back to article Break crypto to monitor jihadis in real time? Don't be ridiculous, say experts

Calls by a former special advisor to ex UK Prime Minister David Cameron to allow the circumvention of end-to-end encryption to monitor terrorist suspects have come under fire from security experts. Rohan Silva, government policy consultant turned co-founder at Shoreditch-based tech incubator/workspace startup Second Home, …

  1. John Mangan

    "The former policy wonk -

    whose performance on radio this morning was criticised as "clueless" by" - anyone with three active neurons.

    1. Anonymous Coward
      Anonymous Coward

      Ladies of the night and other wondrous things.

      Knowing which side of his bread is buttered, more like.

    2. Brewster's Angle Grinder Silver badge

      Re: "The former policy wonk -

      He may have been talking bollocks, but his performance was far better than his interlocutor. Any non-tech person listing would have been listening along and saying, "Why can't we do this, it all sounds reasonable."

      1. Neil Barnes Silver badge

        Re: "The former policy wonk -

        Sadly, 'tis true. He was talking bollocks but she really wasn't helping her cause.

        1. Mark 110

          Re: "The former policy wonk -

          I was driving to work listening to it. Was banging the steering wheel in frustration with the amount of utter bollocks being talked.

          1. Mike Richards

            Re: "The former policy wonk -

            In terms of bollocks-per-minute it was rating about 1 Boris-per-second.

            An immensely frustrating interview on both sides.

            1. TSG
              Joke

              Re: "The former policy wonk -

              You might want to calibrate your measurement tool; mine was reading a steady 1.72 Bps.

          2. Mr Sceptical
            Flame

            Re: "The former policy wonk -

            +1 I was effing and blinding too - good thing no one paid me any attention or I'd have been pulled over!

            PS. Thankfully, El Reg covered this - I was going to have to start cross posting in another article if it wasn't!

            PPS. Actually, I'd be DELIGHTED if all communications were tapped 100% of the time if the penalty for the slightest misuse of that information no matter how minor was slow, painful public execution Pour Encourager Les Autres...

      2. Mark 65

        Re: "The former policy wonk -

        Any non-tech person listing would have been listening along and saying, "Why can't we do this, it all sounds reasonable."

        Unfortunately that is a real-time reflection of how many fucking idiots are present in society.

        1. therealmav

          Re: "The former policy wonk -

          >Unfortunately that is a real-time reflection of how many fucking idiots are present in society.

          But not everyone knows enough to be able to pick out fuckwits like Rohan. I dont doubt that that the other interviewee did know enough, but when it came to tricky things like stringing a sentence together, making a coherent argument and explaining things in ways that typical R4 listener might understand she couldn't compete. If the tech industry wants to be taken seriously, they need to send serious sounding people to be interviewed. Its a shame because this is yet another instance where our politicians are simply lying to us and it would be good to have had someone say so more cogently.

          1. Anonymous Coward
            Anonymous Coward

            Re: "The former policy wonk -

            "If the tech industry wants to be taken seriously, they need to send serious sounding people to be interviewed. Its a shame because this is yet another instance where our politicians are simply lying to us and it would be good to have had someone say so more cogently."

            Presumably the good Revd Adrian Kennard (AAISP) is now banned from being interviewed by the BBC, as his previous inverviews he has:dared to criticise BT and dared to criticise government policy. He's still doing it for Sky and RT, but does anybody watch them? In the past he's been on the BBC too.

            1. TheRealRevK

              Re: "The former policy wonk -

              I am happy to comment for BBC, Sky, RT, anyone on these issues and give what I hope is my informed opinion on such matters.

        2. russmichaels

          Re: "The former policy wonk -

          So you think any non-tech person is a fucking idiot?

          Can you do the job of a doctor, dentist, cardiologist, optician etc? DO you know how to build houses, install central heating systems, do plumbing... the list goes on.

          No? then I guess by your own logic, you must also be an idiot for not knowing how to do all the things that other people know how to do.

          I am a techy as well, the difference is that I have respect for the jobs other people do, and do not arrogantly expect everyone else to be good with computers and technology.

          1. Anonymous Coward
            Anonymous Coward

            Re: "The former policy wonk -

            Except most people don't go through life having to perform surgery, repair teeth, or take care of eyes professionally. Most people in today's society don't have to do those things, as they're specialised jobs.

            OTOH, most people use their fondleslab and even computers on a regular basis (i.e. daily or more) and should be expected to understand the basics, or at least be able to tell the difference between an expert and someone completely clueless, like this fuckwit Rohan Silva.

            On second thought, this is going up as AC

          2. justAnITGuy

            So you think any non-tech person is a fucking idiot?

            Surely context applies? I didn't take it that said offensive person was being generally offensive to everyone else - or at least those that take offence.

      3. Trigonoceps occipitalis

        Re: "The former policy wonk -

        If I may quote Tim Worstall:

        It's bollocks – it's obviously bollocks – but unfortunately it's influential bollocks.

        (7 Sep 2014 at 13:10)

    3. John Smith 19 Gold badge
      Unhappy

      Re: "The former policy wonk -

      Is looking for a govt contract?

      And it seems the 3000 "suspects" MI5 was supposedly watching has now "grown" to 6000

      I guess 3000 was not a big enough number to terrify the people.

      1. Rich 11 Silver badge

        Re: "The former policy wonk -

        Probably because they would need 18,000 people to monitor all suspects in real time around the clock. Plus a tenth more to cover for sickness and holidays, and even more when the Maybot cracks down on anyone who has ever travelled to Libya or Syria, even as a kid.

        Does anyone have a list of 20.000+ Arabic-speaking people with a security clearance? Let's ask the wonderful and thoroughly-informed Rohan.

      2. Kane Silver badge

        Re: "The former policy wonk -

        Give it time, it'll grow again.

    4. Wzrd1

      Re: "The former policy wonk -

      Well, it's understandable that one lauded as an expert is just so clueless.

      After all, it's not like FVEY have bothered to install middleware to fork microphone and camera data, to transmit via a covertly, network install applet, to their central monitoring software and it then transcribes everything said for automatic analysis.

      That's a 21st century technology! We're nowhere near - oh, wait. We are in the 21st, we can and have that capability and use it constantly.

  2. Anonymous Coward
    Anonymous Coward

    To break encryption in real time you need two things. A time machine and a quantum computer. Like the ones used in star-ships. Easy-peasy. Can I be a government advisor?

    1. JLV Silver badge

      You can, as long as you advise them 100% of the time that they are 100% correct 100% of the time.

      A Yes Man seems to be the qualification required for crypto expertise in some gov circles. And it is worrying that so many of our leaders have not yet grasped the very basic concept that you can't have safe backdoors guaranteed to be unusable by criminals through some magic fairy dust. Wherever else you stand on the surveillance/privacy divide wrt terrorism prevention, how can supposedly smart people just not understand that basic fact? Or take the word of the experts in the field?

      1. Rich 11 Silver badge

        Or take the word of the experts in the field?

        Experts? You know what we're supposed to think about experts.

        1. Trigonoceps occipitalis

          Ex is a has-been.

          (s)pert is a drip under pressure.

      2. Mike Richards

        'And it is worrying that so many of our leaders have not yet grasped the very basic concept that you can't have safe backdoors'

        Hypothetical government minister. 'You are quite right. I am not calling for a backdoor, I am asking for a special golden key which acts just like a backdoor but can only be used by the good guys.'

        Interviewer. 'Thank-you for your time, is there anything else you would like to share with a grateful nation?'

      3. tedleaf

        But what else do you expect when parliament does not have one science or engineering degree between 650+ people.

        This is what happens when you are governed by people that are third rate solicitors,estate agents and have studied philosophy and the history of art...

        1. TSG
          Thumb Up

          And therin lies a massive part of the problem: too many elected officials are clueless when it comes to math, science, and reality.

          We need to get more people with practical degrees (not to demean non-STEM fields) to run for office in order to make the government more logical and rational.

        2. Alan Brown Silver badge

          "But what else do you expect when parliament does not have one science or engineering degree between 650+ people."

          the same issue is happening in the USA, and now there's the start of a campaign to get people with actual science degrees into politics.

          i'm sure that will end up well.

          1. Prst. V.Jeltz Silver badge

            "But what else do you expect when parliament does not have one science or engineering degree between 650+ people."

            This makes me sad. I'd like to see a list of what bullshit they have got merit badges in.

            Inst there some acrnym at oxbridge for politicain studies ? PPBA

            for Politics, Philosophy, bollocks and arselicking or something like that .

    2. theblackhand Silver badge

      RE: A time machine and a quantum computer

      And this is why my new startup "Quantum Time Developments" needs government funding to take our ideas from the drawing board (ok...scribbled on the back of a beer mat) to someplace that only a massive injection of public money can possibly achieve.

      All of us here in "Quantum Time Developments" look forward to the exciting new possibilities this funding will give us and society as a whole.

      Note: "society" as a whole may or may not extend past local drinking establishments, suppliers of recreational pharmaceuticals and artistic venues with "girls" in their title. And any politicians who need convincing of the merits of our brave new world.

      1. kmac499

        Re: RE: A time machine and a quantum computer

        I will invest £1 million in 2 weeks time if you're invention can reliably bring me back next weeks winning Lotto numbers...

        1. Baldrickk Silver badge

          Re: RE: A time machine and a quantum computer

          Sure, I'll give them to you in a week, you then still have a week to pay up. Giving you them in advance would be cheating!

    3. Anonymous Coward
      Joke

      "To break encryption in real time you need two things. A time machine and a quantum computer. "

      Bullshit!

      You just need two people typing on the same keyboard at the same time.

      1. austint
    4. Alan Brown Silver badge

      "Like the ones used in star-ships."

      I'll settle for a bambleweenie 5000

    5. Tim Seventh

      Alternative

      Alternatively, to break encryption in real time you need these two things. A time machine and a wrench. If you can't get the password out in time just reverse back in time and try a bigger wrench. Ez as cake. Can I be government head advisor?

      https://www.xkcd.com/538/

  3. Sir Runcible Spoon Silver badge

    The Elephant in the room

    Why aren't 'people' asking the government what would be different if they had access to every bit and byte that exists, in real-time?

    They aren't interested in stopping attacks, all they are interested in is tracking down the contacts of the perpetrators once they've committed an act of atrocity. It serves their purpose to have the general population fearful and rubber-stamping draconian laws that will come back to bite us all on the arse.

    It doesn't require prescience to see this, just a view of history. Power is as power does.

    1. Doctor Syntax Silver badge

      Re: The Elephant in the room

      They aren't interested in stopping attacks, all they are interested in is tracking down the contacts of the perpetrators

      Checking that you really live in the catchment area of the school you've applied for etc etc.

      1. Mark 65

        Re: The Elephant in the room

        Checking that you really live in the catchment area of the school you've applied for etc etc.

        And that it was you who didn't pick up your dog's shit / left your bins out one day too early etc etc.

    2. Neil Barnes Silver badge
      Black Helicopters

      Re: The Elephant in the room

      Easy. We want to seek needles in haystacks. Let's simplify matters by making the haystack bigger.

      1. Anonymous Coward
        Anonymous Coward

        Re: The Elephant in the room

        Alternatively lets allow the farmer to keep the haystack in a locked so we've no idea if there are any needles in it.

  4. moiety

    Had the various governments and security agencies not been illegally tapping their citizens we wouldn't need all this end-to-end encryption. Whining and bitching about it now, certainly doesn't get any sympathy from me.

  5. Christian Berger Silver badge

    They get the important data anyway

    "Metadata" is _much_ more important than the actual data. With it you can automatically track networks and people. And surely the secret services already had access to that....

    ...it's just that secret services are not the police. They are not responsible for stopping crime, their tasks are, obviously, secret. Usually they are supposed to work more or less like a news organisation, but keeping their findings secret. More and more they seem to be occupied with trying to find some justification in a time when they fail more and more often. (apparently US secret services were completely surprised by the fall of the Berlin Wall)

    Also they assume that there was some "network" behind it, giving orders and commands. There doesn't seem to be any indication of that.

  6. NiteDragon

    I'm sure we'll be the first place international companies chose to store data and infrastructure with once these idiots get this sort of lunacy through.

    Will it save lives? probably not - but then again, it's not really about terror is it?

    1. John G Imrie

      but then again, it's not really about terror is it?

      You are wrong, it's all about terror. You just have to realise who the terrorist is.

  7. Anonymous Coward
    Anonymous Coward

    Dear Government,

    Two terrorist attacks have taken place in the past two weeks by people that were reported to you as terrorists and you didn't monitor them anyway so asking for real time monitoring and the breaking of encryption smells of bullshit.

    Kind Regards,

    The People.

    P.S. When you eventually try to put that totalitarian regime in place you can be sure I and many others would die for our freedoms and the freedoms of our families. Vive la revolution.

    1. DavCrav Silver badge

      Dear The People,

      Under our current system of law, we tend to require evidence of wrongdoing before we can imprison someone. There are tens of thousands of extremists in the UK right now, only some of which will actually end up killing people. Precisely how do you intend that we monitor these people without something like bulk surveillance? Or should we just lock all these people up without charge?

      Kind Regards,

      The Government

      The reality is that you know someone is dodgy, and you know he knows dodgy people. Unless you have concrete evidence that he's about to murder a bunch of people, our current innocent-until-proved-guilty system says you cannot just throw him in jail. By the way, according to the police anyway, this is lost 2, won a dozen or so, in that they "disrupted" about a dozen terror plots in the last few years.

      And anyway, we are talking tens of thousands of people here. We'd have to build a few prisons just to hold them. And if we start engaging in the habitual internment of Muslims in the UK, how many more extremists do you think that will generate?

      I don't know what the solution is, but some kind of automated surveillance is going to be necessary because of the sheer numbers of Islamic extremists involved. If there are 10000 extremists, and each needs a team of five (absolute minimum) to watch them, on £50000 each (salary, pension, equipment, cover, etc.) then that's £2.5bn. And that's to employ 50k people just to follow them round. It's not feasible.

      And we cannot deport them because most of them are British citizens.

      1. Anonymous Coward
        Anonymous Coward

        Soon to be 9 billion people...

        Out to get you. Or at least your post seems to suggest you think they are all out to get you. Did you make those numbers up?

      2. Doctor Syntax Silver badge

        "Under our current system of law, we tend to require evidence of wrongdoing before we can imprison someone."

        ...but just in case we'll assume everyone is guilty and put them under surveillance just in case. We'll ignore the fact that the core of strong encryption S/W went public decades ago and that there are enough tech-savvy people* amongst terrorists who will put something together entirely out of our control and even if there aren't there are others who'll do it for cash. We'll also ignore the fact that we will also be attacking British business's ability to compete in a world where security of communications is regarded as essential. We just want all your data.

        *We only wish we had a few in our government.

        FTFY

      3. mstreet

        @DavCrav. Sadly, I agree with just about every point you make. Despite your 7-1 thumbs down to up ratio, everything you said regarding the current situation seems 100% accurate. The only one I don't agree with is your solution. Creating a police state (and enforced monitoring is a firm step in that direction), might do the trick of stopping attacks, but by doing so you hand the perpetrators the exact victory they were looking for.

        There is only one way to fight this kind of 'war'. It's been tried and tested for thousands of years, and looking through history books, I've yet to see a single instance of something else working.

        That way is harsh, unapologetic, brutality.

        I know this isn't what any right-thinking human being wants, regardless of political bent. It's the antithesis of just about everything we believe in. But the thing is, it's NOT what the radicalized believe in.

        Despite our best intents, you simply cannot import a world view that was formed in the relatively luxurious west, to a region that doesn't have the same comforts and sensibilities.

        How many of us loved seeing what happened during the "Arab Spring"?

        How many thought, uh oh, maybe we shouldn't be removing the strong men who have been keeping all the religious nuts in line the past 50 years or so?

        So, unless we are willing to emulate the Sadams and Muammars we helped boot out, we better get used to these attacks, because they have no reason to stop them.

        You want it to stop? Once you've identified one of these monsters, emulate them. Make life a living hell for everyone they have ever known. Let them know that if they pull this sort of thing, we might just find their entire families and do the same to them.

        Personally, I hate to think about it, and have hundreds of arguments against my own rant.

        But it's been historically proven to be the only method that has ever worked against fundamentalism.

        We need to stop pretending the attacks are just a passing fad that can be stopped be changing government policy. They aren't, and it won't.

        If anyone has a better solution, that takes into consideration the global situation as it is, and not as you'd like it to be, then please enlighten me.

        Because it sucks to think there is no other solution.

        1. Long John Brass Silver badge
          Unhappy

          @mstreet

          The other solution is to move the rest of the world to an alternate fuel. Once oil stops being valuable, World+Dog stops being interested in the region, world+dog stops sending $vast amounts of money, guns and technology into the region; Region quickly (hopefully) degenerates back to stone age backwater that no one gives a flying fuck about. (See most of Africa)

          Do I wish that there was a better way, that results in the lives of everyone becoming better, fairer & more fulfilling? Yes;

          Will that ever happen? No :(

        2. Anonymous Coward
          Anonymous Coward

          Concur, from as you said millenia of recorded history. However it's, at best, an imperfect solution as you'll observe in Russia, People's Republic of China, et al. For some odd reason, entire ethnic groups become radicalizex under such regimes.

        3. Anonymous Coward
          Anonymous Coward

          It's clear that monitoring thousands of people is expensive and won't prevent all atrocities. Imprisoning or deporting them all would also be difficult/impossible. Executing them all will just make them 'martyrs'.

          If they started to disappear without trace though, that might give the rest of them some food for thought (while also decreasing the excessively-high population).

          Do you think I might get funding for my idea? It's no crazier than Rohans.

          1. Alan Brown Silver badge

            "If they started to disappear without trace though, that might give the rest of them some food for thought "

            That worked so well for Pinochet, didn't it?

      4. Anonymous Coward
        Anonymous Coward

        Punishing the dead-guilty party

        Indeed.

        So we could get evidence against the perpetrators after they committed suicide.

        But not about people they talked to, who obviously did not participate in any crime or action.

        Except talking. Which is protected.

        So?

      5. P. Lee Silver badge
        Coffee/keyboard

        re: Dear The People

        Agreed.

        And all the terrorists know you shouldn't trust your IT. Surveillance is about stopping people like Snowden who embarrass governments, not terrorists. Once you know you shouldn't trust your IT you leave it out of your planning.

        Terrorism is not high-tech and doesn't need high-tech. There is no high-tech solution to it.

        We have to engage the values and historical context which nurture it. Sadly, no-one wants to discuss morality, in case an uncomfortable conclusion is reached or logical inconsistency is noted. So we make vague statements about "extremism" without saying what it is that is extreme. If "extremism" is bad, should we not be extremely committed to safety? Is May extremely committed to Brexit? Is Juncker extremely committed to "ever closer union"? Was Mohammed an extremist or moderate?

      6. Adrian 4 Silver badge

        If automation is the answer to controlling the costs of the Ministry of Truth, you're probably doing it wrong.

      7. DanceMan
        Stop

        Re: before we can imprison someone

        Who says prison?

        Monitoring bracelets, travel restrictions -- there are many other options. What has May & co. actually done to protect you?

  8. Anonymous Coward
    Anonymous Coward

    Think the key point that was made in the interview was that in the end the reason for everyone suddenly deciding that they needed to roll out end-to-end encryption on their services was profit based. Once one company saw the Snowden revelations as providing them with the opportunity to say "use our product and you don't neeed to worry about being snooped" as a marketting strategy then everyone else had to do the same to avoid being at a perceived competitive disadvantage. So if the various Governments get together and come up with some scheme that makes it financially disadvantageous to offer these services then I'm sure all these "high minded" companies will abandon their principles and follow the money.

    1. Chris G Silver badge

      "Think the key point that was made in the interview was that in the end the reason for everyone suddenly deciding that they needed to roll out end-to-end encryption on their services was profit based. "

      The key point is that enough people were interested in their own privacy to make the provision of such, profitable.

      Kind of points to democracy at work really , doesn't it?

      The majority want their privacy and an unelected PM wants their privacy too.

      Hope she doesn't get a mandate for it this week!

      Silva sounds like a man who would like to be back in the fold advising Frau may with more clueless ideas.

    2. Stork Silver badge

      even if it was possible

      to have secure encryption with a government escrow key

      - I would not particularly trust US/UK/Chinese/Russian governments as citizen of non of those places

      - why wouldn't an insider sell good stuff for money (card details, business secrets)?

      If there are 800.000 in the US system with Top Secret Clearence, the must have missed more than 1.

      1. Mike Richards

        Re: even if it was possible

        Re: escrow

        '- I would not particularly trust US/UK/Chinese/Russian governments as citizen of non of those places'

        Come on, you *know* the UK government would contract it out to Capita.

    3. David Pearce

      E2E was not introduced for the customer. The real reason was that is allows WhatsApp etc to honestly say that they don't know what is being sent. With so many jurisdictions with different laws and ideas on sedition, lgbt issues etc, operating a messaging App where you can read traffic is going to get you in jail somewhere

    4. Adam 1 Silver badge

      > So if the various Governments get together and come up with some scheme that makes it financially disadvantageous to offer these services then I'm sure all these "high minded" companies will abandon their principles and follow the money.

      Here. Take a look of Product v2.0. Just like Product v1.8 but without all that privacy. Would Sir like to upgrade?

      Maybe you are right that the 'WhatsApps' of this works saw the opportunity to be painted as the good guys in the fight against out of control mass surveillance. It doesn't matter. It is cheaper to provide end to end these days. We have seen this movie before. What happened when ABP introduced a new feature to let through some ads from marketers who agreed to their protection racket fees? Things like uBlock came along to do the exact same thing the old one did.

      The signal protocol is public. The minute WhatsApp start using something inferior, they will stay to lose market share. First will be those techies who really care about privacy. Then the next time they get asked to install the new shiny ithing on behalf of a family member they will say "that used to be good but the new version is breaks your privacy, use this instead".

      What is that bloody clunking noise. Sorry, gotta go. Someone left the stable door open again.

  9. Anonymous Coward
    Anonymous Coward

    Encryption, 1992 again, that ship has sailed.

    It seems some people's lessons are never learned.

  10. sisk Silver badge

    There is no way to let the good guys snoop without letting the bad guys snoop. That option simply doesn't exist. So either we have strong security or we have no security. It's really quite a simple concept. It always blows me away just how many people don't seem to understand it.

    1. cbars

      while I fully support the sentiment, and think the Gov are a bunch of idiot data fetishists and regard PM TM's motives with extreme prejudice....

      There definitely is a way, and it's what is being proposed by some (***tard) people. Simply enforce MITM attacks by any company handling more than X 'messages'/'transactions'/'customers'/whatever. Then enforce the ability for some sub set of those to be stored at will.

      Can the enemy du jour hack into those servers and read that data? Yes, probably

      Can the majority of data be retained/processed/snooped? Not currently feasible (but bet your bottom hexagonal pound that it will get that way)

      Does this mean 'no security'? No. It just creates a target for the data either at rest on the server, or while passing through the RAM on said server. This is just in addition to the two existing targets at each endpoint that we currently have.

      Is there a tangible benefit for society to the Gov having this capability? Not in my opinion

      All this allows is digital CCTV, does nothing to prevent an offence, just helps point fingers afterwards. And in politics that is all that is important. There is a reason we are the most monitored per capita (by CCTV) country on Earth

    2. Anonymous Coward
      Anonymous Coward

      There's no sure way to even identify the 'good guys'

      1. Fonant

        Quite. One man's freedom fighter is another man's terrorist. The classic example is Nelson Mandela.

        This is not about logic, it's about politics, which is the opposite of logic.

        1. Brewster's Angle Grinder Silver badge

          "it's about politics, which is the opposite of logic."

          And most people here are trying to beat politics with logic.

      2. Adrian 4 Silver badge

        'There's no sure way to even identify the 'good guys''

        That's easily solved. RFC3514.

    3. Brewster's Angle Grinder Silver badge

      balancing harms

      "So either we have strong security or we have no security."

      False dichotomy. The government can look at my bank records but my nosey neighbour can't. And similarly we could escrow messages without backdooring the crypto -- giving me more security than rot13 but less than end-to-end encryption. So your job is to explain to my nosey neighbour, without side-stepping the question, why Whatsapp chats should receive a level of protection greater than that accorded to my money or (AFAIK) my voicemail.

      Because the end goal of the state is to make the use of end-to-end encryption a prosecutable offence anywhere in the western world. Sure the contents of a server might occasionally end up on the front page of the News of the World or on Wikileaks. But we've lived with that. We coped. And politicians would rather deal with an embarrassing leak than dead children. And my nosey neighbour, who anyway has a vested interest in reading my comms, would eagerly agree that's the right trade off to make.

      1. David Pearce

        Re: balancing harms

        Because telco staff have always eavesdropped calls, especially the rich and famous. Simply looking for saucy gossip, insider information or something to sell to the papers. For these purposes they can afford to wait for slower computers to do their grind. These days foreign governments might want to break your encryption for many evil reasons

      2. sisk Silver badge

        Re: balancing harms

        False dichotomy.

        The dichotomy is in no way false. You cannot have your cake and eat it too: either you're secure or you're not. There is no false dichotomy here, just the only two options that exist in reality: strong security or no security.

        And, for the record, if your voicemail isn't encrypted then it should be. Unless, of course, you don't care if your nosy neighbor listens to it. It's not that Whatsapp should have more security than your voicemail, it's that your voicemail should be at least at the level that Whatsapp is if you care at all about your privacy. And your money already enjoys end-to-end encryption (unless you're so foolish as to log into your bank account without SSL that is). Were I explaining this to my nosy neighbor I absolutely would sidestep the question with a more relevant one: what makes him think he should be able to listen to my voicemail?

    4. Adam 52 Silver badge

      "There is no way to let the good guys snoop without letting the bad guys snoop. That option simply doesn't exist."

      Yes there is, and yes it does. We've done it with paper letters and phone calls for years. You just need to cooperation of one end point.

      Peer-to-peer comms is different, but the government isn't (yet) suggesting that.

      1. Vector

        @Adam 52

        No, the original statement is absolutely true. Your assertion that we've done it with paper and comms is a false one. In those cases as with this, the bad guys could employ most of the same tactics to snoop that the good guys used, it was just illegal for them to use them (which is a fairly low bar when you're a bad guy).

        The current situation is further complicated by the fact that monitoring, whether good or bad, happens in an unmonitored location, so it's hard to know exactly who is monitoring until they take some action.

        Add the fact that the "terrorists" will simply start employing e2e encryption of their own or other methods which require no encryption at all and you really haven't accomplished much towards your stated goal. Bear in mind that drug dealers have managed to avoid capture for decades in a world with no encryption despite being high value targets.

  11. Anonymous Coward
    Anonymous Coward

    WTF?

    "Rohan Silva, government policy advisor turned co-founder at Shoreditch-based tech incubator/workspace startup Second Home...."

    So over priced trendy office seller advises on technology.

    God help us.

  12. Steve 114

    Thicko religionists aren't mostly communicating encrypted (and if they were, nobody would necessarily notice - steganography, anyone?) More likely they're sitting on stained sofas upping their courage with videos of ME extreme nastiness. And then they go out to die and be 'brave' (in their terms). Noted, but at least help block the images of nastiness on which they (arguably) thrive.

    1. Nick Kew Silver badge

      Who says anything about videos? Isn't the ultimate inspiration the holy book? For recent terrorist attacks, that would be specifically the, erm, heroic death of the biblical suicide bomber Samson.

  13. John70

    It's all good and well to try and get WhatsApp, Apple, etc to "weaken" their encryption but what if the "groups of interest" developed their own encrypted communication tool?

    Is the Government going to ask them to weaken their encryption?

    1. TheRealRevK

      My understanding is that such groups have - the vendor of that software is themselves. After all, the techniques, and open source algorithms, are widely available and known. Imagine a law that basically insists that ISIS, as a "software vendor", must put in government approved back doors in to its messaging platform!

      1. Chris King Silver badge

        There are quite a few (well-publicised) cases of extremists trying to "knit their own crypto" and making a complete balls of it, some of them have even been reported here.

        Eventually, one of them will come up with something decent, and GCHQ/NSA/<insert acronym here> will be back to square one. All it will take is a few evil/misguided/pissed-off crypto geeks.

        1. Doctor Syntax Silver badge

          extremists trying to "knit their own crypto" and making a complete balls of it, some of them have even been reported here.

          That seems to have been a typical example of "if all you have is Excel everything looks like a spreadsheet". Real cryptography algorithms are already available as libraries ready to be wrapped up in a UI. It doesn't have to be a pretty UI, just one that works. And if that hasn't already been done it's only because the commercial packages suffice for now.

          1. Brewster's Angle Grinder Silver badge
            Joke

            We can only hope the terrorists will audit libSSL and fix all its bugs for us.

            1. moiety

              "All it will take is a few evil/misguided/pissed-off crypto geeks."

              And let's face it, the constant whining about backdoors; the illegal snooping and the rushing through of laws to make it all retrospectively not quite so illegal isn't winning them any friends.

    2. Robert Carnegie Silver badge

      Apparently 40 million Iranians are using software called "Telegram".

      As a trade union member with a quantum of sympathy for differently gendered and differently coloured people, I don't want governments having the means to browse through any of our private business. Tell that to former MP David Cameron and to his former PA.

    3. Mike Richards

      They don't need to - Open Signal is already available as an open source project so the nutters could roll their own messaging system.

  14. Anonymous Coward
    Anonymous Coward

    They don't need to worry about encryption. Every one of these terrorists was 'known' to them. How about they just do their f*cking job to start with. The way it's looking now is the 'intelligence agencies' (oxymoron) are either incompetent or complicit.

    1. Nick Kew Silver badge

      The intelligence agencies usually prevent such attacks successfully. Recent figures suggest a rate of something over one attack a fortnight. So what's changed?

      If the intelligence agencies had been nobbled, for example by a botched information system upgrade (which no individual would know about, as they work on a need-to-know basis), it might indeed explain two such attacks in quick succession.

      With a bit of luck, Thursday will bring an end to the motivation for nobbling them.

      1. Doctor Syntax Silver badge

        "The intelligence agencies usually prevent such attacks successfully. Recent figures suggest a rate of something over one attack a fortnight."

        Where are the prosecutions to prove it?

        1. Mister Fluffy

          @Doctor Syntax.

          Indeed; see my comment below.

        2. Anonymous Coward
          Anonymous Coward

          Re: Where are the prosecutions to prove it?

          Bloody good question. Such prosecutions as there have been appear to have been somewhat farcical if they've ever reached the courts.

          Readers might want to read about the arrest, charge, and initially failed trial(s) of Erol Incedal, starting 2013. Here's a rant I writ here earlier today:

          https://forums.theregister.co.uk/forum/1/2017/06/05/theresa_may_london_terror_attack_response/#c_3199364

          But there have been options other than arrest, charge, and trial, and they have existed for many years. For many of those years a certain Theresa May has even been in charge at the Home Office.

          Anti-terrorist control orders, for example, and their associated rules.

          There's clearly a problem here that needs addressing. Calls for extra laws and extra powers don't really help anyone other than the lawyers and the headline writers.

          Having a police/intelligence force that was trusted by the public to do its job properly (including having sufficient resources to do it properly) might help, but doesn't make for such exciting headlines.

      2. Mister Fluffy

        Endless repetition of 'we have foiled x numbers of terrorist attacks in the past three months' is beginning to sound lame.

        One of the latest sentences included conviction for the possession of 'The Anachist Cookbook'.

        Have you, ever, read it?

        It was published in the early 1970s; the contents are approaching something like 'Dangerous Things for Boys'.

        I rest my case.

        1. sisk Silver badge

          One of the latest sentences included conviction for the possession of 'The Anachist Cookbook'.

          Have you, ever, read it?

          I have.

          It was published in the early 1970s; the contents are approaching something like 'Dangerous Things for Boys

          Not dangerous. Suicidal. It doesn't take much chemistry knowledge to realize that mixing plaster with explosives then chucking it into the oven to dry faster isn't going to end well. Or that nitroglycerin is liable to ruin your day if you don't do something about the waste heat from the chemical reaction that produces it. Or...actually, you know what? Just give the thing to terrorists. Air drop pallets of copies of it into ISIS training camps. That alone should make a big dent in the problem. Granted the ones that survive will be the ones with more than two brain cells to rub together and thus be harder to catch, but the total volume should be down to manageable levels.

          1. Kiwi Silver badge
            Mushroom

            Or...actually, you know what? Just give the thing to terrorists. ...That alone should make a big dent in the problem.

            Having come across a copy of it in my youth (possibly even public or school library), I often wondered if that was exactly why it was written. Even my high-school level chemistry, I could tell that much of it would be likely to detonate a little earlier than planned - like while you were carefully following the recipe.

            Some of it was interesting, but other bits were so scarily badly written (to me at least) that even the stuff that appeared safe was never tried by me - if recipe 1 appears designed to kill whoever tries it, and recipes 2-9 are much the same, I'm pretty sure recipe 10 will go BANG right when I least expect it.

    2. Adam 52 Silver badge

      Because many people are "known" to them. It simply isn't possible to monitor all of them, short of internment.

      I don't think imprisonment or punishment without trial - which is what that article​ author is advocating is an appropriate response either.

      Locking people up because they are a bit socially inept and their neighbours reported thrm might reduce El Reg's readership a bit though.

      1. Doctor Syntax Silver badge

        "I don't think imprisonment or punishment without trial - which is what that article​ author is advocating is an appropriate response either."

        It certainly isn't. OTW I think internment was counter-productive in NI.

      2. Alan Brown Silver badge

        "Because many people are "known" to them. It simply isn't possible to monitor all of them, short of internment."

        Loony neighbour reports are easy to deal with because there will only be one or two reports about the person of interest. You can eliminate that kind of noise pretty easily.

        However, when someone is being reported by multiple sources - and those sources include credible people like various Imams (and the head of one of the UK's largest anti-terror muslim charities telling them "This guy is off his rocker and dangerous, you need to act NOW"), then filing it under non-urgent isn't appropriate.

        That said, the security apparatchik is understaffed and underfunded, but not making best use of intelligence provided isn't helping their cause (FWIW, internment of potential terrorists would cost at least 100 times as much as the shortfall in funding now being talked about, probably 1000 times. There are sound financial and psychological reasons to avoid doing it)

        1. Anonymous Coward
          Anonymous Coward

          Re: the security apparatchik is understaffed and underfunded,

          You make an excellent case in general.

          And yet, the security services and their Metropolitan oppos seem to have had plenty of staff and plenty of funding in recent years to run legally dubious financially unjustifiable operations infiltrating legitimate non-threatening peaceful protest organisations, of which probably the best known one might be Mark Kennedy aka Mark Stone.

          There was plenty of money for other similar operations on the mainland, managed by what used to be the Association of Chief Police Officers Ltd (now renamed to protect the guilty).

          Elsewhere, there were plenty more undercover ops in Northern Ireland (which might arguably have been somewhat more legitimate).

          And yet also, the Police seem happy to waste time, money, and indeed lives by not properly exercising their duty of competence and care in relatively routine cases, of which the unnecessary killings of JC de Menezes, and the inappropriate shutdown of the News Group phone hacking case (run by the 'anti-terror police') are but a few examples.

          Let's not even start to think about the huge amounts of police time and money thrown at an ultimately unwinnable "war on drugs".

          Someone is responsible for those errors of judgement, planning, and execution.

          Things aren't going to noticeably improve unless the UK gets rid of (or works around) its culture of management complacency and management incompetence, and makes a few other politically awkward changes.

  15. TheRealRevK

    There will always be a safe place to communicate

    The idea that there is a way to stop secret communications is a nonsense. Playing whack-a-mole with whatever is used now only has one end game, when the only remaining "safe places" are those that cannot ever be stopped - like systems using pen, paper and dice! Along the way they will damage the legitimate use of encryption to protect us all from criminals on a day to day basis. This video gives some clue, please do share it... https://youtu.be/QRa_zzQOEe8

    1. anonymous boring coward Silver badge

      Re: There will always be a safe place to communicate

      "The idea that there is a way to stop secret communications is a nonsense. Playing whack-a-mole with whatever is used now only has one end game"

      The concept of not being able to say "enough is enough" and have it work just fine is an impossible concept to grasp for the vicar's daughter.

  16. MrKrotos

    What a plonker!

    "6,500 radicals or extremists" should be kicked out the country, not monitored!

    We should be proactive, not sit back and wait for these things to happen.

  17. DJ Smiley

    You've got a list of people...

    So take the devices off them and ban them from using them.

    Oh wait, that's not PC right? because blowing people up is....

    1. Robert Carnegie Silver badge

      Re: You've got a list of people...

      They've done the "taking away devices", but now the list of people dangerous to the government is "everyone, including you".

      Although, apparently ringing up MI5 and saying "My neighbour / brother / son is a religious extremist" doesn't get anything done (otherwise it would be a great way to prank your neighbour / brother / son). In fact, nationally broadcasting a reality TV show called "The Jihadi Next Door" about that person doesn't get anything done.

      So it looks like the solution has to be to stop "knife crime prevention" of the knife-prevention kind and everybody go out tooled up. Make it an even fight. In fact I know how to kill someone with a credit card. Put them on hold on the premium line to the call centre and play Vivaldi Four Seasons at them for 99 minutes.

  18. 0laf Silver badge
    Big Brother

    Headline at 6

    Idiot Westminster wonk smells pork barrel funding for shaky venture.

  19. Flakk
    Joke

    And Later, Perhaps a Spot of Light Refreshment?

    Silva clarified that he was not in favour of "banning encryption" but rather getting the tech industry to "lean in".

    "I'll lean, then. Is this far enough?"

    "More, please."

    "How about now?"

    "More."

    "Is this enough?"

    "Look, just go ahead and bend over, okay?"

  20. theOtherJT

    Silva clarified that he was not in favour of "banning encryption"

    Which is just as well, because one would hope that before being in favour of banning something one should understand what is is. It's pretty clear from the rest of his statement that he doesn't.

  21. JimmyPage Silver badge
    Stop

    Did I miss a law being passed

    which mandates terrorists *must* used electronic devices to communicate ?

    Just wait until we discover an atrocity planned via snail mail (preferably using a foreign language in a foreign script - e.g. Farsi).

    Alternatively, just set up a public streaming webcam pointing at a bit of pavement, and just walk past with the message at a set date and time ....

    And there are thousands of other non-encrypted ways to communicate in secret. Starting with learning Welsh ....

    1. Pen-y-gors Silver badge

      Re: Did I miss a law being passed

      Damo! Mae e wedi dysgu ein cyfrinach. Lladdwch e nawr!

      1. Martin an gof Silver badge

        Re: Did I miss a law being passed

        'sdim ishe ei ladd. Anfona fe i Benffordd Las (Staylittle) a ni fydd yn bosib iddo ddweud wrth unrhywun :-)

        M.

      2. ecofeco Silver badge

        Re: Did I miss a law being passed

        Google translate. 2 seconds. :)

        1. Pen-y-gors Silver badge

          Re: Did I miss a law being passed

          Google translate. 2 seconds. :)

          Ah yes, but do you trust Google translate? Perhaps it's Welsh code....

    2. Anonymous Coward
      Anonymous Coward

      Re: Did I miss a law being passed

      Surely Welsh is just a form of encryption?

      Posting anonymously because it took me about 3 hours to write an unbreakable encryption program based on the one-time pad concept. (I am embarrassed it took me more than one hour).

      1. DropBear Silver badge
        Trollface

        Re: Did I miss a law being passed

        "Surely Welsh is just a form of encryption?"

        I guess you could call it "public key cryptography" and not entirely lie...

  22. streaky Silver badge
    Terminator

    Said it before.

    It's a standards track problem.

    The standards track says stronger crypto more [all] of the time.

    The government can bitch about this all it likes but it's the reality of the situation. This shit can't be weakened, it can't be reasoned with, it can't be bargained with.

    That's why I have no problem voting Tory - they can want it all they like; they aint getting it. Even if they hypothetically did (which is an absurdity for all sorts of reasons) - you'd just make those platforms irrelevant. On the internet services are like pop groups, a year or so after they're popular you forget they existed because you're on the new thing.

    1. anonymous boring coward Silver badge

      Re: Said it before.

      "That's why I have no problem voting Tory"

      Like voting for Trump then?

      Don't mind having deluded morons in charge?

  23. Anonymous Coward
    Anonymous Coward

    When you build a better mouse trap you also build a better mouse.

  24. Will Godfrey Silver badge
    Unhappy

    Sorry for repeating myself but...

    1950s SciFi story. Subversives were sending messages under the noses of the oppressors. Messages were 'delivered' by old men walking dogs. The message was the number and the colour of the dogs!

    1. Pen-y-gors Silver badge

      Re: Sorry for repeating myself but...

      If you've agreed the code in advance, nothing can crack it.

      1. Haku

        Re: Sorry for repeating myself but...

        @Pen-y-gors - Exactly: https://en.wikipedia.org/wiki/One-time_pad

  25. Anonymous Coward
    Anonymous Coward

    Rohan Silva

    "Silva argued that end-to-end encryption was only introduced by services such as WhatsApp"

    Whatsapp was built from the outset with end to end encryption, it wasn't added later.

    Anyhow, Rohan Silva is an idiot, as demonstrated on a frequent basis in the regular opinion piece column he has in The Evening Standard. I often find myself wondering "who the fuck does this guy think he is??" ... and now I know.

  26. Anonymous Coward
    Anonymous Coward

    Focussed intrusion.

    They just want to monitor suspects.

    All of us are suspects.

    1. Captain Badmouth

      Re: Focussed intrusion.

      "All of us are suspects."

      If you believe the theologians.

    2. John Smith 19 Gold badge
      Gimp

      "All of us are suspects."

      Correct.

      That is exactly how they think.

      1. 0laf Silver badge

        Re: "All of us are suspects."

        Guilty until proven guilty.

        Trials are just there to determine the level of guilt.

        Geek reference - "The purpose of a trial is to demonstrate the futility of behavior contrary to good order,"

  27. DougS Silver badge

    End to end encryption has been in iMessage from day one

    But he's right that it is used for "profit", since Apple does market on the privacy - not just from marketing from even from over-reaching useless government functionaries like the one all butt hurt about it.

  28. Anonymous Coward
    Anonymous Coward

    What about privately agreed crypto between private parties?

    What if Alice and Bob choose their own private scheme for encryption, say without using any public resources at all?

    *

    Say Alice and Bob do the encryption/decryption on machines which are standalone (no network), and use thumb drives to transfer only the privately encrypted messages to network-enabled machines? The plain texts are always air gapped.

    *

    Then their messages going over public channels are twice encrypted.....I don't see how backdoors help the government (or anyone else listening in).

    *

    What am I missing here?

    1. Anonymous Coward
      Anonymous Coward

      Re: What about privately agreed crypto between private parties?

      Bigford ooralis bewinter malachi Dinesen drifted wall-fight snow-swathe dynamicity pomatums ecliptics McDermott yabbi EUUG neo-impressionism incapacitator unsplendidness unsharpen Walls dilemma chokers Carlini reverberated Dianthaceae troctolite polypier manner diabolic chevalier ribaudequin viridene nappies plagueproof EMA heliotherapies Soledad busulfans beduke phosphore low-frequency nonbeauties Ossetian Sugarland linsang serpentize Witbooi espanol telpherage zoogony patroon yeggs clamjamfry verminously crimple underturn woodbark Dev whensoe'er minigroups undeferrable dunamis justifably zacate unrepressive disenfranchised nonrejection rectifies dawing ISV uncarded drabbets esthesiology foliaging Deyoung Holocene endocoelar buffoonish opodymus demonstrant premarrying hypoalbuminemia nicknameable Wyner Lowestoft reticent multisection Bobo proctorrhaphy dashpot functor Oxystomata Pro-bermudian remigrant tinkerers meager Tinsley Dannemora outblot hastated vitrite make overdye saccharotriose planirostal diapasonal Split eight-celled unvariation huddle gravery unmitres phenazine geodetic Warms mulched chokeberry thermoradiotherapy UEC Patricksburg unsilvered orpit microgyne Astrangia nonjudicable Loxias double-queue wowserian anthocarpous specialists stookers Afshah rabbitfish pro-Jacobean hog-plum Caragana americanizing grub-prairie Ann-Marie nonperseverance Pica satanophany reschool underspread aepyornis tear-dimmed stillish hays exterminates concertino Isoptera quinque-articulate bump preaxiad megasporange nighty-night durabilities Pleasanton landowners suprabasidorsal pinewoods plumbery gyromancy self-identical accommodated sentimental theologastric intail Ailsa spacecraft retiral sorcerous marvel-of-Peru representor enterogenous Athenaeum spacewalkers wind-god gemsboks skatoxyl technicalness Aglipayan penetrably Lemitar alcoholisms Tadich superstition noblify phenomenalist cosmographist terne nonspectral prepsychological Sutter valeramid inletting speckle-breasted arkite notre travel-parted Lafollette maddock Claverack microcosmography untarnished stubbornest sadhes modulative protraditional unassuaged demonising

      1. Captain Badmouth
        Terminator

        Re: What about privately agreed crypto between private parties?

        @ac "Bigford ooralis bewinter malachi Dinesen etc."

        Undootedly you are John Cole resurrected in our hour of need.

      2. Pen-y-gors Silver badge

        Re: What about privately agreed crypto between private parties?

        " Athenaeum spacewalkers wind-god gemsboks skatoxyl technicalness"

        Okay, 3.30 on Friday then. Mine's white with no sugar please.

      3. Mister Fluffy

        Re: What about privately agreed crypto between private parties?

        You beat me to it.

      4. anonymous boring coward Silver badge

        Re: What about privately agreed crypto between private parties?

        You're on May's radar now mate!

        Better sleep under the bed from now on.

      5. Nick Ryan Silver badge

        Re: What about privately agreed crypto between private parties?

        What's outstanding about this is that it makes the same, if not more, sense than AManFromMars's posts...

        1. Pen-y-gors Silver badge

          Re: What about privately agreed crypto between private parties?

          What's outstanding about this is that it makes the same, if not more, sense than AManFromMars's posts...

          So true, thinking of which, haven't seen him around here recently. Anyone know what's happened? Has the medication finally started working?

          1. Nick Ryan Silver badge

            Re: What about privately agreed crypto between private parties?

            He's still here: https://forums.theregister.co.uk/user/31681/

            1. Will Godfrey Silver badge
              Happy

              Re: What about privately agreed crypto between private parties?

              Indeed so, and still adding his unique colour to the forum

      6. uncommon_sense
        WTF?

        Re: What about privately agreed crypto betw <<< MEOW???

        Bigford ooralis bewinter malachi Dinesen drifted wall-fight snow-swathe dynamicity pomatums ecliptics McDermott yabbi EUUG neo-impressionism incapacitator unsplendidness unsharpen Walls dilemma chokers Carlini reverberated Dianthaceae troctolite polypier manner diabolic chevalier ribaudequin viridene nappies plagueproof EMA heliotherapies Soledad busulfans beduke phosphore low-frequency nonbeauties Ossetian Sugarland linsang serpentize Witbooi espanol telpherage zoogony patroon yeggs clamjamfry verminously crimple underturn woodbark Dev ----SNIP---

        What is THAT?

        Dictionary attack?

        Intellectual Lorem Ipsum?

        Poetry Made by Vogon Living In Onancock?

        1. Anonymous Coward
          Anonymous Coward

          Re: Dictionary attack?

          "What is THAT?

          Dictionary attack?

          Intellectual Lorem Ipsum?

          Poetry Made by Vogon Living In Onancock?"

          GrahAManFromArse just before the batteries weent completely flat?

    2. Mister Fluffy

      Re: What about privately agreed crypto between private parties?

      Grace; who thinks she is going to crack your communication network.

  29. ecofeco Silver badge

    The PTB have NO clue

    The current aristocrats of the now Edwardian western empire (GB, USA, JP) really have no clue how computers work, or any technology for that matter, let alone the Internet.

  30. DrM

    Not clueless

    He's not clueless -- he's disingenuous.

    http://chris.cc/graphics/BigBrother.jpg

  31. Catfitz

    Silva is absolutely right. And this argument that "the bad guys will get it" is totally inane, given that the bad guys *already* have the crypto, duh. Lock your stuff up better and it won't be stolen. Isn't that what you nerds always tell the victims of hacks? Well, same to you.

    1. Bill Michaelson

      Inane?

      Therefore we should not be allowed access to tools to lock up stuff for ourselves more effectively? Because it is futile?

  32. Peter Danckwerts

    The assertion that 'Two of the suspects were known to the authorities and ought have been the targets of control orders and travel restrictions.' is absurd. The number of people known to authorities is just too large for this to be feasible.

    1. Adrian 4 Silver badge

      'The assertion that 'Two of the suspects were known to the authorities and ought have been the targets of control orders and travel restrictions.' is absurd. The number of people known to authorities is just too large for this to be feasible.'

      Can you explain how monitoring all communications and dealing with the many false positives will reduce the workload of the spooks and the number of people to monitor ?

    2. Alan Brown Silver badge

      "The number of people known to authorities is just too large for this to be feasible."

      Yes, BUT.....

      When the senior people in an anti-terrorism focussed muslim charity (who have experience and qualifications in such things) ring up and say "XYZ is acting bloody strangely, menacingly and in my opinion is dangerous" then attention should be paid to the quality of the source and weighted accordingly.

      Because that's exactly what happened in this instance - and that wasn't the only source.

      Ditto cases where multiple reports are being filed, especially from community leaders such as multiple Imans (which happened in Manchester)

      It's one thing to "gather intelligence" and quite another to collate such reports and (not) act on them.

  33. anonymous boring coward Silver badge

    If encryption was known to be useless, the potential "terrorists" (in reality: deluded, low IQ, narcissistic, mentally ill scumbags) wouldn't use it, would they?

    So: Own goal. Worse than useless effort.

    1. Robert Carnegie Silver badge

      If bombs and guns were made useless somehow then the terrorists wouldn't use those either, and maybe would be stuck with writing rude words on walls in public places. So there is a bit of an argument, that depriving the enemy of a tool is a good idea. So let me know if the enemy ever gets better at killing people than, say, everyday road traffic does.

      Yeah, the latest London attack didn't use guns or bombs, presumably because the naughty men didn't have them. They were wearing pretend bombs that they may have believed to be real ones. I don't want to tell naughty men their own business, but outrages in Paris show that with guns and bombs and a personal death wish you can kill a lot more people than just with knives.

      1. anonymous boring coward Silver badge

        My point was that for the intelligence services to get good intel they should compromise the devices of the people under investigation. Not ruin encryption for everyone, thus making it obvious to even the most daft murderous lunatic sociopath nutter that those devices cannot be used at all to communicate securely.

        The extra threshold of having to do so also makes it less likely that we will all be monitored causally like in some 1984 scenario. (For which our technical capability is now way beyond what was envisioned in "1984".)

  34. Anonymous Coward
    Thumb Up

    Bring back Lottie Dexter!

    She knew about the codes! Lottie will save us!

  35. Zmodem

    its not impossible, it will cost £100bn investment into the research of quantum computers, all quantum computers can do are math in a dos window

  36. peterm3
    Go

    BBC radio free worldwide

    Interested to read "requires presence in the UK" for a BBC radio broadcast, as I have always found them to be free. It seems to work from Germany, so I think I'm right?

    1. Tom Paine Silver badge

      Re: BBC radio free worldwide

      I've posted ListenAgain links on Twitter and had confirmation from ppl in the US that they worked. IDK how patchy that is or if it's changing with the forthcoming change to mandatory login.

  37. Bob Hoskins
    Big Brother

    You can have my encryption

    When you take it from my cold dead hands.

  38. Bill Michaelson

    Privacy mean bupkis to him

    "What’s needed is not a clampdown on encryption — after all, it’s essential for financial transactions and the modern economy... the Home Office has developed sensible proposals that require a judge to give permission before real-time communications can be monitored — ensuring that suspected terrorists can be stopped before it’s too late, while also protecting against the mass surveillance that the public is worried about."

    Notice the implicit distinction between needs and wants. He seems believe encryption is only "essential" for banking. The other consideration is lip service to placate the masses. But they do not deserve robust protection from abuse by authority.

  39. Mike 137 Bronze badge

    "Security experts were quick to say Silva was dead wrong ..."

    While I can not disagree with the tweet by Jim Killock (the 'security expert' referred to) as a statement of fact, I must point out that he is not actually a security expert, but a privacy and open source activist.

    There are numerous much more important issues at stake if we're contemplating backdoors in encrypted services than whether you can break end to end encryption if you have control of one of the end points (frankly that's a bit obvious).

    Speaking as a security expert of some 20 years standing, I find that real security experts currently have too little voice in the media and activists and journalists to much (even when they happen to be right). The outcome, as in this case, is a superficialising of the issues that misleads and debases the public debate.

  40. theOtherJT

    This again?

    jA0EBwMCfi81hf/SpdZg0sAgATWgsbXjdBQYIoQiNL9rDDt3cV6NxdDTJdYTaH5nFGVPN910qsG3

    pkaS/oyi4jfMR08J3QJ/lPT9olv1DTrtrX4hlafJJhO6WkICqfdLs+K0eC0WTZft+Sj0seb7A/PD

    ao4Aq48uIyFJ9JmsenJZCeVIYFOZWiBdkdL+26fd0y+i7yoOuTt9mTNfju8WPp3Hjd4ai4okjnAa

    nDO1EkmMeAtmne56L7dd525TVAlD2laTYou+m1MCeQbDXWLmstkGjGaYvid0HZPahvI3ZmxLDOPD

    oI12oxIhbD6cTZpZaTI=

    Just for fun this is a little harder to decrypt. I'm sure it will take any of you that care to do so about, what, 2 minutes once I tell you that the key is the title? Seriously. GPG exists. There's no point pretending that it doesn't. It can't be un-invented.

  41. uncommon_sense
    Holmes

    Euthanasia

    Euthanasia for Terrorists!

    At some point we MUST decide to take away all human rights from people who decidedly do not behave as humans. Preferably NOW, while the numbers are still manageable.

    First Human Duties, THEN Human Rights!

    The human duties will simply consist of behaving like a civilised human being, with OUR society as the yardstick!

    We have seven billion people on an earth that can only feed one billion in some sort of sustainable comfort. Having many bad specimens around is not helping.

    It's amazing how many dimwitted hipsters fail to get that...

  42. Tom Paine Silver badge

    ther or not terrorists used encrypt comms to conspire among themselves is puzzling.

    What's puzzling about it? Without prejudice to whether or not it's a good idea -- comms have a unique property in comparison with all the other incidental things used by terrorists (vans, knives, er,.. trainers? hoodies?) in that they provide access to someone's social and, ahem, professional network(s). That could enable you to find direct members of a conspiracy or group (if someone else made the bomb or is preparing their own attack) and presumably sympathisers and people who should have informed on them but failed to, etc.

    That information's probably less useful in defending against random independent self-starter types like the current crop than the IRA, of course. But there's no guarantee there aren't more traditional multi-person cells. Perhaps some of the disrupted plots were of that sort, IDK.

  43. Robert D Bank

    Selective crypto?

    Hands up I am completely ignorant about this but something occurs to me...

    If the Gov't have this 'watch-list', can they not pass this to the companies that apply crypto, and the said companies then apply a backdoored version to the comm's of the only the suspect individuals, rather than some blanket application affecting everyone? I'm not a fan of this but if the individuals have been confirmed to have suspect behaviour then screw them. I do understand the dangers and flaws in this, but we're in a situation of all or nothing at the moment which doesn't seem to serve anyone. It would require proper international cop-operation between Gov'ts to ensure the watch-lists were up to date and accurate of course, because the companies applying crypto are international. Yes it may be possible these watch-lists might be leaked, but in some ways that may not be a down-side, it would make the individuals very paranoid and less likely to use these channels. So they might resort to having to meet, or send snail mail, which would slow down their communication and also make them more visible.

    1. Excused Boots

      Re: Selective crypto? - unfortunately........

      Nope because it doesn't work like that. The encryption (and decryption) occurs on the end device, ie the user's phones, so in essence once the message leaves the sender's device it is already strongly-encrypted and so (assuming that the encryption has been done properly) it can't be read by anyone else (including the ISP, manufacturer of the phone, writer of the OS etc.).

      Either the encryption is secure (nobody can intercept the message) or if it is designed so that it is possible to intercept and decode, then by definition it's insecure and it's insecure for everybody not just the suspected bad guys.

      So what you are asking for is that people on the watch list are somehow sold already compromised phones or that their already bought off the shelf phones can be got at and compromised. The authorities already have the legal right to do this but physically being able to do it (actually getting hold of the phone without the owner noticing) is somewhat challenging.

      To put this whole question into context ie perfectly secure encryption which magically become completely insecure as soon as you wave a court order at it; what the authorities seem to be requesting (demanding) is exactly the same as wanting a gun which can only shoot 'bad' people, knives which can only be used to cut food or cars (vans) which can never hit a pedestrian. On that basis I'm mystified as to why the clever people from Smith and Weston, Kitchen Devils and Ford aren't being invited to 'lean-in 'as well.

      1. Robert D Bank

        Re: Selective crypto? - unfortunately........

        LOL - my ignorance confirmed! Your explanation was very helpful thank you. (walks away tail between legs)

        The terrorist issue seems like a really intractable problem to most people and Gov't is using this a yet another way to introduce draconian laws and put the shits up people. It would do more to ensure their communities have high levels of employment to keep them busy, financially secure and have more outside influences to counter the garbage they're being fed.

        1. Anonymous Coward
          Anonymous Coward

          Re: Selective crypto? - unfortunately........

          I'm quite surprised to have seen such a polite conversation occur on the internet, and for someone to admit and then fix ignorance.

          I do completely agree with what Confused Boots said, but I'd also like to add that if the "bad guy" gets worried about their phone being compromised all they'd have to is buy a burner phone. Or, you know, just factory reset the phone. Or take some other action. Getting around this stuff can't be that hard for them.

          1. Robert D Bank

            Re: Selective crypto? - unfortunately........

            Admitting ignorance is a chance to learn and understand the world that little bit better and update my views accordingly. If you can't do that you're part of the problem.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019