back to article Hi, um, hello, US tech giants. Mind, um, mind adding backdoors to that crypto? – UK govt

The UK government is apparently going to ask Apple, Google, and other American tech giants to give it the skeleton keys to their encryption systems. Based on our experience here in the US, the response is going to be a firm: "Fsck off." On Monday, the Daily Telegraph (a reliable friend of the ruling Conservative government) …

  1. Suricou Raven

    There are some paranoid alternatives.

    Retroshare has the sort of end-to-end encryption that makes the NSA struggle - you have to exchange public keys to authenticate new contacts. The big problem, of course, is that none of your friends use it.

    1. BillG Silver badge
      Angel

      Re: There are some paranoid alternatives.

      the four horsemen of the infopocalyse – terrorists, drug dealers, pedophiles, and organized crime.

      Nice one, that. I'll have to remember it.

      President Obama, nearing the end of his final term, has given up pushing for a law demanding breakable encryption.

      Mr. O has stopped promoting it, but unfortunately he'll gleefully sign it if it crosses his desk.

  2. tfewster Silver badge
    Big Brother

    Not that I'm condoning this ...

    ... but it seems to me that a simple solution for governments and Tech companies alike would be to set it up so only* governments can issue private keys to their citizens (and also be responsible for distributing public keys).

    Crypto remains uncompromised, and your** government has a copy of your private key. Government can comfortably promote the use of encryption and save money on policing t'internets

    * Yes, I know there will be a trade in "unauthorised" keys, but using one will immediately make you a person of interest to your nations security services.

    ** No need for the UK to pass it to the US authorities, as GCHQ can provide the clear-text if needed AND appropriate.

    So what else am I missing?

    1. Ken Hagan Gold badge

      Re: Not that I'm condoning this ...

      "So what else am I missing?"

      All conversations between two people of different nationalities?

      The setting up of an unauthorised key pair *within* an authorised conversation.

      The fact that government will leave all the keys in plaintext on a site that is wide-open to one of those pesky sequential attacks we've been hearing about recently?

    2. Warm Braw Silver badge

      Re: Not that I'm condoning this ...

      >So what else am I missing?

      Well, firstly, the big picture. If you set up an infrastructure that allows the government to monitor all your external communications constantly, you might as well put government cameras in your house too - in fact you will likely have one by default whether you know it or not.

      However, even assuming you think that's all fine and dandy, exactly how are you going to stop the "bad" people (who at that point are likely to be the "good" people, but let's not get hung up on morality) using different keys and different applications to the ones on the government list. Are ISPs going to have to inspect every packet to make sure it's part of a legitimate authorised protocol? Do they have to have to hand every image in every e-mail and on every web site over to a team of cryptographers in case they contain a stegonographically-concelaed message?

      It patently can't work - it only ever did work because we were all pathetically naive and trusting and it was mostly only the Five Eyes doing it. As we now know we can't trust our government, and every other state actor is aggressively trying to get into the same game so any central repository of UK communication keys would be their first target, there is no scenario in which the UK government can be a useful contributor to our necessary privacy.

    3. sysconfig

      @tfewster - Re: Not that I'm condoning this ...

      By the way, it's no longer a private key if somebody else issues it for you and then shares it with you (or anybody else).

      That's about as useful as server-side encryption with providers where you don't control the servers, and they generate and hold the encryption keys.

    4. lumphammer46

      Re: Not that I'm condoning this ...

      4q.

    5. Anonymous Coward
      Anonymous Coward

      Re: Not that I'm condoning this ...

      From the perspective of our modern day Stasi/Gestapo entities, it's an outstanding, desirable, and practical idea. But I really wish you'd kept mum about it. And I sincerely hope that none of the folks who collect gov't issued paychecks will ever read these comments.

      Hey Reg!! Is there any chance that we can delete these particular comments? With the author's permission, of course. He/she is obviously smarter than I am. I'd never have thought of such a clever left-handed (sinister) idea.

    6. Chronos Silver badge

      Re: Not that I'm condoning this ...

      You're sniffing around the edges of key escrow again. We did this a decade or more ago and it was as wrong then as it is now.

    7. Prst. V.Jeltz Silver badge

      Re: Not that I'm condoning this ...

      "So what else am I missing?"

      Well what i seem to be missing is why would the terrorists use the same system that the Gov have got the keys for?

    8. davemcwish

      Re: Not that I'm condoning this ...

      "So what else am I missing?"

      1. Do you, as a citizen of country x, have complete and unconditional trust in your government, their security services and all public bodies that they will not misuse this for their own ends in spite of the evidence that they do e.g.the UK's Regulation of Investigatory Powers Act (2000) has been used on number occasions to investigate individuals for non terror related alleged offences ?

      2. Do you, as a citizen of country x that has a repressive regime, have complete and unconditional trust in your government that they wont give your private key to the security services of government y to spy on you for political related matters?

      For me the answers are both 'no' and I don't believe Silicon Valley aren't already in discussions with the NSA.

  3. Anonymous Coward
    Big Brother

    Cameron reminds me of an ancient Danish King

    Cnut.

    1. Ken Hagan Gold badge

      Re: Cameron reminds me of an ancient Danish King

      You mean he is cleverly undermining Theresa May by showing that her entire negotiating position is both evil and clueless?

      Actually, no, I don't grant him credit for that much cunning.

    2. James 51 Silver badge

      Re: Cameron reminds me of an ancient Danish King

      He walked out into the tide to show his court there were limits to his power. Call me Dave it seems is doing the same but is expecting the tide to change on his command.

    3. PassiveSmoking

      Re: Cameron reminds me of an ancient Danish King

      Yeah, it's obvious that he's a total cnut.

    4. nijam

      Re: Cameron reminds me of an ancient Danish King

      No, because Cnut did it to show his sycophantic court that he didn't have super powers.

      1. Trigonoceps occipitalis

        Re: Cameron reminds me of an ancient Danish King

        "small porker in a very big swine head"

        FTFY

    5. dorsetknob
      Paris Hilton

      Re: Cameron reminds me of an ancient Danish King

      please transpose the second and third letters so its spelt Correctly

      Much appreciated

      Paris because we are talking cnuts here

  4. Crisp Silver badge

    You can take my encryption out of my cold dead hands,

    See title.

  5. LDS Silver badge

    Mathematics...

    ... whenever politicians mastered mathematics?

    1. phuzz Silver badge
      Big Brother

      Re: You can take my encryption out of my cold dead hands,

      "That can be arranged"

      The Government.

      1. chivo243 Silver badge

        Re: You can take my encryption out of my cold dead hands,

        "That has been arranged" TFTFY...

        da gubbermint...

        1. g e

          Re: You can take my encryption out of my cold dead hands,

          They're not even that bothered about letting you go cold first.

          1. Prst. V.Jeltz Silver badge

            Re: You can take my encryption out of my cold dead hands,

            well if your dead, the key dies with you surely?

    2. alain williams Silver badge

      Re: Mathematics...

      But, but, but ... politicians are smarter than mathematicians, they just try to legislate mathematical truths rather than waste time trying to prove them: Indiana Pi Bill

      1. Anonymous Coward
        Anonymous Coward

        Re: Mathematics...

        Wow I didn't think and simply right clicked on that Indiana Pi Bill link without thinking. Its a good thing you didn't link to meatspin or goatse I suppose.

    3. Anonymous Coward
      Anonymous Coward

      Re: Mathematics...

      whenever politicians mastered mathematics?

      Unfortunately they're all Oxbridge arts graduates who couldn't recite their three times table. And as a result, all the really important things that government could do get done wrong or not all, and all the things that governments should never do become a central purpose.

      This also explains the mutually contradictory nature of almost all government policies.

      1. nijam

        Re: Mathematics...

        > ... Oxbridge arts graduates ...

        PPE, or "opinions", as the rest of us call those subject areas.

  6. Anonymous Coward
    Anonymous Coward

    They're so desperate to see my dick picks

    1. Rich 11 Silver badge

      And whether or not you use pork products for titillation.

    2. Zippy's Sausage Factory
      Coat

      If they want dick pics:

      http://www.amazon.co.uk/s/ref=nb_sb_ss_c_0_11?url=search-alias%3Dpopular&field-keywords=dicks%20picks&sprefix=dicks+picks%2Caps%2C202

      Oh sorry, that's Dick's Picks. I'll get me coat.

  7. localzuk

    Is it that hard to understand?

    That any exploit is a total exploit?

    The government finds it impossible to keep its secrets secret, so how do they think it would be possible to keep a gaping hole into everyone's communications secret? It'd be all over the criminal underworld within days of existing, with exploits produced just as quickly.

    The thing is, having this sort of flaw in security will basically ruin the ability to do online shopping or banking. Who would put their financial details in a website knowing that any criminal with half a brain could intercept and use them?

    Do they not have technology advisers in government? Or is it like the badger cull - they have them, but ignore them because they don't like what they keep saying?

    1. Dr Paul Taylor

      Do they not have *** advisers in government?

      That's why we have the House of Lords, so that some people who actually know about something can quietly stop the most stupid legislation from going through.

      As to whether they are competent in technology, unfortunately that may be another matter.

      1. Phil W

        Re: Do they not have *** advisers in government?

        "That's why we have the House of Lords, so that some people who actually know about something can quietly stop the most stupid legislation from going through."

        Though if Dave and George get their way, not for much longer. They're a little bit pissed about the whole tax credit thing.

        1. Richard Taylor 2 Silver badge

          Re: Do they not have *** advisers in government?

          "That's why we have the House of Lords, so that some people who actually know about

          Generally very little. A majority are political appointments with a few hereditary peers thrown in. For example Andrew Floyd Flobber (a political appointment with a deep knowledge of popular musicals) flew back from the US to vote in a recent debacle.

        2. Quortney Fortensplibe

          Re: Do they not have *** advisers in government?

          "...They're a little bit pissed about the whole tax credit thing..."

          That's what happens when you have a bar in the House of Commons.

          1. HAL-9000

            Re: Do they not have *** advisers in government?

            It's a subsidised bar too, and it keeps quite long opening hours as well. The lucky beggers

      2. Peter Simpson 1
        Thumb Up

        Re: Do they not have *** advisers in government?

        In the US, they're called "Corporate Lobbyists"

    2. Anonymous Coward
      Anonymous Coward

      Re: Is it that hard to understand?

      My problem is understanding how to distinguish between the criminals exploiting leaks and the 3-letter-agencies exploiting leaks.

      1. nijam

        Re: Is it that hard to understand?

        > ... how to distinguish between the criminals ... and the 3-letter-agencies...

        It is not possible - in this or any other context - to distinguish them.

        1. Triggerfish

          Re: Is it that hard to understand?

          "My problem is understanding how to distinguish between the criminals exploiting leaks and the 3-letter-agencies exploiting leaks."

          One lot will admit they are criminals.

  8. Anonymous Coward
    Anonymous Coward

    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

    1. Adam 1 Silver badge

      That's the password on my luggage.

      1. Blank-Reg
        Coat

        Really? Mine's 1 2 3 4 5

        Erm, anyway. Mines the one with a letter from President Skroob in the pocket.

    2. Daniel Hall

      um

      About

      09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 is a block of code written in hexadecimal that has been discovered to be a way to decrypt HD-DVDs, allowing people to modify and alter the content stored on the DVD.

      1. Daniel B.
        Boffin

        Re: um

        And here I thought it was one of those AACS keys that are doing the rounds through the 'net.

  9. Uberseehandel

    Which Delusional World Are People Living In?

    Like anybody in the US gives a sh1t about what Britain wants or thinks or passes laws about.

    Neither US business nor government have anytime for Britain or its establishment.

    1. Anonymous Coward
      Anonymous Coward

      Re: Which Delusional World Are People Living In?

      I suspect this is just soundbite/headline posturing for the benefit of the great unwashed.

      DC wil be able to claim, "Well we tried to keep you safe but the evil US corporations wouldn't let us.."

    2. Mark 85 Silver badge

      Re: Which Delusional World Are People Living In?

      It's not they (we) don't give a shit, it's politics. So if your...ummm... leaders (the UK) make it mandatory (as the article says early on) and the techs don't or won't comply, I guess it's back to the abacus for the UK. This is a grandstand play on Cameron's part and he may have been put up to it by Obama. If the techs bend over and say "ok" to you guys, then they have to say "ok" to the guys over here. If they say "no" then there's the possibility of sales and profit being lost. Rock vs.. hard spot for the techs if the governments follow through on the mandatory threat.

      It's refreshing to see that both sides of the pond have idiots in charge.

      1. Rich 11 Silver badge

        Re: Which Delusional World Are People Living In?

        Refreshing? It's the normal state of affairs.

    3. Dan 55 Silver badge

      Re: Which Delusional World Are People Living In?

      It's all part of the echo chamber. They'll happily bang on for years about this and there's a chance they will eventually get their way.

    4. Dadmin
      FAIL

      Re: Which Delusional World Are People Living In?

      HAHA! Tell us your thoughts when you work at a company that has offices in more than one country, THEN you'll understand how fucking retarded your comment is. As for giving a shit, you apparently do, as you bothered to read the comments and crap out one of your own. Good work, Sir Hypocrite!

      Qvq lbh ernq gur negvpyr, be jrer gur jbeqf gbb ovt?

      Tb onpx gb znaavat gur qrfxgbc, V zrna qvpxgbc freivprf qrfx, jnaxre.

    5. davemcwish

      Re: Which Delusional World Are People Living In?

      @Uberseehandel It's aimed at other countries who dislike the the US but still think that the the UK (and it's institutions) are honest, democratic, decent and transparent.

  10. 45RPM Silver badge

    Unfortunately, the security czars and special advisors to HM Government are unqualified in mathematics or cryptography - in fact, one wonders how they got the job at all. Cameron and Co appear to be somewhat brainless (it's not as if people who are qualified haven't been clamouring to be heard), and the Queen isn't taking her responsibilities seriously (she should dissolve parliament and require an election before Cameron n Co make us a complete laughing stock).

    It's a sad state of affairs when we need to rely on massive corporations to stand up for us against our government. I'm not certain that I trust the massive corporations- but I definitely don't trust our government.

    1. dogged

      I trust the massive corporations to want to make money.

      In this case, that's all the trust that's required.

    2. Anonymous Coward
      Anonymous Coward

      Sorry but the govt advisors are NOT stupid...

      Sorry but the people who do advise the govt on this are NOT unqualified in maths and cryptography. GCHQ is full of very, very, very clever people who do understand maths, who have PhD's in maths and cryptography (which is much the same thing). I have worked with some of them and they know their stuff.

      I 100% disagree with what CQHQ do, but do not underestimate the people who work there. That would be a mistake by everybody. They will have told the govt what people here and Apple and everybody else has said. That is part of GCHQ's remit, to advise the govt on security matters.

      I have no idea what has been said by GCHQ but I am 100% certain that GCHQ knows what is possible and not possible, almost certainly better than anybody else on this board.

      Now politicians being what they are, bottom feeding, lying, scum, may choose to ignore what has been said by their security advisors and to willingly lie about things. I know, difficult to imagine that a politician might perhaps utter an untruth, <cough> Tax Credits, Universal Credit <cough>, but thats the politicians for you. Also most politicians are not brain dead (IDS excepted, there's a person who makes Norman Tebbit look like a lentil eating, Guardian reading lefty), emotionally dead, yes, but most have a couple of brain cells that do work. I grant you that 90% of the time their brain cells are solely focussed on looking good on TV, trying not to dribble in front of the camera and working out who to stab in the back for their next promotion, but under estimating politicians is a very bad idea. At the end of the day they have the power and we the people, do not.

      They can pass laws that make life difficult for us all, they can use Statutory Instruments to try to take away tex credits, they know all sorts of ways to push things through.

      In this case I *think* that they know this is an impossible win but the way they work is to demand the moon on a stick, then give a concession to something a little bit less extreme which is what they wanted all along. I would start to look at what else is being suggested rather than Apple giving them the keys to the sweet shop, what other little regulation is in the background that they really want to impose on us. These are magicians waving their hands one way to try to redirect out attention from what is they really want to impose on us.

      1. Wiretrip

        Re: Sorry but the govt advisors are NOT stupid...

        "an impossible win but the way they work is to demand the moon on a stick, then give a concession to something a little bit less extreme" - yes, the 'Blunkett Manoeuvre'.

      2. earl grey Silver badge
        Trollface

        Re: Sorry but the govt advisors are NOT stupid...

        look like a lentil eating.

        You could have left it just like that.

      3. Anonymous Coward
        Anonymous Coward

        Re: Sorry but the govt advisors are NOT stupid...

        Am I the only one that cannot be arsed to read these long, rambling diatribes?

        Forget new icons, essay word limits please!

        1. Someone Else Silver badge
          Thumb Down

          @ AC -- Re: Sorry but the govt advisors are NOT stupid...

          Am I the only one that cannot be arsed to read these long, rambling diatribes?

          Short answer: Yes.

          Longer answer: Yes, like most ADHD-addled, can't-be-arsed-with-engaging-one's-brain, short-attention-span, immediate-gratification-seeking Twitterati.

          Next question?

  11. Tony S
    Black Helicopters

    Tinfoil hat time!

    I don't believe that this is wholly the work of the government. It's just too suspicious that whenever the gov of the day changes, the group then placed in a position of power suddenly reverse their previous stance on maintaining privacy to take a position that is the exact opposite.

    I'm not sure who it is, how or why (I can possibly imagine why, but I am very cynical), but someone, somewhere is responsible for somehow "persuading" them to change their positions and do stupid things.

    1. Anonymous Coward
      Anonymous Coward

      Re: Tinfoil hat time!

      Nudge Unit

  12. kosh

    Tech companies not required.

    We don't actually need tech companies at all for messaging. Why harp on about Apple and WhatsApp? Just use a distributed/federated protocol, like XMPP with OTR or whatever you need. The tools already exist for strongly encrypted, decentralised anonymous communication.

    1. Grikath

      Re: Tech companies not required.

      yeeesss... but no-one has wrapped that up in a shiney App that can be easily shared and looks/works good enough to be popular. Methods and protocols are all good and nice, but your average teen does not care, and they determine which chatterbox becomes the new hit, until it gets old, of course..

      1. Doctor Syntax Silver badge

        Re: Tech companies not required.

        @ Grikath

        Who cares about average teens except average teens? HMG can ban all the shiny apps they want with no real effects except pissing off potential voters. If secure non-shiny alternatives exist they'll be used by anyone with the incentive and knowledge to do so. That, of course, includes those who HMG are most keen to eavesdrop on. Great idea, ruin the average punter's privacy to no useful end.

        1. Scubaman66

          Re: Tech companies not required.

          The thing is it's the average teen who provides the vast majority of the background noise which makes the snoopers lives so difficult. If you remove it then it's much easier to focus on what you want to listen too.

  13. Your alien overlord - fear me

    How to beat it - just use texttalk inside the app - GCHQ WTF LOL {smileyface} - they won't understand it.

    Same technique as the Yanks did in WW2, they used Apaches as wireless operators, if the Japs tapped in they couldn't understand the Apache native language and it was just another layer of security.

    And when HIlary Clinton becomes el Presidento and comes to the UK, I'd like to see Davey boy ask for her encryption keys so GCHQ can tap her communications back home !!!!!

    1. Anonymous Coward
      Anonymous Coward

      Angel is next

    2. Simon Ward

      s/Apache/Navajo/g

    3. Dan Paul

      @your alien overlord - fear me... not Apache, get your facts straight...

      they used the Navajo Indian language.

      https://en.wikipedia.org/wiki/Code_talker

      And Hilarity Clinton will never be el Presidente, she'll only play one (badly) on TV. However, her IT skill is sorely lacking (along with her ability to tell the truth) so anyone will be able to hack her without having her encryption keys.

  14. Anonymous Coward
    Anonymous Coward

    of sin praktice in failing to furrow theogonies of the dommed).

    Trisseme, the mangoat! And the name of the Most Marsiful,

    the Aweghost, the Gragious one! In sobber sooth and in souber

    civiles? And to the dirtiment of the curtailment of his all of man?

    Notshoh?

    BUTT (maomant scoffin, but apoxyomenously deturbaned but

    thems bleachin banes will be after making a bashman's haloday out

    of the euphorious hagiohygiecynicism of his die and be diademmed).

    Yastsar! In sabre tooth and sobre saviles! Senonnevero! That

    he leaves nyet is my grafe. He deared me to it and he dared me

    do it, and bedattle I didaredonit as Cocksnark of Killtork can

    tell and Ussur Ursussen of the viktaurious onrush with all the

    rattles in his arctic! As bold and as madhouse a bull in a meadows.

    Knout Knittrick Kinkypeard! Olefoh, the sourd of foemoe

    times! Unknun! For when meseemim, and tolfoklokken rolland

    allover ourloud's lande, beheaving up that sob of tunf for to

    claimhis, for to wollpimsolff, puddywhuck. Ay, and untuoning

    his culothone in an exitous erseroyal Deo Jupto.At that instullt

    to Igorladns! Prronto! I gave one dobblenotch and I ups with

    my crozzier. Mirrdo! With my how on armer and hits leg an

    arrow cockshock rockrogn. Sparro!

    1. Phil W

      Yes. I agree.

    2. WaveyDavey
      Go

      Bravo

      I rather liked that. not sure I understood a word, but I liked it nonetheless.

    3. Anonymous Coward
      Anonymous Coward

      The problem with this encryption schema method is that copious amounts of alcohol unlocks it temporarily and then alcohol induced short term memory loss erases the de-crypted meaning before you can record it. Possibly other mood altering chemicals have the same affect but i don't have any evidence for that.

    4. Dan 55 Silver badge

      Sir Rowley Birkin QC

      ... and I'm afraid to say that I was very... very... drunk...

    5. Esme

      Unmasked

      verily th'art Amanfrommars posting anonymously, and I claim my prize.

      1. allthecoolshortnamesweretaken

        Re: Unmasked

        No, it's someone channeling Stanley Unwin.

    6. tony2heads
      Alien

      detector triggered

      BEWARE this looks like a vogon wrote it

    7. Mark 85 Silver badge

      Finnegan's Wake it seems. Have an upvote.

    8. Someone Else Silver badge

      @AC

      "...and the wind craied Mary."

  15. This post has been deleted by its author

  16. msknight Silver badge

    "he's a small porker in a very big swine market." ... you HAD to get a pork reference in there, didn't you!

  17. Mark Wilson

    The Joys of the Internet

    I have my own server in a foreign country, so if they want to view my emails etc... They have to first get a judge in said country to agree and then go to the owner of the service to get my data and that would be me. So they have a long and awkward process to follow just to see that my wife asked me to buy her some crisps on the way home from work.

    Now just imagine how much harder it would if the target was a well funded terrorist organisation.

    Has anyone noticed how many more terrorist attacks there are now in the UK since these technologies have been available than there were in the days of the IRA?

    1. dogged

      Re: The Joys of the Internet

      > I have my own server in a foreign country, so if they want to view my emails etc... They have to first get a judge in said country to agree and then go to the owner of the service to get my data and that would be me

      I don't think you understand. If they want to read your emails they will arrest you, seize all your stuff, read any emails you have already downloaded. If those emails are encrypted, you will be waterboarded or beaten with a rubber hose until you divulge the passcode. You will divulge the passcode, and anything else they want too.

      Don't think laws and technology make you safe. They don't. And torture works on everyone eventually.

  18. Dr Dan Holdsworth Silver badge
    Black Helicopters

    I don't see why this isn't readily possible

    Do note that Mr Cameron hasn't said how quickly he wants the encrypted material to be decrypted. All we do is hand over the encrypted text, and a secondhand ZX-81 and tell Plod "There you go, this'll crack it... eventually."

    It will, too. Probably after a few zillion years, but nobody said this sort of thing was going to be easy, did they?

  19. Doctor Syntax Silver badge

    Thought experiment

    I'm the organiser of a criminal/terrorist (the former includes the latter in my book) organisation. I want to arrange encrypted communication with my members. How do I go about it?

    We'll assume I have access to some developer talent. If I'm running a terrorist organisation I may well have that in my membership, if not there are obviously criminal organisations out there with that talent so I can buy it in.

    With that I commission its own S/W for my organisation. The developer talent doesn't need to have a cryptography specialisation as the libraries for this have been available for decades. One approach to take would be an application to create self-decrypting files - executables with the encrypted data built in.

    I rent a server out of the jurisdiction of where my organisation is operating and upload the messages there. Or I can upload them to a binary newsgroup. Or pastebin. My members can download their messages, run the software, read the decrypts and then delete. Except for the brief period when they're downloading and reading there's no incriminating decryption software in their possession. Neither random stop and search of my members no seizure at border crossings will reveal nothing untoward.

    I still have the problem of key distribution. I can set up a different distribution route for each channel. I identify some forum which members can read without suspicion. I occasionally post comments to that. The comment itself isn't the key. The key is a hash of, say the 2nd paragraph of the comment's grandparent and is a one time pad. The reader simply copies & pastes the paragraph into the self-decrypting file he's downloaded, the hash is regenerated & the message decrypted & displayed.

    Such a method has its limitations; it's susceptible to traffic analysis if the authorities suspect an individual. However, if encrypted is banned on WiFi there will be an ocean of available access points; let the authorities try to perform traffic analysis on those.

    The essential point is that making encryption illegal only bans legal applications. If people are already breaking the law you don't stop them doing that by furnishing them with more laws to break.

    1. davemcwish

      Re: Thought experiment

      @Doctor Syntax

      I guess it depends on how paranoid you are but what about a paper variant of the Enigma machine

      http://www.themarysue.com/papercraft-engima/

  20. Anonymous Coward
    Anonymous Coward

    But would they say no...

    If it was the Chinese who were asking? We've all seen how tech companies bend over backwards to continue doing business over there.

    I doubt they consider UK business that important, but if the rest of the EU decides "Hey! That ain't such a wacky idea after all!!" and start demanding it as a requirement to do business in the EU, then maybe they'll have to rethink their decision.

  21. alain williams Silver badge

    Are they that stupid, or who are they really after ?

    Putting back doors into popular applications will only let them read the messages for the stupid and small time crooks. Their claimed targets terrorists and drug kings will use their own software and manage their own end to end encryption. Paedophiles have shown themselves adept at using technology and will simply up their game.

    So: are our politicians (and their advisers) complete twats [a real possibility] or are they playing a different game, eg: trying to snoop trade secrets and political dissent - ie keep themselves in the money and in power -- so that long may we remain their underlings.

    1. Graham Cobb

      Re: Are they that stupid, or who are they really after ?

      I think the real main driver is that this is a way to reduce the cost of policing -- in order to make more cuts. I think it is driven entirely by the same thinking as the tax credits cuts, not by any goals about security.

      Being able to read all (ordinary peoples, and small time crooks) messages obviously makes policing much easier (and remotable -- no need for anyone to knock on doors and talk to people). Making policing easier obviously saves money, but at the cost of moving us significantly towards a police state. Having police capabilities and resources limited, and prioritised to serious crime, is crucial to the underlying social contract that means the public generally approve of and support the police. Giving the police completely new powers like this breaks that social contract and risks a serious backlash against the police.

  22. TheWeenie

    Dear HM Government

    We, the people, will agree to give up strong cryptography when you agree to give up Parliamentary Privilege, and make public any and all correspondence into which you have entered since assuming office. Because that's effectively what you're asking us to do.

    You also acknowledge that by doing this, you effectively condemn the digital economy of the UK, significantly weaken our international trading position, undermine the future of the UK's STEM talent and relegate us to the IT equivalent of the dark ages (well, 1997, or thereabouts).

    Honestly, who advises the government on this stuff?

    1. Anonymous Coward
      Anonymous Coward

      - Honestly, who advises the government on this stuff?

      the mail, the telegraph, murdoch? who else? certainly not voters. that at least, is not news.

      I'm in two minds. on the one, to encrypt/VPN everything, fill up public clouds with /dev/random truecrypted files and regard it as civic duty, to contribute to ever ongoing obfuscation in so much as is humanly possible;

      But, on the other hand - more brute force decryption resource is never going to be subject to the cuts the NHS is, and you know what that means. that's right, we'll be responsible for killing people, by proxy. They can call that terrorism.

      Some days I think i'm too cynical. Others, I click submit post.

      1. Ben Tasker Silver badge

        I'm in two minds. on the one, to encrypt/VPN everything

        Pretty much what I'll be doing, not because I have anything to hide, or am even that interesting, but because as a parent I have a responsibility to try and protect my offspring from future governments.

        Oh look, think of the children works both ways....

  23. JimmyPage Silver badge
    FAIL

    What I would do (hell, it may even be happening)

    Rather than (moronically) sending each other emails, I suspect terrorists, criminals (and spies) who have an aversion to being caught would simply:

    1) Identify a *public* channel for communication(s). Maybe a couple of binary newsgroups

    2) post in one an NZB of a media file (don't worry if it doesn't work. Thanks to the media providers dark war on copying, corrupted media files aren't significant) which while not encrypted, has your encrypted message hidden inside it.

    3) The actual intended recipient of the file will not be immediately apparent

    4) The recipient replies the same way. If the channel is *initially* secured, it can be used to switch newsgroups/posting handles at will.

    5) Notice how nothing in the UK governments land-grab of data could (a) prevent (b) identify this.

    To be honest, I wouldn't even bother encrypting the source message. There's so much shite spouted online anyway, there's no way you could determine anything in isolation.

    But then if I were a "terrorist" and my aim was to kill, hurt and maim as many innocent people as possible with my own survival being unnecessary, there's plenty of things I could do RIGHT NOW that could take a dozen or so souls out without really trying. The lack of such incidents leads me to wonder quite how "threatening" the "terrorist threat" is ?

  24. Graham Cobb

    Bitmessage

    Programs like bitmessage already exist. It is open, distributed, non-commercial. There are no key managers to put any pressure on. All communications are encrypted with keys known only to the two endpoints. Even traffic analysis is pretty hard, and message contents appear to be secure.

    Bitmessage may or may not be any good. It appears to be secure, but has never really been seriously reviewed or tested. But even if it isn't, someone else can, and will, create something better.

    This is security theatre at its worst. This will have NO effect on the serious criminals being used to justify it. All it would do is make it easy to monitor ordinary people, and small time crooks.

    Personally, I have become convinced that all the Investigatory Powers Bill is really about is reducing the cost of routine police investigations so that the government can cut the police even more heavily.

  25. Andy The Hat Silver badge

    Only big Urrmerican companies?

    What about banks, end to end retail transactions, multinational commerce? On the one hand, Safe Harbour is defunct as it doesn't protect privacy, on the other hand 'he' wants basic methods of privacy scrapped ... It's the digital equivalent of putting personal, financial or confidential letters in the post using transparent, unsealed envelopes with 'CONFIDENTIAL - DO NOT READ' in red writing on them.

    As has been said before, if you want to embrace, utilise and profit by the 'digital age' you first have to accept the facilities provided by the digital age ... and encryption is the only protection method 'we' have against nasty jolly foreigner.

  26. Andy The Hat Silver badge

    ... and as a complaint, shouldn't that picture of the DC comic have a photoshopped poppy on it?

  27. John H Woods

    Own Goal

    Isn't this attempt at obtaining 'skeleton' crypto keys the best confirmation since Snowden that they cannot crack decent encryption?

    1. Ben Boyle

      Re: Own Goal

      Or perhaps that's what we're meant to think.

  28. Erix

    Decrypt this GCHQ

    Read my HEX:

    EF FF FF FF 0F FF FF FF

  29. Esme

    What HM Gov wants wouldn't help

    with any organisation sufficiently serious about keeping its comms secret. Never mind encryption systems, even without those there's the possibility of different - invented - writing systems and even invented languages that could be used. Send comms using either or both of those through t'internet, and no amount of decryption will do you any good unless you can force someone who knows how to translate the intercepted message into something you can understand. So, first catch your criminal.. - bit of a Catch 22, it sems to me. On the other hand, that's so much effort that one might imagine that only the most nefarious (or perhaps those trying to keep trade secrets secret?) would bother with that kind of thing.

    Anyway, I'd urge all UK citizens readingthios to contact their MPs about why preventing public use of secure end to end encryption is a bad idea. Making us all more veulnerable to random miscreants is NOT a good way to help ensure our security.

  30. julian_n

    Poor Dave. Someone probably told him about the Laws of Maths and he thought he could repeal them.

    1. Anonymous Coward
      Anonymous Coward

      Poor Dave.

      I often wonder what made the blue-rinsed twerps of the Parliamentary Conservative Party back that clown Cameron. Then I see how the Labour party sold their soul to rictus Tony and had a hangover afterwards, allowed Gordo the Idiot to become king, and then buggered up their own leadership election arrangements such that a scruffy, Britain-hating marxist now "leads" them.

      I think the best solution for the state of British democracy would be to round up all the MPs who have sat in the past two decades, and hand them over to DEFRA to be gassed.

  31. Anonymous Coward
    Anonymous Coward

    Use Signal

    here

  32. allthecoolshortnamesweretaken

    Optional title is optional

    Curious and curiouser - the 9/11 perps didn't use Twitter or Le Livre des Visages. Any terrorist group or organisation that is well enough funded (yes, money always matters) to represent a real danger is able to set up a system of couriers for non time-critical communications and use same system to issue prearranged code words for the time-critical stuff.

  33. theOtherJT

    IosifVissarionovichCameron

    And to demonstrate this particular exercise in futility:

    -----BEGIN PGP MESSAGE-----

    Version: GnuPG v1

    jA0EAwMCZiH+LeF+XX5gycDlJYtPpZfAx/uBGso3vcbzr7YFit+hj/hWkzwoi/Or

    94Rq9MZvtwCKa1OeAdTSdcyeZafdJwTdPIu2rzr9kibuF9nDKjfjaewMO+GFy6TI

    dCUAUlQAec3pFT2HmzDwOnKM4vHcaMRVJ8eFbccEr4loYl9a5Jg4Xcu/V2cu1y1V

    lH5XiC1IZu0Rq29SEc8vrEmjQHVB9gP7y86AwggNuOppmmStmRA6iaGV6vZQ4xh/

    /MRq95hyNOXl6moLLmFSs2Zn1u/PVSi8kn5RKNW2Tqkg8IXFj17mfHAMP6G1PUxs

    fvdo8YRGky3rrGlLKs9zase202eixt9ar4/FJAlcMFrUYV+n+P7/Nfw09INLpkKe

    zZSp9pmzVRC3g0MwM2v9ya556lk6SmeY9XgJ6CXjEJoR4Ju4fhnIBXWcl3+GYYdq

    xWHCKcETk2l/AmQqsn2jGJwszQ0MlSAERpq6tQSTVRxvqqOnKm3RJ426TZwpM6ve

    T6PIZBvKTCtQpMBvIzkE0hmXbcXU2v8yl7TFabvsrHDoGfwitGRkhu8FltY9wOa0

    feElndet1Q==

    =EUwK

    -----END PGP MESSAGE-----

    Key's in the title lads.

  34. DougS Silver badge

    Easy solution for UKgov

    Ban use of iMessage, WhatsApp and so forth and only allow communication using government approved apps that give them a skeleton key. No need to bother Apple or Google, and they get a new way to arrest their citizens pointlessly - confiscate their iPhone upon arrest (for charges to be named later) and use their RIPA powers to make them unlock it, then look and see if iMessage has been used and if so you can now name the charges. Similar method for arresting Android users.

    That they aren't doing this, and are instead going through the futile exercise of asking US tech companies to do something they won't do even with their own government asking, demonstrates that this is merely grandstanding to highlight the issue. That's so if there's a terrorist attack in the UK they can point the finger of blame at Apple and Google for allowing encrypted communications to take place, instead of having the blame fall on them for relying too heavily on hoovering up all communication and no longer doing any good old fashion police work.

  35. Doctor Syntax Silver badge

    iMessage

    I've now read through the links purporting to show weaknesses in iMessage. They're dated a couple of years ago. In the recent court case Apple said that they could previously intercept messages but not with the current iOS versions. So is the Quarkslab analysis still relevant to current iMessage protocols?

  36. a cynic writes...

    I can't help wondering...

    ...if somewhere in Cheltenham there's one of our number trying to work out how the hell to tell the Boss "It was a joke".

  37. kevinonh

    Don't you love policies that only affect honest people?

    Meanwhile, actual terrorists and criminals will continue to assume that the State is legally or illegally reading their communications and will act accordingly. The bad guys will never use encryption provided by external companies or the State. In particular, they will avoid sending messages through conventional means (e.g. steganography) or will use encryption using their own keys.

  38. Anonymous Coward
    Anonymous Coward

    Question.

    SSD's have a limited (but large) amount of read/writes.

    Would trying to crack open an encrypted file on an SSD 'cause them to quickly deplete those numbers?

    1. Jay 2

      Probably not, as I believe the proper way to do forensic analysis on computery things is to clone the drive as is and use that. So the initial evidence is not tampered with.

      Also I could be wrong, but I thought it was writes that SSDs, and the like, are at some point limited on. I'm under the impression that reads are fine.

  39. Mike Richards

    This proposal must be proof positive that Cameron is working for the Chinese government.

    I hope someone asks him how his clever friends in the City have responded to this level of encryption buggery on their whizzo financial transactions.

  40. Anonymous Coward
    Anonymous Coward

    It was really the NSA!

    The UK smurfs don't care that much, but the NSA is still running Echelon, whereby any "intelligence" decrypted in the UK can be shared in the US without court oversight

  41. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019