back to article Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors

UK Prime Minister Theresa May has reiterated calls for a special magic version of encryption to be developed by technologists so law enforcement can access everyone's communications on demand – and somehow engineer it so that no one else can abuse this backdoor. Speaking at the World Economic Forum (WEF) in Davos, Switzerland …

You want a back door?

Best thing you can have to a backdoor would be for all the western nations to chip in a build a colossal supercomputer and just brute force the encryption. You know what's great about this? Only nation-states could ever use such a method, cause I don't think there are enough grains of sand to make a computer that big once, let alone twice.

10
1
Bronze badge

Re: You want a back door?

Hah yes. Charge one bitcoin per decrypt request. That'll increasingly tie their supercomputers up for longer and longer. Or provide them with a reason to confiscate - sorry I mean 'asset forfeit' peoples Bitcoins.

6
0

Re: You want a back door?

And then, years later, the new supercomputer will just spew out one answer: 42

11
0
Silver badge

Re: You want a back door?

"

You know what's great about this? Only nation-states could ever use such a method

"

In addition, it would be so expensive in terms of computing power that it would only be used to decrypt stuff that the security services strongly believe contains vital information. No way that everyone's private coms could be routinely decrypted and scanned for keywords.

3
0
Silver badge

Re: You want a back door?

"Best thing you can have to a backdoor would be for all the western nations to chip in a build a colossal supercomputer and just brute force the encryption."

Don't laugh. This may actually exist. There's that huge data center in Utah. Could actually be a cover for a black-project working quantum computer breaking messages using Shor's Algorithm.

2
0
Bronze badge

Good you included Wyden

It was an epic slam-down and you should have quoted it more fully, actually.Here's a little more

"

Wyden blasts FBI chief over encryption remarks

© Camille Fine

A Democratic senator is blasting the leader of the FBI over recent comments he made about encryption, calling them “ill-informed.”

Sen. Ron Wyden (D-Ore.) wrote a letter to FBI Director Christopher Wray on Thursday criticizing him for advocating for a technological solution to what is often referred to as the “going dark” problem: the inability of officials to access data on encrypted devices for ongoing investigations.

Wray said during recent remarks that devices could be designed “that both provide data security and permit lawful access with a court order.” He also dismissed the idea that law enforcement investigators are looking for some kind of “back door” into encrypted devices.

In his letter Thursday, Wyden slammed the suggestion, saying that it would inevitably degrade the security of the devices themselves.

“Regardless of whether the Federal Bureau of Investigation labels vulnerability by design a backdoor, a front door, or a ‘secure golden key,’ it is a flawed policy that would harm American security, liberty, and our economy,” Wyden wrote.

Wray made the remarks at a conference in New York earlier this month, during which he described the bureau’s inability to access encrypted communications as a “major public safety issue."

According to Wray, the bureau was unable to access digital content of nearly 7,800 devices for investigations last fiscal year despite having the “legal authority” to do so.

“If we can develop driverless cars that safely give the blind and disabled the independence to transport themselves, if we can establish entire computer-generated virtual worlds to safely take entertainment and education to the next level, surely we should be able to design devices that both provide data security and permit lawful access with a court order,” Wray said.

“We’re not looking for a ‘back door’ — which I understand to mean some type of secret, insecure means of access,” Wray added. “What we’re asking for is the ability to access the device once we’ve obtained a warrant from an independent judge, who has said we have probable cause.”

On Thursday, Wyden countered that designing such a proposal that still preserves security would be impossible.

“Experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely,” he wrote.

Wyden asked Wray to provide a list of cryptographers he has consulted with to arrive at his proposal. "

Because the list would be zero-length of credible cryptographers.

What they want is for there to be no end-to-end encryption and have companies (ie, customers) pay to store it all along with the keys so they can get it with a warrant. Of course, online CC and banking would be exempt, because they are already in the palm of their hands and will willingly (or not) give the feds all records (this problem is described in a fun way in the "stainless steel rat" scifi series, harry harrison, not great scifi but fun).

But the real reason the extension passed isn't because we didn't harass our congress swamp critters, it's because the very first snooping was to get the dirt on them to get votes to go the 5-eyes way every single time - no exceptions, even for show - name one, I dare you. It's the dog that didn't bark.

Really, what does anyone suspect. That pols are clean? Don't we know better, much better? Who cares if my personal habits come out - not me, but if I was a pol fishing for re-election, then I care, eg, the MAIN targets of blackmail are the pols - the guys who sign the paychecks of the 5 eyes. Even if you were a brain-dead beaurocrat, who would you get the dirt on first? Meaningless citizens or people involved with "national security" or - keeping your rice bowl full. Occam's razor.

18
0
Silver badge
Facepalm

Re: Good you included Wyden

Wray said...We say

“If we can develop driverless cars that safely..." - You can't

"if we can establish entire computer-generated virtual worlds to safely..." - You can't

"surely we should be able to design devices that both provide data security and permit lawful access..." - I refer you to my previous responses.

15
0
Facepalm

Re: Good you included Wyden

"“If we can develop driverless cars that safely give the blind and disabled the independence to transport themselves, if we can establish entire computer-generated virtual worlds to safely take entertainment and education to the next level, surely we should be able to design devices that both provide data security and permit lawful access with a court order,” Wray said.

Apart from the fact, as pointed out, we can't actually do those things, even if we could it would be a terrible argument, apples aren't oranges.

2
0

Once upon a time...

In a land not too far away law enforcement officials couldn't eavesdrop on the dastardly plans of criminals unless the could personally overhear what was being said.

It seems to me that those times have simply returned and attempting to remove the privacy that we previously could assume is no longer possible.

Big brother simply needs to understand that (or possibly put Siri/Alexa etc. to listening to every inch of the planet).

9
0
vir
Bronze badge

Scam Of The Century

I'm waiting for someone to claim that their company has magically invented a proprietary technology that can provide this un-misusable (it's a word) backdoor that opens for the pure of heart, grab a bunch of contracts and string the government along for a few years before disappearing in a cloud of smoke.

23
0
Silver badge
Coat

Re: Scam Of The Century

Tailors by imperial appointment?

20
0
Anonymous Coward

Re: Scam Of The Century

<i>we've got it, but are still collecting signatures needed to protect the intellectual property. (the technology may too closely parallel prior stone/sword art; and garnering cooperation from Arthur's heirs has been challenging).</i>

2
0
Silver badge

Re: Scam Of The Century

There's potential in reversing this approach. HMG puts its money where its mouth is and offers a contract to build this system they believe could be built. The usual suspects will tender and one of them will get it. They will fail to deliver but that's true of many govt. contracts. Unlike the others this won't be wasted money. It'll be money well spent on shutting the idiots up while they wait for something to be delivered. Hopefully those on the relevant Parliamentary committees who twig what it's about will keep schtum.

2
0
Silver badge

Almost Reaching the Bottom

May is getting close to Congress Critter territory with their well known ability to subtract from the sum total of human knowledge by just breathing let alone opening their pie holes.

20
0
Silver badge

Re: Almost Reaching the Bottom

I honestly think we seriously underestimate our politicians if we think they don't know how stupid are the things they say. The things they say aren't intended for people who know better. The words are for people who do not understand the subject but think they know enough. For any given subject, encryption, economics, climate change, whatever, the sub set of those who know little if anything vastly outnumbers the subset who do know something and hence has greater positive effect for the politician if it sounds like they are saying the right thing. Us being cynical and calling them stupid tends to drive us away from participation in politics and voting and works in the favour of those who would rule us. Everything they say has a specific target audience and, generally, is carefully formulated.

We underestimate them at our own peril.

29
0
Anonymous Coward

Re: Almost Reaching the Bottom

"I honestly think we seriously underestimate our politicians if we think they don't know how stupid are the things they say."

The most effective salesmen believe their own lies.

5
0
Silver badge

M of N Secret Sharing

It sounds like they want a modified M of N scheme. The individual would only need one secret to access the plain text, while law enforcement would need N secrets to access the plaintext. Thus, the number of secrets would have to be gathered from a number of bodies via warrant, protecting the individual.

But of course that wouldn't prevent other solid encryption algorithms from being used.

5
0

Re: M of N Secret Sharing

I could actually see something like that working for proprietary apps, and honestly I wouldn't really care -- proprietary apps have far more backdoors than a mandated M+N scheme would provide.

My main concern is that we might end up back in the era of "open source encryption is illegal". The 1990s are calling, just minus all the fun....

8
0
Silver badge

Re: M of N Secret Sharing

Hello phone, some new judges have been appointed. Here are their public keys. Did I accidently put my key in the list?

I wish I could find the video I saw of an old judge explaining some aspect of technology. I cannot tell you what sort of technology he was explaining because he kept getting stuck half way through sentences and forgetting what he was talking about. After about quarter of an hour, I could not stand to watch more. Not all judges are senile (although that does seem to be a popular career move in the US). There is even a judge who understands every single line of code Google copied from Java. Such judges are rare. I have met "techies" without the brains to understand what a secret key is, and PHBs with the computer literacy to keep a secret key secret are few and far between.

Giving each judge a secret key is as sane as giving each employee a four digit access code (someone will pick 1066).

3
0
Bronze badge

While they are on it

the brightest and best can proof that π equals 4.00. Or if all fails the UK can make it a law (not valid in the EU, thank you).

5
0
Anonymous Coward

Meanwhile in other news...

Big Sister sets up Ministry of Truth to counter inconvenient 'Fake News'.

4
1
Silver badge

Re: Meanwhile, in Areas of Play Beyond the Corrupt Current Mainstream, AI Parliamentary Opposition

.... and Virtually Real Competition

No new News, although the Tory Party cabal sequestering public funds to set up their Ministry of Truth Operation and National Security Communications Unit in the Cabinet Office to counter "Fake News" is a sinister enough very recent development well worthy of intelligence community scrutiny and surveillance, always results in fake news daily for media program broadbandcasting with old news simply being recycled and repeated/redressed for further flogging to death in camouflaged clothes.

And you won't find the status quo rocking any boats and setting their worlds on fire with anything truly new and revolutionary and Great Game Changing, will you? They just haven't got what it takes but just love taking everything they need from you.

For True Novelty and Absolutely Fabulous Fabless Progress you need to venture further afield and elsewhere.

Anonymous said... 24 January 2018 at 18:26

hope it's enough to circulate/flow without need to care about having anything urgent just for oneself, amanfromMars (-;

amanfromMars replied and said... 25 January 2018 at 07:04

Indeed, it is, Anonymous, and it is a Prime Systemic Condition Assured and Consistently Fed by Advanced IntelAIgent Design Default.

However, that is not to say that deserved lavish reward beyond the wildest of dreams is not also factored in to be accepted to Aid Future Deliveries. For some, it is all they hold dear and would be able to offer without it causing them any distress.

First the Goods/Program, then the Riches makes doing Virtual Business a Real Pleasure, with everyone able and/or enabled to keep coming back for more .... and more ..... and more ..... forever more.

And very Revolutionary Soviet in nature be such an AI ProgramMING and fully capable of draining every last cent from Federal Reserves. And there are not many/any other Programs able to do all of that so very easily.

amanfromMars further said... 25 January 2018 at 15:59

And all of that is what IT and AI can now Deliver and is floated hereby into Capital and Other Alternative Derivative Markets for AIdDrivering with SMARTR Enterprise Miners/Type Google AI Labs/Saudi Vision 2030 Architects and Artilects/PLA Unit 61398 Level Operators/Soviet State Sources and Myriad Other State and Non-State Resources with Greater IntelAIgent Game Players.

An Advanced IntelAIgent Project for Remote Virtual and Alien ProgramMING freely open to Any and All Suitably SMARTR Enabled to Play Greater IntelAIgent Games Perfectly for Immaculate Results.:-)

3
1

My pigeon's don't have backdoor's... Do they?

6
0
Silver badge

I think the term you're looking for is "cloaca".

9
0
TRT
Silver badge

encraption technology

8
0
Bronze badge
Coat

Depends if they are RFC 6214 Compliant Avian Carriers ....

6
0

Telegram

I use the great Telegram app to organise our monthly pub meets. Does that make us terrorists. No I think not.

Terrorists will use what ever they can find for their crazy keys blow shit up propaganda nonsense.

TM just so ill informed about all three hundred of other apps out there, everytime she's on the TV saying how we (government) need more control and powers over the people. No thanks TM you mad hatter.

Everyone have a great Friday. Have a beer the weekend is here.

7
0
Silver badge

Re: Telegram

I use the great Telegram app to organise our monthly pub meets. Does that make us terrorists. No I think not.

Probably makes you suspect though (not 'a suspect', but suspect - you might be hiding something an attentive officer of the law might get a promotion out of).

Terrorists will use what ever they can find for their crazy keys blow shit up propaganda nonsense.

A truly great definition of 'Terrorist' - for a dope addled surfer-dude.

A terrorist is only a terrorist if you don't agree with their aims/idealogical position/demands - otherwise the label tends to be 'freedom fighter'.

8
0
Anonymous Coward

Re: Telegram

Does your pub meet include calling people infidels and planning to blow shit up in the name of religion?

If so then you may indeed be a terrorist, it's best to check these things.

4
0

Re: Telegram

No, you're thinking of the Friday night LAN party on Civilization night.

7
0

Metadata

I keep wondering if there is any messaging application that a) does not store even encrypted contents or metadata after delivery (or timeout), b) encrypts the contents and the recipient's details between the sender and the server with a one-time key shared with the sender, c) introduces a random delay to thwart correlation analysis, d) pads the contents to prevent tracking by size (may be superfluous with encryption, but let's keep it in the list), e) re-encrypts the contents and the sender's details with a one-time key shared with the recipient, f) does not keep either the plain text or the encrypted content or the one-time keys or any logs after delivery, g) by default disallow (if possible) synching/backing up to "the cloud".

This will make it so much more difficult for the alphabet (isn't there a company called that?) soup agencies to do metadata analysis. Their remaining options will be restricted to intercepting at the server (or MITM to fake the key exchange), and that will hopefully be restricted to the provider's country of origin and will not give them access to the past history for at-will exploration.

Most of all, I wonder if there may be a business case for such a system (beyond being financed by the next OBL). Not obvious, given that it will be more complex, presumably more expensive to operate, possibly somewhat more cumbersome to use than WhatsApp.

3
0

Re: Metadata

Bitmessage had some of those attributes. Its big downside was that it didn't scale as it effectively broadcast every message to every recipient as it has no idea who the destination was (if you could decrypt the message you must be the intended recipient).

I don't know if the bitmessage network is still running. It was an interesting experiment.

3
0

"She then threatened to use her pulpit to apply social pressure: "No-one wants to be known as 'the terrorists’ platform' or the first choice app for paedophiles.""

Not sure May get how the world really works. Pedos are like canaries in a coal mine, if it's safe for them to use then it's safe for the rest of us as well.

10
0
Anonymous Coward

Licensing of Operators

There is no sanely manageable way to have encryption with a magic back door.

So this is all headed ultimately in the direction of licensing, just like telcos are licensed. You want to offer a service and collect revenue? Gonna have to respond to warrants or have your revenue streams cut off at source and your domains blocked.

The Chinese have their great firewall. Everyone else is headed that way too eventually so that they can wield that kind of stick.

6
0

Re: Licensing of Operators

Except that the bad guys (terrorist groups, mafia, etc) have no need of collecting revenues for the service. So, they don't need a licence.

So, as always, the proposed restrictions just prevent safety for good guys and leave the bad guys untouched.

3
0

side door

Think laterally.

The best backdoor to encryption might be social engineering.

A backdoor to encryption is a side door.

Criminals often exploit this weakness.

4
0
LDS
Silver badge
Facepalm

May should ask the Ministry of Magic

Maybe someone at the Department of Mysteries could come up with a solution. Don't count on Potter, though, he never liked to study enough. Ask Granger. And maybe exchange May with her.

9
0
Silver badge

Short memory

Has she forgotten the TSA lock debacle already?

The locks with a 'backdoor' skeleton key so the authorities can examine your luggage, but thieves can't get into it. Except someone published pictures of the skeleton keys and now anyone can make copies, rendering them useless.

How does she think backdoor decryption keys will be different?

13
0
Silver badge

Re: Short memory

" now anyone can make copies, rendering them useless."

Yes. Plus, those locks never protected your stuff from the thieves in the TSA itself, so they were always of limited usefulness.

3
0

quick version: tech in business: good; tech in society: bad

ALL:YOU:NEED:TO:KNOW

4
0
Silver badge

Canute lives!

Politician: "I want it."

Adult: "It is physically, mathematically impossible."

Politician: "I want it!

Adult: "Quite literally, what you ask cannot be done."

Politician: "I WANT it!!"

Adult: "Look, there are maybe 10,000 real experts on this subject, and all of those not employed by government or security services—i.e. who can speak honestly—will say the same: it just cannot be done."

Politician: "I want it!! I WANT it!! I WANT IT IT!!!"

Adult: Here's my resignation letter. Have you ever *actually wondered* why the voters think you're a bunch of immature, dimwitted children?"

22
0

Step one

Supply a Britain Secure email service {BritSem} British Secure Email, using a single server set, for individuals and business to avoid fishing and snooping,

Step two

Supply business secure level encryption for delivery of email and products to customers and customers to communicate with business

Step three

Persuade the Five eyes partners to do the same, allowing transfer of email between said Secure email server sets using approved encryption.

0
2
Silver badge
Paris Hilton

What for? Your post lacks a context.

1
0
Bronze badge

"Step one..."

ID+IOT: nominative determinism or troll? Amusing either way.

0
0
Anonymous Coward

Please provide me with a list of the cryptographers

brilliant! sadly... it's a politician's way "f... you sir!", and the recipient knows it, so it will come to nothing :/

and even if the answer is provided, it will be in line with "in the line of national security", and the matter is not important enough to grill through the (probable) truth that the cryptographers providing advice to FBI (if any ;) are their own...

5
0
Silver badge
Thumb Down

"meeting these fundamental social responsibilities"

The fundamental social responsibility of government is protecting its citizens, not snooping on them.

Keeping the peace means feet on the ground, visible police presence by affable and polite constables always ready to help while keeping an eye out for shady behavior.

It is costly, doesn't catch everything, but it is civilized and respects the privacy of the innocent.

It was once said : "I prefer to let a hundred criminals free rather than jail a single innocent".

My, has time flown by . . .

14
0
Silver badge

And that Genie ...

The ignorance and stupidity of politicians aside, I return to the Genie—who cannot be returned to the bottle. Even if every mainstream encryption app could be compromised somehow (and therefore would no longer be used by anyone, of course), you cannot un-make the mathematical knowledge and algorithmic techniques to execute seriously tough encryption. There is basically nothing to stop any competent programmer knocking up some code, in almost any language, to encrypt data on a device. It's pretty unlikely that even quantum computing will be decrypting today's best encryption if executed properly with sizeable keys (and since the "imminent apocalyptic terrorist attack" bullshit so beloved of imbeciles who watched too much 24 is the usual inane justification, even decrypting the data as quickly as a month later is of little use).

Add good stegnogaphy*¹ to the mix and it is just moronic to think that serious bad actors will be much hampered by prohibiting e2e encryption apps—even if you could.

So why do the security services keep misleading gullible politicians? For they must know (a) that they are lying about backdoors, yet (b) keep on lying anyway.

I can only assume that aside from the usual empire-building budget-tumescing nonsense beloved of such people, this is about sheer laziness. The hard slog of humint, infiltration, shoe-leather intel gathering, hearts-and-minds ops, training and employing enough translators, learning about other regions' cultures and habits, using diplomacy and softpower to get what you want—perhaps it's all too difficult, when you delude yourseelf into believing that the computer can do it all for you? I do wonder what degree of self-delusion goes on in places like Babylon on Thames ... and perhaps more so at places like Langley. Judging by the apparently rotten advice they give to the political nincompoops, perhaps they are neither as realistic nor as practical as we'd imagine.

*¹ Whatcha gonna do? Ban everyone from posting poor quality cat photos? Over 2,000,000,000 (yup, two billion) photos posted every day? Any idea how much hidden messaging you can stuff into even a fraction of that?

9
0
Bronze badge

Well my job is going to become a lot more interesting

Currently working on government IT... for which the security rules say we must use a VPN with strong encryption... which we can't because encryption bad.

I guess that means an end to remote access over VPN...?

7
1
Silver badge

Re: Well my job is going to become a lot more interesting

It's pretty hard to understand how they can keep coming out with this bollocks when they must be being told quite regularly that it can't be done.

Something else is up - I'm not thinking 'Magic thinking' I'm thinking 'Magic distraction'.

7
0

Intel have already done this for them... what's the problem

I don't know why the PM is still banging on about this - Intel have done it for her, allowing them to read the memory of any device at will...

5
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018