back to article Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors

UK Prime Minister Theresa May has reiterated calls for a special magic version of encryption to be developed by technologists so law enforcement can access everyone's communications on demand – and somehow engineer it so that no one else can abuse this backdoor. Speaking at the World Economic Forum (WEF) in Davos, Switzerland …

Page:

  1. Bush_rat

    You want a back door?

    Best thing you can have to a backdoor would be for all the western nations to chip in a build a colossal supercomputer and just brute force the encryption. You know what's great about this? Only nation-states could ever use such a method, cause I don't think there are enough grains of sand to make a computer that big once, let alone twice.

    1. GrumpyKiwi Silver badge

      Re: You want a back door?

      Hah yes. Charge one bitcoin per decrypt request. That'll increasingly tie their supercomputers up for longer and longer. Or provide them with a reason to confiscate - sorry I mean 'asset forfeit' peoples Bitcoins.

      1. Jos V

        Re: You want a back door?

        And then, years later, the new supercomputer will just spew out one answer: 42

    2. Cynic_999 Silver badge

      Re: You want a back door?

      "

      You know what's great about this? Only nation-states could ever use such a method

      "

      In addition, it would be so expensive in terms of computing power that it would only be used to decrypt stuff that the security services strongly believe contains vital information. No way that everyone's private coms could be routinely decrypted and scanned for keywords.

    3. Charles 9 Silver badge

      Re: You want a back door?

      "Best thing you can have to a backdoor would be for all the western nations to chip in a build a colossal supercomputer and just brute force the encryption."

      Don't laugh. This may actually exist. There's that huge data center in Utah. Could actually be a cover for a black-project working quantum computer breaking messages using Shor's Algorithm.

  2. DCFusor Silver badge

    Good you included Wyden

    It was an epic slam-down and you should have quoted it more fully, actually.Here's a little more

    "

    Wyden blasts FBI chief over encryption remarks

    © Camille Fine

    A Democratic senator is blasting the leader of the FBI over recent comments he made about encryption, calling them “ill-informed.”

    Sen. Ron Wyden (D-Ore.) wrote a letter to FBI Director Christopher Wray on Thursday criticizing him for advocating for a technological solution to what is often referred to as the “going dark” problem: the inability of officials to access data on encrypted devices for ongoing investigations.

    Wray said during recent remarks that devices could be designed “that both provide data security and permit lawful access with a court order.” He also dismissed the idea that law enforcement investigators are looking for some kind of “back door” into encrypted devices.

    In his letter Thursday, Wyden slammed the suggestion, saying that it would inevitably degrade the security of the devices themselves.

    “Regardless of whether the Federal Bureau of Investigation labels vulnerability by design a backdoor, a front door, or a ‘secure golden key,’ it is a flawed policy that would harm American security, liberty, and our economy,” Wyden wrote.

    Wray made the remarks at a conference in New York earlier this month, during which he described the bureau’s inability to access encrypted communications as a “major public safety issue."

    According to Wray, the bureau was unable to access digital content of nearly 7,800 devices for investigations last fiscal year despite having the “legal authority” to do so.

    “If we can develop driverless cars that safely give the blind and disabled the independence to transport themselves, if we can establish entire computer-generated virtual worlds to safely take entertainment and education to the next level, surely we should be able to design devices that both provide data security and permit lawful access with a court order,” Wray said.

    “We’re not looking for a ‘back door’ — which I understand to mean some type of secret, insecure means of access,” Wray added. “What we’re asking for is the ability to access the device once we’ve obtained a warrant from an independent judge, who has said we have probable cause.”

    On Thursday, Wyden countered that designing such a proposal that still preserves security would be impossible.

    “Experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely,” he wrote.

    Wyden asked Wray to provide a list of cryptographers he has consulted with to arrive at his proposal. "

    Because the list would be zero-length of credible cryptographers.

    What they want is for there to be no end-to-end encryption and have companies (ie, customers) pay to store it all along with the keys so they can get it with a warrant. Of course, online CC and banking would be exempt, because they are already in the palm of their hands and will willingly (or not) give the feds all records (this problem is described in a fun way in the "stainless steel rat" scifi series, harry harrison, not great scifi but fun).

    But the real reason the extension passed isn't because we didn't harass our congress swamp critters, it's because the very first snooping was to get the dirt on them to get votes to go the 5-eyes way every single time - no exceptions, even for show - name one, I dare you. It's the dog that didn't bark.

    Really, what does anyone suspect. That pols are clean? Don't we know better, much better? Who cares if my personal habits come out - not me, but if I was a pol fishing for re-election, then I care, eg, the MAIN targets of blackmail are the pols - the guys who sign the paychecks of the 5 eyes. Even if you were a brain-dead beaurocrat, who would you get the dirt on first? Meaningless citizens or people involved with "national security" or - keeping your rice bowl full. Occam's razor.

    1. tfewster Silver badge
      Facepalm

      Re: Good you included Wyden

      Wray said...We say

      “If we can develop driverless cars that safely..." - You can't

      "if we can establish entire computer-generated virtual worlds to safely..." - You can't

      "surely we should be able to design devices that both provide data security and permit lawful access..." - I refer you to my previous responses.

    2. terrythetech
      Facepalm

      Re: Good you included Wyden

      "“If we can develop driverless cars that safely give the blind and disabled the independence to transport themselves, if we can establish entire computer-generated virtual worlds to safely take entertainment and education to the next level, surely we should be able to design devices that both provide data security and permit lawful access with a court order,” Wray said.

      Apart from the fact, as pointed out, we can't actually do those things, even if we could it would be a terrible argument, apples aren't oranges.

  3. sd123

    Once upon a time...

    In a land not too far away law enforcement officials couldn't eavesdrop on the dastardly plans of criminals unless the could personally overhear what was being said.

    It seems to me that those times have simply returned and attempting to remove the privacy that we previously could assume is no longer possible.

    Big brother simply needs to understand that (or possibly put Siri/Alexa etc. to listening to every inch of the planet).

  4. vir Silver badge

    Scam Of The Century

    I'm waiting for someone to claim that their company has magically invented a proprietary technology that can provide this un-misusable (it's a word) backdoor that opens for the pure of heart, grab a bunch of contracts and string the government along for a few years before disappearing in a cloud of smoke.

    1. Nick Kew Silver badge
      Coat

      Re: Scam Of The Century

      Tailors by imperial appointment?

    2. Anonymous Coward
      Anonymous Coward

      Re: Scam Of The Century

      <i>we've got it, but are still collecting signatures needed to protect the intellectual property. (the technology may too closely parallel prior stone/sword art; and garnering cooperation from Arthur's heirs has been challenging).</i>

    3. Doctor Syntax Silver badge

      Re: Scam Of The Century

      There's potential in reversing this approach. HMG puts its money where its mouth is and offers a contract to build this system they believe could be built. The usual suspects will tender and one of them will get it. They will fail to deliver but that's true of many govt. contracts. Unlike the others this won't be wasted money. It'll be money well spent on shutting the idiots up while they wait for something to be delivered. Hopefully those on the relevant Parliamentary committees who twig what it's about will keep schtum.

  5. a_yank_lurker Silver badge

    Almost Reaching the Bottom

    May is getting close to Congress Critter territory with their well known ability to subtract from the sum total of human knowledge by just breathing let alone opening their pie holes.

    1. Geoffrey W Silver badge

      Re: Almost Reaching the Bottom

      I honestly think we seriously underestimate our politicians if we think they don't know how stupid are the things they say. The things they say aren't intended for people who know better. The words are for people who do not understand the subject but think they know enough. For any given subject, encryption, economics, climate change, whatever, the sub set of those who know little if anything vastly outnumbers the subset who do know something and hence has greater positive effect for the politician if it sounds like they are saying the right thing. Us being cynical and calling them stupid tends to drive us away from participation in politics and voting and works in the favour of those who would rule us. Everything they say has a specific target audience and, generally, is carefully formulated.

      We underestimate them at our own peril.

      1. Anonymous Coward
        Anonymous Coward

        Re: Almost Reaching the Bottom

        "I honestly think we seriously underestimate our politicians if we think they don't know how stupid are the things they say."

        The most effective salesmen believe their own lies.

  6. Brian Miller Silver badge

    M of N Secret Sharing

    It sounds like they want a modified M of N scheme. The individual would only need one secret to access the plain text, while law enforcement would need N secrets to access the plaintext. Thus, the number of secrets would have to be gathered from a number of bodies via warrant, protecting the individual.

    But of course that wouldn't prevent other solid encryption algorithms from being used.

    1. whitepines Bronze badge

      Re: M of N Secret Sharing

      I could actually see something like that working for proprietary apps, and honestly I wouldn't really care -- proprietary apps have far more backdoors than a mandated M+N scheme would provide.

      My main concern is that we might end up back in the era of "open source encryption is illegal". The 1990s are calling, just minus all the fun....

    2. Flocke Kroes Silver badge

      Re: M of N Secret Sharing

      Hello phone, some new judges have been appointed. Here are their public keys. Did I accidently put my key in the list?

      I wish I could find the video I saw of an old judge explaining some aspect of technology. I cannot tell you what sort of technology he was explaining because he kept getting stuck half way through sentences and forgetting what he was talking about. After about quarter of an hour, I could not stand to watch more. Not all judges are senile (although that does seem to be a popular career move in the US). There is even a judge who understands every single line of code Google copied from Java. Such judges are rare. I have met "techies" without the brains to understand what a secret key is, and PHBs with the computer literacy to keep a secret key secret are few and far between.

      Giving each judge a secret key is as sane as giving each employee a four digit access code (someone will pick 1066).

  7. harmjschoonhoven

    While they are on it

    the brightest and best can proof that π equals 4.00. Or if all fails the UK can make it a law (not valid in the EU, thank you).

  8. Anonymous Coward
    Anonymous Coward

    Meanwhile in other news...

    Big Sister sets up Ministry of Truth to counter inconvenient 'Fake News'.

    1. amanfromMars 1 Silver badge

      Re: Meanwhile, in Areas of Play Beyond the Corrupt Current Mainstream, AI Parliamentary Opposition

      .... and Virtually Real Competition

      No new News, although the Tory Party cabal sequestering public funds to set up their Ministry of Truth Operation and National Security Communications Unit in the Cabinet Office to counter "Fake News" is a sinister enough very recent development well worthy of intelligence community scrutiny and surveillance, always results in fake news daily for media program broadbandcasting with old news simply being recycled and repeated/redressed for further flogging to death in camouflaged clothes.

      And you won't find the status quo rocking any boats and setting their worlds on fire with anything truly new and revolutionary and Great Game Changing, will you? They just haven't got what it takes but just love taking everything they need from you.

      For True Novelty and Absolutely Fabulous Fabless Progress you need to venture further afield and elsewhere.

      Anonymous said... 24 January 2018 at 18:26

      hope it's enough to circulate/flow without need to care about having anything urgent just for oneself, amanfromMars (-;

      amanfromMars replied and said... 25 January 2018 at 07:04

      Indeed, it is, Anonymous, and it is a Prime Systemic Condition Assured and Consistently Fed by Advanced IntelAIgent Design Default.

      However, that is not to say that deserved lavish reward beyond the wildest of dreams is not also factored in to be accepted to Aid Future Deliveries. For some, it is all they hold dear and would be able to offer without it causing them any distress.

      First the Goods/Program, then the Riches makes doing Virtual Business a Real Pleasure, with everyone able and/or enabled to keep coming back for more .... and more ..... and more ..... forever more.

      And very Revolutionary Soviet in nature be such an AI ProgramMING and fully capable of draining every last cent from Federal Reserves. And there are not many/any other Programs able to do all of that so very easily.

      amanfromMars further said... 25 January 2018 at 15:59

      And all of that is what IT and AI can now Deliver and is floated hereby into Capital and Other Alternative Derivative Markets for AIdDrivering with SMARTR Enterprise Miners/Type Google AI Labs/Saudi Vision 2030 Architects and Artilects/PLA Unit 61398 Level Operators/Soviet State Sources and Myriad Other State and Non-State Resources with Greater IntelAIgent Game Players.

      An Advanced IntelAIgent Project for Remote Virtual and Alien ProgramMING freely open to Any and All Suitably SMARTR Enabled to Play Greater IntelAIgent Games Perfectly for Immaculate Results.:-)

  9. Speckled Jim

    My pigeon's don't have backdoor's... Do they?

    1. Christian Berger Silver badge

      I think the term you're looking for is "cloaca".

      1. TRT Silver badge

        encraption technology

    2. EnviableOne Bronze badge
      Coat

      Depends if they are RFC 6214 Compliant Avian Carriers ....

  10. Krack73

    Telegram

    I use the great Telegram app to organise our monthly pub meets. Does that make us terrorists. No I think not.

    Terrorists will use what ever they can find for their crazy keys blow shit up propaganda nonsense.

    TM just so ill informed about all three hundred of other apps out there, everytime she's on the TV saying how we (government) need more control and powers over the people. No thanks TM you mad hatter.

    Everyone have a great Friday. Have a beer the weekend is here.

    1. Teiwaz Silver badge

      Re: Telegram

      I use the great Telegram app to organise our monthly pub meets. Does that make us terrorists. No I think not.

      Probably makes you suspect though (not 'a suspect', but suspect - you might be hiding something an attentive officer of the law might get a promotion out of).

      Terrorists will use what ever they can find for their crazy keys blow shit up propaganda nonsense.

      A truly great definition of 'Terrorist' - for a dope addled surfer-dude.

      A terrorist is only a terrorist if you don't agree with their aims/idealogical position/demands - otherwise the label tends to be 'freedom fighter'.

    2. Anonymous Coward
      Anonymous Coward

      Re: Telegram

      Does your pub meet include calling people infidels and planning to blow shit up in the name of religion?

      If so then you may indeed be a terrorist, it's best to check these things.

      1. TimB

        Re: Telegram

        No, you're thinking of the Friday night LAN party on Civilization night.

  11. T. F. M. Reader Silver badge

    Metadata

    I keep wondering if there is any messaging application that a) does not store even encrypted contents or metadata after delivery (or timeout), b) encrypts the contents and the recipient's details between the sender and the server with a one-time key shared with the sender, c) introduces a random delay to thwart correlation analysis, d) pads the contents to prevent tracking by size (may be superfluous with encryption, but let's keep it in the list), e) re-encrypts the contents and the sender's details with a one-time key shared with the recipient, f) does not keep either the plain text or the encrypted content or the one-time keys or any logs after delivery, g) by default disallow (if possible) synching/backing up to "the cloud".

    This will make it so much more difficult for the alphabet (isn't there a company called that?) soup agencies to do metadata analysis. Their remaining options will be restricted to intercepting at the server (or MITM to fake the key exchange), and that will hopefully be restricted to the provider's country of origin and will not give them access to the past history for at-will exploration.

    Most of all, I wonder if there may be a business case for such a system (beyond being financed by the next OBL). Not obvious, given that it will be more complex, presumably more expensive to operate, possibly somewhat more cumbersome to use than WhatsApp.

    1. Graham Cobb

      Re: Metadata

      Bitmessage had some of those attributes. Its big downside was that it didn't scale as it effectively broadcast every message to every recipient as it has no idea who the destination was (if you could decrypt the message you must be the intended recipient).

      I don't know if the bitmessage network is still running. It was an interesting experiment.

  12. Pinjata

    "She then threatened to use her pulpit to apply social pressure: "No-one wants to be known as 'the terrorists’ platform' or the first choice app for paedophiles.""

    Not sure May get how the world really works. Pedos are like canaries in a coal mine, if it's safe for them to use then it's safe for the rest of us as well.

  13. Anonymous Coward
    Anonymous Coward

    Licensing of Operators

    There is no sanely manageable way to have encryption with a magic back door.

    So this is all headed ultimately in the direction of licensing, just like telcos are licensed. You want to offer a service and collect revenue? Gonna have to respond to warrants or have your revenue streams cut off at source and your domains blocked.

    The Chinese have their great firewall. Everyone else is headed that way too eventually so that they can wield that kind of stick.

    1. Graham Cobb

      Re: Licensing of Operators

      Except that the bad guys (terrorist groups, mafia, etc) have no need of collecting revenues for the service. So, they don't need a licence.

      So, as always, the proposed restrictions just prevent safety for good guys and leave the bad guys untouched.

  14. Colin Tree

    side door

    Think laterally.

    The best backdoor to encryption might be social engineering.

    A backdoor to encryption is a side door.

    Criminals often exploit this weakness.

  15. LDS Silver badge
    Facepalm

    May should ask the Ministry of Magic

    Maybe someone at the Department of Mysteries could come up with a solution. Don't count on Potter, though, he never liked to study enough. Ask Granger. And maybe exchange May with her.

  16. Simon Harris Silver badge

    Short memory

    Has she forgotten the TSA lock debacle already?

    The locks with a 'backdoor' skeleton key so the authorities can examine your luggage, but thieves can't get into it. Except someone published pictures of the skeleton keys and now anyone can make copies, rendering them useless.

    How does she think backdoor decryption keys will be different?

    1. JohnFen Silver badge

      Re: Short memory

      " now anyone can make copies, rendering them useless."

      Yes. Plus, those locks never protected your stuff from the thieves in the TSA itself, so they were always of limited usefulness.

  17. charlieboywoof

    quick version: tech in business: good; tech in society: bad

    ALL:YOU:NEED:TO:KNOW

  18. Milton Silver badge

    Canute lives!

    Politician: "I want it."

    Adult: "It is physically, mathematically impossible."

    Politician: "I want it!

    Adult: "Quite literally, what you ask cannot be done."

    Politician: "I WANT it!!"

    Adult: "Look, there are maybe 10,000 real experts on this subject, and all of those not employed by government or security services—i.e. who can speak honestly—will say the same: it just cannot be done."

    Politician: "I want it!! I WANT it!! I WANT IT IT!!!"

    Adult: Here's my resignation letter. Have you ever *actually wondered* why the voters think you're a bunch of immature, dimwitted children?"

  19. Anonymous Coward
    Anonymous Coward

    Step one

    Supply a Britain Secure email service {BritSem} British Secure Email, using a single server set, for individuals and business to avoid fishing and snooping,

    Step two

    Supply business secure level encryption for delivery of email and products to customers and customers to communicate with business

    Step three

    Persuade the Five eyes partners to do the same, allowing transfer of email between said Secure email server sets using approved encryption.

    1. Sir Runcible Spoon Silver badge
      Paris Hilton

      What for? Your post lacks a context.

    2. HieronymusBloggs Silver badge

      "Step one..."

      ID+IOT: nominative determinism or troll? Amusing either way.

  20. Anonymous Coward
    Anonymous Coward

    Please provide me with a list of the cryptographers

    brilliant! sadly... it's a politician's way "f... you sir!", and the recipient knows it, so it will come to nothing :/

    and even if the answer is provided, it will be in line with "in the line of national security", and the matter is not important enough to grill through the (probable) truth that the cryptographers providing advice to FBI (if any ;) are their own...

  21. Pascal Monett Silver badge
    Thumb Down

    "meeting these fundamental social responsibilities"

    The fundamental social responsibility of government is protecting its citizens, not snooping on them.

    Keeping the peace means feet on the ground, visible police presence by affable and polite constables always ready to help while keeping an eye out for shady behavior.

    It is costly, doesn't catch everything, but it is civilized and respects the privacy of the innocent.

    It was once said : "I prefer to let a hundred criminals free rather than jail a single innocent".

    My, has time flown by . . .

  22. Milton Silver badge

    And that Genie ...

    The ignorance and stupidity of politicians aside, I return to the Genie—who cannot be returned to the bottle. Even if every mainstream encryption app could be compromised somehow (and therefore would no longer be used by anyone, of course), you cannot un-make the mathematical knowledge and algorithmic techniques to execute seriously tough encryption. There is basically nothing to stop any competent programmer knocking up some code, in almost any language, to encrypt data on a device. It's pretty unlikely that even quantum computing will be decrypting today's best encryption if executed properly with sizeable keys (and since the "imminent apocalyptic terrorist attack" bullshit so beloved of imbeciles who watched too much 24 is the usual inane justification, even decrypting the data as quickly as a month later is of little use).

    Add good stegnogaphy*¹ to the mix and it is just moronic to think that serious bad actors will be much hampered by prohibiting e2e encryption apps—even if you could.

    So why do the security services keep misleading gullible politicians? For they must know (a) that they are lying about backdoors, yet (b) keep on lying anyway.

    I can only assume that aside from the usual empire-building budget-tumescing nonsense beloved of such people, this is about sheer laziness. The hard slog of humint, infiltration, shoe-leather intel gathering, hearts-and-minds ops, training and employing enough translators, learning about other regions' cultures and habits, using diplomacy and softpower to get what you want—perhaps it's all too difficult, when you delude yourseelf into believing that the computer can do it all for you? I do wonder what degree of self-delusion goes on in places like Babylon on Thames ... and perhaps more so at places like Langley. Judging by the apparently rotten advice they give to the political nincompoops, perhaps they are neither as realistic nor as practical as we'd imagine.

    *¹ Whatcha gonna do? Ban everyone from posting poor quality cat photos? Over 2,000,000,000 (yup, two billion) photos posted every day? Any idea how much hidden messaging you can stuff into even a fraction of that?

  23. unwarranted triumphalism Bronze badge

    Well my job is going to become a lot more interesting

    Currently working on government IT... for which the security rules say we must use a VPN with strong encryption... which we can't because encryption bad.

    I guess that means an end to remote access over VPN...?

    1. Sir Runcible Spoon Silver badge

      Re: Well my job is going to become a lot more interesting

      It's pretty hard to understand how they can keep coming out with this bollocks when they must be being told quite regularly that it can't be done.

      Something else is up - I'm not thinking 'Magic thinking' I'm thinking 'Magic distraction'.

  24. bwright72

    Intel have already done this for them... what's the problem

    I don't know why the PM is still banging on about this - Intel have done it for her, allowing them to read the memory of any device at will...

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019