back to article Encryption is the REAL threat – Head Europlod

Europe’s top cop has taken to the BBC to once again slam encryption as the biggest threat to counter-terrorism and law enforcement. Europol Director Rob Wainright said encrypted communications gave plods across the continent the biggest headaches, and his main gripe was with the IT companies that provide them. “We are …

  1. Ashton Black

    So, in translation...

    "Waaaaa! decryption is hard."

    It's not impossible to break a single target, but that's not what he's after. He wants mass, unwarranted surveillance. This is just sour grapes, not a legitimate argument.

    1. I Am Spartacus
      Mushroom

      Sniff, sniff, ahh the heady whiff of bullshit

      Before eMail, facebook, twitter, etc, there were other ways of terrorists communicating: face to face, letter, phone.

      Phone's they could tap, but they needed a court order. IE, there was oversight;

      People they could follow, but it required having those things call spies. But we all know that they can (and did) bug rooms, meetings, etc.

      Letters they could steam open and read, but only if the tangos had not used some for of encryption or coding.

      Now they are complaining because it is all too hard. This sounds less like a complaint and more of request for the latest and greatest super computer to crack encryption.

      1. Anonymous Coward
        Thumb Up

        Re: Sniff, sniff, ahh the heady whiff of bullshit

        They only have themselves to blame.

        Most people weren't that fussed until they learnt how the intelligence agencies had been spying on everyone. If their surveillance capability was so vital for counter-terrorism maybe they shouldn't have spaffed it all by spying on the likes of Angela Merkel, foreign competitors, employees of of telecoms companies and everyone else.

        It's like a kleptomaniac whinging that all his neighbours have all gone out and put locks on their doors.

        1. ecofeco Silver badge

          Re: Sniff, sniff, ahh the heady whiff of bullshit

          "It's like a kleptomaniac whinging that all his neighbours have all gone out and put locks on their doors."

          POTD

          1. dan1980

            Re: Sniff, sniff, ahh the heady whiff of bullshit

            The core problem is that these agencies and groups do not value the privacy and security of their citizens (let alone those who aren't their citizens).

            Thus, they view their collection of information as more important that the security of the people they are supposedly protecting.

            Encryption protects people from criminal intrusion. Even just encrypting transmission is not enough - we need full 'no knowledge' storage because 'hacks' can, and do, happen with alarming regularity. But of course this would hinder the ability for our governments to spy on us keep us safe so it is therefore a 'bad thing'.

            The inability of police to walk up to any house and enter and search without a warrant no doubt prevents them from catching some criminals. The inability (well, legally) of police to torture suspects to get information out of them no doubt prevents them from charging and getting convictions for some criminals.

            Removing protections to keep people safe is false logic. And it's not like they don't know it - they just don't care.

    2. big_D Silver badge

      Re: So, in translation...

      And lack of encryption is the biggest threat to normal Internet users... Get used to it.

      If the big companies make it easy for cops and spies to get at unencrypted data, they have also made it easy for crooks, hackers and pretty much anybody else to get at as well.

      1. ecofeco Silver badge

        Re: So, in translation...

        "If the big companies make it easy for cops and spies to get at unencrypted data, they have also made it easy for crooks, hackers and pretty much anybody else to get at as well."

        Second POTD.

        The current state of the environment means we HAVE to encrypt to protect us from BOTH sides.

    3. Vimes

      Re: So, in translation...

      In his eyes it would appear that society should be run in a way to make things easier for the various security services rather than having the security services run in such a way that makes the lives of those living in that society easier.

      That's a very skewed way of looking at things. Dangerous too...

  2. Greg D

    That Dutch MEP nailed it pretty much

    “What is next? Having a lock on the front door of your home being a criminal offence? Banning people from protecting their private communications is unacceptable in a democratic society. We are really on a slippery slope here."

    Yup. How can any person with an iota of intelligence NOT see the ruse here? This is a collective effort of government spy agencies to use the excuse of counter-terrorism to gain access to all business and personal communication. I don't think counter-terrorism actually has a leg to stand on in this argument.

    For starters, they (terrorists - or any law breaker for that matter) aren't going to listen to any laws stating encryption cannot be used.

    1. nematoad

      Re: That Dutch MEP nailed it pretty much

      It's a pity that not being Dutch I can't vote for her.

      A politician in touch with what real people think and feel.

      Who'd 'a thunk it?

    2. xeroks

      Re: That Dutch MEP nailed it pretty much

      except...

      When only bad guys and weirdos use encryption, detecting bad guys is easy: just pay attention to the encrypted communication - who sent it, who received it, and when it happened. Presumably it's easier, when required, to crack a small number of emails.

      However if ALL comms are encrypted, suddenly it's all a lot harder to spot the bad stuff.

      perhaps they should have thought twice before retaining all that unencrypted data in the first place...

      1. phil dude
        FAIL

        Re: That Dutch MEP nailed it pretty much

        That is fundamentally not true. There are many legitimate uses for encryption, not least, legal and financial security. It is lazy to think they do not have *other* methods.

        Bad people do bad things no matter what the law says.

        This is an incompetent attempt power grab, and using the recently dusted off "think of the children" bullsh*t.

        We as a society, are only as safe as our ability to communicate freely without reprisals.

        Without private speech, that it is tyranny.

        P.

        1. Naselus

          Re: That Dutch MEP nailed it pretty much

          @phil dude

          I think you missed xeroks' point - he's not saying that only bad guys and weirdos PRESENTLY use encryption, but rather that if we lived in a world where that was the case it'd be easier to spot them.

          He's quite correct in saying that. In a situation where only the 'bad guys' are using encryption, then it becomes easier to spot their interactions. You just try to trace the source and destination rather than bothering to crack the crypto. This is basically the reason Tor was invented, after all; it was a response to the fact that even if you don't know what the content of a message is, just knowing who sent it and when is still valuable information.

          I don't think xeroks is posting in favour of an omniscient police state, but is rather pointing out that if the security services hadn't insisted on listening to every piece of traffic, encrypted or otherwise, then they wouldn't have built themselves a massive privacy haystack to keep their needles in.

        2. Anonymous Coward
          Anonymous Coward

          Re: That Dutch MEP nailed it pretty much

          "There are many legitimate uses for encryption, not least, legal and financial security."

          The most legitimate reason should be "because I choose to".

          The one part of the argument where our increasingly whiny spooks are gaining at least a little traction is in questioning why anyone who isn't hiding a dirty little secret would conceal their activities. It's a line that should be gone at very hard wherever it is made; there are a billion legitimate reasons to seek privacy, and in a civilised society I really should not be obliged to apologise for or explain mine to curb a whiff of suspicion.

      2. madick

        Re: That Dutch MEP nailed it pretty much

        "... just pay attention to the encrypted communication..."

        Fine if you know which messages actually are encrypted. I would assume that most of the "bad guys" are using steganographic methods to hide their (probably encrypted) messages.

      3. Bucky 2

        Re: That Dutch MEP nailed it pretty much

        @xeroks:

        When only bad guys and weirdos use encryption, detecting bad guys is easy: just pay attention to the encrypted communication - who sent it, who received it, and when it happened. Presumably it's easier, when required, to crack a small number of emails.

        Alas, the prerequisite to detecting encrypted communication in this scenario is to intercept ALL communication, and then analyse all of it to identify the encryption.

        This kind of widespread wiretapping is supposed to be legally unavailable to a government.

    3. Anonymous Coward
      Anonymous Coward

      Re: That Dutch MEP nailed it pretty much

      It's obvious that bad guys have been using encryption to hide their secrets. What must be worrying intel agencies is that 'using encryption' will soon be useless criteria to narrow their searches for suspicious activity, because basically everybody plus dog will be ciphering their data. I guess now they will have to look for people using non conventional ciphers or crypto tools. To be clear I'm not endorsing any mass surveillance by government, just trying to make sense out of this.

      1. nijam Silver badge

        Re: That Dutch MEP nailed it pretty much

        > What must be worrying intel agencies is that 'using encryption' will soon be useless criteria ...

        This is so naive. Are you saying that honest folk don't use/need encryption for (say) online banking?

        Encryption has never been the preserve of criminals (unless you include that fact that it was "security agencies" that were the first major users).

        1. Anonymous Coward
          Anonymous Coward

          Re: That Dutch MEP nailed it pretty much

          I'm not saying that. What I'm saying is that if I were an intel agency looking through billions of messages per day, focusing in the subset of people using encryption would be a good tactic to narrow my search space. The subset of people using encryption (i.e. people who want to keep something secret or private) includes good guys and bad guys. If suddenly everybody starts using encryption my previos tactic is no longer effective.

  3. Anonymous Coward
    Anonymous Coward

    waaaa waaaaaa someone took my ball

    and I want it back.

  4. Destroy All Monsters Silver badge
    Flame

    Yet another one? How do we get rid of him fast?

    Is there a hatchery somewhere? We need to know. Then send Wikus van der Merwe and his cleaners around to remove this illegal setup from the premises. With government lizards like these, we will get prawned in no time!

    I also have the impression there have been quite a few people saying "encryption is BAD, m'okay". Similar to the well-manufactured "construction of opinion" about the dangerous Ukraine brawl, this is likely to be a concerted effort at meme injection into the hoi polloi body.

    In The History of Public Key Cryptography with Whitfield Diffie, Whitfield Diffie says:

    The bottom line of society is that you bear the consequences of your actions. Si, if I know something that the court can legitimately order me to tell them, I can either tell them or go to jail. [American journalist] james Risen is willing to go to jail rather than to reveal his source because he thinks the right and the power of reporters to talk to sources and protect them is indispensable to the news business and to democracy.

    [FBI director] Comey wants to take away that choice. The state can always take any information you have without your permission, so that you have no freedom to refuse the state anything. That's a relatively new notion.

    So, privacy of communication had certain limits, but there was a solid privacy of face-to-face communication, which was the most important mode of communication at that time.

    Since the 20th century or so, remote real-time communication has become feasible and has risen to challenge face-to-face communication as a component of culture. You and I might never meet, but we can talk very satisfactorily on the telephone. Some people in society never meet the people they work or otherwise communicate with. We can expect that, as communications improve and we go from kilobaud to terabaud, the occurrence of these remote encounters will be greater and greater.

    If remote communication must be accessible to the state, society will have an awful bug in the sense that it can move away from freedom in a way that can't be corrected. To paraphrase [lawyer and politician] Frank Church, if the intelligence community can turn its power on the American people, there will be no freedom and no way to restore democracy. I think that looks very prophetic at the moment.

    1. Anonymous Coward
      Anonymous Coward

      Re: Yet another one? --> dangerous Ukraine brawl,

      Sorry, I appear to have lost track somewhere. What was the reason for your mentioning the Ukraine again? Something about meme injection? But why inject the (your?) Ukraine "meme" into this - as far as I can tell - entirely unrelated discussion?

      I await your clarification with the greatest of interest (or possibly a mild curiosity).

      1. Dan 55 Silver badge
        Boffin

        Re: Yet another one? --> dangerous Ukraine brawl,

        https://en.wikipedia.org/wiki/Big_lie

        1. Uncle Slacky Silver badge
          Black Helicopters

          Re: Yet another one? --> dangerous Ukraine brawl,

          Also https://en.wikipedia.org/wiki/Manufacturing_Consent

          1. heyrick Silver badge

            Re: Yet another one? --> dangerous Ukraine brawl,

            The irony of two wiki links with https.

      2. Destroy All Monsters Silver badge

        Re: Yet another one? --> dangerous Ukraine brawl,

        I await your clarification with the greatest of interest (or possibly a mild curiosity).

        Thank you AC for trying to keep the discussion on agreed-on rails and keeping crimethought off this here forum as an unpaid public service.

        Oh, no wait: Fuck you and your shit.

        You can also start reading.

    2. Solmyr ibn Wali Barad

      Re: Yet another one? How do we get rid of him fast?

      "this is likely to be a concerted effort at meme injection into the hoi polloi body"

      Not very likely. Well-constructed meme wouldn't be so fucking ridiculous, but these outlashes against encryption tend to be just that. I'd rather suspect it's the Peter Principle that has provided us with so many high-ranking windbags. And sadly, there seems to be a shortage of Ostap Benders, or Sir Humphreys, to shut them up.

    3. Anonymous Coward
      Anonymous Coward

      Re: Yet another one? How do we get rid of him fast?

      And yet another privacy warrior who saw it coming, Phil Zimmermann.

      "Perhaps you think your email is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? If you hide your mail inside envelopes, does that mean you must be a subversive or a drug dealer, or maybe a paranoid nut? Do law-abiding citizens have any need to encrypt their email?

      What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their email, innocent or not, so that no one drew suspicion by asserting their email privacy with encryption. Think of it as a form of solidarity."

      For those who don't remember, Phil Zimmerman created PGP and was harassed by the Federal Government for many years for letting strong encryption into the wild.

      Me, I believe all sec-lizards should be asked whether they send their mail on postcards or use envelopes. It's a simple question, why don't reporters ask it?

  5. cmannett85

    I like this guy, he's excellent advertising for things like ProtonMail. They should roll him out more.

  6. Ole Juul

    Headache eh?

    Rob Wainright said encrypted communications gave plods across the continent the biggest headaches

    I hope it gets worse.

    1. Michael H.F. Wilkinson Silver badge
      Black Helicopters

      Re: Headache eh?

      It will get worse. They should take a paracetamol, and have a little lie down.

      What I do not get is that they complain about encryption provided by technology firms, whereas I can happily send one-time-pad encrypted messages through open channels without anybody being able to crack them. The only problem is getting the pad to my intended receiver (not too hard really). The "algorithm" is extremely simple, all you need is to do bitwise XOR with a stream of random bits (easily obtained from any natural noise source).

      There are many less strong ways of sending encrypted data through open channels in such a way that it isn't even readily visible (steganography). Thus, if bad guys want to encrypt stuff, they can already do that. Given that fact: what do they really lose if they are no longer able to view everybody's mail? The ability to leer at somebody's selfies?

      1. SolidSquid

        Re: Headache eh?

        Wasn't there an article a while back where the FBI admitted that Al Quaeda had been using steganography to hid messages in images posted to Facebook and they hadn't been able to detect that?

        1. Number6

          Re: Headache eh?

          If they hadn't been able to detect it then either they have subsequently discovered it or they're talking hot air. Just because they've been looking and haven't found it, doesn't mean it exists.

      2. Anonymous Coward
        Anonymous Coward

        Re: Headache eh?

        They should take a paracetamol, and have a little lie down.

        Hell, I'm feeling generous. Let 'em take the whole bottle.

    2. nijam Silver badge

      Re: Headache eh?

      I also hope it gets worse - maybe the kind illustrated in Cronenberg's "Scanners" movie would be apt in more ways than one.

  7. David Black

    de Boise principle

    If you can't capture and convict on a crime, move the definition of the crime closer to regular behaviour. Clearly the next step here is to extend the law and prosecute those who use encrypted comms as terrorists.

    So many examples of this with everything from speeding (we enshrine the right not to self-incriminate but we made a crime of failing to disclose the driver) to nasty porn laws (rightly designed to protect victims but now covering cartoons and illustration... I'm guessing Rolf Harris proves the point).

    Strangely such ambiguous and wide-ranging extensions of laws rarely impact the ruling elite (no general "financial manipulation" law?) and are only applied to the masses.

    1. ecofeco Silver badge

      Re: de Boise principle

      Noticed that, did you? Too bad more people don't.

    2. Frumious Bandersnatch

      Re: de Boise principle

      I don't know this de Boise of whom you speak, but it was Cardinal Richelieu who said

      If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.

      Could mass surveillance possibly have any unintended consequences? Nah, surely not...

  8. Ian 62

    What did they do before the internet?

    I remember the days of terrorists blowing stuff up in the UK before we had email and twitter or Facebook.

    What were the intelligence agencies doing then? They couldn't listen to everyones phone calls or open everyones snail mail, so they had to target the ACTUAL suspects.

    They followed people, targeted surveillance, investigated clues and evidence.

    Before the electronics I heard tales of agents hiding under the floorboards or in loft spaces to listen in to conversations.

    Just because its 'easy' to hoover the 1s and 0s as they fly past doesn't mean the old fashioned ways of doing things aren't still available to you.

    For the money they spend on 'cloudy things' they could afford to have someone actually walking around behind the top list of suspects 24/7.

    1. Anonymous Coward
      Anonymous Coward

      Re: What did they do before the internet?

      Totally agree.

      But it does seem to be part of the larger issue that everyone who knows feck all thinks that Technology is the answer to everything - "real" policing? Why bother when we can just read everyone's email?

      Additionally, back in the days of the "troubles" there was a clear and present danger, yet did everyone run around in a panic worried that the bloke next door who "looked Irish" was a terrorist? Nope. We just got on with our lives and only occassionally blew up someone's left shopping (which never turned out to be a bomb).

      1. Anonymous Coward
        Anonymous Coward

        Re: What did they do before the internet?

        That's right there was no Defence of the Realm Act (DORA) or internment or randomly arresting people for being in possession of an Irish accent. DORA suspended Habeas Corpus for 2 weeks, and the plods were able to not follow the rules of interviewing suspects (read - they used sleep deprivation and torture).

        Remember the Birmingham Six or the Guilford Four? The plods stitched up some random foreigners to cover the fact that they, Special Branch and MI5 had no clue and could not track the ASUs.

        So, yes people did go around in a panic. However, it proved to be so counter-productive that they just stopped doing it.

    2. fajensen
      Big Brother

      Re: What did they do before the internet?

      They had to Work. Work kind of suck, which is why we must pay someone to do it.

      Nowadays, these flunkies do not want to work, no, they just want to get paid - while automated processes are watching everyone's pr0n collection and coming up with anything good.

    3. GrumpyOldBloke

      Re: What did they do before the internet?

      What they always do - play both sides to advantage themselves and their handlers.

  9. Anonymous Coward
    Anonymous Coward

    Ah, fear.....

    '.....since the Charlie Hebdo attacks in Paris.'

    That old political stand-by. Fear (of anything really), gives the excuse needed for the executive to grab more power. And I'm afraid, that's what politicians want. And when they have it, they wont let go.

    We seriously, as a society, need to be careful. And I mean seriously. Sometimes I hate to think where we could be in 10 - 20 years. The more they can scare us, the more power they can grab from us. Before long, we will be hearing a declaration of the first galactic empire 'for a safe and secure society'. And it'll be greeted by thunderous applause, I'm sure.

    1. Vimes

      Re: Ah, fear.....

      Note that in Paris (and previously in the UK before the 7/7 bombing, Lee Rigby murder and Jihadi John) the suspects were all known to the authorities *BEFORE* the acts took place (and even during the 7/7 inquests the point was explicitly made that having access to more information would not have changed the outcome).

      It's interesting to see how nobody within those agencies ever accepts responsibility. Instead of that all we ever hear are cries of 'We need more money/information/<insert term here>!!!'.

      I suppose It's a good way of deflecting the blame since it gives the impression that something other than utter incompetence was the cause, but how does this make their work any easier to do when people start to realise what's happening and start using encryption themselves?

  10. Raumkraut

    Using the Internet

    “We are disappointed by the position taken by these tech firms and it only adds to our problems in getting to the communications of the most dangerous people that are abusing the internet,” he said.

    Surely the NSA/GCHQ/etc. should have all their own communications on internal servers, so why would they have problems getting to them?

    Installing taps on Internet backbones = abusing the internet.

    Sending encrypted communications = using the internet.

  11. Christoph

    So what will be enough power?

    OK, where will they stop?

    Suppose we give them yet more powers that they demand. Will that finally satisfy them?

    Or will they be back yet again the next day demanding even more powers because <latest scare story!!!!!!!!>

    They have proved over and over again that they will never be satisfied. They will always want more power.

    And what has it got us in return? Are we more protected? Are we safer? Have they got any real evidence and not more of the ludicrously blown up 'Terror Threat Foiled!' stories?

    Way back in the 60s you could walk down the street without a plod being able to stop and search you because he was feeling bored. Then they got the new powers because OMG Drug Dealers! So now we have a much worse drug problem, less civil liberties, and lots of young and minority people who hate the police because they can't walk down a public road without being stopped and having to prove their innocence.

    Will the police stand up in public and tell us, clearly and specifically, AT WHAT POINT WILL THEY STOP?

    1. fajensen
      Mushroom

      Re: So what will be enough power?

      Will the police stand up in public and tell us, clearly and specifically, AT WHAT POINT WILL THEY STOP?

      They will never stop until the crowds storm "The Bastille" and make them.

      1. Anonymous Coward
        Anonymous Coward

        Re: So what will be enough power?

        'They will never stop until the crowds storm "The Bastille" and make them.'

        That's actually an intersting point, that I mentioned on another story a while back. I dont think we'll be doing any storming of any metaphorical 'bastilles' any time soon. Life for people in wealthy countries is way too comfortable. As long as there is beer and food in the shops, and it's affordable people will be fine with just about anything. People in big cities miss 4 meals in a row and we'll be away, flaming torches, pitchforks, rolling tumbrils, the works.

    2. King Jack

      AT WHAT POINT WILL THEY STOP?

      After the revolution of course.

      1. JonP

        Re: AT WHAT POINT WILL THEY STOP?

        After the revolution of course.

        ...but only briefly before they start again.

      2. launcap Silver badge
        Unhappy

        Re: AT WHAT POINT WILL THEY STOP?

        > After the revolution of course.

        Which will then need protecting from the anti-revolutionary reactionary forces. And to do that, they will need to read all your communications..

        Ad infinitum, ad nauseum. So the wheel turns.

      3. Solmyr ibn Wali Barad

        Re: AT WHAT POINT WILL THEY STOP?

        Yay, revolution. That'd make things so much better. Those nice Jacobines really cared about freedom and equality, did they. Or Lenin and his merry men.

        Success stories do exist, but they are few and far between.

  12. MrDamage Silver badge

    Encryption is not the problem.

    When we have governments, and their agencies, treating everyone as criminals, then we have a problem with the government.

    Do not blame the tech firms for listening to their customers desire to not be treated as criminals.

    1. Anonymous Coward
      Anonymous Coward

      Re: Encryption is not the problem.

      The other problem is that if one is treated like a criminal in any case, then one might as well become one and get some of the bennies that goes with it!

      1. launcap Silver badge
        FAIL

        Re: Encryption is not the problem.

        > then one might as well become one

        "Might as well be hanged for a man as a sheep"

    2. P. Lee

      Re: Encryption is not the problem.

      >Do not blame the tech firms for listening to their customers desire to not be treated as criminals.

      Things changed when governments changed from trying to lead to trying to be managers.

      They don't believe in anything. When there is nothing positive to aim for, management becomes negative and you end up where we are today. I think in the UK, Thatcher was the last one who believed in anything. Whether you agreed with her or not, you pretty much knew what she stood for and could vote for or against. On the Labour side, the end came with Blair.

      The lawyers took over from those who represented party members. Party members and the public at large realised that though their party was in power, it was no longer their party and political disengagement followed, which suits those at the top just fine.

      Which is why you should get out there and vote. Vote for the parties just below those who will likely win. This is no more throwing your vote away than voting for the top two. Make those safe seats unsafe and politicians will start to become more responsive and maybe we'll get some realism back into public life.

      /off-topic rant

  13. scrubber
    Flame

    "the most dangerous people that are abusing the internet"

    Say what you want about (potential) terrorists, but I'm pretty sure they are not the ones who are abusing the internet...

  14. scrubber
    Black Helicopters

    While we're at it...

    ...let's ban talking quietly. If we can't tell what two people are saying to each other they might be talking about terroristic plots...

    1. Michael H.F. Wilkinson Silver badge
      Joke

      Re: While we're at it...

      Superb idea: I see a new role for Brian Blessed giving masterclasses: ARE YE DEEEEEFFFF!!

  15. naive

    freedom is nice to have, until it gets taken by a criminal who can not be found

    It is clear something has to give in. With internet technology criminals have the opportunity to conduct their business in such a manner they can hardly be caught. If the criminals use technology, then the police should also be able to use it. In many European countries the same ones opposing NSA style dragnet spying, also supported laws which forbid or restrict police to maintain databases with DNA and other information. If the police is allowed to keep DNA, fingerprint, voice recognition and facial recognition information of all registered citizens, crime fighting would be considerably easier, and perhaps the dragnet surveillance can be terminated.

    1. TheProf

      Re: freedom is nice to have, until it gets taken by a criminal who can not be found

      'Ullo, this DNA is a close match to that fellow NAIVE's. We'll put him under very close surveillance until he does anything wrong then bang him up. Maybe we'll even get him jailed.'

      Of course that wouldn't happen.

      The police can monitor any person the like. The trouble, for them, is that the law requires evidence of some sort of criminal activity taking place. This is what they want to bypass. 'Give us the freedom to monitor everyone and we'll eventually come up with some dirt.'

    2. Alistair
      Meh

      Re: freedom is nice to have, until it gets taken by a criminal who can not be found

      /glances at your handle.

      I'm assuming sarcasm.

      1. Michael Wojcik Silver badge

        Re: freedom is nice to have, until it gets taken by a criminal who can not be found

        I'm assuming sarcasm.

        This one ran right up to Poe's Law and gave it a firm kiss on the lips, didn't it?

        My assumption was trolling, but it's impossible to tell. (And, really, the author's intent shouldn't be privileged anyway. Meaning belongs to the reader.)

    3. heyrick Silver badge

      Re: freedom is nice to have, until it gets taken by a criminal who can not be found

      "in such a manner they can hardly be caught" - at some stage an actual bad guy will do a bad thing, at which point if the police are on to him, he can be nicked.

      You know, kind of like the old days when real police used to follow and stake out real criminals.

      Surely that was better than the modern approach which seems to be shake the tree and see what falls out.

      1. scrubber

        Re: freedom is nice to have, until it gets taken by a criminal who can not be found

        > Surely that was better than the modern approach which seems to be shake the tree and see what falls out.

        That wouldn't be the tree of liberty, would it? It seems to be in need of refreshment. (A bit like me).

        btw. Here's a pro-tip for all you crims and terrorists out there - use online banking to communicate using small amounts of money as words or page.word amounts for a given reference book. The spooks won't be interfering with the security of online banking lest the banks lobby the govt. to take away the spooks' toys.

    4. The_Idiot

      Re: freedom is nice to have, until it gets taken by a criminal who can not be found

      <

      With internet technology criminals have the opportunity to conduct their business in such a manner they can hardly be caught.

      >

      Ah. Right. Got it. Before the Internet, all criminals were caught right away. Because it's all the nasty internet's fault.

      Given the ability people have to be totally stupid, I might try to suggest the internet actually _increases_ (to a small degree) detection and conviction rates. After all, before the Internet, it wasn't possible, for instance, for a thief to post Facebook images of themselves in their newly stolen 'cool gear', or to connect to their social media account on a laptop on a desk in the place they were burgling (I kid you not).

      Of course, I won't suggest anything of the sort. I won't suggest it's kind of hard to break into a place using the internet. I won't suggest it's kind of hard to mug someone in the street with the Internet. After all - I'm an Idiot (blush).

    5. Anonymous Coward
      Anonymous Coward

      Re: freedom is nice to have, until it gets taken by a criminal who can not be found

      It isn't freedom if the government has to grant it to us.

    6. Doctor Syntax Silver badge

      Re: freedom is nice to have, until it gets taken by a criminal who can not be found

      "In many European countries the same ones opposing NSA style dragnet spying, also supported laws which forbid or restrict police to maintain databases with DNA and other information. If the police is allowed to keep DNA, fingerprint, voice recognition and facial recognition information of all registered citizens, crime fighting would be considerably easier, and perhaps the dragnet surveillance can be terminated."

      You need to take a little care in stating your case. The objection to retaining DNA etc records is not to retention per se but in retaining records of people who have not been convicted. There is, in English law, a principle of presumption of innocence. That is one of the main protections against wrongful accusation.

      With that correction made the reason why we oppose all these things is because they have one thing in common: abuse of due process of law. The notion of due process has been part of English law for 800 years this year; we like that. I think even David Cameron, were he to think about it, would baulk at celebrating the anniversary of Magna Carta by abolishing it.

      1. John Brown (no body) Silver badge

        Re: freedom is nice to have, until it gets taken by a criminal who can not be found

        "I think even David Cameron, were he to think about it, would baulk at celebrating the anniversary of Magna Carta by abolishing it."

        I'm sure he could spin it into some level of believability. After all, the monument at Runnymede celebrating a major milestone in English legal history was paid for and installed by the American Bar Association. No one in Britain seems to give a stuff.

  16. Zippy's Sausage Factory
    Thumb Down

    Let's ban secure banking. Because that's going to pose no problems for anyone.

    Seriously, this guy needs to be unemployed. Because he genuinely does not understand the nature of computer security. What he is suggesting would allow criminals carte blanche to steal, and there would be nothing EuroPol could do about it.

    This statement proves that he is incapable of doing the job effectively. He shouldn't have this job - or any other job in law enforcement. Effective immediately. Career over. Welcome to the dole queue.

    1. Anonymous Blowhard

      @zippy

      I agree totally; you'd think that someone who's Wikipedia page says the organisation he's head of is "building capacity to combat cybercrime through training and awareness raising" would be better informed about encryption technologies?

  17. Sanctimonious Prick
    Alert

    Bad Luck

    According to Europol’s website, the organisation itself “has neither the technical equipment nor the legal authorisation to wiretap or monitor members of the public by any technological means".

    "Any information being analysed by Europol is provided directly by the co-operating law enforcement agencies. Europol’s principal role is to gather, analyse and re-distribute data," he said in the interview.

    So, like the 5 Eyes, they don't spy on their 'own people', with their 'own' equipment, they're just being 'shared' that information from another foreign law enforcement agency?

    Law enforcement agencies really need to bloody-well follow the law.

    If someone is under suspicion; get a warrant. Then start logging all metadata, access all IoT devices, etc, of suspect.

    Collection of so much information on everyone on the whole planet, storing it, making it searchable (to whom, exactly? Who?), is a bloody massively sized ticking time-bomb. It will explode. And it won't take long!

  18. wolfetone Silver badge
    Megaphone

    He's been misquoted

    What he actually meant to say was:

    "Ordinary people shouldn't have the capability to encrypt their communications."

    Europlod? Again, a typo here. You mean: Europlonker.

  19. Anonymous Coward
    Anonymous Coward

    This is the stuff of Blake's 7 'Federation'....

    Only its real....

    1. launcap Silver badge

      Re: This is the stuff of Blake's 7 'Federation'....

      So where is my spaceship? And while we are at it, I want a slightly sarky supercomputer-inna-box..

      1. wolfetone Silver badge

        Re: This is the stuff of Blake's 7 'Federation'....

        You've never told Siri that you love her, have you?

    2. This post has been deleted by its author

    3. Roj Blake Silver badge

      Re: This is the stuff of Blake's 7 'Federation'....

      If only I could find six more people (or computers) to help me...

  20. Anonymous Coward
    Anonymous Coward

    Good that you flagged it, but

    There was another quote in that bbc text related to that, by an unnamed spokesman for the "TechUK":

    "With the right resources and cooperation between the security agencies and technology companies, alongside a clear legal framework for that cooperation, we can ensure both national security and economic security are upheld."

    read it as innocently as you want, I read: "backdoor? yeah, for a price"

  21. Graham Marsden
    Big Brother

    "the most dangerous people that are abusing the internet"

    Yes, they have names like NSA, GCHQ and the like...

  22. Anonymous Coward
    Anonymous Coward

    I guess I worried him..

    I actually met up with him and his team this year because of the work we do in privacy.

    I am saddened to see he sings along with Cameron. I can see their problem, but catching ram raiders and child molesters is not done by banning cars (to use an equivalent), it is done by re-establishing the trust in their institutions so that they can draw in HUMINT. The whole FREAK thing was a good heads up on just how dangerous weakening crypto is and sorry, since the Leveson Enquiry and Snowden I'm not inclined to give anyone the keys to the kingdom without some serious supervision.

    Transparency first, then trust, and then maybe, just maybe we'll talk about temporary measures that are really temporary. Personally, I suspect transparency is the biggest hurdle which leads us to this fun question: what do they have to hide?

  23. Tom_

    It’s all the tech firm's fault!

    Oh yeah? Which one?

  24. NinjasFTW

    Allergic to actually working!

    What a load of rubbish.

    The last two major terrorist attacks that come to mind (Boston Marathon and Chalie attacks) the security agencies had flagged the perpetrators as dangerous and simply couldn't be bothered to do some actual work and monitor them the old fashioned way.

    There's not always 'an app for that'!

    I do wonder if these people actually believe the shit they are trying to sell.

  25. Spanners Silver badge
    Black Helicopters

    Another Possibility

    Perhaps they have figured a way around what is available at present and this is to encourage the "bad guys" to use it thinking that they are safe.

  26. Alistair
    Windows

    One more time folks:

    Lets take a bunch of recent "terrorist" events.

    Lets review the situations and circumstances.

    Ask two questions of the review.

    1) Which of the following two alterations of either law or functionality would have prevented the recent terrorist events:

    Better communications between law enforcement agencies involved, or more effective use of feet on the ground.

    2) What encrypted communications were involved that were not decoded by law enforcement.

    We *all* know what the answers are. We all know what needs to be done. We can all see the lies in the current "be afraid of everything out there, but let us do what we want and you don't have to worry about it any more" propaganda.

  27. Chozo
    Coat

    Let them eat data

    If people started using their spare email capacity to spam encrypted messsages randomly across the planet then any system of surveillance would have an apoplectic fit.

    Mines the one with the One Time Pad in the pocket...

    1. Justicesays
      Devil

      Re: Let them eat data

      >If people started using their spare email capacity to spam encrypted messsages random data randomly across the planet then any system of surveillance would have an apoplectic fit.

      >Mines the one with the One Time Pad in the pocket...

      FTFY

    2. Anonymous Coward
      Anonymous Coward

      Re: Let them eat data

      Except it wouldn't matter, the sec-agencies have been eating massive amounts of Spam since ECHELON and before. They don't care whether it produces any real. measurable result, and some will even admit it. Mass encryption just makes the busy-work harder. People who process meaningless traffic will need to get real jobs or may be forced to do real investigations against real enemies and real security threats. Giving up the zero-days would be a big help in this direction..... and yet.....

      But being bureaucracies, their only instinct is to survive, AKA "draw in as much public money as possible and then unaccountably mis-spend it." Fear and public misunderstanding about technology helps their mission immensely.

      I for one, hate the fact that the money these bloated agencies used is being wasted on more and more ELINT with increasingly diminishing returns and not used for HUMINT which is far harder and measurably more dangerous. But in a society where non-accountability has become the norm, secret courts, secret budgets and secret investigations will flourish. Now that everyone is presumed guilty, the downward spiral can only accelerate. It might stop when there is no money left for yottabyte data centers and so on, but I fear it is already too late.

  28. Frumious Bandersnatch

    Blame the tech companies?

    What an utterly idiotic thing to say. We don't need tech companies at all to use encryption. Pretty much all the algorithms are publicly available and there are lots of free, open source implementations. Using encryption isn't hard for even beginner programmers thanks to these two points. For example, here's a really short Perl script (not mine; his) to do RSA:

    #!/usr/bin/perl

    # RSA Encryption example by Phil Massyn (www.massyn.net)

    # July 10th 2013

    use strict;

    use bignum;

    use Math::Prime::Util ':all';

    # == key generation

    my $p = random_strong_prime(256);

    my $q = random_strong_prime(256);

    my $n = $p * $q;

    my $phi = ($p - 1) * ($q - 1);

    my $e = 257; # need to figure out how to calculate it

    my $x = $e ** 1;

    my $d = $x-&gt;bmodinv($phi);

    # == encryption

    my $message = "hello world";

    my $m = (join ( '', map (sprintf ("%03d",ord), split (//,$message)) )) + 1 - 1;

    my $c = $m-&gt;bmodpow($e,$n);

    # == decryption

    my $M = $c-&gt;bmodpow($d,$n);

    print join ('', map(sprintf("%s",chr), ($M =~ /\d{3}/g))) . "\n";

    Complaining that the tech companies are the problem is just ass-backwards. The reason that they are implementing end-to-end encryption is that their customers (ie, us) are demanding it. One of the main reasons we are demanding it is as a direct result of the kinds of revelations (not just from Snowden) about mass surveillance. We demand the right to privacy, but if we're not being listened to, then it's our choice to use encryption and the tech companies are just responding to that.

    What a tool...

    (sorry about the way that < and > got messed up in the above; that's the fault of the comment entry system)

    1. Anonymous Coward
      Anonymous Coward

      Re: Blame the tech companies?

      So true, but you are missing an important point.

      It's true that many people who read this forum don't need the tech companies.

      But the tech companies are now encrypting EVERYONE's data (or starting to). That is what scares the Man. The envelopes now take longer to steam open.

      When everyone has encryption, only security agencies and other data crooks will have to start working for a living (or something like that).

      It might even help topple this liberty-raping, money-sucking security farce once and for all, but I fear that will remain an upward battle.

      The public is voting with its feet and the tech companies are helping, long may they wave.

  29. Just An Engineer

    Well here in the good ole US of A we have more then half the population thinking the guvmint can spy on anyone as long as it keeps us safe from "terrists".

    Then they go about screaming about getting our "guvmint" back. There is a complete disconnect in this country between Security and Security. If they want to spy on us then I might have a problem, if they want to spy on the bad guys then more power.

    They just do not see the idiocy in their arguments.

    These are the same people who want Snowden tried as a spy and not protected by current on the books whistle Blower statutes.

  30. Teiwaz

    Unsurprising really

    When an agency is created to deal with a problem, you can almost guarantee that problem will never go away, as that agencies first priority is to stay in existence.

    So the threat will be played up, they will wail and scream for attention and 'nourishment' in the form of money and powers.

  31. Anonymous Coward
    Facepalm

    I think every counterterrorism and law enforcement leader...

    Should be forced as a condition of employment to put their and their family's personal emails, financial data, photos and documents in a single designated internet-facing datacenter, with only common commercially available security and encryption products to protect the datacenter.

    If that happened, I think we'd hear a different story about the evils of encryption.

  32. jason 7

    Guys...you know what to do...

    ...at the election...vote for anyone but the incumbent.

    Doesn't matter what govt we end up with, just as long as we vote ALL the current lot out and show them who really is in charge.

    That will remind them who they actually work for.

  33. Mark 85

    The Catch-22 of it all - The price of freedom isn't "free"

    Anyone got a dollar so we can buy these guys a clue?

    So encryption is bad... yet encryption is mandated by government for certain business (health care, for one). And communications in many businesses via email are supposed to be encrypted. Yet.. we might have a terrorist cell operating that has one member or two working in such a place.... Smart companies encrypt everything including the server data and all email.

    The bad guys on the Net don't appear to be the terrorists, it's those who want the data for their purposes (profit!) be it the Cryptolocker types or the hijackers such as the Sony, Anthem, Target types.

    Sure... encryption can go away...only when you can guarantee that no one will ever steal data, hijack a companies servers/POS or randomly grab emails looking for info for ID theft. It can also go away when you can guarantee us that we will never be spied on because "you can". Or that innocent people will never be accused of wrong doing because someone cherry-picked an email. Protect us from that and maybe encryption will not be 100% needed.

  34. jason 7

    As I've said before...

    ...terrorists have never taken away any of my rights or freedoms. Only my government.

  35. Henry Wertz 1 Gold badge

    World's smallest violin

    "All we want is to know everything about everyone at all times! I can't believe these people are using crypto to reassert the right to privacy that we took away!" Here I am playing the world's smallest violin.

  36. Roj Blake Silver badge

    Election Time

    It's good to see so many people here understand the dangers of mass surveillance.

    If you're in the UK I strongly urge you all make your feelings known to your parliamentary candidates and refuse to vote for any party that refuses to uphold the right to privacy.

    That may not leave you with much of a choice, but this is one way to make a stand.

    1. Domino

      Re: Election Time

      Got a telephone call from the Labour party to see if I was going to vote for them. I mentioned that privacy was important to me and as they had ignored the TPS registration for my number and invaded mine, then no, I wouldn't be voting for them. It's not just internet privacy they don't have a clue about.

  37. Anonymous Coward
    Anonymous Coward

    It's times like this that I'm glad the UK and the U.S. are classified as enemies of the Internet.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like