back to article Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors

UK Prime Minister Theresa May has reiterated calls for a special magic version of encryption to be developed by technologists so law enforcement can access everyone's communications on demand – and somehow engineer it so that no one else can abuse this backdoor. Speaking at the World Economic Forum (WEF) in Davos, Switzerland …

  1. jonfr

    No is the answer and it remains that way

    The answer is no and it is going to remain that way. At least for me if I ever go into encryption programming (and just programming to start with).

    1. John Robson Silver badge

      Re: No is the answer and it remains that way

      I might have to start sending line noise to my MP...

    2. Tomato42 Silver badge
      Trollface

      Re: No is the answer and it remains that way

      I don't know what you're talking about.

      making secure crypto that is only breakable for lawful law enforcement is just as easy as staying in EU and exiting the EU at the same time. May does that flawlessly, so obviously that crypto stuff is just as flawless

      1. TRT Silver badge

        Re: as easy as staying in EU and exiting the EU at the same time

        Hence the requirement for vastly increasing funding for research in quantum technology. As we all know, this exciting field allows something to exist simultaneously in a number of apparently contradictory states at the same time.

        1. paulc

          Re: as easy as staying in EU and exiting the EU at the same time

          >As we all know, this exciting field allows something to exist simultaneously in a number of apparently contradictory states at the same time.

          like most members of the Tory Cabinet

        2. amanfromMars 1 Silver badge

          Re: as easy as staying in EU and exiting the EU at the same time @TRT

          Hence the requirement for vastly increasing funding for research in quantum technology. As we all know, this exciting field allows something to exist simultaneously in a number of apparently contradictory states at the same time. .... TRT

          You might like to ask Jacob Rees-Mogg MP to share with you the "New Knowledge" missive, [sent to him on 16 November 2017 at 15:15] which contains the following lines amongst a whole host of other relevant and relative information ........

          Does Conservative Leadership want to … Make a Quantum Communication Leap into Future Perfect Presentations with Augmented Virtual Reality Production Systems. ….. with Global Operating Devices.

          Such is that which is Presently Running Our Current Programs.

          I Kid U Not.

          ..... or is all of that to be classified and presumed to be TS/SCI whenever it is in fact now more general knowledge to be exploited and expanded upon? Well, you now know of the message, don't you.

          If Jacob refuses, what would that be telling you whenever he has every right to share everything shared freely.

      2. MacroRodent Silver badge

        Re: No is the answer and it remains that way

        making secure crypto that is only breakable for lawful law enforcement is just as easy as staying in EU and exiting the EU at the same time. May does that flawlessly, so obviously that crypto stuff is just as flawless

        Actually, it is easy to think of several half-way credible ways of doing that. I mean the crypto breakable by good guys only, not the Schrödinger's Brexit. And politicians, aided by some intellectually dishonest experts, may well latch on one of those and make it mandatory.

        1. Michael H.F. Wilkinson Silver badge

          Re: No is the answer and it remains that way

          I feel May seems to operate much like an Electronic Monk, especially the updated Mk-II version which has advanced illogic circuitry able to hold a huge number of mutually contradictory beliefs without throwing those annoying system errors. Many politicians share this kind of circuitry, it seems

          Doffs hat (black fedora again) to the late, great Douglas Adams

        2. Wibble

          Re: No is the answer and it remains that way

          Schrödinger's Brexit

          Is that Rees' Mogg(y)

          It's alive. Oh no it isn't...

          1. Nick Ryan Silver badge

            Re: No is the answer and it remains that way

            Is that Rees' Mogg(y)

            It's alive. Oh no it isn't...

            It may be alive, but it looks and acts like it slipped through some weird time portal from the 1700s.

        3. Cynic_999 Silver badge

          Re: No is the answer and it remains that way

          "

          Actually, it is easy to think of several half-way credible ways of doing that. I mean the crypto breakable by good guys only

          "

          I'd love to see an algorithm that only works if a "good guy" uses it. Even more, I'd like to see a method for determining who is "good" and who is "bad" (bonus if it can also predict which "good" guys will become "bad" in the future).

          1. This post has been deleted by its author

          2. MacroRodent Silver badge

            Re: No is the answer and it remains that way

            I'd love to see an algorithm that only works if a "good guy" uses it.

            Note I wrote "half-way credible", not "credible". For example, always make the crypto implementation store the user's key on the device or data stream but encrypted with a key known only to the good guys. This may well bamboozle people who forget to consider who all will have want to have these master keys (UK? US? China?), and can they be trusted to keep them secret. (And like you point out, will the custodians remain the good guys?).

          3. TRT Silver badge

            Re: I'd love to see an algorithm that only works if a "good guy" uses it.

            That's easy. You just take an input from the webcam and determine what colour hat they are wearing.

            1. vagabondo

              Re: I'd love to see an algorithm that only works if a "good guy" uses it.

              Its the “Good Cop, Bad Cop” routine. The algorithm starts with a dialogue -- “Are you being a good guy or a bad guy today?”.

          4. sprograms

            Re: No is the answer and it remains that way

            Agree. It is rather odd that governments insist that spying on electronic communications is the only way to discover the bad guys.....but in the next breath claim that the proposed backdoor will only be used once they get a warrant. If they already have sufficient probable cause to get a warrant, they don't need a backdoor. They need a password. They already have the power to demand that, or hold the suspect in jail if he/she refuses to hand it over. I'm reminded of the FISA bit: Surveillance without true probable cause is enough to ask the suspect a question he might not fully answer. They he is, surprise, a perp. No thanks.

        4. JohnFen Silver badge

          Re: No is the answer and it remains that way

          " it is easy to think of several half-way credible ways of doing that."

          I don't think that it's easy at all. But if you really have a great idea, I encourage you to develop it. You'd be rich, and such a method would have many good and legitimate uses.

        5. Uffish

          Re: intellectually dishonest experts

          If the intellectual dishonesty means that a backdoor doesn't really exist then the scam won't last long, equally if the backdoor does exist it won't be much longer before it becomes known.

          Either way, as Sir Humphrey would have said "I do think you are being awfully brave, Prime Minister, to bring in this much needed measure".

        6. Doctor Syntax Silver badge

          Re: No is the answer and it remains that way

          "several half-way credible ways"

          The other half seems to have gone missing.

      3. chairman_of_the_bored

        Re: No is the answer and it remains that way

        "staying in EU and exiting the EU at the same time" - isn't that called Quantum Entanglement? Or is the PM enjoying a dead-Heisenberg-cat-bounce?

        1. elgarak1

          Re: No is the answer and it remains that way

          The UK will exit the EU. No way around that. Scotland, Wales, North Ireland, and, maybe, England, will enter, though. Perhaps even on the same day.

          Heed my words.

    3. JohnFen Silver badge

      Re: No is the answer and it remains that way

      "At least for me if I ever go into encryption programming"

      In order to produce crypto that is even remotely trustworthy, what you need isn't programming skills so much as advanced mathematical skills.

      But you wouldn't need to invent new crypto. Just start using the strong crypto that is readily available right now, and stop relying on the default crypto your devices provide.

  2. tempemeaty

    What's the nature of a scorpion?

    Politicians are like scorpions. It's in their nature. This is what they will always do.

    1. Sir Runcible Spoon Silver badge
      WTF?

      Re: What's the nature of a scorpion?

      They're actually starting to sound like whiny brats and it's clear as crystal that this is their default approach to all shitty legislation - keep banging on until the public get bored and resistance fades. Only it isn't fading this time because they are actually asking for something that can't reasonably be done.

      "They must focus their brightest and best on meeting these fundamental social responsibilities."

      What, so the government can ignore all their advice when it doesn't fit with their own pre-conceived world view? (See drugs policy).

      All they want is everything, all the time, no resistance and they will keep whining until they get it or the public wises up and sacks them. The moment someone tells them what they want to hear they'll be all over it, whether it's possible, sensible or legal - doesn't seem to matter.

      1. Anonymous Coward
        Anonymous Coward

        Re: What's the nature of a scorpion?

        "keep banging on until the public get bored and resistance fades. Only it isn't fading this time"

        I'd like to share your optimism, but unfortunately actual evidence doesn't seem to support this: Beyond a little circle of people who a) understand the issue, *and* b) care about it (that's mostly Reg readers...), there is the vast crowd of people who just don't see what the problem might be.

        I've asked a lot of people around me (Ph.D education level...) about this specific issue, and they all just shrug and went "Well, it's not like I have something to hide. And besides, who would be interested in pictures of my pet/my holiday?". That's their standard answer to both blanket surveillance and criminals getting to their information. Questions about losing sensitive information (financial, health, etc) are shrugged off as outliers. "Can't be worse than Facebook" is actually an excuse I heard, and it makes sense - People willing to give Facebook their most intimate life details clearly don't have the same assessment of what privacy is good for.

        So beware, politicians' mantra-like repeating of stuff isn't a sign of some inability to accept reality, it's actually slow and steady brain washing. When the promised reductions in privacy eventually happen (in some technical way or another), the vast majority of people will only think "well, that was overdue, wasn't it".

        1. JohnFen Silver badge

          Re: What's the nature of a scorpion?

          "I've asked a lot of people around me (Ph.D education level...)"

          Just because someone has an advanced degree doesn't mean that they're competent (or even smart) when it comes to areas outside of what they got the degree in.

        2. Doctor Syntax Silver badge

          Re: What's the nature of a scorpion?

          I've asked a lot of people around me (Ph.D education level...) about this specific issue, and they all just shrug and went "Well, it's not like I have something to hide. And besides, who would be interested in pictures of my pet/my holiday?". That's their standard answer to both blanket surveillance and criminals getting to their information.

          Tell them to read the ToS of their bank and any other online services. Then they'll discover that not only do they have something to hide but that they're contractually obliged to hide it.

          1. Chemist

            Re: What's the nature of a scorpion?

            "Well, it's not like I have something to hide. And besides, who would be interested in pictures of my pet/my holiday?""

            Well I've not got anything to hide ( except financial stuff naturally) but I do always use ssh to access my systems at home from outside - this is to ensure security so my systems don't become a playground for spammers etc. My system is as secure as I can make it.

  3. Crisp Silver badge

    There's no magic encryption tree

    Where does she expect her hairbrained idea of encryption to come from?

    1. Mark 85 Silver badge

      Re: There's no magic encryption tree

      I wouldn't use "hairbrained" as I suspect she's pulling this out of her orifice that's lower to the aft. .

      1. 2+2=5 Silver badge
        Headmaster

        Re: There's no magic encryption tree

        I wouldn't use "hairbrained" as I suspect she's pulling this out of her orifice that's lower to the aft it's 'hare-brained' as in 'mad as a March hare'.

    2. Ole Juul Silver badge

      Re: There's no magic encryption tree

      Those who don't know math are doomed to repeat it.

      1. Chemist

        Re: There's no magic encryption tree

        "Those who don't know math are doomed to repeat it."

        That also recurred to me

    3. John Smith 19 Gold badge

      Where does she expect her hairbrained idea of encryption to come from?

      She doesn't have an idea.

      It's just like any politician.

      <gollum>

      We wants it.

      We wants it

      We wants it.

      </gollum>

      1. Anonymous Coward
        Anonymous Coward

        Re: Where does she expect her hairbrained idea of encryption to come from?

        "Where does she expect her hairbrained idea of encryption to come from?"

        Just wait until the politicians hear about quantum entangled photon pairs. Soon they'll be demanding physicists entangle a third photon for monitoring purposes...

    4. Anonymous Coward
      Anonymous Coward

      Re: There's no magic encryption tree

      I look at it like a "magic backdoor", however you can't create the back door without lubing it up and everyone taking one for the team. Maybe if someone explained it to her properly using the correct terminology then she might just get it as she's not been adverse to taking one for the team on many occasions. (DUP/Election/EU/Green/Johnson, the list goes on)

      Disclaimer: For impartiality I'll say it a good job Corbyn isn't in power because I'm unsure if he's ever used a computer. The lib dems would probably just put in their manifesto that they won't ban encryption and then ban it.

  4. Mark 85 Silver badge

    Funny thing about this argument and all the BS flying about. I would think that the "security agencies" would know that any encryption with a backdoor is useless. Maybe the fightback is to insist that they use the same encryption they want us to use?

    Then again, we've not heard from the grunts in the trenches in the agencies, only the political appointees who are mouthing the words they need to say to keep their jobs.

    1. phuzz Silver badge

      Exactly, GCHQ have some of the best cryptographers in the world, so they surely know that there's no way that they can have their own back door without some possibility of another country (or criminals etc.) finding a way to access it.

      I guess this explains the focus on getting companies to do it, then if (for example) Whatsapp's magic backdoor was breached, the government doesn't look responsible.

    2. Chemist

      "I would think that the "security agencies" would know that any encryption with a backdoor is useless"

      It's the same in other areas. I lost count of the number of times I put together very detailed proposals for/against certain approaches to tackling a disease area, going to great lengths to research what was know, list the unknowns, explain the complexities, list the pros & cons and suggest a way forward only for a PHB+2 to dismiss ( or sometimes sanction ) the whole thing after a few moments consideration.

      1. Sir Runcible Spoon Silver badge

        We should give them what they want and then carry on ignoring the useless fuckers. What are they going to do, write their own encryption programs?

        1. amanfromMars 1 Silver badge

          SNAFU v1.0 ....

          We should give them what they want and then carry on ignoring the useless fuckers. What are they going to do, write their own encryption programs? .... Sir Runcible Spoon

          Isn't that the Current State of Status Quo Systems in Politicised Fields of Global Play, Sir? The Spaces and Places were they presume to be able to Provide Lead, and be failing miserably and spectacularly.

    3. ThatOne Silver badge
      Big Brother

      > would know that any encryption with a backdoor is useless

      Isn't that the whole point?

  5. Alister Silver badge

    The crucial point that all these politicians seem to be missing is that the knowledge and technology to do end-to-end encryption now exists.

    No matter what laws are passed, criminals and terrorists are, by their nature, not law abiding, and therefore will ignore those laws, and continue to use the technology.

    It is not possible to remove the ability to create end-to-end encryption, now it exists, all you can do is disadvantage law-abiding citizens.

    1. Anonymous Coward
      Anonymous Coward

      all you can do is disadvantage law-abiding citizens

      That would appear to be the goal. A bit like all of the pantomime around "money laundering" that doesn't work, or "airport security".

      1. Flocke Kroes Silver badge

        Re: Goal ... disadvantage law-abiding citizens

        People tend to ascribe to others crimes they would commit themselves. For techies, this shows as an attempt to find sane intelligent motives consistent with other peoples' actions. This cannot work with Teresa May. Although ability at government is not a required attribute of a successful politician they do need to be better at politics ... than other politicians. She called for an election in June 2017. Now you know her level of competence at a core skill you have to base the motives behind her other activities consistent with determined ignorance and fly bashing against the closed half of a window level stupidity.

        The only defence against such people is education - somehow we have to educate enough voters to prevent people like her getting elected again.

        1. jmch Silver badge

          Re: Goal ... disadvantage law-abiding citizens

          "People tend to ascribe to others crimes they would commit themselves"

          Not only that but even more generally, people tend to ascribe to others any behaviour they would do themselves

    2. Nick Kew Silver badge

      The technology exists, but time and time again, we hear that real-life terrorists used unencrypted communication. They weren't caught because nobody was looking. Criminals and terrorists are not law-abiding, but more to the point, most of them are not awfully bright.

      If I were advising the security services, I'd be looking to put out messages calculated to encourage villains into using particular means of communication, where anything they might leak would be less needle-inna-haystack than the sum of all 'net traffic. One way to encourage that might be to have politicians and officials call for particular apps to be banned, thereby sending out the message that diabolical plots can be safely shared using precisely those apps. If any such app happened to have a backdoor, the calls to ban it (or force it to introduce a backdoor) would be loud and clear.

      1. StargateSg7 Bronze badge

        I will make encryption software such as encrypted video phones, fully encrypted instant message and custom encrypted web browsers as i see FIT !!!! I will release them FULLY OPEN SOURCE WITHOUT ANY BACKDOORS and ANY BAN will be USELESS because I simply will not LISTEN and will CONTINUE to release new versions when and where I see fit! I'm also in another country so you cannot touch me legally without some SERIOUS LEGAL FIREPOWER being brought in against you by me! I know some of the BEST lawyers in the business WORLDWIDE and the sheer weight of my legal opinions and legal paper deluge will obliterate any statutes you may wish to bring about!

        So Tough Tootie Minister!

        You can't disobey the laws of Math and Physics, they are COMPLETELY immutable!

        AND FINALLY!!!! Get away from AES-256, Triple DES and Elliptic Curve-based encryption algorithms!

        Modern supercomputers AND newer Quantum Computing-style (i.e. All States At Once Computing) WILL be able to break such systems.

        YOU MUST HAVE POST-QUANTUM CRYPTOGRAPHY !!!!

        You need Multivariate, Lattice, Code-based and other forms of "Post Quantum Cryptography" to be able to keep your data secrets from being ratted out by Shor's Algorithm!

        1. Anonymous Coward
          Anonymous Coward

          @stargatesg7

          Back in the day there was a forum (remember those!) called alt.talk.bollocks

          This would have fitted there perfectly.

          1. rmason Silver badge

            @AC

            You'll be hearing from his "SERIOUS LEGAL FIREPOWER" shortly, I imagine.

        2. rmason Silver badge

          Calm down @StargateSG7,

          You aren't going to do any of that really, are you. No.

          what you'll do is either choose to use the apps we all know are probably broken, or chose not to.

          Calm down duck, you look daft.

        3. Doctor Syntax Silver badge

          @ StargateSg7

          Bob, is that you?

      2. Halfmad

        Like a shell company?

        Government starts shell company with funds from taxpayer, shell company buys out trusted encryption system and changes the encryption in the background to suit themselves. Job done.

        1. JohnFen Silver badge

          Re: Like a shell company?

          That's been done before -- but it's a really hard thing to hide, which is why we know about it.

      3. Dr Dan Holdsworth Silver badge

        Criminals are generally not all that smart, and suicidal terrorists are especially not-smart. However, most of the suicidal religious lot have worked out that the secure way to communicate is by meeting up face to face.

        Once an attack is in progress, comms don't really need to be secure; if you assume that the security services aren't on the ball enough to know who all the participants are (a good bet if your little jihadi plot has gotten to live state), then you can also assume that they aren't going to understand the comms chatter quickly enough to make any difference.

        That was the assumption the French terrorists made: they used completely unencrypted SMS to start and coordinate their attacks, and over that short time scale it worked.

    3. Hey Nonny Nonny Mouse

      The crux of it.

      "No matter what laws are passed, criminals and terrorists are, by their nature, not law abiding, and therefore will ignore those laws, and continue to use the technology."

      That.

      It always amazed me that a regular sentence for driving without a licence was a driving ban (I know the sister of a lad who, at the age of 14, got a lifetime driving ban for stealing and joyriding cars, needless to say, it had absolutely no deterrent effect), while I understand the reasoning behind it it seems absolutely nonsensical, rather it made them more likely to kill someone in their attempts to get away from the police, the inherent nature of a criminal is that they do not obey the laws that are used to punish them, nor do they care about the punishment meted out

      The weakening of the cryptography that's being demanded and justified as a means to keep us 'safe' is going to achieve the exact opposite.

      1. John Stirling

        Re: The crux of it.

        An excellent example, as it shows not only the essential futility, but also how much damage it does - once the young toe rag grows up enough to start abiding the law they are effectively excluded from meaningful interaction with society, and thus less likely to ever contribute to that society.

    4. bobblestiltskin

      Surely the government can propose a bill to ban prime numbers?

      Forbid any number (especially large ones) from being divisible only by themselves and 1. And if they persist in being undivisible, just jail them and miss them out when counting.

      Thinking more, it is just the odd numbers which cause problems, so just ban all odd numbers?

      That would put a stop to this strong encryption malarkey.

      As our antipodean cousins are wont to say, "What could possible go wrong"?

      1. defiler Silver badge

        Thinking more, it is just the odd numbers which cause problems, so just ban all odd numbers?

        2

        It's odd because it's the only one that's even...

  6. gabor1

    Biometrics

    Can someone explain why this can't be solved by biometric security? Just as my fingerprints open my phone, Apple could preinstall the fingerprints of federal judges who could also open it, should they grant themselves a warrant to do so. How is that a backdoor?

    1. Tomislav

      Re: Biometrics

      So all you would need is a copy of a federal judges fingerprint to unlock any iPhone in the world? Sounds foolproof...

      1. GrumpyKiwi Silver badge

        Re: Biometrics

        Indeed. After all the US government is great at keeping such information secure. Just look at OPM who have never been hacked and had 19 millions peoples records (including fingerprints) taken.

        And we need a rolling my eyes icon.

    2. DougS Silver badge

      Re: Biometrics

      Apparently you're under the impression that biometrics are foolproof. That's a mistaken impression.

      Even if they were, and they could be kept secure, every judge in the US is supposed to get these powers? So what about judges in the UK, EU, Israel, Russia, China, Japan, Korea, Iran, Iraq, India, Pakistan and so forth? What if the laws differ in some countries so they don't require a judge but anyone who works for the government should able to decrypt?

      If a US company provided a backdoor for judges in one country, other countries are going to say "give us the same or we will ban the sale of your product in our country".

      I don't know that I agree that judges - even with a proper court order - should be allowed to search someone's phone. Why? There's no precedent for this in the past - look at how much information someone's phone carries. That's basically the equivalent of a blanket search warrant covering not only your home, car, office, etc. but also your mind. I mean, in the past if someone told me something important I have to memorize it. Now I don't have to bother, because if they told me in a text message I know I can find that text again, even five years later. Why should judges have unrestricted ability to search my memory? Because it makes overly fearful people a little less afraid when they read about the latest terrorist attack, knowing that the government has unlimited power to snoop?

      1. spold Bronze badge

        Re: Biometrics

        Hmmm if it is an Apple phone don't I just hold it up to your face or mugshot and now it is unlocked?

        I can't help thinking that if governments make such ridiculous faulty arguments on this topic it must mean they have found some backdoors or practical vulnerabilities and just want you to think that they are secure and they can't crack them, so the bad guys continue to use them.

    3. Allan George Dyer Silver badge
      Facepalm

      Re: Biometrics

      Ah, I see the problem with your plan, Why should a Federal judge have control over access to UK phones?

      Oh, and expect a large number of hand amputation attacks on federal judges if your plan is accepted.

      And you forgot the troll icon.

      1. wowfood

        Re: Biometrics

        Rather than a finger print, I'd say a constantly shifting password. A bit like how facebook can generate a security pin to log in with new devices which changes every 10 minutes.

        Of course even that isn't foolproof.

        But even if, by some magic, they did develop a backdoor that legally had to be put in all software. What's to stop somebody publishing software without this backdoor? Sure a company trading in the US / UK can't, but an individual who doesn't like backdors in their device?

        1. Cynic_999 Silver badge

          Re: Biometrics

          "

          Rather than a finger print, I'd say a constantly shifting password.

          "

          And exactly how do you propose to "constantly shift" the password of data that's stored on a phone I haven't switched on for months? You need some of Ms May's magic pixie dust.

    4. Karl Vegar

      Re: Biometrics

      If we for a moment pretend biometrics are 100% perfect, secure, foolproof and able to determine if the fingerprint is provided from a live and willing judge. Just for the sake of the argument.

      Are you planning to grant US Federal judges this power over all phones in the world? Isn't that a bit overreaching, and out of jurisdiction? Or only handsets sold in the US? (And what makes you think handsets wont be bought in Mexico, and resold in the US...)

      How about other nations? Should every judge at the level determined by the individual nation be granted this? Would you like the commissars of Putin or Kim to have access to your phone at will?

      And what happens when a judge is replaced?

      And how long would it take before apps had a possibility whether or not to trust the builtin biometrics, for instance requiring a password or other form of authentication instead.

      So in short. This would greatly reduce the basic security of the handsets. Add a lot of cost. And slightly inconvenience anyone who wants to keep something secret.

      1. Doctor Syntax Silver badge

        Re: Biometrics

        "Isn't that a bit overreaching, and out of jurisdiction?"

        ITYF gabor1 is from the US and doesn't understand concepts such as The Rest Of The World.

    5. Hans 1 Silver badge
      Windows

      Re: Biometrics

      @gabor1

      If you use bio-metrics to unlock a mobile device then your opinion on data security does not count.

      Hint: Your phone's case IS FULL OF YOUR FINGERPRINTS! If you use facial recognition, robber points the device at the poor fellow he just stole it from, "thanks, me changing code and going shopping ..."

    6. HieronymusBloggs Silver badge

      Re: Biometrics

      "Can someone explain why this can't be solved by biometric security?"

      Yes.

  7. Nick Ryan Silver badge

    Chairman May does not care about trivial technicalities like the realities of bloody complicated mathematics, human nature and sneering "experts". Nothing, nothing whatsoever, must stand in her way to a more comprehensive police state where everybody* must be monitored 24/7 and recorded and all the time, not just if they are suspected of anything. Nothing must stand in this way, including law, democracy, common decency and most of all, the ECJ. Screwing the entire country over economically and socially just to get rid of the ECJ and its attempts to introduce accountability, rights for "plebs" and the EU's general aim to reduce inequality is very much worth it. If this also happens to make politicians and their very rich friends even richer at the same time then this is a double bonus.

    I really, really wish that I could put a /sarcasm tag but it's ceased to be possible to be sarcastic about it.

    * Everybody except politicians, their very rich friends and "celebrities" (for some reason).

    1. Anonymous Coward
      Anonymous Coward

      Chairman May...

      This.

      If the world wasn't being run by power mad sociopaths wielding discriminatory policy, there would far less 'terrorists' and 'extremists' in the first place.

      May and her ilk can go whistle.

    2. wolfetone Silver badge

      "...must stand in her way to a more comprehensive police state..."

      The irony being she loves cutting the budget of the Police, so that when the UK becomes a police state there'll be no police to police it.

      1. Nick Ryan Silver badge

        The irony being she loves cutting the budget of the Police, so that when the UK becomes a police state there'll be no police to police it.

        That's the puzzling bit about it... it could be part of an overall plan to monitor everyone 24/7 which would reduce the number of needed Police? Or maybe just as a prelude to outsourcing more and more of the duties of the Police to private organisations?

        1. wolfetone Silver badge

          "That's the puzzling bit about it... it could be part of an overall plan to monitor everyone 24/7 which would reduce the number of needed Police? Or maybe just as a prelude to outsourcing more and more of the duties of the Police to private organisations?"

          I think the latter is more likely. Her husband, apparently, had some dealings with G4S, so it's not beyond possibility that some sort of pseudo-Robocop-OCP-era privatisation of the police force in the UK could happen.

      2. Anonymous Coward
        Anonymous Coward

        More like IF the UK becomes a police state. May wont be in power for very long.

  8. Doctor Syntax Silver badge

    This is something May's wanted for years. If she wants it so badly she could just roll up her sleeves, learn coding, learn maths and deliver this wonderful idea herself. After all, if she wants a thing done right who else could she rely on but herself? I wonder why she hasn't.

    1. Nick Ryan Silver badge

      Because she's barely competent at being a decidely below average politician? I know quite a few people in her constituency and they've never had a complimentary thing to say about her or how she manages her constituency (she does nothing) - however because of people voting like sheep for the same party they have always voted for regardless of how idiotic their policies are, how corrupt they have been proven and how they have managed to get away with this, toads like this keep on getting (re)elected.

      1. Anonymous Coward
        Anonymous Coward

        Well the reason she keep getting (re)elected is because of FPTP.

      2. alex perkins

        *Strongly* disagree with the view of her being barely competent as a constituency MP. As someone with political views to the left of Tony Benn I am no fan of her politically, but she's a good MP for her constituents, regular surgeries and meeting with people, and helping as their representative. She keeps getting re-elected as people in Maidenhead often seem to have a confused view about politics - I was quizzed as to how I would consider voting Labour as I owned my own house. A mortgage, hardly owning it, and I'm keen on the redistribution of wealth, improvements of public services etc.

  9. SVV Silver badge

    You show 'em PM

    Once these backdoors have been built into the systems, governments WILL be able to access all these communications. Such as the Russian government, the Chinese government, the North Korean government.......... oh yes, and lots of criminals too!

    Next demand that everybody always leaves their house unlocked, so government can always take a peek inside, don't worry that everyone else will also be able to do so too..... After all, those door locks meant that these dastardly types could have "communicated" their plans to each other by talking in private, without anyone overhearing them!

    What calibre of "advisors" is she employing that let her spout this stuff on the global stage? IT security experts or 20-something party activists who are being given cushy government jobs?

  10. tfewster Silver badge
    Facepalm

    Whatever mechanism the Feds can use, every government in the world will insist on having access to as well, to monitor their local "potential terrorists". And any "potential spies" as well, i.e. the rest of the world.

  11. GrumpyKiwi Silver badge

    The poor spooks

    Come on, who here isn't feeling sympathy for our pals in the "intelligence" community for whom this encryption is forcing them to have to work for a living instead of just sitting in a chair drinking coffee. Those poor poor bastards.

    Why if only they hadn't betrayed the public trust in the first place we wouldn't be in this position. As it stands they are forever stained in my mind as lying liars who lie.

    1. Anonymous Coward
      Anonymous Coward

      Re: The poor spooks

      I would defend the poor spooks, to some extent. While those in the higher seats of their trade, do obsess about having Godlike powers, most of them are "only following orders". Orders and pressure. Funding is target-driven, and they're in this neverending fear of the next attack, which EVERYBODY is going to blame on them, for being blind and deaf. And as people use mass communications, they try to catch up with mass surveillance. And that it helps to keep tabs on what the plebs are thinking... well, the paymasters don't mind that, do they :/

  12. Destroy All Monsters Silver badge
    Windows

    "They are waiting on a change in public mood"

    And so we have the ludicrous situation of encryption Groundhog Day where the same things are said and done over and over again, each day the same.

    It's coming from the same "people" who have been offering us the stale puke menu of "Russian Interference" since DNC got its mail server copied to an USB stick. If the public doesn't like it or doesn't care, regular recalls via "newspapers" and, if necessary, "popular culture" will be applied. A little "Steele Dossier", unspecified future "terror attacks" that could be thwarted by decryption. Unconfirmed rumors, retconning and lies as facts known by everyone in secondary sentences.

    These people are straight-on satanic, make no mistake.

  13. eldakka Silver badge

    How did this incompetent, brainless, insipid excuse for a human being become prime minister?

    1. Geoffrey W Silver badge

      She became Prime Minister because the Conservatives thought they had another Thatcher and made her leader, then lots of people voted for her in the election. Lots of wrong all round.

    2. Anonymous Coward
      Anonymous Coward

      Because we, the electorate, put her there. Not directly perhaps, but anyone who is prime minister is 1) a directly elected MP, 2) appointed as PM by other directly elected MPs responding to the political situation created by how the electorate has voted. It rarely reflects the opinions of everybody, but tough luck that's democracy.

      Look at what happened in 2010 when liberal voters started whinging about them forming a coalition with the Tories. Well duh whatever did they expect to happen given the results?

      1. Anonymous Coward
        Anonymous Coward

        " It rarely reflects the opinions of everybody, but tough luck that's democracy."

        It rarely reflects the opinions of the majority of voters, but tough luck that's FPTP democracy.

        FTFY

      2. DavCrav Silver badge

        "Because we, the electorate, put her there. Not directly perhaps, but anyone who is prime minister is 1) a directly elected MP, 2) appointed as PM by other directly elected MPs responding to the political situation created by how the electorate has voted. It rarely reflects the opinions of everybody, but tough luck that's democracy."

        It doesn't appear to be a commonly known fact, but the Tories won a majority in Britain. Since the British parties don't stand in Northern Irish seats, they stand no chance there, and it's only in the whole UK that they failed to get a majority, but this is really a type of super-majority, because of those extra seats. The great irony of having to rely on DUP support is that the only reason they have to is because of Northern Ireland in the first place.

        1. DJO Silver badge

          Because she was completely incompetent as Home Sec they thought any other position would be an improvement. Wrong.

        2. PapaD

          Almost, but not untirely unlike

          Well, they have 316 seats our of 650 - 18 seats represent Northern Ireland, so if we knocked that down to GB only, they'd have 316 seats out of 632 - so they have exactly half, and are 1 seat away from a bare minimum majority.

          So not quite a majority, but very close.

          1. DavCrav Silver badge

            Re: Almost, but not untirely unlike

            "Well, they have 316 seats our of 650 - 18 seats represent Northern Ireland, so if we knocked that down to GB only, they'd have 316 seats out of 632 - so they have exactly half, and are 1 seat away from a bare minimum majority."

            They won 317 at the election.

      3. Anonymous Coward
        Anonymous Coward

        "Look at what happened in 2010 when liberal voters started whinging about them forming a coalition with the Tories. Well duh whatever did they expect to happen given the results?"

        And I still don't know if I've forgiven the LibDems for this yet which puts me in a dilemma because Conservatives and Labour are as bad as each other and if a Labour government was in power we'd still be having this discussion - remember ID cards?

        1. Graham Cobb

          And I still don't know if I've forgiven the LibDems for this yet

          For what? For killing off ID cards? Both Labour and the Conservatives were in favour of ID Cards but the Lib Dems killed it by making it a condition of supporting a coalition.

          It is a shame they weren't able to get both that and no tuition fees as conditions but I think they made the correct choice. I realise others may disagree.

          It is a shame that people chose to punish them for not achieving the impossible (killing both) and so have left us with this intolerable unrestrained Conservative government instead.

          1. Doctor Syntax Silver badge

            "It is a shame that people chose to punish them for not achieving the impossible"

            I think that's one of the reasons. The other is that people voted for them as a protest vote, something they reckoned was "safe" because they (LibDems) would never be a party of government. And then they did the unforgivable - they joined the government. Just being against things isn't a responsible political stand; sometimes you have to be for things and a lot of their voters had forgotten that.

    3. Anonymous Coward
      Anonymous Coward

      She inherited the job then bribed the dinosaur denying flat earth society fuckwits called the DUP.

    4. Doctor Syntax Silver badge

      "How did this incompetent, brainless, insipid excuse for a human being become prime minister?"

      By standing around doing nothing whilst the others knifed each other in the back.

    5. davemcwish

      How did this incompetent, brainless, insipid excuse for a human being become prime minister?

      @eldakka

      She is PM as she became leader of the governing party during their current term of office and IMHO was viewed as the least worst.

  14. Bush_rat

    You want a back door?

    Best thing you can have to a backdoor would be for all the western nations to chip in a build a colossal supercomputer and just brute force the encryption. You know what's great about this? Only nation-states could ever use such a method, cause I don't think there are enough grains of sand to make a computer that big once, let alone twice.

    1. GrumpyKiwi Silver badge

      Re: You want a back door?

      Hah yes. Charge one bitcoin per decrypt request. That'll increasingly tie their supercomputers up for longer and longer. Or provide them with a reason to confiscate - sorry I mean 'asset forfeit' peoples Bitcoins.

      1. Jos V

        Re: You want a back door?

        And then, years later, the new supercomputer will just spew out one answer: 42

    2. Cynic_999 Silver badge

      Re: You want a back door?

      "

      You know what's great about this? Only nation-states could ever use such a method

      "

      In addition, it would be so expensive in terms of computing power that it would only be used to decrypt stuff that the security services strongly believe contains vital information. No way that everyone's private coms could be routinely decrypted and scanned for keywords.

    3. Charles 9 Silver badge

      Re: You want a back door?

      "Best thing you can have to a backdoor would be for all the western nations to chip in a build a colossal supercomputer and just brute force the encryption."

      Don't laugh. This may actually exist. There's that huge data center in Utah. Could actually be a cover for a black-project working quantum computer breaking messages using Shor's Algorithm.

  15. DCFusor Silver badge

    Good you included Wyden

    It was an epic slam-down and you should have quoted it more fully, actually.Here's a little more

    "

    Wyden blasts FBI chief over encryption remarks

    © Camille Fine

    A Democratic senator is blasting the leader of the FBI over recent comments he made about encryption, calling them “ill-informed.”

    Sen. Ron Wyden (D-Ore.) wrote a letter to FBI Director Christopher Wray on Thursday criticizing him for advocating for a technological solution to what is often referred to as the “going dark” problem: the inability of officials to access data on encrypted devices for ongoing investigations.

    Wray said during recent remarks that devices could be designed “that both provide data security and permit lawful access with a court order.” He also dismissed the idea that law enforcement investigators are looking for some kind of “back door” into encrypted devices.

    In his letter Thursday, Wyden slammed the suggestion, saying that it would inevitably degrade the security of the devices themselves.

    “Regardless of whether the Federal Bureau of Investigation labels vulnerability by design a backdoor, a front door, or a ‘secure golden key,’ it is a flawed policy that would harm American security, liberty, and our economy,” Wyden wrote.

    Wray made the remarks at a conference in New York earlier this month, during which he described the bureau’s inability to access encrypted communications as a “major public safety issue."

    According to Wray, the bureau was unable to access digital content of nearly 7,800 devices for investigations last fiscal year despite having the “legal authority” to do so.

    “If we can develop driverless cars that safely give the blind and disabled the independence to transport themselves, if we can establish entire computer-generated virtual worlds to safely take entertainment and education to the next level, surely we should be able to design devices that both provide data security and permit lawful access with a court order,” Wray said.

    “We’re not looking for a ‘back door’ — which I understand to mean some type of secret, insecure means of access,” Wray added. “What we’re asking for is the ability to access the device once we’ve obtained a warrant from an independent judge, who has said we have probable cause.”

    On Thursday, Wyden countered that designing such a proposal that still preserves security would be impossible.

    “Experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely,” he wrote.

    Wyden asked Wray to provide a list of cryptographers he has consulted with to arrive at his proposal. "

    Because the list would be zero-length of credible cryptographers.

    What they want is for there to be no end-to-end encryption and have companies (ie, customers) pay to store it all along with the keys so they can get it with a warrant. Of course, online CC and banking would be exempt, because they are already in the palm of their hands and will willingly (or not) give the feds all records (this problem is described in a fun way in the "stainless steel rat" scifi series, harry harrison, not great scifi but fun).

    But the real reason the extension passed isn't because we didn't harass our congress swamp critters, it's because the very first snooping was to get the dirt on them to get votes to go the 5-eyes way every single time - no exceptions, even for show - name one, I dare you. It's the dog that didn't bark.

    Really, what does anyone suspect. That pols are clean? Don't we know better, much better? Who cares if my personal habits come out - not me, but if I was a pol fishing for re-election, then I care, eg, the MAIN targets of blackmail are the pols - the guys who sign the paychecks of the 5 eyes. Even if you were a brain-dead beaurocrat, who would you get the dirt on first? Meaningless citizens or people involved with "national security" or - keeping your rice bowl full. Occam's razor.

    1. tfewster Silver badge
      Facepalm

      Re: Good you included Wyden

      Wray said...We say

      “If we can develop driverless cars that safely..." - You can't

      "if we can establish entire computer-generated virtual worlds to safely..." - You can't

      "surely we should be able to design devices that both provide data security and permit lawful access..." - I refer you to my previous responses.

    2. terrythetech
      Facepalm

      Re: Good you included Wyden

      "“If we can develop driverless cars that safely give the blind and disabled the independence to transport themselves, if we can establish entire computer-generated virtual worlds to safely take entertainment and education to the next level, surely we should be able to design devices that both provide data security and permit lawful access with a court order,” Wray said.

      Apart from the fact, as pointed out, we can't actually do those things, even if we could it would be a terrible argument, apples aren't oranges.

  16. sd123

    Once upon a time...

    In a land not too far away law enforcement officials couldn't eavesdrop on the dastardly plans of criminals unless the could personally overhear what was being said.

    It seems to me that those times have simply returned and attempting to remove the privacy that we previously could assume is no longer possible.

    Big brother simply needs to understand that (or possibly put Siri/Alexa etc. to listening to every inch of the planet).

  17. vir

    Scam Of The Century

    I'm waiting for someone to claim that their company has magically invented a proprietary technology that can provide this un-misusable (it's a word) backdoor that opens for the pure of heart, grab a bunch of contracts and string the government along for a few years before disappearing in a cloud of smoke.

    1. Nick Kew Silver badge
      Coat

      Re: Scam Of The Century

      Tailors by imperial appointment?

    2. Anonymous Coward
      Anonymous Coward

      Re: Scam Of The Century

      <i>we've got it, but are still collecting signatures needed to protect the intellectual property. (the technology may too closely parallel prior stone/sword art; and garnering cooperation from Arthur's heirs has been challenging).</i>

    3. Doctor Syntax Silver badge

      Re: Scam Of The Century

      There's potential in reversing this approach. HMG puts its money where its mouth is and offers a contract to build this system they believe could be built. The usual suspects will tender and one of them will get it. They will fail to deliver but that's true of many govt. contracts. Unlike the others this won't be wasted money. It'll be money well spent on shutting the idiots up while they wait for something to be delivered. Hopefully those on the relevant Parliamentary committees who twig what it's about will keep schtum.

  18. a_yank_lurker Silver badge

    Almost Reaching the Bottom

    May is getting close to Congress Critter territory with their well known ability to subtract from the sum total of human knowledge by just breathing let alone opening their pie holes.

    1. Geoffrey W Silver badge

      Re: Almost Reaching the Bottom

      I honestly think we seriously underestimate our politicians if we think they don't know how stupid are the things they say. The things they say aren't intended for people who know better. The words are for people who do not understand the subject but think they know enough. For any given subject, encryption, economics, climate change, whatever, the sub set of those who know little if anything vastly outnumbers the subset who do know something and hence has greater positive effect for the politician if it sounds like they are saying the right thing. Us being cynical and calling them stupid tends to drive us away from participation in politics and voting and works in the favour of those who would rule us. Everything they say has a specific target audience and, generally, is carefully formulated.

      We underestimate them at our own peril.

      1. Anonymous Coward
        Anonymous Coward

        Re: Almost Reaching the Bottom

        "I honestly think we seriously underestimate our politicians if we think they don't know how stupid are the things they say."

        The most effective salesmen believe their own lies.

  19. Brian Miller

    M of N Secret Sharing

    It sounds like they want a modified M of N scheme. The individual would only need one secret to access the plain text, while law enforcement would need N secrets to access the plaintext. Thus, the number of secrets would have to be gathered from a number of bodies via warrant, protecting the individual.

    But of course that wouldn't prevent other solid encryption algorithms from being used.

    1. whitepines Silver badge

      Re: M of N Secret Sharing

      I could actually see something like that working for proprietary apps, and honestly I wouldn't really care -- proprietary apps have far more backdoors than a mandated M+N scheme would provide.

      My main concern is that we might end up back in the era of "open source encryption is illegal". The 1990s are calling, just minus all the fun....

    2. Flocke Kroes Silver badge

      Re: M of N Secret Sharing

      Hello phone, some new judges have been appointed. Here are their public keys. Did I accidently put my key in the list?

      I wish I could find the video I saw of an old judge explaining some aspect of technology. I cannot tell you what sort of technology he was explaining because he kept getting stuck half way through sentences and forgetting what he was talking about. After about quarter of an hour, I could not stand to watch more. Not all judges are senile (although that does seem to be a popular career move in the US). There is even a judge who understands every single line of code Google copied from Java. Such judges are rare. I have met "techies" without the brains to understand what a secret key is, and PHBs with the computer literacy to keep a secret key secret are few and far between.

      Giving each judge a secret key is as sane as giving each employee a four digit access code (someone will pick 1066).

  20. harmjschoonhoven

    While they are on it

    the brightest and best can proof that π equals 4.00. Or if all fails the UK can make it a law (not valid in the EU, thank you).

  21. Anonymous Coward
    Anonymous Coward

    Meanwhile in other news...

    Big Sister sets up Ministry of Truth to counter inconvenient 'Fake News'.

    1. amanfromMars 1 Silver badge

      Re: Meanwhile, in Areas of Play Beyond the Corrupt Current Mainstream, AI Parliamentary Opposition

      .... and Virtually Real Competition

      No new News, although the Tory Party cabal sequestering public funds to set up their Ministry of Truth Operation and National Security Communications Unit in the Cabinet Office to counter "Fake News" is a sinister enough very recent development well worthy of intelligence community scrutiny and surveillance, always results in fake news daily for media program broadbandcasting with old news simply being recycled and repeated/redressed for further flogging to death in camouflaged clothes.

      And you won't find the status quo rocking any boats and setting their worlds on fire with anything truly new and revolutionary and Great Game Changing, will you? They just haven't got what it takes but just love taking everything they need from you.

      For True Novelty and Absolutely Fabulous Fabless Progress you need to venture further afield and elsewhere.

      Anonymous said... 24 January 2018 at 18:26

      hope it's enough to circulate/flow without need to care about having anything urgent just for oneself, amanfromMars (-;

      amanfromMars replied and said... 25 January 2018 at 07:04

      Indeed, it is, Anonymous, and it is a Prime Systemic Condition Assured and Consistently Fed by Advanced IntelAIgent Design Default.

      However, that is not to say that deserved lavish reward beyond the wildest of dreams is not also factored in to be accepted to Aid Future Deliveries. For some, it is all they hold dear and would be able to offer without it causing them any distress.

      First the Goods/Program, then the Riches makes doing Virtual Business a Real Pleasure, with everyone able and/or enabled to keep coming back for more .... and more ..... and more ..... forever more.

      And very Revolutionary Soviet in nature be such an AI ProgramMING and fully capable of draining every last cent from Federal Reserves. And there are not many/any other Programs able to do all of that so very easily.

      amanfromMars further said... 25 January 2018 at 15:59

      And all of that is what IT and AI can now Deliver and is floated hereby into Capital and Other Alternative Derivative Markets for AIdDrivering with SMARTR Enterprise Miners/Type Google AI Labs/Saudi Vision 2030 Architects and Artilects/PLA Unit 61398 Level Operators/Soviet State Sources and Myriad Other State and Non-State Resources with Greater IntelAIgent Game Players.

      An Advanced IntelAIgent Project for Remote Virtual and Alien ProgramMING freely open to Any and All Suitably SMARTR Enabled to Play Greater IntelAIgent Games Perfectly for Immaculate Results.:-)

  22. Speckled Jim

    My pigeon's don't have backdoor's... Do they?

    1. Christian Berger Silver badge

      I think the term you're looking for is "cloaca".

      1. TRT Silver badge

        encraption technology

    2. EnviableOne Bronze badge
      Coat

      Depends if they are RFC 6214 Compliant Avian Carriers ....

  23. Krack73

    Telegram

    I use the great Telegram app to organise our monthly pub meets. Does that make us terrorists. No I think not.

    Terrorists will use what ever they can find for their crazy keys blow shit up propaganda nonsense.

    TM just so ill informed about all three hundred of other apps out there, everytime she's on the TV saying how we (government) need more control and powers over the people. No thanks TM you mad hatter.

    Everyone have a great Friday. Have a beer the weekend is here.

    1. Teiwaz Silver badge

      Re: Telegram

      I use the great Telegram app to organise our monthly pub meets. Does that make us terrorists. No I think not.

      Probably makes you suspect though (not 'a suspect', but suspect - you might be hiding something an attentive officer of the law might get a promotion out of).

      Terrorists will use what ever they can find for their crazy keys blow shit up propaganda nonsense.

      A truly great definition of 'Terrorist' - for a dope addled surfer-dude.

      A terrorist is only a terrorist if you don't agree with their aims/idealogical position/demands - otherwise the label tends to be 'freedom fighter'.

    2. Anonymous Coward
      Anonymous Coward

      Re: Telegram

      Does your pub meet include calling people infidels and planning to blow shit up in the name of religion?

      If so then you may indeed be a terrorist, it's best to check these things.

      1. TimB

        Re: Telegram

        No, you're thinking of the Friday night LAN party on Civilization night.

  24. T. F. M. Reader Silver badge

    Metadata

    I keep wondering if there is any messaging application that a) does not store even encrypted contents or metadata after delivery (or timeout), b) encrypts the contents and the recipient's details between the sender and the server with a one-time key shared with the sender, c) introduces a random delay to thwart correlation analysis, d) pads the contents to prevent tracking by size (may be superfluous with encryption, but let's keep it in the list), e) re-encrypts the contents and the sender's details with a one-time key shared with the recipient, f) does not keep either the plain text or the encrypted content or the one-time keys or any logs after delivery, g) by default disallow (if possible) synching/backing up to "the cloud".

    This will make it so much more difficult for the alphabet (isn't there a company called that?) soup agencies to do metadata analysis. Their remaining options will be restricted to intercepting at the server (or MITM to fake the key exchange), and that will hopefully be restricted to the provider's country of origin and will not give them access to the past history for at-will exploration.

    Most of all, I wonder if there may be a business case for such a system (beyond being financed by the next OBL). Not obvious, given that it will be more complex, presumably more expensive to operate, possibly somewhat more cumbersome to use than WhatsApp.

    1. Graham Cobb

      Re: Metadata

      Bitmessage had some of those attributes. Its big downside was that it didn't scale as it effectively broadcast every message to every recipient as it has no idea who the destination was (if you could decrypt the message you must be the intended recipient).

      I don't know if the bitmessage network is still running. It was an interesting experiment.

  25. Pinjata

    "She then threatened to use her pulpit to apply social pressure: "No-one wants to be known as 'the terrorists’ platform' or the first choice app for paedophiles.""

    Not sure May get how the world really works. Pedos are like canaries in a coal mine, if it's safe for them to use then it's safe for the rest of us as well.

  26. Anonymous Coward
    Anonymous Coward

    Licensing of Operators

    There is no sanely manageable way to have encryption with a magic back door.

    So this is all headed ultimately in the direction of licensing, just like telcos are licensed. You want to offer a service and collect revenue? Gonna have to respond to warrants or have your revenue streams cut off at source and your domains blocked.

    The Chinese have their great firewall. Everyone else is headed that way too eventually so that they can wield that kind of stick.

    1. Graham Cobb

      Re: Licensing of Operators

      Except that the bad guys (terrorist groups, mafia, etc) have no need of collecting revenues for the service. So, they don't need a licence.

      So, as always, the proposed restrictions just prevent safety for good guys and leave the bad guys untouched.

  27. Colin Tree

    side door

    Think laterally.

    The best backdoor to encryption might be social engineering.

    A backdoor to encryption is a side door.

    Criminals often exploit this weakness.

  28. LDS Silver badge
    Facepalm

    May should ask the Ministry of Magic

    Maybe someone at the Department of Mysteries could come up with a solution. Don't count on Potter, though, he never liked to study enough. Ask Granger. And maybe exchange May with her.

  29. Simon Harris Silver badge

    Short memory

    Has she forgotten the TSA lock debacle already?

    The locks with a 'backdoor' skeleton key so the authorities can examine your luggage, but thieves can't get into it. Except someone published pictures of the skeleton keys and now anyone can make copies, rendering them useless.

    How does she think backdoor decryption keys will be different?

    1. JohnFen Silver badge

      Re: Short memory

      " now anyone can make copies, rendering them useless."

      Yes. Plus, those locks never protected your stuff from the thieves in the TSA itself, so they were always of limited usefulness.

  30. charlieboywoof

    quick version: tech in business: good; tech in society: bad

    ALL:YOU:NEED:TO:KNOW

  31. Milton Silver badge

    Canute lives!

    Politician: "I want it."

    Adult: "It is physically, mathematically impossible."

    Politician: "I want it!

    Adult: "Quite literally, what you ask cannot be done."

    Politician: "I WANT it!!"

    Adult: "Look, there are maybe 10,000 real experts on this subject, and all of those not employed by government or security services—i.e. who can speak honestly—will say the same: it just cannot be done."

    Politician: "I want it!! I WANT it!! I WANT IT IT!!!"

    Adult: Here's my resignation letter. Have you ever *actually wondered* why the voters think you're a bunch of immature, dimwitted children?"

  32. Anonymous Coward
    Anonymous Coward

    Step one

    Supply a Britain Secure email service {BritSem} British Secure Email, using a single server set, for individuals and business to avoid fishing and snooping,

    Step two

    Supply business secure level encryption for delivery of email and products to customers and customers to communicate with business

    Step three

    Persuade the Five eyes partners to do the same, allowing transfer of email between said Secure email server sets using approved encryption.

    1. Sir Runcible Spoon Silver badge
      Paris Hilton

      What for? Your post lacks a context.

    2. HieronymusBloggs Silver badge

      "Step one..."

      ID+IOT: nominative determinism or troll? Amusing either way.

  33. Anonymous Coward
    Anonymous Coward

    Please provide me with a list of the cryptographers

    brilliant! sadly... it's a politician's way "f... you sir!", and the recipient knows it, so it will come to nothing :/

    and even if the answer is provided, it will be in line with "in the line of national security", and the matter is not important enough to grill through the (probable) truth that the cryptographers providing advice to FBI (if any ;) are their own...

  34. Pascal Monett Silver badge
    Thumb Down

    "meeting these fundamental social responsibilities"

    The fundamental social responsibility of government is protecting its citizens, not snooping on them.

    Keeping the peace means feet on the ground, visible police presence by affable and polite constables always ready to help while keeping an eye out for shady behavior.

    It is costly, doesn't catch everything, but it is civilized and respects the privacy of the innocent.

    It was once said : "I prefer to let a hundred criminals free rather than jail a single innocent".

    My, has time flown by . . .

  35. Milton Silver badge

    And that Genie ...

    The ignorance and stupidity of politicians aside, I return to the Genie—who cannot be returned to the bottle. Even if every mainstream encryption app could be compromised somehow (and therefore would no longer be used by anyone, of course), you cannot un-make the mathematical knowledge and algorithmic techniques to execute seriously tough encryption. There is basically nothing to stop any competent programmer knocking up some code, in almost any language, to encrypt data on a device. It's pretty unlikely that even quantum computing will be decrypting today's best encryption if executed properly with sizeable keys (and since the "imminent apocalyptic terrorist attack" bullshit so beloved of imbeciles who watched too much 24 is the usual inane justification, even decrypting the data as quickly as a month later is of little use).

    Add good stegnogaphy*¹ to the mix and it is just moronic to think that serious bad actors will be much hampered by prohibiting e2e encryption apps—even if you could.

    So why do the security services keep misleading gullible politicians? For they must know (a) that they are lying about backdoors, yet (b) keep on lying anyway.

    I can only assume that aside from the usual empire-building budget-tumescing nonsense beloved of such people, this is about sheer laziness. The hard slog of humint, infiltration, shoe-leather intel gathering, hearts-and-minds ops, training and employing enough translators, learning about other regions' cultures and habits, using diplomacy and softpower to get what you want—perhaps it's all too difficult, when you delude yourseelf into believing that the computer can do it all for you? I do wonder what degree of self-delusion goes on in places like Babylon on Thames ... and perhaps more so at places like Langley. Judging by the apparently rotten advice they give to the political nincompoops, perhaps they are neither as realistic nor as practical as we'd imagine.

    *¹ Whatcha gonna do? Ban everyone from posting poor quality cat photos? Over 2,000,000,000 (yup, two billion) photos posted every day? Any idea how much hidden messaging you can stuff into even a fraction of that?

  36. unwarranted triumphalism

    Well my job is going to become a lot more interesting

    Currently working on government IT... for which the security rules say we must use a VPN with strong encryption... which we can't because encryption bad.

    I guess that means an end to remote access over VPN...?

    1. Sir Runcible Spoon Silver badge

      Re: Well my job is going to become a lot more interesting

      It's pretty hard to understand how they can keep coming out with this bollocks when they must be being told quite regularly that it can't be done.

      Something else is up - I'm not thinking 'Magic thinking' I'm thinking 'Magic distraction'.

  37. bwright72

    Intel have already done this for them... what's the problem

    I don't know why the PM is still banging on about this - Intel have done it for her, allowing them to read the memory of any device at will...

    1. ibmalone Silver badge

      Re: Intel have already done this for them... what's the problem

      I don't know why the PM is still banging on about this - Intel have done it for her, allowing them to read the memory of any device at will...

      Well the problem is they didn't do it for her, so now we need our own solution. What would be better would be if all the governments of the world (USA, UK, Russia, China, Burma, North Korea, Syria, Iran, Yemen, South Sudan, Venezuela...) would sit down together and agree on a common backdoor to spy on their citizens so we don't have to keep replicating the effort. It can't be that hard.

      1. Sir Runcible Spoon Silver badge

        Re: Intel have already done this for them... what's the problem

        The perfect solution!!

        Tell them it can be done, and then get them to set up committee's etc. with all the 'agreeable' countries in the world in order to come up with one standard approach.

        Stand back and let them get on with it. Keep telling them that we will come up with the code once they have agreed on the requirements. It'll never see the light of day again.

        Also, it's a gravy-train the could be ridden forever. Why aren't techies more corrupt and self-serving*?

        *Started out as a question but then I realised that this is the first line of a joke, the punchline to which is obviously 'because then they would be politicians'.

  38. misterinformed

    National key storage

    How about this for a compromise: when two endpoints A & B negotiate a shared encryption key, make them use 3-way negotiation, between A, B and K where K is a national key storage facility which stores keys for a limited time and releases keys to security services following a suitable legal process.

    By "3-way negotiation" I'm presuming it's possible to securely generate a key known by 3 parties but not by eavesdroppers.

    I'm not advocating a facility to record the data (encrypted or unencrypted), just to record decryption keys (for a limited time) for cases when the security services already have wiretapped data for which decryption is likely to be in the national interest.

    This is a compromise to privacy, and safeguards would need to be in place such as publishing the number of key requests, but it's better than forcing all encryption to have back doors, which any attacker could use.

    1. Anonymous Coward
      Anonymous Coward

      Re: National key storage

      Escrow key systems already exist (and they are essentially backdoors) - just they are not deemed secure. There's also the problem - who process and stores the keys? - especially when the communication are trans-national.

      1. Sir Runcible Spoon Silver badge

        Re: National key storage

        You would also have to make *all* other types of encryption illegal and make people all over the world stop using their own code.

        Not sure that works to be honest :P

    2. cadders
      Joke

      Re: National key storage

      Hold your horses with the downvotes here, misterinformed might actually be on to something

      Let's take this, or a similar idea and run with it.......

      First of all we set this up as a Government IT project.

      Let's give the contract to oh I dunno, Crapita?

      We give them a deadline of five years to deliver something.

      That should buy us at least a decade before anything actually happens because of course, and even if they do come up with something it will be guarenteed not to work properly

      Also by the time we start to see any results a few things will have happened

      Technology will have moved on and may have rendered the whole project irrelevant

      The current nutters in charge will have forgotten about it and will have moved on to the next hobby horse they think will grab them votes

      There will have been a general election or two so the government of the day could easily gain popularity by scrapping the whole thing as being years late and massively over budget

      Of course I'll happily volunteer to lead the project in return for substantial remuneration. I could do with the retirement cash

      Surprised nobody else has thought of it........

  39. Tigra 07 Silver badge
    FAIL

    So to translate...

    "She then threatened to use her pulpit to apply social pressure: "No-one wants to be known as 'the terrorists’ platform' or the first choice app for paedophiles"

    Give us a magic backdoor or we publicise that you're helping criminals and paedophiles whenever a crime happens, whether it's related to your service or not.

    Theresa, go back to doing whatever it is you do best (I genuinely don't know if there's anything on that list).

    1. TimB

      Re: So to translate...

      Spouting bollocks to try and forward her agenda of a totalitarian police state? That's pretty much what she does best.

    2. Anonymous Coward
      Anonymous Coward

      Re: So to translate...

      >Theresa, go back to doing whatever it is you do best (I genuinely don't know if there's anything on that list).

      Running through fields of wheat perhaps, or maybe just the girl jobs around the house?

      1. Teiwaz Silver badge

        Re: So to translate...

        Running through fields of wheat perhaps, or maybe just the girl jobs around the house?

        I know the original wasn't fields of wheat, but you've just given me the visual image of the most bizarre 'Little House on the Praire' remake ever....

  40. imanidiot Silver badge

    NO IT IS BLOODY WELL NOT!

    "Simply put, electronic surveillance is extremely useful for figuring out what those who would seek to cause harm to a country are up to."

    Time after time with all recent events it's been shown "those who would seek to cause harm" are well aware of the possibility of being tracked. They communicate face to face, they communicate through 3rd parties. They communicate in their own code. They communicate through written word delivered through a (to them) trusted 3rd party.

    Bombing cell phones with Predator drones in recent times has made "terrorists" (though recent data suggests "we" might be bombing more innocents than proper targets) very wary of using a cell phone to begin with. How is putting in a backdoor in a messenger app going to help if you've already made your target afraid to even touch ANY phone to begin with!

  41. Anonymous Coward
    Anonymous Coward

    Human nature has a basic trait of passive "wishful thinking" for something to solve problems that frustrate them. There is possibly a correlation in an individual with their degree of faith in an organised religion.

    1. Sir Runcible Spoon Silver badge

      I'm glad you caveated your last statement with 'organised' religion.

      1. Anonymous Coward
        Anonymous Coward

        "I'm glad you caveated your last statement with 'organised' religion."

        An individual person's personal expression of their spirituality is their business - as long as it does not entail deliberate harm to others. Once it becomes a hierarchical organised religion then it quickly tends to become a tribal vehicle for those seeking power over others.

  42. Anonymous Coward
    Anonymous Coward

    From the "party" that shares passwords.

    Seems to be put up so the walking dead can blame those "in a job in the computers" ("not a proper job, though, is it?").

    If the dumb ass wanted some leverage she would have been banging on (and on) about the need for "us" "all" to have an online identity that cannot be repudiated or falsified.

  43. Julian 8

    Shall we try putting into terms they may understand

    you have your secure emails / accounts that only you can see - secured

    you have your secure crtypto key

    However, you need to give the police and whoever else a crypto bypass so they can go in and look when they feel like it

    Now stop anyone else from either accidently getting the crypto bypass or working out how to create their own version and stealing all the emails / money

    Of course, that is without there being initial errors in the crypto code making it easy to break (WPA)

    translated for politicians

    As a government you need to put all your money into a safe location... say a safe

    You have your key

    However, you need to give the police and whoever else a skeleton key so they can go in and look when they feel like it

    Now stop anyone else from either accidently getting the key or working out how to create their own version and stealing all the money

    Of course, that is without there being initial errors in the lock making it easy to break / bypass (bumping anyone)

    1. Anonymous Coward
      Anonymous Coward

      It is not possible to make all "evil" people use the same encryption.

      Good people need to be provided a safe and verifiable email service, where government and business can email employees, customers, and be known to be from the correct email address to avoid phishing and then there is reduction of snooping for advertising, curiosity or crime.

      One way is to make a secure email service {SEM} is to keep all the email on a set of exclusive servers, it would not move outside the servers to other public email servers. One logs in to it deposits email collects email and logs out as usual but it only moves within the server from known addresses to other known addresses.

      Limiting the problem of snooping and other crime would reduce the need for encryption, the government could supply a series of encryption of specific levels for usage on the email service. should the government need to access the encrypted email they would have a master key, one imagines access would be rare as it would be primarily be business email not criminal communications.

      So as generator the Gov would have a key, people would use the encryption as usual.

  44. WibbleMe

    I would suggest that the crypto key is issued by the government that is the "country of origin" where the data is sent from or stored ie. website/email from example.com would use a SSL key/cert issue by uk.gov allowing data for the .co.uk website to be decrypted by those officials that need to access the data legally. Of course, this would be have be compulsory stopping cert providers issuing certs to data providers in another country.

  45. scrubber

    Something must be done about the extremists

    They are an existential threat to our nation and have no respect for our traditions or our rights. They hide in plain sight and attack us when we least expect it. They use the media for propaganda and try to stoke up fear in the public to try to achieve their goals. They attack the public because they are soft targets, especially at places where they are vulnerable like airports. They use seemingly moderate people to push their agenda and pretend they're not as bad as they are painted or that they're not all like that and anyone who paints with a broad brush is a cynic or a bigot. The moderates try to use the police to silence voices of dissent claiming hate crimes or sexism. They want the impossible and are willing to use any means necessary to try to get it. When you get rid of one group of extremists another pops up in its place who are at least as bad as the last lot. It's enough to make you abandon the tory/labour duopoly and vote green.

  46. EnviableOne Bronze badge
    Headmaster

    Forgetting the Point

    The argument goes away when you read the UN Declaration of Human Rights (which all members must sign up to) my emphasis

    Article 12.

    No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

    So any interception or interference with Private communications is a breach of your fundemental Human Rights

    1. Anonymous Coward
      Anonymous Coward

      Re: Forgetting the Point

      "UN Declaration of Human Rights"

      IIRC Theresa May says she is taking us out of that declaration as well.

      1. Teiwaz Silver badge

        Re: Forgetting the Point

        "UN Declaration of Human Rights"

        IIRC Theresa May says she is taking us out of that declaration as well.

        The un-declaration of Human Rights....

        She's going to find herself with a suspicious invite to the Hague at some point....

  47. jont2

    Impossible? No

    So, let's look at how this could be done.

    First, a principle of security is not to rely on 'security by obscurity'. Every detail of the scheme must be open to peer review. The only secrets are keys. Obviously the scheme will have to be opt-in for manufacturers.

    OK, so here's a suggestion:

    Messages are encrypted by a secret key K. That can be a per message key, session key, whatever. Apps use existing key exchange mechanisms, whatever they want, to establish K. Our goal is to ensure K is also available to the government.

    To make K available, we could require that it be encrypted under a government public key PK, and the encrypted form shared with each message. The trouble is, who do you trust to control the corresponding government private key?

    The traditional answer to this is secret sharing. Split K into K1, K2, ... Kn shares using an 'm of n' secret sharing scheme. Any m shares suffices to recover K, any m-1 tells you nothing at all (there are established mechanisms for this, e.g. https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing).

    Now encrypt each share using different government public keys, PK1, PK2, ..., PKn. The corresponding private keys are held by different government agencies (police, courts, whatever). The bundle of encrypted shares is sent with each message.

    Approved government decryptions require cooperation across agencies. Similarly, compromising the system requires collusion across different branches of the state. It's not perfect, but as I'm sure most Reg readers already know, the security of a real-world security system isn't about the crypto, it's about the human processes that manage the system. Sprinkle on some good key management and audit practices, and it's as good as you're ever likely to get.

    And yes, I acknowledge there's significant message bloat to carry all the encrypted shares. These days, data is cheap and networks are fast.

    1. Aladdin Sane Silver badge

      Re: opt-in for manufacturers

      Any manufacturer who opts in will be boycotted by the public.

    2. Cynical Shopper

      Re: Impossible? No

      And how do you convince crims to use this encryption, rather than something secure?

  48. JimmyPage Silver badge
    Stop

    With the TL;DR caveat on comments

    surely there is an absolute fortune to be made here. It matters not a jot that unicorns don't really exists. If Theresa May is continuing to insist they do, then surely she'd be willing to spunk a few million on them.

    Don't worry about being exposed by an "expert" we all know they're biased anyway. And if one should get close, just suggest it's just jealous because they didn't think of it first.

    We could trumpet it to the world as a sterling example of post-Brexit British excellence.

    1. Sir Runcible Spoon Silver badge

      Re: With the TL;DR caveat on comments

      The gravy train exists - unicorns are a lie.

      1. Aladdin Sane Silver badge

        Re: Unicorns

        We have faith that they are pink; we logically know that they are invisible because we can't see them.

    2. Uncle Slacky Silver badge
      Thumb Up

      Re: With the TL;DR caveat on comments

      Where's that guy who sold novelty golf-ball detectors as explosive detectors to the Iraqis for $$$$? Get him on the case!

  49. ibmalone Silver badge
    Joke

    So many comments here lacking that can-do attitude we need. I am working on a solution based on blockchain and would welcome early investors to make it a reality.

    1. Sir Runcible Spoon Silver badge

      I would put money on it that if you went to TM with a proposal and your hand out for cash she would see through it because she *knows* it's impossible.

  50. Cynic_999 Silver badge

    I'm in favour

    But first, I think Ms May should quadruple the NHS budget, triple the spend on our military, make all UK electricity generation free from greenhouse gas emissions, become completely independent of fossil fuels, and get the unemployment rate down to under 5%. While decreasing taxes across the board.

    After all, there are enough bright economists and brilliant politicians in the government that they could surely achieve all that if they put their minds to it?

    Only then should we turn our attention to the less important stuff such as making backdoors in encryption algorithms that will only work for the pure of heart.

  51. Tessier-Ashpool

    Bag. Cat. Out.

    Smell the coffee, Theresa.

  52. Sir Runcible Spoon Silver badge

    Data Value

    It is sensible for any person to safeguard data directly in relation to its value.

    When the TLA's were going after* actual criminals/terrorists etc. most everyone else thought that 'their' data was worthless and took little to no steps to safeguard it.

    Now that everyone knows all the governments and shitty companies want their data soooo badly that it *must* be worth something, so are now taking steps to secure it accordingly.

    Why is this so hard for politicians to understand? No matter what they do, there will be a reaction to it, and the technical world can respond to their inane bullshit a lot faster than they can come up with it (and get it into law).

    When they come up with a way to 100% copy protect films/games etc. we might have reached a point in human evolution where we could re-visit some of these assumptions about cryptogrophy, but if you want my advice: don't hold your breath.

    *Well, before everyone discovered what they were actually collecting.

  53. aliceklaar?
    Mushroom

    Finger etc on the button

    It is fairly easy to put somebody's finger / iris on a scanner. Even if they have become recently deceased in custody etc

    If I have memorized my encryption passphrase then its going to need a $5 wrench ( https://xkcd.com/538/ )

    or Regulation of Investigatory Powers Act 2000 .c 23 Part III Power to require disclosure Section 49

    or an orange jump suit with a towel & some water.

    As for backdoors - I once wrote an simple program that embedded the password into the header of the file that was encrypted. Obvs this was so we could recover the file when the user forgot his the super sekrit password.

    As for metadata... Maltego is still my professional friend

    From Register archives - FUD flies as Raytheon reveals social media analysis tool

    My comment still applies re "privacy" - Its only a Secret if you don't tell anyone https://forums.theregister.co.uk/forum/1/2013/02/11/raytheon_riot_privacy_hyepgasm/#c_1725101

  54. Craigie

    They do not need it, they only want it

    Metadata is plenty enough for them to get suspicion and move from there to actual work (surveillance).

    Who on earth would be stupid enough to actually use 'sensitive' keywords in their messages if they were actually planning something anyway? It will all be aliased and so keyword scanning would provide nothing. Government just wants to look like they have an answer and look like they are 'doing something' but at the same time not actually spend a huge amount of money.

    1. Teiwaz Silver badge

      Re: They do not need it, they only want it

      You had me up to but at the same time not actually spend a huge amount of money

      As long the politicians can spend as little of their own and claim the rest as expenses, Tax money is there to be frittered away to ensure executive board seats at retirement...

  55. CheesyTheClown

    I’ll do the it!!!

    Writing insecure crypto is easy. I have a great derivation or ROT-13... I call it ROT-29. I wrote it with my friend John Veiler... we were considering calling it Rot-Veiler... but it sounded silly.

    Now, if we will ever have secure crypto... with a back door. We first need military intelligence, open secrets, jumbo shrimp, and a few dozen more oxymorons.

    Encryption by its very definition cannot contain back doors. It is mathematically impossible. Not like “I have a theory about Brangelina’s breakup”. But as in the mathematical theorems have not been discovered to allow something known to be breakable to be called secure.

    I suppose, I’m the U.K., the people have never had to be concerned with government corruption, corrupt policemen, etc... but in the rest of the world, we use encryption to protect the innocent... quite possibly from their governments.

    Unfortunately, that places a greater burden on the government when protecting the innocent from the dangerous, but what’s the point of protecting people from the bad guys if your only goal is to remove their liberty?

    In addition, there is no possible way to block people from using encryption. So, if you keep the good people from using it, it won’t help with the bad people.

  56. Anonymous Coward
    Anonymous Coward

    Why?

    Why do we need to "protect ourselves" more than we currently do? The world hasn't fallen down, terrorism is no worse than it ever was, and more information is being made publicly available. Does anyone believe that we are worse off now than say 15 years ago when you were lucky if you had a bebo page?

  57. Daggerchild Silver badge

    Leadership

    I think this is an excellent opportunity to lead the way in responsible encryption.

    Governments that want to make people use crypto with a secret back door should implement this on their own systems first, just to demonstrate their confidence in the technology.

    Strong and Stable.

  58. Iain 14

    Magical Thinking

    "The insistence by political leaders and prosecutors that there is a way to both have a backdoor and not have a backdoor has been put forward so frequently that experts have even come up with a term to summarize it: magical thinking."

    Isn't there already a term for it? "Cognitive dissonance".

    Just wait for those grapes to turn sour...

    1. HieronymusBloggs Silver badge

      Re: Magical Thinking

      "Isn't there already a term for it? "Cognitive dissonance"."

      Doublethink.

  59. elgarak1

    Two possibilities.

    1) She's ignorant as fuck. Cannot exclude this, given what she's done and said so far.

    2) She's evil, understands cryptography, and pushes on knowing full well what it will do (not solving crime or catch the really bad guys, but giving away any privacy of normal folk. Could come in very handy).

    1. John Sanders
      Holmes

      >>> 1) She's ignorant as fuck. Cannot exclude this, given what she's done and said so far.

      This one, if you have any doubts just check what she and her party did on the last election.

  60. Uberseehandel

    Mrs May is TAPS (thick as pig . . . )

    Traditionally, anybody truly desperate to go to Oxford applied to read Geography. There was a mechanism whereby those new students enrolled in an overly large Geography intake had a few weeks to apply to another department for a transfer. Mrs May neglected to do this.

    On graduation, the same mediocre Geography graduate ( a second) decided on a career in the city. At this time, the least desirable jobs for high flyers in the city were in financial PR and the Bank of England, somebody had to be really unimpressive not to find a starter job in a merchant bank of a big brokerage (separate at the time).

    She is Prime Minister and she still believes in fairies and "back doors". Isn't there a single person in No 10 who can explain that this kind of secret cannot be kept secret?

    1. dew3

      Re: Mrs May is TAPS (thick as pig . . . )

      "Isn't there a single person in No 10 who can explain that this kind of secret cannot be kept secret?"

      You have probably never worked for a medium/large company, or government, or at least have not had to deal directly with very senior management/officials.

      PM May almost certainly has no one who reports to her, nor anyone who reports to her reports, with any crypto background, and possibly no one with any hands-on tech background.

      Some outsider or low-level functionary who comes in with a claim like that is easily dismissed, as obviously boffins find solutions to previously impossible problems all the time, so how can it be true? Anyone who disagrees is not a "team player", so all those direct and second-level reports nod their heads wisely in agreement, and the claim is ignored. Happens all the time. Hans Christian Anderson even wrote a story about that "team player" managerial mentality, called "The Emperor's New Clothes".

      1. Uberseehandel

        Re: Mrs May is TAPS (thick as pig . . . )

        All your assumptions about my experience and who/what kind of organisation I have worked for are wrong.

        Just except that Britain is uniquely ill-served by its Prime Minister. Would Canada's PM or France's President made such a basic error?

  61. unscarred

    Am I missing something?

    OK, here's my simplistic view of a solution, I'm sure someone will be along in a minute to tell me why I'm wrong.

    Let's say you run a secure end-to-end encrypted messaging service like WhatsApp.

    The 'good guys' come to you with a proper court order or warrant saying you have to let them listen in on messages sent to or received by user1234.

    You send a software update to that user's phone that silently adds a backdoor to their encryption, and from then on send the decrypted messages to the 'good guys'.

    Obviously, it doesn't work for messages prior to the court order being served, but that shouldn't be a problem.

    What else am I missing?

  62. Marcus Fil

    Codes not ciphers [..or OFFS not again!]

    The kitten has a hairball stuck and needs to see the vet.

  63. Anonymous Coward
    Anonymous Coward

    Free postage

    Here's how I control my worldwide team of l33t agents.

    I setup an Ebay shop called hollow_volcano selling widgets and other crap. I use stegnogaphy to implant my messages into some of the shop photos. When agent-X decodes the message he uses a dead drop to get disposable_agent-Y to order some widgets.

    Five blue and five red widgets means agent-X is available but five blue and five green widgets means that he is not. (other colour codes are available)

    mwahahaha!

  64. Anonymous Coward
    Anonymous Coward

    Time to fix the real problem

    People keep trying to elect politicians that don't like or spew BS out their mouth when they open it.

    Time to elect retired farmers and techs into politics. Clearly career politicians are to stupid and commonsense has been bread out of them.

    1. Charles 9 Silver badge

      Re: Time to fix the real problem

      I think the problem behind the problem is that the only people who are willing to go into politics are the kind of people only in it for themselves. IOW, sociopaths. Anyone else wouldn't have the faintest interest and instead have other plans. Any attempt to draft politicians out of the populace thus runs into the familiar retort: what about my business/crops/whatever?

  65. elgarak1

    Here's the thing those politicians do not understand: It is possible for anyone to employ secure, effectively unbreakable, encryption. If one is about to do serious crime, any law to require 'breakable encryption' will be a lesser one to break, so the criminal does not care about that.

    Hence, you as a politician CANNOT make an argument that such a law is required in order to fight crime. It won't work. The ones you argue to try to catch you WILL NOT be able to catch this way. You DO NOT have a rational argument for it. The math for such encryption is out there. The genie's out of the bottle.

    Stop using this argument. Stop demanding the impossible.

    Because, if you do not stop to make that argument, you either reveal yourself to be ignorant, or evil/autocratic/dictatorial/un-democratic.

    1. Rob D. Bronze badge

      Probably just as well May didn't demand any of that in the speech (according to the transcript referenced in the article). Past history of relative lack of knowledge notwithstanding and even if these things may yet appear in future speeches by this or other politicians, neither that argument nor the subject of encryption, nor cryptography, nor digital comms security actually appear in the speech.

    2. elgarak1

      To beat this dead horse another way:

      Politician/High LE Official: "There are devices and apps out there with encryption we cannot crack! Stop making them!"

      So you KNOW unbreakable encryption is out there. HOW ON EARTH CAN YOU EXPECT BAD GUYS TO STOP USING IT? Just because you tell them?

      So it's clear you want to have it not to catch bad guys. Ergo, you're evil. Undemocratic. Fascist. Autocratic. Tyrannic. Take your pick. Do you expect to win elections this way? Or that you can spy on the ones you want to spy on? That is, us. The nerds. The ones who know. Who speak up. Who resist. Who will not elect you even if hell freezes over. Who will continue to use and develop safe software and devices. Safe from criminals. Safe from you.

      Give it up. You have lost.

      1. Anonymous Coward
        Anonymous Coward

        "So you KNOW unbreakable encryption is out there. HOW ON EARTH CAN YOU EXPECT BAD GUYS TO STOP USING IT? Just because you tell them?"

        Just detect its use or it's seeming thereof and bust them that way. It may be unbreakable, but it's still not UNDETECTABLE. If there can be a provably unbreakable AND undetectable encryption system that gets released to the public, then civilization as we know it is probably doomed.

        "Do you expect to win elections this way?"

        Can, will, AND HAVE. You underestimate the stupidity of the average citizen/subject.

        "Give it up. You have lost."

        No, YOU give up. There aren't enough of you left to matter.

  66. Spangle

    I was under the impression that the current strategy was to compromise the device. Which will be a lot easier with the manufacturers/ service providers assistance. All that bloatware on your phone slightly modified with a backdoor. No mathematical problems. And when the draft legislation becomes live, it will be the law that your service provider supplies that functionality.

  67. oral_suspension

    You're missing the point

    May may be technically illiterate but she is fully aware of the impossibility of what she is demanding. And that is not the point. This is a political strategy

    This gives the government and security services a way of denying responsibility whenever bad and scary things happen (terrorist attacks, organised crime, cybercrime, etc.)

    It stokes the fear of these bad and scary things, thus broadly justifying current (and future) surveillance programmes and crucially whatever other increased powers they think they may be able to get (suspension of habeas corpus, detention without trial, etc, etc, i.e. whatever is coming in the next national security bill).

    It can be used as a distraction from things which they would rather the public does not notice.

    And, as they will (probably) never force tech companies to provide the proposed backdoors and crypto is not going away, they can use this ruse at any time for the foreseeable future.

    Technically it looks moronic. Politically it is a workable (if morally dodgy) strategy.

  68. Rob D. Bronze badge
    Stop

    Clickbait headline? Surely not.

    Does it matter that according to the speech transcript, the words 'encrypt' or 'encryption' or 'cryptography' were not mentioned once? Or that the words 'security' or 'secure' were never used in the context of digital communications?

    The standard exhortation to big tech to 'do more', the invocation of AI with a slight tone of awe, and the phrase, "just think of the children" (almost), all appeared in the speech and since the politicians really haven't got a good track record on this area a healthy skepticism is valuable.

    But the headline and content demonstrated more about assumed content suitable for generating online hits rather than thoughtful reporting and analysis. Maybe I was expecting too much.

  69. This Side Up
    Big Brother

    Back door and not back door

    "... there is a way to both have a backdoor and not have a backdoor ..."

    No problem.

    Just don't open the box.

  70. Anonymous Coward
    Anonymous Coward

    Lesson of History

    When Station X systematically cracked Engima, they kept it quiet for around 25 years. During that period of time a Swiss company sold an updated Engima until the mid/late 1960's. All encrypted messages were decipherable.

    In the early 1990s military grade encryption was 8196 bit PKI, in twenty + plus years we are still using 2048 bit encryption, cpu processing performance has improved but security standards have not.

    A case in point while do all Firewalls come with some form of DES encryption, what is worse that someone people actually use it.

    Just because the PM stands and wants encryption backdoors does not mean that GCHQ actually need them, the police might however.

    1. John Sanders
      Facepalm

      Re: Lesson of History

      The problem is that once the Police have them, it would be very convenient for HMRC, the local Council to have a copy, and once we get to that point, we end with the same disaster that happened to Symantec PKI infrastructure, every man and his dog will have a copy of the root CA.

      1. Asterix the Gaul

        Re: Lesson of History

        ALL government Departments,local or central, have existing sweeping powers to access all the data they ever need on all of us.

        It's called, 'CONNECT', which links all departmental data on every individual accessing government services,local or centrally,as well as utility,banking,telephone,broadband,emails, doctors,hospitals et'c.

        East Germany before unification had nothing like what your 'democratic' government has by way of 'exploit' tools at it's disposal.

        You don't think that GCHQ is there for our benefit do you?

        I haven't even got round to the 'military' tools used by 'your' government.

  71. hellwig Silver badge
    Big Brother

    Cyphers

    Correct me if I'm wrong, but people have known how to secretly communicate in the open for a long time now. Blanket keyword searching only catches people stupid enough to use the keywords.

    A message about grandmas oatmeal cookie recipe could easily be code for some nefarious plot, but good luck detecting that with your fancy AI that can barely read a Wikipedia article.

    Heck, the AC posts on this site might actually be some underground terrorist organization plotting their next attack.

    1. Charles 9 Silver badge

      Re: Cyphers

      "A message about grandmas oatmeal cookie recipe could easily be code for some nefarious plot, but good luck detecting that with your fancy AI that can barely read a Wikipedia article."

      But you have to establish the code beforehand (First Contact problem), raising the possibility of moles. Unless you can demonstrate a zero-knowledge code.

      1. hellwig Silver badge

        Re: Cyphers

        True, so recruiting people online from other countries might be hard, which is where traditional methods of contact come into play (phone, post, pigeon, all the P's), and why these security agencies still need to do the old-fashioned leg work.

        Basically, if I was fighting against the "western powers", I would already not trust the technology they produce.

        1. Charles 9 Silver badge

          Re: Cyphers

          "Basically, if I was fighting against the "western powers", I would already not trust the technology they produce."

          Trouble is, no other power is any cleaner. You're basically painting yourself into the dreaded DTA corner, since you can't even trust YOURSELF to do it right, either.

  72. John Sanders
    Facepalm

    >>>"We need cross-industry responses because smaller platforms can quickly become home to criminals and terrorists, "

    No, we need to stop both importing and them breeding them here.

    But it is easier to burden the law-abiding citizens who just shrug and behave like the good obedient cowards that they are isn't?

  73. spellucci
    WTF?

    How Hard Can It Be?

    Not original, but I cannot find the original author:

    If we can land a man on the moon, surely if we put our minds to it we can land a man on the sun.

    1. allthecoolshortnamesweretaken Silver badge

      Re: How Hard Can It Be?

      There's an old soviet joke along those lines...

      After Gagarin's flight, the politburo considers sending a cosmonaut to the sun. When Korolev politely and diplomatically suggests that the sun's immense heat might represent a bit of a problem, they tell him "Comrade Sergei Pavlovich, the politburo is not made of out of idiots. The cosmonaut will fly at night, of course."

  74. Anonymous Coward
    Anonymous Coward

    She'll be asking for a backdoor for quantum encryption next....

  75. Supa

    May's wide open backdoor

    She wants to break encryption, because she took the batteries out, rubbed them together in her hands and put them back in and it never worked!

    It's obvious that the government want to break encryption, then they can add it to the list of everything else they have broke in the UK.

  76. Jonathan 27 Bronze badge

    I'm willing to head a team to develop this new magic encryption technology. We'll need complete autonomy and £200,000,000.

    P.S. Who wants in on the scam?

    1. Uffish

      Scam

      There was a scam in France involving a multinational oil company and the French President (who was of course proven by a specially convened parliamentary commission to be completely innocent). It was something to do with a plane being equipped with devices to detect and map oil deposits deep in the ground. The scam lasted for four years or so and cost millions.

      Like backdoors, the whole sorry story was first a rumour, then a coverup and finally (almost) everything was published.

    2. elgarak1

      Only if get, in writing, a waiver from any liability.

  77. Jon Smit

    She only wants a WotsApp backdoor

    So she can check up on what Boris is up to on his sekrit group.

  78. Dr Don

    Remedial Mathematics Lessons

    Dr Don

    Yet again our mathematically challenged, technologically illiterate, over promoted geography teacher of

    a Prime Minister demonstrates that she is in dire need of some remedial mathematics lessons.

    This is also true of our beloved Home Secretary, Camber Crud, Oop's I got that wrong its Amber Rudd.

  79. JaitcH
    FAIL

    MAY - Still Dumb After All These Years

    As Home Secretary this ignoramus was responsible for the GCHQ to Parliament. One of her pet pursuits was "backdoors" and the 'need' for them.

    Obviously neither time nor promotions has taught her anything but, as the Peter Principle goes, "managers rise to the level of their incompetence".

    Thank goodness her next promotion is ignominy and a fade to black.

  80. steviebuk Silver badge

    Same old

    She's an idiot if she doesn't think that once she creates (which will never happen) a backdoor in big apps or small apps. The terroist will just make their own end to end encrypted apps that they won't be able to control.

    Clueless MPs as always.

  81. Anonymous Coward
    Anonymous Coward

    I raise you a Japanese Character Cipher

    A little late to the party on this one, but...

    https://github.com/Jigsy1/JCC

  82. Rob D. Bronze badge
    FAIL

    Congratulations

    To the stream of commentards on here about what May was supposed to have discussed but that she never actually raised in the speech in Davos - namely anything to do with actual encryption or even secure communications. Everyone is cordially invited to the 'Trust Everything I Say, My Story Is About Something You Already Believe' club.

    It's a shame that dog-whistle stories headlined like this can draw such a credulous following into the echo chamber.

    For those who remain convinced it is implausible that a politician isn't guilty of the folly they are charged with, even if they or their colleagues have previously been guilty of it in the past, feel free to go and read the actual speech transcript referenced in this article. Who knows, maybe the situation is improving a bit here (a vain hope which no doubt will last until the next speech on the subject from a government minister).

    1. oldrusty
      Thumb Up

      Re: Congratulations

      Yeap her speech didn't even broach on the subject of Cryptography but as an earlier poster already pointed out the answer is still "No!" not unless you want anarchy, encryption is the clue that hold's it all together & stop's bad people from doing bad things. Digital Signage is crucial and at the moment it's undergoing some much needed radical change. "We shall not be moved!" after all you have to capture packets with a packet capture driver and a proper firewall on your computer in the first place, if your goal is catching bad guys and bad code - doing bad things.

    2. HieronymusBloggs Silver badge

      Re: Congratulations

      "never actually raised in the speech in Davos - namely anything to do with actual encryption or even secure communications"

      She mentioned Telegram specifically. What aspect of that service other than encrypted communication would she have been referring to?

  83. something_or_another

    Just sprinkle on a little pepper.

    They'll just push everyone to become a little more creative.

    Take GPG. Shuffle the cipher text in a manner than the g-men would have to take into account. For instance, encrypt it several times, with different Algos, then remove the GPG header footer from the final cipher (that means they have to account for all the various GPG/PGP headers) ... then have a script that'll omit any line that contains an "=" or is less than x # of characters. Take the remaining lines, you + recipient agree on a daily changing pepper, and shuffle the remaining characters with it. Say today's #s are 3 and 8 .... run the script to swap every 3rd character line with every 8th. Sure, you'll/they'll get a CRC error, but they'd have to solve for all the shuffling 1st....and how long will that take, assuming that they don't have quantum computers cracking it? Then they'll have to solve all the different layers.

    Why do they think that we can't solve for that? Remove a line, post that line, encrypted, elsewhere. There are plenty of ways around compromised crypto, if you're not lazy. Time would not be on their side.

  84. Anonymous Coward
    Anonymous Coward

    May's government has killed more vulnerable people than ISIS ever will. If anyone needs monitoring its May and her cronies.

  85. Anonymous Coward
    Anonymous Coward

    Unbelievable

    I cannot believe the crass stupidity of both Theresa MAY & Amber RUDD.

    This from a so-called, Prime Minister that calls out Jeremy CORBYN as one who reaches out to the, 'Magic Money Tree' to 'solve' ALL our problems.

    They,MAY-RUDD are too stupid to acknowledge that were companies to code a 'backdoor' into their products for government agencies to exploit, not only is it counter-productive,but government-criminals the world over would access such codes to exploit that same software in government & commercial computer systems.

    Do they honestly think that people are as stupid as they are?

    People will simply NOT use such software that they have no trust in,such companies would be tainted forever at great cost,even Bill GATES can recognise that FACT.

  86. Shane 4

    Idiots

    All politicians should be made to live in glass houses, So they have no privacy at all.

    Hopefully then at least one of them might have a working brain cell to see the problem.

    What next?

    How about a compulsory RFID tag under the skin, We can laugh about it now but just wait.

    It won't be sold as national security of course, It will be some sort of "convenience" for modern day laziness that affects us all from time to time, Just swipe your arm to pay for groceries.

    Sounds good in theory, Until you start getting all those ads in your mail box from places you have just been, Only this time it's not the virtual world but the real one!

    It has got to the point where they think the only way is to track everyone on the planet so they may prevent some sort of bad event, But it won't stop it.

    There will always be a few that just snap for no reason, May have been a model citizen then something random has happened in life that has triggered them to go on some all out rampage. No backdoor in anything is going to help stop it.

    Once again all I see is band aid fixes to bullet wounds, Typical political nonsense.

    1. Anonymous Coward
      Anonymous Coward

      Re: Idiots

      "Hopefully then at least one of them might have a working brain cell to see the problem."

      What if it backfires and they take PRIDE in it instead?

  87. GruntyMcPugh Silver badge

    Brightest and best

    "These companies have some of the best brains in the world. They must focus their brightest and best on meeting these fundamental social responsibilities."

    You know who else employs people who are really good cryptographers? GCHQ. So Mrs May, why don't you get them to knock up a PoC and release it to the general public for testing. I would think such a creation might bemuse hackers for several hours after release.

  88. Chris007
    Facepalm

    Here is your answer :)

    http://www.revk.uk/2018/01/how-do-we-explain-maths-does-not-work.html

    Turns it back on the politicians perfectly - Theresa and the rest, please read, digest and get back to the british public with your plans...

  89. onebignerd

    As Ron White said; "You can't fix stupid."

    1. Charles 9 Silver badge

      It's also very difficult to get sociopathy out of politics; it's basically a requirement, as anyone else decent enough has other, more immediate concerns.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019