back to article Encryption is the REAL threat – Head Europlod

Europe’s top cop has taken to the BBC to once again slam encryption as the biggest threat to counter-terrorism and law enforcement. Europol Director Rob Wainright said encrypted communications gave plods across the continent the biggest headaches, and his main gripe was with the IT companies that provide them. “We are …

Page:

  1. Ashton Black

    So, in translation...

    "Waaaaa! decryption is hard."

    It's not impossible to break a single target, but that's not what he's after. He wants mass, unwarranted surveillance. This is just sour grapes, not a legitimate argument.

    1. I Am Spartacus
      Mushroom

      Sniff, sniff, ahh the heady whiff of bullshit

      Before eMail, facebook, twitter, etc, there were other ways of terrorists communicating: face to face, letter, phone.

      Phone's they could tap, but they needed a court order. IE, there was oversight;

      People they could follow, but it required having those things call spies. But we all know that they can (and did) bug rooms, meetings, etc.

      Letters they could steam open and read, but only if the tangos had not used some for of encryption or coding.

      Now they are complaining because it is all too hard. This sounds less like a complaint and more of request for the latest and greatest super computer to crack encryption.

      1. Anonymous Coward
        Thumb Up

        Re: Sniff, sniff, ahh the heady whiff of bullshit

        They only have themselves to blame.

        Most people weren't that fussed until they learnt how the intelligence agencies had been spying on everyone. If their surveillance capability was so vital for counter-terrorism maybe they shouldn't have spaffed it all by spying on the likes of Angela Merkel, foreign competitors, employees of of telecoms companies and everyone else.

        It's like a kleptomaniac whinging that all his neighbours have all gone out and put locks on their doors.

        1. ecofeco Silver badge

          Re: Sniff, sniff, ahh the heady whiff of bullshit

          "It's like a kleptomaniac whinging that all his neighbours have all gone out and put locks on their doors."

          POTD

          1. dan1980

            Re: Sniff, sniff, ahh the heady whiff of bullshit

            The core problem is that these agencies and groups do not value the privacy and security of their citizens (let alone those who aren't their citizens).

            Thus, they view their collection of information as more important that the security of the people they are supposedly protecting.

            Encryption protects people from criminal intrusion. Even just encrypting transmission is not enough - we need full 'no knowledge' storage because 'hacks' can, and do, happen with alarming regularity. But of course this would hinder the ability for our governments to spy on us keep us safe so it is therefore a 'bad thing'.

            The inability of police to walk up to any house and enter and search without a warrant no doubt prevents them from catching some criminals. The inability (well, legally) of police to torture suspects to get information out of them no doubt prevents them from charging and getting convictions for some criminals.

            Removing protections to keep people safe is false logic. And it's not like they don't know it - they just don't care.

    2. big_D Silver badge

      Re: So, in translation...

      And lack of encryption is the biggest threat to normal Internet users... Get used to it.

      If the big companies make it easy for cops and spies to get at unencrypted data, they have also made it easy for crooks, hackers and pretty much anybody else to get at as well.

      1. ecofeco Silver badge

        Re: So, in translation...

        "If the big companies make it easy for cops and spies to get at unencrypted data, they have also made it easy for crooks, hackers and pretty much anybody else to get at as well."

        Second POTD.

        The current state of the environment means we HAVE to encrypt to protect us from BOTH sides.

    3. Vimes

      Re: So, in translation...

      In his eyes it would appear that society should be run in a way to make things easier for the various security services rather than having the security services run in such a way that makes the lives of those living in that society easier.

      That's a very skewed way of looking at things. Dangerous too...

  2. Greg D

    That Dutch MEP nailed it pretty much

    “What is next? Having a lock on the front door of your home being a criminal offence? Banning people from protecting their private communications is unacceptable in a democratic society. We are really on a slippery slope here."

    Yup. How can any person with an iota of intelligence NOT see the ruse here? This is a collective effort of government spy agencies to use the excuse of counter-terrorism to gain access to all business and personal communication. I don't think counter-terrorism actually has a leg to stand on in this argument.

    For starters, they (terrorists - or any law breaker for that matter) aren't going to listen to any laws stating encryption cannot be used.

    1. nematoad

      Re: That Dutch MEP nailed it pretty much

      It's a pity that not being Dutch I can't vote for her.

      A politician in touch with what real people think and feel.

      Who'd 'a thunk it?

    2. xeroks

      Re: That Dutch MEP nailed it pretty much

      except...

      When only bad guys and weirdos use encryption, detecting bad guys is easy: just pay attention to the encrypted communication - who sent it, who received it, and when it happened. Presumably it's easier, when required, to crack a small number of emails.

      However if ALL comms are encrypted, suddenly it's all a lot harder to spot the bad stuff.

      perhaps they should have thought twice before retaining all that unencrypted data in the first place...

      1. phil dude
        FAIL

        Re: That Dutch MEP nailed it pretty much

        That is fundamentally not true. There are many legitimate uses for encryption, not least, legal and financial security. It is lazy to think they do not have *other* methods.

        Bad people do bad things no matter what the law says.

        This is an incompetent attempt power grab, and using the recently dusted off "think of the children" bullsh*t.

        We as a society, are only as safe as our ability to communicate freely without reprisals.

        Without private speech, that it is tyranny.

        P.

        1. Naselus

          Re: That Dutch MEP nailed it pretty much

          @phil dude

          I think you missed xeroks' point - he's not saying that only bad guys and weirdos PRESENTLY use encryption, but rather that if we lived in a world where that was the case it'd be easier to spot them.

          He's quite correct in saying that. In a situation where only the 'bad guys' are using encryption, then it becomes easier to spot their interactions. You just try to trace the source and destination rather than bothering to crack the crypto. This is basically the reason Tor was invented, after all; it was a response to the fact that even if you don't know what the content of a message is, just knowing who sent it and when is still valuable information.

          I don't think xeroks is posting in favour of an omniscient police state, but is rather pointing out that if the security services hadn't insisted on listening to every piece of traffic, encrypted or otherwise, then they wouldn't have built themselves a massive privacy haystack to keep their needles in.

        2. Anonymous Coward
          Anonymous Coward

          Re: That Dutch MEP nailed it pretty much

          "There are many legitimate uses for encryption, not least, legal and financial security."

          The most legitimate reason should be "because I choose to".

          The one part of the argument where our increasingly whiny spooks are gaining at least a little traction is in questioning why anyone who isn't hiding a dirty little secret would conceal their activities. It's a line that should be gone at very hard wherever it is made; there are a billion legitimate reasons to seek privacy, and in a civilised society I really should not be obliged to apologise for or explain mine to curb a whiff of suspicion.

      2. madick

        Re: That Dutch MEP nailed it pretty much

        "... just pay attention to the encrypted communication..."

        Fine if you know which messages actually are encrypted. I would assume that most of the "bad guys" are using steganographic methods to hide their (probably encrypted) messages.

      3. Bucky 2

        Re: That Dutch MEP nailed it pretty much

        @xeroks:

        When only bad guys and weirdos use encryption, detecting bad guys is easy: just pay attention to the encrypted communication - who sent it, who received it, and when it happened. Presumably it's easier, when required, to crack a small number of emails.

        Alas, the prerequisite to detecting encrypted communication in this scenario is to intercept ALL communication, and then analyse all of it to identify the encryption.

        This kind of widespread wiretapping is supposed to be legally unavailable to a government.

    3. Anonymous Coward
      Anonymous Coward

      Re: That Dutch MEP nailed it pretty much

      It's obvious that bad guys have been using encryption to hide their secrets. What must be worrying intel agencies is that 'using encryption' will soon be useless criteria to narrow their searches for suspicious activity, because basically everybody plus dog will be ciphering their data. I guess now they will have to look for people using non conventional ciphers or crypto tools. To be clear I'm not endorsing any mass surveillance by government, just trying to make sense out of this.

      1. nijam Silver badge

        Re: That Dutch MEP nailed it pretty much

        > What must be worrying intel agencies is that 'using encryption' will soon be useless criteria ...

        This is so naive. Are you saying that honest folk don't use/need encryption for (say) online banking?

        Encryption has never been the preserve of criminals (unless you include that fact that it was "security agencies" that were the first major users).

        1. Anonymous Coward
          Anonymous Coward

          Re: That Dutch MEP nailed it pretty much

          I'm not saying that. What I'm saying is that if I were an intel agency looking through billions of messages per day, focusing in the subset of people using encryption would be a good tactic to narrow my search space. The subset of people using encryption (i.e. people who want to keep something secret or private) includes good guys and bad guys. If suddenly everybody starts using encryption my previos tactic is no longer effective.

  3. Anonymous Coward
    Anonymous Coward

    waaaa waaaaaa someone took my ball

    and I want it back.

  4. Destroy All Monsters Silver badge
    Flame

    Yet another one? How do we get rid of him fast?

    Is there a hatchery somewhere? We need to know. Then send Wikus van der Merwe and his cleaners around to remove this illegal setup from the premises. With government lizards like these, we will get prawned in no time!

    I also have the impression there have been quite a few people saying "encryption is BAD, m'okay". Similar to the well-manufactured "construction of opinion" about the dangerous Ukraine brawl, this is likely to be a concerted effort at meme injection into the hoi polloi body.

    In The History of Public Key Cryptography with Whitfield Diffie, Whitfield Diffie says:

    The bottom line of society is that you bear the consequences of your actions. Si, if I know something that the court can legitimately order me to tell them, I can either tell them or go to jail. [American journalist] james Risen is willing to go to jail rather than to reveal his source because he thinks the right and the power of reporters to talk to sources and protect them is indispensable to the news business and to democracy.

    [FBI director] Comey wants to take away that choice. The state can always take any information you have without your permission, so that you have no freedom to refuse the state anything. That's a relatively new notion.

    So, privacy of communication had certain limits, but there was a solid privacy of face-to-face communication, which was the most important mode of communication at that time.

    Since the 20th century or so, remote real-time communication has become feasible and has risen to challenge face-to-face communication as a component of culture. You and I might never meet, but we can talk very satisfactorily on the telephone. Some people in society never meet the people they work or otherwise communicate with. We can expect that, as communications improve and we go from kilobaud to terabaud, the occurrence of these remote encounters will be greater and greater.

    If remote communication must be accessible to the state, society will have an awful bug in the sense that it can move away from freedom in a way that can't be corrected. To paraphrase [lawyer and politician] Frank Church, if the intelligence community can turn its power on the American people, there will be no freedom and no way to restore democracy. I think that looks very prophetic at the moment.

    1. Anonymous Coward
      Anonymous Coward

      Re: Yet another one? --> dangerous Ukraine brawl,

      Sorry, I appear to have lost track somewhere. What was the reason for your mentioning the Ukraine again? Something about meme injection? But why inject the (your?) Ukraine "meme" into this - as far as I can tell - entirely unrelated discussion?

      I await your clarification with the greatest of interest (or possibly a mild curiosity).

      1. Dan 55 Silver badge
        Boffin

        Re: Yet another one? --> dangerous Ukraine brawl,

        https://en.wikipedia.org/wiki/Big_lie

        1. Uncle Slacky Silver badge
          Black Helicopters

          Re: Yet another one? --> dangerous Ukraine brawl,

          Also https://en.wikipedia.org/wiki/Manufacturing_Consent

          1. heyrick Silver badge

            Re: Yet another one? --> dangerous Ukraine brawl,

            The irony of two wiki links with https.

      2. Destroy All Monsters Silver badge

        Re: Yet another one? --> dangerous Ukraine brawl,

        I await your clarification with the greatest of interest (or possibly a mild curiosity).

        Thank you AC for trying to keep the discussion on agreed-on rails and keeping crimethought off this here forum as an unpaid public service.

        Oh, no wait: Fuck you and your shit.

        You can also start reading.

    2. Solmyr ibn Wali Barad

      Re: Yet another one? How do we get rid of him fast?

      "this is likely to be a concerted effort at meme injection into the hoi polloi body"

      Not very likely. Well-constructed meme wouldn't be so fucking ridiculous, but these outlashes against encryption tend to be just that. I'd rather suspect it's the Peter Principle that has provided us with so many high-ranking windbags. And sadly, there seems to be a shortage of Ostap Benders, or Sir Humphreys, to shut them up.

    3. Anonymous Coward
      Anonymous Coward

      Re: Yet another one? How do we get rid of him fast?

      And yet another privacy warrior who saw it coming, Phil Zimmermann.

      "Perhaps you think your email is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? If you hide your mail inside envelopes, does that mean you must be a subversive or a drug dealer, or maybe a paranoid nut? Do law-abiding citizens have any need to encrypt their email?

      What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their email, innocent or not, so that no one drew suspicion by asserting their email privacy with encryption. Think of it as a form of solidarity."

      For those who don't remember, Phil Zimmerman created PGP and was harassed by the Federal Government for many years for letting strong encryption into the wild.

      Me, I believe all sec-lizards should be asked whether they send their mail on postcards or use envelopes. It's a simple question, why don't reporters ask it?

  5. cmannett85

    I like this guy, he's excellent advertising for things like ProtonMail. They should roll him out more.

  6. Ole Juul

    Headache eh?

    Rob Wainright said encrypted communications gave plods across the continent the biggest headaches

    I hope it gets worse.

    1. Michael H.F. Wilkinson Silver badge
      Black Helicopters

      Re: Headache eh?

      It will get worse. They should take a paracetamol, and have a little lie down.

      What I do not get is that they complain about encryption provided by technology firms, whereas I can happily send one-time-pad encrypted messages through open channels without anybody being able to crack them. The only problem is getting the pad to my intended receiver (not too hard really). The "algorithm" is extremely simple, all you need is to do bitwise XOR with a stream of random bits (easily obtained from any natural noise source).

      There are many less strong ways of sending encrypted data through open channels in such a way that it isn't even readily visible (steganography). Thus, if bad guys want to encrypt stuff, they can already do that. Given that fact: what do they really lose if they are no longer able to view everybody's mail? The ability to leer at somebody's selfies?

      1. SolidSquid

        Re: Headache eh?

        Wasn't there an article a while back where the FBI admitted that Al Quaeda had been using steganography to hid messages in images posted to Facebook and they hadn't been able to detect that?

        1. Number6

          Re: Headache eh?

          If they hadn't been able to detect it then either they have subsequently discovered it or they're talking hot air. Just because they've been looking and haven't found it, doesn't mean it exists.

      2. Anonymous Coward
        Anonymous Coward

        Re: Headache eh?

        They should take a paracetamol, and have a little lie down.

        Hell, I'm feeling generous. Let 'em take the whole bottle.

    2. nijam Silver badge

      Re: Headache eh?

      I also hope it gets worse - maybe the kind illustrated in Cronenberg's "Scanners" movie would be apt in more ways than one.

  7. David Black

    de Boise principle

    If you can't capture and convict on a crime, move the definition of the crime closer to regular behaviour. Clearly the next step here is to extend the law and prosecute those who use encrypted comms as terrorists.

    So many examples of this with everything from speeding (we enshrine the right not to self-incriminate but we made a crime of failing to disclose the driver) to nasty porn laws (rightly designed to protect victims but now covering cartoons and illustration... I'm guessing Rolf Harris proves the point).

    Strangely such ambiguous and wide-ranging extensions of laws rarely impact the ruling elite (no general "financial manipulation" law?) and are only applied to the masses.

    1. ecofeco Silver badge

      Re: de Boise principle

      Noticed that, did you? Too bad more people don't.

    2. Frumious Bandersnatch

      Re: de Boise principle

      I don't know this de Boise of whom you speak, but it was Cardinal Richelieu who said

      If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.

      Could mass surveillance possibly have any unintended consequences? Nah, surely not...

  8. Ian 62

    What did they do before the internet?

    I remember the days of terrorists blowing stuff up in the UK before we had email and twitter or Facebook.

    What were the intelligence agencies doing then? They couldn't listen to everyones phone calls or open everyones snail mail, so they had to target the ACTUAL suspects.

    They followed people, targeted surveillance, investigated clues and evidence.

    Before the electronics I heard tales of agents hiding under the floorboards or in loft spaces to listen in to conversations.

    Just because its 'easy' to hoover the 1s and 0s as they fly past doesn't mean the old fashioned ways of doing things aren't still available to you.

    For the money they spend on 'cloudy things' they could afford to have someone actually walking around behind the top list of suspects 24/7.

    1. Anonymous Coward
      Anonymous Coward

      Re: What did they do before the internet?

      Totally agree.

      But it does seem to be part of the larger issue that everyone who knows feck all thinks that Technology is the answer to everything - "real" policing? Why bother when we can just read everyone's email?

      Additionally, back in the days of the "troubles" there was a clear and present danger, yet did everyone run around in a panic worried that the bloke next door who "looked Irish" was a terrorist? Nope. We just got on with our lives and only occassionally blew up someone's left shopping (which never turned out to be a bomb).

      1. Anonymous Coward
        Anonymous Coward

        Re: What did they do before the internet?

        That's right there was no Defence of the Realm Act (DORA) or internment or randomly arresting people for being in possession of an Irish accent. DORA suspended Habeas Corpus for 2 weeks, and the plods were able to not follow the rules of interviewing suspects (read - they used sleep deprivation and torture).

        Remember the Birmingham Six or the Guilford Four? The plods stitched up some random foreigners to cover the fact that they, Special Branch and MI5 had no clue and could not track the ASUs.

        So, yes people did go around in a panic. However, it proved to be so counter-productive that they just stopped doing it.

    2. fajensen
      Big Brother

      Re: What did they do before the internet?

      They had to Work. Work kind of suck, which is why we must pay someone to do it.

      Nowadays, these flunkies do not want to work, no, they just want to get paid - while automated processes are watching everyone's pr0n collection and coming up with anything good.

    3. GrumpyOldBloke

      Re: What did they do before the internet?

      What they always do - play both sides to advantage themselves and their handlers.

  9. Anonymous Coward
    Anonymous Coward

    Ah, fear.....

    '.....since the Charlie Hebdo attacks in Paris.'

    That old political stand-by. Fear (of anything really), gives the excuse needed for the executive to grab more power. And I'm afraid, that's what politicians want. And when they have it, they wont let go.

    We seriously, as a society, need to be careful. And I mean seriously. Sometimes I hate to think where we could be in 10 - 20 years. The more they can scare us, the more power they can grab from us. Before long, we will be hearing a declaration of the first galactic empire 'for a safe and secure society'. And it'll be greeted by thunderous applause, I'm sure.

    1. Vimes

      Re: Ah, fear.....

      Note that in Paris (and previously in the UK before the 7/7 bombing, Lee Rigby murder and Jihadi John) the suspects were all known to the authorities *BEFORE* the acts took place (and even during the 7/7 inquests the point was explicitly made that having access to more information would not have changed the outcome).

      It's interesting to see how nobody within those agencies ever accepts responsibility. Instead of that all we ever hear are cries of 'We need more money/information/<insert term here>!!!'.

      I suppose It's a good way of deflecting the blame since it gives the impression that something other than utter incompetence was the cause, but how does this make their work any easier to do when people start to realise what's happening and start using encryption themselves?

  10. Raumkraut

    Using the Internet

    “We are disappointed by the position taken by these tech firms and it only adds to our problems in getting to the communications of the most dangerous people that are abusing the internet,” he said.

    Surely the NSA/GCHQ/etc. should have all their own communications on internal servers, so why would they have problems getting to them?

    Installing taps on Internet backbones = abusing the internet.

    Sending encrypted communications = using the internet.

  11. Christoph

    So what will be enough power?

    OK, where will they stop?

    Suppose we give them yet more powers that they demand. Will that finally satisfy them?

    Or will they be back yet again the next day demanding even more powers because <latest scare story!!!!!!!!>

    They have proved over and over again that they will never be satisfied. They will always want more power.

    And what has it got us in return? Are we more protected? Are we safer? Have they got any real evidence and not more of the ludicrously blown up 'Terror Threat Foiled!' stories?

    Way back in the 60s you could walk down the street without a plod being able to stop and search you because he was feeling bored. Then they got the new powers because OMG Drug Dealers! So now we have a much worse drug problem, less civil liberties, and lots of young and minority people who hate the police because they can't walk down a public road without being stopped and having to prove their innocence.

    Will the police stand up in public and tell us, clearly and specifically, AT WHAT POINT WILL THEY STOP?

    1. fajensen
      Mushroom

      Re: So what will be enough power?

      Will the police stand up in public and tell us, clearly and specifically, AT WHAT POINT WILL THEY STOP?

      They will never stop until the crowds storm "The Bastille" and make them.

      1. Anonymous Coward
        Anonymous Coward

        Re: So what will be enough power?

        'They will never stop until the crowds storm "The Bastille" and make them.'

        That's actually an intersting point, that I mentioned on another story a while back. I dont think we'll be doing any storming of any metaphorical 'bastilles' any time soon. Life for people in wealthy countries is way too comfortable. As long as there is beer and food in the shops, and it's affordable people will be fine with just about anything. People in big cities miss 4 meals in a row and we'll be away, flaming torches, pitchforks, rolling tumbrils, the works.

    2. King Jack

      AT WHAT POINT WILL THEY STOP?

      After the revolution of course.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like