the nonsense regarding encryption and the need for Internet surveillance, because for the vast majority of the time the IRA were able to carry out their deeds without the Internet or electronic encryption.

        Therefore I simply do not believe that banning encryption and having 100% surveillance of the Internet will make any significant difference to the number of terrorist incidents that take place. Once terrorists or other bad guys know that a particular method of communication is unsafe (which has been at least suspected wrt the Internet for decades), they simply use other methods of communication.

    5. Anonymous Coward
      Anonymous Coward

      Re: Ahh The dereaded VPN

      Welcome to the United Kingdom of Communists. Cameron has completely subverted the meaning of being conservative.

  2. Gordon 10

    Good luck Dave

    You have just confirmed any wavering doubts I had about voting for one of the other 2 muppets - or possibly Fardre on the grounds he can't even spell encryption.

    1. MJI Silver badge

      Re: Good luck Dave

      What is the betting that Millipede will be thinking along similar lines?

      Or Clegg?

      I think I will ask my MP.

      1. Gordon 10

        Re: Good luck Dave

        Surprisingly Cleggy seems the closest to getting it right. Shame some of their other policies are so whackdoodle.

        From the Beeb

        http://www.bbc.co.uk/news/uk-politics-30673625

        Mr Clegg said he backed targeted measures to identify suspected extremists and if necessary examine their communications, saying the state had always reserved the right to "steam open a letter" if it thought those behind it meant harm to others.

        But he told BBC Radio 4's Today programme that one element of what Mr Cameron was proposing would go much further and would involve "scooping up vast amounts of information on millions of people - children, grandparents and elderly people who do nothing more offensive than visiting gardening centre websites".

        "Privacy is a qualified right. If someone wants to do us harm, we should be able to break their privacy and go after their communications," he said.

        "But the snoopers' charter was not about intercepting communications.

        "It was about storing a record of all your social media activity, of every website you have visited of every single individual in this country, of people who would never dream of doing anyone else any harm, would never dream of becoming a terrorist or having anything to do with extremist ideologies.

        "The question we need to ask ourselves, in a free, open society as we defend our values against the abhorrent attacks we saw in Paris, is where do you draw the line?"

        1. The Mole

          Re: Good luck Dave

          I almost crashed when I listened to that and realised Clegg actually understood the concept much better than the interviewer.

          1. MJI Silver badge

            Re: Good luck Dave

            Unfortunately Clegg will be wiped out at the elections by idiots who cannot think for themselves

            1. DPWDC

              Re: Good luck Dave

              Clegg said the same thing last time the elections were coming round, when it was labour that were trying to push through the snoopers charter.

              Once he got a bit of the power, he changed his tone and said that things had changed since then and that the security services needed more powers (and that we needed to raise tuition fees after all... I digress...)

              Now it's election time again, guess what, he'd back to the vote winning line of banning the snoopers charter...

              1. HOW many?

                Re: Good luck Dave

                "Once he (Cleggie) got a bit of the power, he changed his tone...."

                On Student Loans he really did (and yeah breaking that promise could sink him)

                But on this he did not - He really did poke the stick in May's rabid spokes when she demanded the right to rummage through your electronic underwear draw.

                - YOU, however, are either Millipede or Posh Boy posting in disguise and I claim my free hat &/or tee shirt. (I know you're not May because you're lucid).

      2. Anonymous Coward
        Anonymous Coward

        Re: Good luck Dave

        Milibandwagon said his party is considering it.

        So basically he'll wait to see what the public think and then jump on the bandwagon.

        1. Matfink

          Re: Good luck Dave

          You mean there's a politician that actually listens to the public?!

        2. Sir Runcible Spoon
          Flame

          Re: Good luck Dave

          We can only expect any improvement if we can vote in a political party that is prepared to take on the Whitehall mandarins - and we have to support them through all the roadblocks that will be put up in front of them to take them down via trial by media.

          Likely? I won't be holding my breath.

  3. phil dude
    WTF?

    Galileo...

    "Eppur si muove"

    The government is going to try banning the multiplication of numbers soon.

    The reading of certain books.

    If it wasn't painfully reminiscent of what I remember from reading about the trial of Galilieo...

    P.

    1. MrT

      Knee, meet Jerk...

      ...ah, I see you are already acquainted.

      Eppur si muove, indeed.

    2. Dr Paul Taylor

      Re: Galileo...

      I have studied the trial of Galileo but I do not see the connection.

      1. Charles 9

        Re: Galileo...

        "I have studied the trial of Galileo but I do not see the connection."

        Simple: Can you REALLY stop people testing conventional wisdom? Even when Galileo was shut up, his knowledge simply moved into Protestant territory where the Church had no sway.

  4. Anonymous Coward
    Anonymous Coward

    Is this April 1st?

    Must check calendar....

    So this twat is proposing making https illegal? The foundation upon which trusted Internet commerce rests?

    What f*cking muppet.

    1. Anonymous Coward
      Devil

      Take it a step farther (unless thats further)

      Wait until the chips on your credit cards are re-issued without encryption...

    2. Glen 1

      re: https illegal

      The trust mechanism used is already broken, they dont need to ban it.

      Google results for "snowden https"

    3. veti Silver badge

      https isn't "secure" in the sense that it can't be eavesdropped - never has been, isn't really designed to be. The only assurance it gives is that the server you're talking to is what/where it claims to be. So that's fine, under Dave's rules.

      I think this is a great idea. Given that GCHQ is one of the world leaders in electronic snooping, if this provision is enacted, we'll soon have a list of the best privacy protocols available - it'll be all the ones that are banned in Britain.

      1. DropBear
        WTF?

        https isn't "secure" in the sense that it can't be eavesdropped - never has been, isn't really designed to be

        Beg pardon? You have a source for that? And I'm not talking about someone who might be able to break it and listen in with enough effort - what you seem to suggest is that it's effectively plaintext and that's not how I remember it.

      2. Anonymous Coward
        Anonymous Coward

        > The only assurance it gives is that the server you're talking to is what/where it claims to be.

        I think you are confusing an SSL encrypted session with certificate verification.

        There is some overlap in the technology but they're not the same thing.

  5. arrbee

    But if you're self-employed, e.g. as a lawyer, your communications are commercial/legal, not personal.

    Or will personal end up meaning "sent to or from a person" ?

    For some reason our current crop of politicians seem determined to construct a fully equipped ready-to-go totalitarian state, just waiting for the wrong people to move in at the top, no assembly required.

    I'm (almost) sure the politicians don't see the risks because they know themselves to be thoroughly decent chaps, but it does seem to show a breathtaking arrogance to ignore the very history they insist our children should be learning.

    1. wolfetone Silver badge

      We already have the wrong people at the top.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like