And yet, you can be compelled to give them your password - or they lock you up forever...
"No we're not banning cryptography..."
But we'll make your life a living hell if we want to.
The UK government has restated it has no desire to ban strong encryption, nor will it require surreptitious access to communications, in a response to several accusations levelled against it. In a response to a parliament.uk petition with over 10,000 signatures, the Home Office repeated that it "is not seeking to ban or limit …
they don't lock you up forever, but they do fuck you up forever. I mean, with conviction and time behind bars for refusing to hand over / forgetting this or that password, you are doomed for life. Think employment, credit rating and, frankly, I wouldn't put it past our services to "monitor" your online activities in closer deail, probably forever.
I'm going to keep posting my responses like this every time they talk about intercepting terrorist communications.
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1
-----END PGP MESSAGE-----
"...where it is necessary and proportionate."
Aye, there's the rub.
What they are basically saying is "Trust us, we are the government.."
Sorry, but trust vanished a long time ago due to the abuse of RIPA and more topically schedule 7 of the Terrorism Act 2000 (the David Miranda judgement) and it would take a miracle to get it back
I seem to recall another section of the IPB providing legal authorization for the long-standing practice of hacking people's devices. As has been mentioned here before, you don't need to ban encryption to read encrypted messages.
I understand that any useful crypto is based on the principle that factoring large primes takes like, forever, and alas for those that wish otherwise each is a single solid number.
But give your neighbour a copy of your house key and now two parties have access to your wine cellar. Require that key to be kept updated when it changes and it becomes a key registry. Which, govt's being what they are, would probably be upload to Lastpass but that's not my point.
Surely this is all about key management, not a tech issue at all?
Indeed this is not a tech issue, this is a libertarian/privacy [sic] issue. It is the government demanding that all locks which get manufactured (including your door lock) get a master key designed in and posted off to the Home Office. Follow the links in this article:
to get a great explanation of how to fuck up a lock with a master key:
However, I can't let that slide... A certificate authority doesn't get a copy of your key. So it's not the same as your neighbour getting a copy. It's like someone asking my neighbour if I wrote that angry note they found on their car - and my neighbour checking it against that Christmas card I gave them, and saying: "yep, pretty sure he did, cbars is a dick".
...seems to be the important term here. The person (legal entity or real person) who applied the crypto to the message can be forced to decrypt it. This would not be new, as pointed out above. Of course I do not trust anyone to stick to this and not require a back door at a later point in time...
So: why the new law? What was their motivation if there were nothing new? My guess is as good as anyone's... but I tend to expect the worst.
Edit: just read http://www.theregister.co.uk/2016/01/19/key_voice_encryption_protocol_has_backdoor/
I guess this answers some questions...
"The fact that the government claim[s] to support encryption but still think[s] that it can get access to communications (with a warrant) means it basically does not understand what encryption is."
No shit Sherlock. But since when has that stopped a government doing something counter productive, expensive and stupid?
BANNING, that favourite British political pastime, any software especially secure communications software.
And how will you stop it? WhatsApp sees 50 billion messages per day - not to count the billions of SMS messages - the computer basement in MI5 isn't big enough, unless they go under the Thames, and even Telco's can only store messages for a day or two.
Get real, lady, a term I use pejoratively in her case, you can never do it even with the multi-BILLION Pound computer you are trying to buy.
Biting the hand that feeds IT © 1998–2020