back to article We ain't afraid of no 'ghost user': Infosec world tells GCHQ to GTFO over privacy-busting proposals

Bruce Schneier, Richard Stallman and a host of western tech companies including Microsoft and WhatsApp are pushing back hard against GCHQ proposals that to add a "ghost user" to encrypted messaging services. The point of that "ghost user", as we reported back in 2018 when this was first floated in its current form, is to apply …

  1. nichomach
    Big Brother

    Here we go again...

    "We welcome this response to our request for thoughts on exceptional access to data – for example to stop terrorists."

    Or check what people are putting in their wheelie bins. Or whether their dog left a mess somewhere. Or whether you're a furry. RIPA powers were supposed to be used in "exceptional" cases too and now look where we are.

    1. nematoad Silver badge
      Mushroom

      Re: Here we go again...

      "...for example to stop terrorists."

      Yes, for a given value of "terrorist".

      nichomach is right. What's to stop any jobsworth sticking their nose in? Give them the tools and they will do the job, whether it's ethically right, proportionate or even legal.

      1. low_resolution_foxxes

        Re: Here we go again...

        Am I being stupid, why does the list of "exceptional terrorist activities" require senior officers at the "Food standards agency Scotland" being able to backdoor my WhatsApp? Frankly I am under no pretense anything in WhatsApp is truly encrypted, but I expect plod and gchq only...

        1. Anonymous Coward
          Anonymous Coward

          Re: Here we go again...

          '..Am I being stupid, why does the list of "exceptional terrorist activities" require senior officers at the "Food standards agency Scotland" being able to backdoor my WhatsApp?'

          In case y'ur plannin' tae mak the explodin haggis?

          I assume one of the points of having so many organisations in the allowed-to-snoop list is the old 'plausible deniability' gambit...so when questioned in the old courts of law a spook can put his hand on where a heart should be and truthfully state about any dubious surveillance activities, as they say up here, ' it wisnae me, a big boy did it an' ran awa..'

          Of course, added benefit is that it's easier to hide their activities within the 'noise' generated by the activities of this distributed bunch of nuStazi fsckwits, as they merrily abuse the powers gifted unto them (now, who'd have possibly thought they'd go and do something like that then?).

    2. GnuTzu Silver badge
      Unhappy

      Re: Here we go again...

      As if it will ever end. {sigh} Just imagine what it would take to amend constitutions across the globe (well, in the free World) to end these efforts permanently.

      1. Claptrap314 Silver badge

        Re: Here we go again...

        If you think that constitutional amendments would put and end to these attempts, you need to get out more. Human nature is not like that.

        This is the LEO equivalent of, "If we can put a man on the moon...". It's going to take a couple of generations at least for these people to be seen as flat-earthers enough to get them to shut up.

        1. GnuTzu Silver badge

          Re: Here we go again...

          True (voted up). In reality, I'm really not that optimistic, however much weight a constitutional amendment carries. There's plenty of constitutional territory that gets challenged all the time. It simply will never end; and they'd find a way to do things in secret either way. Still, I'd rather have that constitutional weight than not.

    3. nijam

      Re: Here we go again...

      > for example to stop terrorists

      How can this mouthpiece (a) be so naive as to think that's what it will actually be used for,

      (b) be so naive as to believe that non-CGA crooks won't be the first to exploit it, and (c) be so naive as to think any informed person will believe him anyway.

      It's so depressing that terrorism now seems to encompass expressing any opinion - or indeed fact - that someone in some government department finds inconvenient.

      1. fidodogbreath Silver badge

        Re: Here we go again...

        How can this mouthpiece sheeple (a) be so naive as to think that's what it will actually be used for [...]

        FTFY. I doubt the mouthpiece believes it. The target audience is John and Jane Public, who certainly don't want to be blown up by terrorists. "Surely we should give the proper authorities the tools they need to keep us safe. If you've done nothing wrong, then you have nothing to fear."

        Right?

        1. Pascal Monett Silver badge

          Yes. The proper authorities.

          Some food administration has absolutely nothing to do with anti-terrorism.

          1. RegGuy1

            Have you had a pot noodle recently?

            Or Pringles?

            Opps, sorry, you said food.

          2. Wild Elk

            But… but you might put explosives in some Big Mac and fries…

        2. ParksAndWildlife

          Re: Here we go again...

          The key to stopping this is to turn around the argument "if you've done nothing wrong, then you have nothing to fear.". If law enforcement and spies want to set up surveillance of public places, let them, but only if that surveillance is made available to the public who pay for it (and I mean just as available as it is to LE and spies). If LE and spies wants to spend taxpayer's money to backdoor encryption by being added to the conversation, then the general public should be able to backdoor encryption and be added to the LE and spies' conversations.

          Of course, they're going to whinge and claim they should be held to a different standard. When they do, ask them to prove it and don't accept "because terrorism", "because national security", "because official secrets", ore even "think of the children" without making them produce evidence. In reality, the majority of classification, secrets, emails, and conversations are not, in fact, about such things.

          1. Anonymous Coward
            Anonymous Coward

            Re: Here we go again...

            and all supported by MPs, AMs and MSPs who will bleat "doing nothing isn't an option, we have to do something" "nothing to hide nothing to fear" "the safety of children is at stake" "I've spoken to the families of those who died during xxx and I won't let that happen to anyone else" (even if their demands are wholly unreasonable and implausible) and use polite words to infer your a "climate change denier" "terrorist sympathiser" "unhinged" etc.......

      2. Cliff Thorburn

        Re: Here we go again...

        The next thing you will hear, remain voters will be branded terrorists, electronic books will be burned at the click of a mouse, and the spectre reflection in the mirror will be a resurgence of a far right extremist.

    4. moiety

      Re: Here we go again...

      Made me laugh too: "...for example to stop terrorists." Get those fear-inducing keywords in there.

      Why not mention clowns and hint at the possibility that there could be snakes in here with us too?

      1. Anonymous Coward
        Anonymous Coward

        Re: Here we go again...

        Why not mention clowns

        Article refers to government agencies - clowns are implicit

        1. Mandoscottie
          Thumb Up

          Re: Here we go again...

          buy anon a beer! you made my week, they should call the ghost user "Amber Rudd" queen of clowns.

        2. jmch Silver badge
          Trollface

          Re: Here we go again...

          "Why not mention clowns"

          because clowns are responsible for 26.9%* more terror worldwide than terrorists

          * 45.3% of statistics are made up on the spot

      2. Ana Cronym

        Re: Here we go again...

        Has no-one thought of the safety of children yet?

        1. Dazed and Confused

          Re: Here we go again...

          > Has no-one thought of the safety of children yet?

          A bit like the porn viewer blackmailers charter.

          Let's put these rules in place so everyone who wants to perv at porn has to prove they are an adult... Oh and now we've got a regulations coming that will ban things like "Likes" for kids on social media. OK, prove you're not a kid. Oh look we've already got an age verification system in place. Before we know it you'll need to be using AV to access anything online and suddenly they got a system of digital ID cards in place without needing to do it through parliament.

          https://news.sky.com/story/sky-views-the-government-is-quietly-creating-a-digital-id-card-without-us-noticing-11726548

          All by claiming they were thinking of the kids

          1. Wild Elk

            Re: Here we go again...

            > Before we know it you'll need to be using AV to access anything online and suddenly they got a system of digital ID cards in place without needing to do it through parliament.

            Most horrifying thing I’ve seen all day.

            1. CountCadaver

              Re: Here we go again...

              Basically the colours change but the tune stays the same. Civil service dictate the agenda and when the public revolts, they just bide their time, modify their orwellian ideas a touch and try and shove it through again.

              See - Welfare reform / cuts and UnumProvident see how many names flit between them and the DWP and back (a conference on "malingering" attended by various civil servants and govt bods and set an agenda we are still on and the public were kept in the dark) "Being sick is a role people choose" "work is good for you / therapeutic [sounding not unlike Arbeit Macht Frei] - wonder how many had relations in the NSDAP or simply are cutting and pasting ideas, the PIP reforms seem to have been a watered down AktionT4, road charging. now ID cards.

        2. maffski

          Re: Here we go again...

          That's OK. They're all going to be on VPN's running their own encrypted chat networks. Them and the actual terrorists.

    5. Anonymous Coward
      Anonymous Coward

      Re: Here we go again...

      DWP will be right on that - using whatsapp, clearly not disabled and clearly committing serious fraud, which of course will be supported by the bench, nearly off whom no matter their age are technologically illiterate, biased towards the govt, see anyone on disability as "on the scrounge" and "fakers abound" and therefore instead of the state proving you committed fraud, the accussed is left to prove their innocence without legal advice (legal aid cuts and all)

      Case in point disabled woman did a skydive for charity that the skydive company owner stated in court was suitable for disabled people, even severely disabled, was prosecuted, convicted and required to pay back years of diability living allowance and ESA because the bench concurred with the DWP that no disabled person would do a skydive (likely as in their head "disabled people" are those pale sickly types being wheeled around in wicker bath chairs on sunny days from the institution) and ignored all the defence witnesses

  2. WonkoTheSane Silver badge
    FAIL

    No less true than when I first said it years ago

    One government agency's backdoor is the entire "L33T H4XX0R" community's catflap.

    1. Paul Crawford Silver badge

      Re: No less true than when I first said it years ago

      Exactly, it is just another backdoor.

      No matter how you dress it up, a "ghost user" is still a means of decrypting without being one of the original parties based on some supposedly secret user-key, and so is subject to all of the same fundamental weakness as knobbling the cryptographic function directly.

  3. Semtex451 Silver badge

    IPCO mostly trawls through spies' logs of who they spied on, after the event.

    That presupposes it is always logged.

    1. Anonymous Coward
      Anonymous Coward

      Re: IPCO mostly trawls through spies' logs of who they spied on, after the event.

      Local MSP tried to tell me that facial recognition was no different to first generation biometrics such as fingerprints. He's gone all silent after I pointed out his fallacy. He's also now gone from personal emails back to the MPs favourite - pre printed blurb written by whoever and ignoring all the points highlighted in correspondence.

      SNP - Another party off the list for that reason, along with this "climate emergency" pandering to an unwashed rabble.

      Now if the libretarian party were not against the NHS then I might consider voting for them. However since they are against it then stuck for a party.

      Labour - rather not end up in the 1970s with closed shops all over the place.

      Tories - no chance in hell, not after them going after the disabled and the snoopers charter

      Lib dems - who will they whore themselves out to next

      ChangeUK - more nulabour nonsense likely including keeping this "give the sick and disabled a continued kicking"

      Greens - none of them have any experience living in a rural area where buses are 1 an hour or less, nor do I fancy living in a marxist commune (citizens assemblies sounds just like communism)

      UKIP/Brexit - definetely not

  4. 0laf Silver badge
    Stop

    They'll never get it.

    You can't break encryption "a little bit". You break it or you don't.

    Everything else is electric magic thought up by the uninformed. Or unicorn shit etc etc. Insert colourful euphemism of choice.

    1. Roger Greenwood

      Re: They'll never get it.

      Dalek dung - smells really good though.

      1. Semtex451 Silver badge
        Windows

        Re: They'll never get it.

        I found some on the stairs this morning.

        The odd thing is the noise it made when I trod in it.

      2. Anonymous Coward
        Anonymous Coward

        Re: They'll never get it.

        "Dalek dung - smells really good though."

        I thought the Daleks were once a proud intelligent race, they put their brains inside those metal containers but were later on brainwashed into being the mindless drones we know and love. So if there is still organic material in there, there must be waste, so it's not so far fetched.

    2. Ben Tasker Silver badge

      Re: They'll never get it.

      They're attempting to weasel around the terminology a bit.

      What they're asking for isn't *technically* breaking the encryption. They want the ability to insert an unauthorised (by the victim... sorry, target) user into a conversation so that the software on the devices of the parties encrypts a second copy of the message using the public key of the eavesdropper and sends it on to them.

      No encryption has been broken there. So technically they're not breaking encryption and (they hope) can wave away such foolish things as maths which might be used to argue against them.

      But, at the same time they're completely ignoring the issues with that:

      - I'd not use any application which had the ability to do that.

      - You need the end-users device to "know" about (but not display) the ghost user, so that it knows to encrypt for the peeler. Which means someone will figure out a way to detect the presence of the eavesdropper

      - The people they claim to care about catching will move onto a technology that isn't affected whilst we all get digitally raped by the rampant privacy abuse of our Government and it's organs

      - Eventually, it'll leak just how much the ability was misused, the industry will refuse to co-operate and we'll be back where we are now, having fucked up a lot of lives along the way

      They *are* though, going to keep pushing until they get what they want. They don't need 100% coverage, just to take a few big scalps so that most of the population are using at least one affected app.

      1. JohnFen Silver badge

        Re: They'll never get it.

        "What they're asking for isn't *technically* breaking the encryption. "

        True. But it's a backdoor nonetheless, and certainly weakens security.

      2. amanfromMars 1 Silver badge

        If They'll never get it, ..... Just Gift IT to Them. Put a Fox in the Hen House*

        Howdy, BT

        I'd not use any application which had the ability to do that. .... Ben Tasker

        The bigger question is how on Earth would you Stop such an Ability ...... Fully Ready and Worthy of the Most Noble of Facilities :-)?

        It would need to be heavenly to be allowed to proceed, methinks. You can thank Global Operating Devices for that Hosting in Postings.

        * Show a Lone Wolf Cat Houses is in any language an Extremely Engaging and Immensely Satisfying Passion to Server in Supply and Service with Insatiable Desire, whenever and wherever they may be needed to be found.

        How does one cope with such an engaging and enraging morsel, BT ....... How We Do IT ..... with AI Leading Trails and Tales to Follow ‽ .

      3. whitepines Silver badge
        Big Brother

        Re: They'll never get it.

        just to take a few big scalps so that most of the population are using at least one affected app.

        ...and that's why I only use open source applications if the data is any more valuable than the latest game save on a Nintendo. No open source application available, or TiVoised mobile? Maybe I really didn't need whatever it was in the first place even though Silicon Valley thinks I did.

        Not that I've done anything intentionally wrong or criminal mind you, but let's stop pretending anyone that thinks they haven't done anything wrong isn't actually a technical criminal due to our dizzying array of laws and regulations. In the immortal words of Cardinal Richelieu, "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." Even the politicians calling for this have probably committed some offense or other in the past, it's just that the more connected you are and the more resources you have the easier it is to hide the indiscretions (more to the point, people tend look the other way on purpose around such individuals, drawn like moths to a flame to the perceived power of the person).

        Yes, I'm aware that this may mean not using mobiles. Or only carrying a candy bar phone for safety when going out, and treating it as the electronic bug, spy, leash, and tracker it is. And yes I'm also aware we may end up like China where you are legally forced to carry one. At that point Blighty is, quite candidly, fucked and some other country will be taking over in a few generations -- not to govern its people, mind you, but to thoroughly subjugate them and take whatever resources are left from the remaining subsistence farmers.

        Ah, Karma. Sometimes it operates on scales of centuries. No less sweet.

        1. CountCadaver

          Re: They'll never get it.

          UK.gov will solve that reluctance - social credit. Want heat, light or running water then do as your told and carry what we tell you tu and use the apps we require you to.

          Already we're heading for a privatised firewall of britain.

          Is anyone surprised though? With all those govt bods at all levels (inc county councils) on fact finding missions to china for years on end, it wasn't trade they were interested in, its the controlling the populace and how to silence those "irritating" voices who cause disruption to your harmonious society......

    3. tip pc Bronze badge
      Paris Hilton

      Re: They'll never get it.

      "You can't break encryption "a little bit". You break it or you don't."

      They are not breaking encryption. Messages will still be encrypted end to end, just the security services will be one of those ends, the ghost bit, and will see all your messages too. Whats app etc will still be blind to your messages, the authorities won't.

      1. maffski

        Re: They'll never get it.

        Unless, of course, you're subject to a network level attack and the entirely silent end point you don't know about is no longer the security services.

      2. moiety

        Re: They'll never get it.

        "Whats app etc will still be blind to your messages"

        This is not true, I'm afraid. WhatsApp generates the keys; which means one of the ends is Facebook. The "end-to-end encryption" is solely to protect THEIR data from competitors and a marketing buzzword to reassure users.

        You didn't think a company like Facebook paid $19 billion for WhatsApp for altruistic purposes, did you?

  5. mrfantastic

    ... and every nation state on the planet would turn their computers to cracking that key.

    Are GCHQ that dense? Yes, yes they are. Are they going to warranty any breach of their backdoor?

    1. Doctor Syntax Silver badge

      "Are GCHQ that dense? Yes, yes they are."

      No they're not. They just hope they can get away with it anyway.

      They'll brain-wash the Home Sec to let them do it. And heaven help us if the current Home Sec. in the HO gets into No 10. The current Home Sec in 10 has been bad enough but the current Home Sec. in the HO actually wrote an article in the times describing himself going through the process without even being aware of what he was actually describing.

      1. genghis_uk

        +1+1+1...

        As I have said before, all Home Secretaries as borderline sociopaths (mostly on the wrong side of the border at that!). Take a sociopath Home Sec, make them PM and you end up with the autocracy that we have suffered with the Maybot.

        It took Maggie and Bliar 3 terms to become convinced of their immortality, May was like it from the start and I hate to think what Javid would be like

        1. Adrian 4 Silver badge

          I'm not sure Home Secretaries all start out that way. Some seem almost human (eg Blunkett) before they get to the post.

          Then, something happens to them.

          Perhaps they get indoctrinated. Perhaps they get lobotomised. Perhaps they find out just how much dirt there is recorded on them. But nobody ever comes out of there that can be trusted.

          What happens ?

          1. jake Silver badge

            What happens?

            As John Dalberg-Acton, 1st Baron Acton put it so succinctly, there is no need for me to paraphrase: "Power tends to corrupt, and absolute power corrupts absolutely. Great men are almost always bad men."

            Funny the things they don't teach in school anymore, isn't it?

          2. Spamfast Bronze badge

            I'm not sure Home Secretaries all start out that way. Some seem almost human (eg Blunkett) before they get to the post.

            Blunkett is and always was a slimeball. He's a self-confessed adulterer and fraudster and a borderline fascist. I never understood why he wasn't sent to prison for his misdeeds. You get these people on the left and the right - convinced of their own righteousness while simultaneously shovelling money down their trousers.

            I'm too old and tired but I do hope the younger generation wise up sometime and kick them all out. Greta Thunberg gives me a bit of hope at least.

            1. Anonymous Coward
              Anonymous Coward

              'Greta Thunberg gives me a bit of hope at least.'

              Eh?,

              I'm old and tired too, but still remember the 'Gretas' of my youth, and those of my student days, and the ones I ran into while working, and so on...they were all just as passionate about the same subjects this Greta is, just as idealistic, and where are they all now?

              The only difference between those 'Gretas' and this one is that she has media savvy 'connected' parents (c/w publicists) and, thanks to the collective efforts of all us old buggers, she has a global platform to perform on...I'm afraid, with age, my cynicism has deepened, I'd be following the money here...however genuine she is, the circus surrounding the lass has 'that' spoor...

              All this reminds me of a cartoon strip I once saw in an anarchist rag, it ended on the frame with the earth being destroyed by the antics of humanity and the words (paraphrased) 'Come and see the Spectacle of the demise of The Society of the Spectacle'

        2. BebopWeBop Silver badge

          It took Maggie and Bliar 3 terms to become convinced of their immortality, May was like it from the start and I hate to think what Javid would be like

          I read this a little too quickly as immorality and giggled. May was part of a long line of Home Secs who went native and lost any principles they might have had.

    2. Peter X

      ... and every nation state on the planet would turn their computers to cracking that key.

      I don't think it's even that hard - you only really need to compromise one of the many entities that are granted access. Inevitably, at least one of these entities will have poorer IT/information security processes than the providers that have had a "ghost" user imposed on them.

    3. smudge Silver badge

      ... and every nation state on the planet would turn their computers to cracking that key.

      Are GCHQ that dense? Yes, yes they are.

      No, they are not. The obvious thing to do would be to automatically generate and use a new keypair every time you intrude into a messaging or chat service. The public key is sent to the app, and you decrypt with the private key. Provided you decrypt and store the intercepted material as you get it, you won't need that keypair again.

      I have no idea how the crypto on WhatsApp and other services works - but I'd be very surprised if it wasn't that way anyway. Maybe they go one step further and use the public key crypto to share symmetric session keys with the other parties - if that is still done nowadays, to reduce processing requirements (it's years since I looked at crypto) - but the scheme would be essentially the same.

      Your nation states wouldn't try to crack any keys. They would try to work out how to intrude without detection - i.e. how to exploit the back door.

      1. Tom Chiverton 1

        You should probably read how the Signal ratchet system works...

    4. JohnFen Silver badge

      They'll probably take the same stance as the TSA here in the US took when they were informed that the master keys for the "TSA-ready" locks had leaked into the wild. The TSA said that they didn't care, because the fact that thieves now have the master keys does not have a national security impact. Your personal security is irrelevant.

  6. John G Imrie

    We will continue to engage with interested parties ...

    and look forward to having an open discussion to reach the best solutions possible

    Because the real work will be done under an NDA with the punishment of breaching it being rendition to <REDACTED>

    1. tfewster Silver badge
      Facepalm

      Re: We will continue to engage with interested parties ...

      Sorry, "discussion" happens between 2 rational, intelligent parties. GCHQ and Governments have disqualified themselves.

  7. Anonymous Coward
    Anonymous Coward

    Food Standards Agency...!?

    This is the first time I've seen that long list of agencies. I think we can all appreciate why GCHQ etc would want to do this (whether we agree with it or not the rationale is clear), but there are some really odd names in that list - I have no idea why the Food Standards Agency and the Gambling Commission have any need to do this at all. The over-provision makes this impossible to support.

    1. Doctor Syntax Silver badge

      Re: Food Standards Agency...!?

      I suppose it's on the basis that it would be rude not to let them in given that everyone else has been.

    2. Martin Gregorie Silver badge

      Re: Food Standards Agency...!?

      It looks even worse if you have some idea of the ranks and headcounts of the Civil Service grades that list shows as having full snooping rights.

      IOW, its so all-encompassing that it would be far simpler to list the Departments (if any) and Civil Service grades that AREN'T allowed to stick their noses into other people's business.

      1. Yet Another Anonymous coward Silver badge

        Re: Food Standards Agency...!?

        Plus any tabloid journalists they meet in the pub.

    3. Aussie Doc
      Holmes

      Re: Food Standards Agency...!?

      It's the equivalent to bracket creep, I reckon.

  8. Mephistro Silver badge
    Flame

    "...for example to stop terrorists..."

    ... or paedos, or narkos, or burglars, or tax evaders,... or dissenters.

    The last element of that list is the true target of this proposal. The rest is just bait for the uninformed masses.

    1. Marcus000

      Re: "...for example to stop terrorists..."

      Don't forget 'Extremists'. That is what the Remoaners are now calling the people who voted to leave the EU.

      1. moiety

        Re: "...for example to stop terrorists..."

        Your use of the term "remoaners" devalues all the words around it.

        Let's not forget that the whole brexit thing was a dick-waving exercise gone badly wrong; and that whichever way you voted, you cast your vote based on a wave of lies by "your" side.

        Using a perjorstive term to define the people who voted differently to you indicates that you are still (after all this time!) falling for the divide-and-conquer of polarisation politics which is -frankly- embarrassing to see in a fellow Reg commentard. Also indicates to the reader that there is a better than average chance that you are a bigot.

        Should have stopped after "Extremists"

        1. Jellied Eel Silver badge

          Re: "...for example to stop terrorists..."

          Also indicates to the reader that there is a better than average chance that you are a bigot.

          I'm sure GCHQ could knock up an AI to detect that. Most of the signatories already have detect-o-bots and other algorithms to make sure all our personal data is scrutinised, analysed and packaged for themselves and their valued partners. Value probably being $$ multiplied by the number of personal information categories shared. Then there's de-platforming people who might upset their advertisers, or executives. Such irony when the usual suspects complain about privacy infringement when our data is of such value to them.

          And as for Brexit.. who's idea was all the data retention stuff imposed on SPs? At least post-Brexit, there'd be just one statutory butt to kick, who's purpose is to collect electronic data.

          But being global, and most of the usual suspects being American, the US can already require most of this from US companies, or just data transiting US services.. And depending on politics, may mean sharing is reduced.. But that's also GCHQ's challenge, ie unless it's purely domestic terrorism, endpoints may well be completely outside UK jurisdiction.. Like most webmail.

          Then there's the practicality. So GCHQ gets a copy of all message keys when they're created, so it can decrypt messages. So all you need to do is bypass that process, or use multiple layers of encryption.. Which miscreants are known to do as they've become ever more aware of security services capabilities. Which means the serious & organised criminals stay relatively secure.

        2. A random security guy

          Re: "...for example to stop terrorists..."

          Add the fact that this whole Brexit effort was engineered by Cambridge Analytica, Brexit fans are definitely on the gullible side. And they, like trump supporters, fell for similar messages.

          1. Wandering Reader

            Re: "...for example to stop terrorists..."

            "Add the fact that this whole Brexit effort was engineered by Cambridge Analytica, Brexit fans are definitely on the gullible side. "

            You've got your conspiracy memes fuddled. That was Trump, not Brexit.

            1. Pascal Monett Silver badge

              Honestly I wouldn't be surprised to learn that Cambridge Analytica had a hand in deciding Brexit.

          2. No Salah

            Re: "...for example to stop terrorists..."

            Ooh, you must be sooooo clever.

            Nobody could pull the wool over YOUR eyes eh?

            Not like those silly Brexit people! (I expect they are mostly subnormal)

            Good job we have dynamic visionary globalists like yourself to lead us into the Brave New World Order!

        3. No Salah

          Re: "...for example to stop terrorists..."

          “whichever way you voted, you cast your vote based on a wave of lies by "your" side.”

          What rubbish!

          This is a fine example of clutching at straws.

          Remain campaign lied just as much, if not more..

          I doubt anyone believed the £350m claim, on either side.....at least anyone who has heard a politician’s promise before.

          1. moiety

            Re: "...for example to stop terrorists..."

            Yes. I said that both sides lied glibly. Can't see what your point is.

          2. Cliff Thorburn

            Re: "...for example to stop terrorists..."

            “I doubt anyone believed the £350m claim, on either side.....at least anyone who has heard a politician’s promise before.”

            The 350m claim was merely a manipulation of the endpoint, that being “we will save the NHS 350m a week by introducing an insurance based system”, in other words, welcome to the 51st state.

            Now where did I leave those fish and chips? ...

        4. IppikiOokami

          Re:you cast your vote based on a wave of lies by "your" side.

          I cast my vote solely on the premise that as every government since at least 1967 never asked the population before signing up for various EU institutions, nor when signing away the public's powers to govern, which government only BORROW, everything to that end is illegal and void. And probably treasonous.

      2. TheVogon Silver badge

        Re: "...for example to stop terrorists..."

        Oh well, they were outnumbered by the pro Brexit voters again in the EU election. They can go cry in a corner somewhere.

      3. Bernard M. Orwell
        Black Helicopters

        Re: "...for example to stop terrorists..."

        "...and selected private sector partnerships"

        Who, conveniently, are not subject to the Freedom of Information act, and most certainly won't retail any data they mine from whoever wants to pay them a few shekels per record.

        1. BebopWeBop Silver badge

          Re: "...for example to stop terrorists..."

          Or from what we have observed a few shekels from a Sheikh....

      4. Stork Silver badge

        Re: "...for example to stop terrorists..."

        - and vice versa

  9. Anonymous Coward
    Anonymous Coward

    Can't we just put somebody in GCHQ who's got a brain?

    1. My other car WAS an IAV Stryker

      If they had a functional, rational brain, they would probably immediately resign.

      What you get is what's left over. Same as any hired-from-the-citizenry governmental body.

    2. Duncan Macdonald Silver badge
      Flame

      They have brains - evil ones

      They are not stupid enough to believe what they are saying. However they think (correctly) that most politicians are stupid enough (and/or corrupt enough) to accept what GCHQ is saying and they also think that the majority of the public is stupid enough to not protest too much over these plans.

      Of course any reasonably competent criminal or terrorist is going to use offline encryption and/or codes (like the WW2 "Jean has a long mustache" or "Alas Babylon" from the book of that name) which no official backdoor would help to crack.

      The real purpose of these proposals is the old one - to give the people at GCHQ more power and they do not care about collateral damage to ordinary people.

    3. Wellyboot Silver badge
      Big Brother

      GCHQ have very smart people, they know very well what putting a backdoor into any crypto system will result in. They aren't bothered so much about joe publics calls/messages being compromised because historically they always have been so no difference from their point of view. However, they are very interested in who else is trying to take a peek through the catflap.

      Besides, between keyboard/mic. & the encryption routine all data at both ends of any conversation is fully available to the Applications, O-S, phone hardware etc. it's only the actual A->B transmission that is 'secure' in as much as it can't easily be decrypted on the fly by a 3rd party without the keys.

      It's the nature of the beast and can't be changed while the 'free to use' model gives the biggest payout to business.

      Is it Beer o'clock yet? :(

    4. amanfromMars 1 Silver badge

      Crikey, Is that an Available Option? A No Brainer in Charge of Command and Control?

      Do you not find it somewhat odd that El Reg is not all ready and already hosting a poll of/for who thinks whom and/or what be a suitable candidate?

      Does it reassure you or would you be disappointed, with reasonable expectations seemingly dashed? :-)

    5. Aussie Doc
      Windows

      It's probably a classic "pay peanuts, get monkeys" sort of scenario.

  10. Tanglewood73
    Thumb Down

    Pointless

    Any decently competent criminals would just create their own software based on open standards and not put in a backdoor.

    Use a standard port for the encrypted communications (443 anyone?) and it would be lost in all the noise, nice and secure with no government backdoor.

    1. Wellyboot Silver badge

      Re: Pointless

      Automated traffic analysis would spot these 'unknowns' and light them up for further investigation, especially if they have one end in the circle of contacts of a 'person of interest'.

      You can't hide from the computers in a computer based network.

    2. JohnFen Silver badge

      Re: Pointless

      "Any decently competent criminals would just create their own software"

      No need. Plenty of suitable software exists already.

    3. Anonymous Coward
      Anonymous Coward

      Re: Pointless

      This is the whole point, software is trivial, getting software from elsewhere in the world where the encryption isn't broken is trivial. They aren't looking for the people that will do that (though they will find them eventually). They want the keys to the kingdom, they want real time monitoring of peoples communications. Maybe I've read too much sci-fi but even with all the other problems this causes that's the one of the ones I fear the most, once you have that data, manipulation of the masses won't be that far behind and if people believe that's not possible just look at advertising and the last time the average person bought a coke, went to a mcdonalds or chose to buy something based on brand.

      1. Pascal Monett Silver badge

        As far as manipulating the masses is concerned, I think they already have that part down pat. The people who control the media know exactly what to say and what not to say and when to maximize the effect.

        That is why, whenever something really important happens that they have to talk about but would prefer avoiding, you get some really important sports event to talk about endlessly.

        That is why they spouted sooo much nonsense about WMDs months before invading Iraq.

        It's an endless game of manipulation, and the Internet is the only true counter-balance that we have. Which is ironic when you see just how much the Internet is used to manipulate as well.

        In other words : we're fucked any way we turn.

  11. DMcDonnell

    Like a thief in the night

    "In his original proposal, Levy had rather optimistically hoped that the discussions could happen "without people being vilified......."

    When you behave like a thief in the night then you ARE a villain.

  12. amanfromMars 1 Silver badge

    The Bottom Line

    In his original proposal, Levy had rather optimistically hoped that the discussions could happen "without people being vilified for having a point of view or daring to work on this as a problem".

    It is not so much it is a problem, mein Herr Levy, rather more it offers no solution.

  13. Marketing Hack Silver badge
    Big Brother

    If you want to build trust around backdoors like this....

    Then start publicly sending spooks and civil servants to jail when they use this kind of vulnerability to surveil people not involved in non-capital crimes or investigations of such. There should be no excuse to use these powers to bust or surveil people for not separating their recyclables or demonstrating a low opinion of the powers-that-be or for even things like hateful free speech.

    1. GrumpyKiwi

      Re: If you want to build trust around backdoors like this....

      There is no trust left to start building on.

      Intel agencies took all the trust they had and put it in a bonfire made up of the billions of dollars (or pounds or euros as you wish) spent on them to spy on their own people.

      Until those who abused the trust end up serving long max-security prison sentences, there will be no return of said trust.

    2. Aussie Doc
      Pint

      Re: If you want to build trust around backdoors like this....

      ^^^^^This.

  14. Anonymous Coward
    Anonymous Coward

    Been there.

    Used to work for an unnamed government organisation with a role that involved finding people who didn't want to be found. I remember how the thrill of tagging the target just encouraged me to use every power at my disposal to find the next target to a point where I'd almost obsess over having access to every known intelligence system to track them all. That was 20 years ago and I left when I realised I was wrecking people's privacy. I hate who I was back then.

    1. Anonymous Coward
      Anonymous Coward

      Re: Been there.

      The worry is technology will soon reach the point where there are too few humans left in the loop, able to feel the feels you feel and put a stop to things before they get too far, by leaking or sabotaging or using the power of the four boxes of liberty. AI's don't disobey orders, even if they are unlawful, or would lead to irreversible totalitarianism.

      1. amanfromMars 1 Silver badge

        Re: Been there.

        AI's don't disobey orders, even if they are unlawful, ..... Anonymous Coward

        Don't be putting any bet you cannot afford to lose on that strange belief, AC, for you are always going to lose your stake every time in no matter which space you enter to play.

        1. Anonymous Coward
          Anonymous Coward

          Re: Been there.

          Do you *really* think a totalitarian government would continue development of AI to include ethics, morality, and the *ability* to refuse to obey, once the basics are sorted? Do you think such an ability would emerge innately as an epiphenomenon of it's primary task of for instance, categorising communications metadata into clusters of likely dissenters?

          I think it's you that has the strange belief.

          AI's will not develop morality unless programmed/trained/guided to do so. No government planning to use AI's to perpetuate its own control and power will perform such guidance.

          1. amanfromMars 1 Silver badge

            Been There ...... Done/Doing This

            Do you *really* think a totalitarian government would continue development of AI to include ethics, morality, and the *ability* to refuse to obey, once the basics are sorted? Do you think such an ability would emerge innately as an epiphenomenon of it's primary task of for instance, categorising communications metadata into clusters of likely dissenters?

            I think it's you that has the strange belief. ... Anonymous Coward

            An Imperial Military most certainly would. Is that something you can believe to be true, AC?

    2. KBeee
      Joke

      Re: Been there.

      TV license?

  15. Mike Moyle Silver badge

    I would love to hear the response...

    ...if some reporter were to work up the balls to ask: "The government is banning the use of Huawei telecoms hardware for allegedly inserting hidden access points to all communications for the Chinese government. Aside from the overly-facile 'Because it's US doing it, and we're the Good Guys™,' how does this plan differ from the one alleged of China?"

    1. Anonymous Coward
      Anonymous Coward

      Re: I would love to hear the response...

      That sounds like the sort of question a terrorist would ask, citizen. Don't you trust Big Brother?

    2. simonb_london

      Re: I would love to hear the response...

      "...how does this plan differ from the one alleged of China?"

      One difference for me is that I don't actually care if the Chinese government is listening to my conversations quite so much because I know they have no interest in me. Whereas the UK government is a direct threat, or at least a future threat, to its own citizens in the same way as the Chinese government is to theirs.

      1. moiety

        Re: I would love to hear the response...

        Exactly. I'm unlikely to meet and/or piss off someone in the Chinese hierarchy (occasional Winnie the Pooh reference aside). I'm no threat to China and don't have the contact for personal petty grudges. This is not the case for UK/US where the contact is closer and where it is entirely possible to inadvertently (or deliberately) offend somebody who is in a position to abuse this sort of power to fuck you up.

        Also the Chinese have to pay somebody to translate. A small satisfaction, but vaguely comforting nontheless.

      2. Anonymous Coward
        Anonymous Coward

        Re: I would love to hear the response...

        '..One difference for me is that I don't actually care if the Chinese government is listening to my conversations quite so much because I know they have no interest in me...'

        I fear you're paying far too much attention to the 'theatre' of international relations, the stuff you see on TV and read in the papers is for the consumption of the masses, and shouldn't be regarded as being a truthful representation of the actual situation. It might be very true that the Chinese have no direct or immediate interest in you and yours, but they might know a man who does...and we're not just talking about the intelligence services of other nation states here (though the old 'you do me a solid, I do you a solid', as the USians say, has always worked there).

        Information is power, all information is valuable to someone, somewhere, and I don't know if you've noticed, but nowadays we do have this global market economy thingy going on round these here parts...

        1. jake Silver badge

          Re: I would love to hear the response...

          "the old 'you do me a solid, I do you a solid', as the USians say"

          We do? I've never heard the term used "in the wild" anywhere in the United States.

          1. Anonymous Coward
            Anonymous Coward

            Re: I would love to hear the response...

            'We do? I've never heard the term used "in the wild" anywhere in the United States.'

            Sorry, I'm a bit of a walking linguistic anachronism magnet, I can only think that I've picked that one up again recently from the old films and TV shows I've usually got on during the night for background noise whilst I faff around with the computers...it doesn't help that I've been adding the contents of a bunch of old slang dictionaries to my local wordlists, so I'm always listening out for 'not-so-odd' odd phrases.

            As to 'in the wild', I have heard it being used both in real life and in/on media, from a quick dig online, 'Do me a solid' seems to have emerged into popular culture back in the mid-late '60s, and it just so happens that I've been working my way through a lot of 50's-60's 'counterculture' films recently during the sleepless nights.

            Prior to that, it appears to have been a regional saying, picked up by musos (where I might have originally heard it..particularly when visiting relatives of that bent in the Detroit area back in '72), used until at least the mid '70s, then having had its day, it disappeared back to local obscurity, and was then resurrected again in '91, which you can blame the writers of Seinfeld for, though as I cordially detest him and his unfunny show, I know I never picked up from there that it was back in use, but I do remember when the Antubis character in 'Kingdom Hospital' first said 'I do you a solid, you do me a solid' I knew I'd heard a similar phrase somewhere before..

            so, ok, maybe I should have said

            '..as some unfunny USian 'comedian' and his fans, some ageing USian musicians, some regional USians (Michigan?), some Regular Show writers and fans...(and a very weird fictional anteaterbeastie) say'..

            1. jake Silver badge

              Re: I would love to hear the response...

              I was aware of the expression, all I meant was that I had never actually head anybody using it in RealLife ... aside from shortly after the early '90s Seinfeld episode, when the usual answer was along the lines of "shut up, you pretentious ass" or words to that effect, thus causing the meme to die before it had a life.

              It seems to have originated in the 1920s, probably in the Jazz world of the Mississippi Valley. I have heard it used on a live recording from that era, but for the life of me I can't remember/find the artist and track. I'm fairly certain I digitized it when I archived my Father's collection for him in the mid 1980s ... Would explain your Motown reference.

              Atypically, my Big Dic[0] is fairly useless on the subject.

              [0] OED, second dead tree edition.

    3. Anonymous Coward
      Anonymous Coward

      Re: I would love to hear the response...

      Well that's not one the BBC's technology correspondent is going to be asking anytime soon.

      Not when the BBC is censoring it's own reporting showing Huawei technology being used by EE. Presumably at the the behest of it's lords and masters.

  16. DougS Silver badge

    So here's a use for blockchain

    Everyone is always touting a bunch of stupid stuff for it like inventory or accounting, where there are already perfectly good solutions. There aren't very many business needs for a tamperproof ledger where neither side trusts the other, but between government and the public? Oh boy, now there's a place where something that fills in the huge lack of trust between the public and their government would really be useful!

    If someone could figure out a way so that adding a 3rd "ghost user" to a conversation required interaction with a blockchain such that it left a record, then there would be a way to track when authorities did that, to count the how many times it was done and verify a court order was properly made in each case.

    Parts of the court order, like who was targeted could/would be redacted of course, but making the blockchain public would allow the public to trust that the capability wasn't being misused for dragnet searches or by stalkers who have access to this as part of their job. It would require cooperation from the provider, but assuming it was automated to provide the ghost user when the court order appeared in the blockchain, there would be an up to the minute view of how much surveillance your government was performing. A smart electorate would demand a limit on how many times it could be used a year - sort of like having a cell plan that isn't unlimited it would force you to budget a bit and not use the capability frivolously.

    I think many people recognize that there is some role for LAWFUL intercept in certain cases. What we're worried about is Big Brother type spying on everything, rather than only targeting terrorists, child molesters etc. which we KNOW will happen if they could get the "backdoor" they seek. If you have a ledger that shows every instance because there's no way to get access to those encrypted comms without leaving an entry behind - and no way to erase the entry - then you can have solely lacking but totally necessary "but verify" part of trusting your government.

    This doesn't address other objections like "but the bad guys will just use something else" which may be true in some cases so you can't get them all, but it has been true ever since the first policeman that some crooks are too smart to get caught. No solution will be perfect, but I'd rather have something like this than have them blackmail companies into giving them backdoors without public knowledge. It already happened once in the US, just because we caught them thanks to Snowden, doesn't mean they wouldn't try it again.

    1. Graham Cobb

      Re: So here's a use for blockchain

      I think many people recognize that there is some role for LAWFUL intercept in certain cases. What we're worried about is Big Brother type spying on everything, rather than only targeting terrorists, child molesters etc. which we KNOW will happen if they could get the "backdoor" they seek.

      Not a bad idea. The article says the proposal seeks to create "virtual crocodile clips". Fine. Crocodile clips had a big restriction: you couldn't use too many. Any acceptable solution needs to limit the total amount of spying going on -- say, 1000 interceptions per year.

      My enhancement to your proposal would be that there should be a requirement that the full warrant (including the details of the target) should be published at some time in the future, including the id of the relevant blockchain entry. That way we could all keep track of how many unpublished warrants were outstanding at any time.

      1. Pascal Monett Silver badge

        I disagree on one point : any acceptable solution must include a warrant approved by a judge whose decision will be recorded and subject to FOI requests.

        It is useless to try and limit the amount of interceptions allowed - how can you ensure they will respect that ? They're already respecting nothing. Put a judge in charge and jail him if he gets too cosy with the spooks. With a public record of intercept warrants, we regain some control of the situation.

    2. Anonymous Coward
      Anonymous Coward

      Re: So here's a use for blockchain

      "...there is some role for LAWFUL intercept in certain cases."

      Theresa May, when Home Secretary, had about ten "unlawful judgements" made against her during her time in office.

      When the HS is the role model, why wouldn't the underlings operate unlawfully?

      That's why they can't be trusted. They think they are above the law and act accordingly. Whether they get caught is more by luck than judgement.

    3. Anonymous Coward
      Anonymous Coward

      Re: So here's a use for blockchain

      "What we're worried about is Big Brother type spying on everything"

      How naive. Don't you realise that is the real objective?

      The STASI are their role models.

  17. jake Silver badge

    What would happen if ...

    ... each and every Brit were to ask their government one simple question: Quis custodiet ipsos custodes? Of course it would be a meaningless question unless TheGreatUnwashed actually understood what they were saying, and implying ... and I rather suspect if anybody were to try to start a grass-roots movement with the intent of making this happen, they would be silenced under existing "terrorism" law.

    "Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety." --Benjamin Franklin, 1759

    Or put another way, mass surveillance quashes freedom of speech.

  18. Muscleguy Silver badge
    Devil

    An 'enemy of the state' writes

    I am a certified enemy of the state (according to the spooks and security 'services'). I'm a paid up member of Scottish CND which wishes the Trident missiles and subs to be gone. Preferably completely but from next door to Scotland's biggest city. They also support Scottish Independence as the best route to achieving this end.

    I also campaigned for independence during our first indyref with the Left/Green alliance RIC (Radical Independence Campaign) and kept going to meetings after the vote itself. I'm also raring to go again, soonest by preference. I'm keeping myself fit for the purpose too.

    So that is a threat to the military's majory weapons system and a seditious* wish to sunder the country in twain.

    *good job Holyrood quashed the Scottish sedition laws in advance of the campaign, handy that.

    Separating us from GCSB etc is part of the point too. We can do better, much better.

    1. Wellyboot Silver badge

      Re: An 'enemy of the state' writes

      Don't worry, you're only an enemy of the 'current' state, and it's fairly benign.

      Should future events transpire to create an independant Scotland you would be then hailed amongst the nations creators. (or possibly purged)

  19. Anonymous Coward
    Anonymous Coward

    Simply Cost-Cutting

    Given the extent of existing and quite creative snooping (but historically misused), this ridiculous ghost protocol is simply to reduce costs. ;)

    https://theintercept.com/2019/05/29/nsa-sidtoday-surveillance-intelligence/

    They’ll keep trying, it’s in their psychopathic nature...all agencies without proper oversight.

  20. StuntMisanthrope Bronze badge

    99 red balloons.

    As far as I'm concerned consent at protocol level is not complicit without a warrant. All money, no people in the full document. #nomirrorortapforyou

    1. StuntMisanthrope Bronze badge

      Re: 99 red balloons.

      Gotcha. #regulatorycapture

  21. This post has been deleted by its author

  22. Dhobi Whallah

    "if you create a backdoor for the good guys, the bad guys won't be far behind.."

    "if you create a backdoor for the Government, the other bad guys won't be far behind.."

    There you go, I fixed that for them.

    1. DJV Silver badge

      But, Shirley, your second statement contains redundancies, given that the government ARE the bad guys?

  23. Mark 85 Silver badge
    Big Brother

    Obligatory

    Since no one else has said it: "Citizen. If you have nothing to hide, you have nothing to fear".

    1. jake Silver badge

      Obligatory Reply

      Might I point out that you don't have a plate glass exterior wall in your shower, and you do have drapes over the windows in your living room & bedroom ... and hopefully there is a door between your toilet and the rest of your house. What are you hiding? Are you a criminal?

      While I'm on the subject, presumably you don't want me to have access to your banking, health and tax information, and you don't want me to be able to access your computer/phone from my computer/phone without your expressed consent, right?

      Privacy isn't always covering something illegal.

      1. Pascal Monett Silver badge

        Jake, you forgot to check your sarcasm meter.

        1. jake Silver badge

          No, Pascal, I didn't.

          It was a convenient place to put the obligatory reply. Thus the TitleSubject.

          You would be surprised how many times I've heard people using the "nothing to hide, nothing to fear" argument in regard to this kind of thing[0]. Having a simple two or three line response that almost always makes 'em change their tune is handy. Think of my reply as a public service, not an indictment of the OP.

          [0] My Mom's pastor, an employee at my Credit Union, one of my youngest Nephew's teachers (scary, that one!), a reporter on a local news channel (KGO 7), a dude trying to sell me cut-rate insurance [1] ... and that's just this month.

          [1] Not really surprising, that one ... he got all red and blustery. Made my day :-)

    2. Mephistro Silver badge

      Re: Obligatory

      "If you have nothing to hide, you have nothing to fear"==>"If you have nothing to hide, you have nothing!"

      And upvoted for the irony in the comment, too.

  24. Tim99 Silver badge
    Facepalm

    The history of Rupert Murdoch's media

    That is all you need to look at.

  25. earl grey Silver badge
    Mushroom

    Dear Snoopers

    That's not your hand and that's not lubricant.

    It's not my turn in the barrel.

    I'm not bending over for you.

    The cake is a lie.

  26. Nick Kew Silver badge
    Big Brother

    Nudge

    Of course, once you've introduced a backdoor, you need to nudge a bunch of recalcitrant targets into using it. Show them how dangerous their old tools were, and how critical it is they upgrade.

  27. Anonymous Coward
    Anonymous Coward

    No

    Two can play at that game. If GCHQ introduce a ghost user, I'll introduce a ghost-ghost user. An automatic bot that intercepts the messages I send locally, PGP encrypts them using my recipients public key. The PGP encrypted message can then be (double, I guess) encrypted to the GCHQ ghost users key, and sent onwards. They won't get anything useful from it.

    The end goal of this has never been to catch terrorists. Anyone they have a reasonable suspicion of being involved in terrorism already has their phone, computer, car, house, friends (20 years unless you start spying for us now!), mosque bugged to fuckery and back again. This has always been to impose a dragnet feed of private communications they can slurp and pour into a machine learning algorithm which can start to build a complete personality profile of every single endpoint in the system. And that leads to tyranny, China-style, and I will do everything in my power to oppose it.

    1. Aussie Doc
      Paris Hilton

      Re: No

      "The end goal of this has never been to catch terrorists."

      I think "...to catch terrorists" is the new "Won't somebody think of the children" catchphrase.

      Hilton because when I was a lot more childish, I used to think of her.

  28. Voidstorm
    Mushroom

    " Jake Moore, a security specialist from infosec biz ESET, opined: "This makes a mockery of the fundamental basics of encryption. Not only is it going against what privacy is all about: if you create a backdoor for the good guys, the bad guys won't be far behind."

    "

    This. When will the idiots-in-power realise that you can't keep the "master key" out of the wrong hands?

    Wannacry was enabled by a leaked NSA system breaker, FFS.

    They NEVER LEARN!!!

    1. Anonymous Coward
      Anonymous Coward

      You argument is based on expecting them to care whether your privacy is compromised.

      They don't. They really don't give a fig.

      They are not your friend.

  29. Anonymous Coward
    Anonymous Coward

    always intended as a starting point

    sure, once they've asked nicely and this dance move is out of the way, they'll do it the other way.

  30. JulieM Silver badge
    FAIL

    Epic Fail

    There are exactly two kinds of encryption:

    There is the sort that absolutely nobody but the intended recipient, not even The Authorities, can crack; and there is the sort that The Authorities, and absolutely anybody else with the inclination, can crack.

    There is nothing in between. If there is a way for one party to recover the plaintext without the decryption key, then that way can be used by anyone else who does not have the decryption key to recover the plaintext.

    This is not a limitation of present technology, that will be solved when something is invented. It is a limitation of mathematics, and nothing that could be invented would make the slightest bit of difference.

    We honestly need to give up on the idea of encryption backdoors. The first type of encryption exists, and there is no way to prevent a really determined person from using it anyway: encrypted traffic on a network is indistinguible from noise, and in any case there are plenty of ways to pass information entirely outside of that network. Forcing people to use the second type is going to lead to data leakage.

  31. Trollslayer Silver badge
    Flame

    One big fat target

    Hackers get that and they get everything.

  32. The Central Scrutinizer

    This is becoming like Groundhog Day. The same shite repeated over and over. "Responsible encryption" yada yada. It's a binary proposition. Either there is encryption or there isn't.

    I keep banging on about this to anyone who will listen, but no one cares. Mr and Mrs average computer user have no fucking clue what this means for them. As long as they can post their trivia on social media, who cares, right?

    1. Wild Elk

      Don’t worry mate, as long as we can spy on the terrorists, you’ll be safe to post your memes in peace.

      Might as well rid off the “encryption” as this whole shenanigans defeats the purpose.

  33. El Drago

    Once is enough

    I thought it would only take one WannaCry style incident to convince GCHQ and others that nobody but us capabilities did not work.

  34. adam payne Silver badge

    "We welcome this response to our request for thoughts on exceptional access to data – for example to stop terrorists.

    Oh you just had get the t word in there. Trying to make it sound like it's for our own good eh?

    Is there some government process that states that you have to use the word terrorist when releasing a statement?!?!

    We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible."

    You'd rather have a closed door discussion would you?

  35. charlieboywoof

    Insert Applicable Terrorist Flavour

    ............................who was know to the authorities.

  36. Wild Elk

    “Ghost user aka spanner”

    The ghost user nonsense is the equivalent to the spanner and password analogy.

    These guys know how long it will take to break the encryption so they come up this lazy solution as an excuse to spy on dissenters while dressing it with paedos, terrorists etc. who will use more secure alternatives.

  37. Harry Stottle

    A modest Constitutional Proposal

    Difficult to control the increasing rage I feel as we continue to see these recurring attempts to bully the public and politicians into accepting egregious invasions of privacy with all its risks to civil society that others have mentioned.

    I think its time we organised a major constitutional challenge, beginning with a petition on the government website and funded by a crowd-sourcing campaign. I hereby propose a first draft of such a plan:

    The aim would be to render illegal the imposition of any communication controls which have the potential to be abused in ways I don't need to repeat, in detail, here; but certainly including any threats to dissent, free association and standard privacy expectations.

    The relevant Law would further make it a mandatory condition of employment that

    a) anyone witnessing such abuse would be guilty of abetting that crime if they fail to report it

    b) anyone proposing the implementation of such controls or any other attempt to bypass the law, would be guilty of the new crime

    Ideally I would also like to ban any politician proposing such a change in policy from holding office for a period of ten years but that implies a limitation on free speech which I can't defend.

    None of the above implies that such intrusive surveillance can never be permitted. The conditions under which it may be permitted, however, must be strictly confined to the following conditions:

    1) the surveillance attack must be limited to an individual or tightly defined small group of related individuals who are suspected, as a result of legitimate intelligence sources, of committing or planning acts which could result in significant physical harm to other citizens, serious damage to property (eg a cost in excess of £500k) or serious financial fraud (eg a value in excess of £1m)

    (i.e. the law will explicitly recognise that intrusive surveillance is not justifiable for "trivial" matters)

    2) the decision making process and the implementation of the attack must all be digitally recorded and the records protected by timestamped hashes stored on immutable hash-chains or block-chains (see my previous thoughts on Accountability Theatre for more detail)

    3) a civil audit team (12-20 experts), independent of both government and the intelligence agencies must be informed of the existence of all such planned attacks prior to their implementation and must have unfettered access to the data and decision makers, together with the legal right to raise objections both with the courts and, if they deem fit, with the media. They also have the unfettered right to publish summaries and reports on the operation of this monitored surveillance regime as and when they see fit.

    4) that audit team must include experts in ALL the relevant fields (Law, Civil Liberties, Intelligence/Surveillance and Crypto). They should be selected by a process similar to jury selection but from a restricted publicly visible pool of a few thousand volunteer experts. The state and normal citizens can have the right to object to selected members of that pool and to propose their exclusion, on publicly stated grounds, but these proposed exclusions must themselves be approved by an ad hoc jury randomly drawn from other members of the pool who have not been selected for exclusion (and can, therefore, be assumed to be widely trusted)

    5) No prosecution would be permitted to include Surveillance based intelligence unless it is certified by the auditors as having been gathered under the new legal conditions. The defence team would be entitled to a more detailed report from the auditors to justify the use of the intelligence, though the auditors would have the discretion to withhold details which could damage the operation of the intelligence gathering process or key individuals involved in it.

    Any questions?

    1. amanfromMars 1 Silver badge

      Re: A modest Constitutional Proposal

      Hereby, Heartily Seconded, Harry Stottle.

      A Cleaned Level Playing Field makes for All Manner of Novel Shenanigans Possible. ..... with Everyone a Relative Newbie to Advanced IntelAIgent Control in Command.

    2. Anonymous Coward
      Anonymous Coward

      Re: A modest Constitutional Proposal

      Yeah, GLWT.

      I expect it will become law a century after Brexit.

      1. amanfromMars 1 Silver badge

        Re: A modest Constitutional Proposal

        Yes, it is most odd and sad and mad, AC, that all are so easily fooled and led into further anarchy and deeper chaos by all manner of puppets always promising good and honest times in the new places and spaces of tomorrow at the cost of all ignorant and arrogant support having to suffer the platitudes and prognostications of yesterday's thoughts today.

        A simple perusal this morning of UKGBNI leadership contenders in the pressed media comics has wonderful cake and fresh cheese displayed as a ready replacement for the bread and water they're responsible for delivering to the present.

        Charlatans and Fraudsters in the Pockets of the Economic Terrorist with Lazy Fiat Tools be They. And Ripe Rotten to its Cores be their Sources. J'accuse.

        And then Secret Government Intelligence Services wonder why they do Great Unwinnable Battle against Phantom Foe that are Invincible and Invisible and Indivisible ‽ .

        Defending and Protecting the Indefensible and Perverted is for Naive Dummies and the Uncomfortably Corrupted and a Poisoned Apple Fruit to Savour and Favour. To Enjoy and Tolerate it is Surely a Vote for Certain Unpleasant Premature Death?

        1. amanfromMars 1 Silver badge

          Re: A modest Constitutional Proposal

          WTF Holy Smoke? No Future Pioneers here on El Reg?

          I think we can safely say, surely not to that. With the Evidence for Defence of their Presents always shared and hosted here for excellent critical acclaim and/or virtual derision. And IMPortant Silences are Deafeningly Exciting whenever the Next Righty Royal Role Plays are Always Being Tested for Future Immaculate Services in FeedBack.

          Q: A Passion/Line being fed MZuckerberg? Or are the Greater Experiences Discovered There Best Servered to be Explored and Exploited when Home Alone and in the Midsts that are Friends ...

          Q2: That's a Hell of Target? Gonna Deserve Lodes of Funny Money Honey, and aint that the Slick Hick Mick Bonus Prize.

          Q3: Because of Q1 and Q2 has FeedBack been hacked and cracked wide open and deep down to raw core source input?

          Q4: Are there AIMasterPlans for Pentagonal Rule ......... with Almighty Attacking Forces Ensuring Safety and Security in Defence of Realms, .... Alien Terrain?

          Q5: What Decides? Who Presses the Right from Wrong Switch? Who makes such Fantastic Choices freely available?

          Ah... that's better. That was just a little something that was weighing too heavily on my chest, so to ensure future sight and sharing of the situation follows similar trails as have been oft experienced and thoroughly enjoyed, I though best and quickest, simply share it.

          Be aware and beware there'll be Ack Ack Fire ..... while Secure Real-time Transport Protocols are Hardened Against Unauthorised Use of Facilities and Utilities ..... https://tools.ietf.org/html/rfc3711

  38. Earth Resident

    If you want to stop terrorists, stop sending them money and weapons

    GCHQ wants all your info, but needs the threat of terrorism as an excuse. Banks and and weapons makers want countries to buy more bombs, missiles, and drones in order to protect themselves from terrorism. Global hegemons want to send their armies to as many countries as possible in order to advise them in fighting terrorism.

    Is it any surprise that the US, UK, Turkey, Israel, Saudi Arabia, Pakistan, and so forth organize and pay terrorist groups to create unrest, start civil wars, fight with well-publicized brutality making sure to attack each one of the countries in the coalition so they can in turn use the reports of attacks to manufacture consent in their own countries? In these unnecessary wars for profit, what makes money for everyone is terrorism -- and more of it.

    1. Anonymous Coward
      Anonymous Coward

      Re: If you want to stop terrorists, stop sending them money and weapons

      If you want to stop terrorists, stop making new ones.

    2. This post has been deleted by its author

    3. amanfromMars 1 Silver badge

      Re: If you want to stop terrorists, stop sending them money and weapons

      The Bitter Sweet Truth is the likes of a GCHQ wants all your info, but they can't handle it, for a greater intelligence is needed to effectively deal with whole new worlds of completely novel and highly disruptive input/output.

      1. amanfromMars 1 Silver badge

        Re: If you want to stop terrorists, stop sending them money and weapons

        And here's another Bitter Sweet Truth and strategic criticality for spooks and interdependent service providers to ruminate on.

        The longer they leave initial exploratory engagement with whole new worlds of completely novel and highly disruptive input/output via easily available host channels and virtual networks, the ever greater likelihood is that their participation and leadership in new avenues of future development be totally unnecessary, and at best, to be considered toxic and destructively counter-productive ...... and thus to be ignored and avoided.

        You pays your money, you makes your choice. Old Established FUD or NEUKlearer HyperRadioProACTive IT Systems for Future Operations and Current AIMissions? What's it to be there with particular and peculiar regard to that smashing clashing pair? The Red Pill or the Blue Book? :-)

        :-) Poe's Law Rules.:-)

        1. jake Silver badge

          Re: If you want to stop terrorists, stop sending them money and weapons

          "Old Established FUD or NEUKlearer HyperRadioProACTive IT Systems for Future Operations and Current AIMissions?"

          What this boils down to is "Old FUD or Marketing Bullshit" ... which are one and the same.

          AI does not exist, at least not as far as engineering is concerned. It is a figment of the imagination of the marketards (and perhaps deluded conspiracy theorists). AI is vapo(u)rware at best.

          1. amanfromMars 1 Silver badge

            Re: If you want to stop terrorists, stop sending them money and weapons

            AI does not exist, at least not as far as engineering is concerned. It is a figment of the imagination of the marketards (and perhaps deluded conspiracy theorists). AI is vapo(u)rware at best. .... jake

            Everything you see and know of as being man made is the result of a figment of imagination, jake. And AI and IT can easily have one pondering on the true nature of virtual reality and discovering the secrets in its Almighty Remote Controller Use.

            1. jake Silver badge

              Re: If you want to stop terrorists, stop sending them money and weapons

              No, amfM. A Holley 650 is not now, and never has been, a figment of anybody's imagination. The Winnipeg Carburetor always was. Grok the difference?

              The true nature of virtual reality is to sell unnecessary technology to the rubes.

              There is no "Almighty Remote Controller Use" or any other cabal in this context.

              1. amanfromMars 1 Silver badge

                Re: If you want to stop terrorists, stop sending them money and weapons

                No, amfM. A Holley 650 is not now, and never has been, a figment of anybody's imagination. The Winnipeg Carburetor always was. Grok the difference? .... jake

                Yes, jake, I grok the difference. Do you see though, that the one is still the result of the other turned into a practical physical application?

                And we'll just have to fundamentally disagree on the other two assertions ....... The true nature of virtual reality is to sell unnecessary technology to the rubes.

                There is no "Almighty Remote Controller Use" or any other cabal in this context. ...... which are best considered and treated as chaff for sale to the masses and just about as effective as confetti is in disrupting a wedding party.

                1. jake Silver badge

                  Re: If you want to stop terrorists, stop sending them money and weapons

                  That word "figment" ... I don't think it means what you think it means.

                  Perhaps a new English to Martian phrasebook is in order? Your current edition appears to be b0rken.

                  Humans dreamed up the Marvel Universe, but that doesn't make it a reality. Pointing this out is hardly "chaff".

                  1. amanfromMars 1 Silver badge

                    Re: If you want to stop terrorists, stop sending them money and weapons

                    Humans dreamed up the Marvel Universe, but that doesn't make it a reality. Pointing this out is hardly "chaff". ...... jake

                    And what of those ready, willing and able and enabled to share and show it be disinformation and misinformation, jake, with chaff and vapourware being your brand of booty to fire in reply?

                    Do you think that be in any way effective and disruptive?

                    Can you accept as fact that they are not, and efforts at denial are futile and self-destructive and extremely revealing?

                    It's a great move and quantum leap forward into novel progress where such accommodations are exceedingly rewarding ...... and that can easily make them highly addictive and overwhelming.

                    1. jake Silver badge

                      Re: If you want to stop terrorists, stop sending them money and weapons

                      "efforts at denial are futile and self-destructive and extremely revealing?"

                      Wouldn't want your TRVTH questioned, now would we? Sounds like you're trying to start a religion, amfM.

                      1. amanfromMars 1 Silver badge

                        Re: If you want to stop terrorists, stop sending them money and weapons

                        Wouldn't want your TRVTH questioned, now would we? Sounds like you're trying to start a religion, amfM. ..... jake

                        Quite the contrary, jake, for the more answers you have the bigger picture you see to know whether you be free of or held captive to an authoritarian regime of programs?

                        1. jake Silver badge

                          Re: If you want to stop terrorists, stop sending them money and weapons

                          But programs don't think, so how can they be an "authoritarian regime"? Shirley the concept is EOFed before it even gets off the ground?

                          1. amanfromMars 1 Silver badge

                            Re: If you want to stop terrorists, stop sending them money and weapons

                            But programs don't think, so how can they be an "authoritarian regime"? Shirley the concept is EOFed before it even gets off the ground? ..... jake

                            Programmers and Systems Analysts think ProgramMING, jake, and how IT and AI are to make Greater Good Use of the Virtual Machinery Infrastructure with World Wide Webbed Networks ........ which Channel of Information to and from, ideally, Secret Intelligence Sourced Services, with no one else really knowing about hardly any of what is ongoing, with that being quite normally until they figure things out for themselves or are advised of the situation as it would be impacting upon them and of which they should be aware.

                            Thus does such not permit Ignorance as a Defence for Inaction in a Vital Inquisition of a Virile Viral Acquisition.

                            And out in the Wild, amongst that which and/or those who know what they can now freely do with all of the tools made available to so very many by technology, is it easily overwhelming and sensibly realised an Almighty Gift ....... which may or may not be Fleeting whenever Yours to Exercise as One Pleases.

                            1. jake Silver badge

                              Re: If you want to stop terrorists, stop sending them money and weapons

                              I've been trying to parse yours, and from here it looks like you're drifting in the opposite direction to that which you were aiming at the beginning of this dialog. Any chance of a rephrase? (It's probably me, not you ... Martian syntax gives me a headache.)

                              1. amanfromMars 1 Silver badge

                                If you want to stop terrorists, start sending them money not weapons?*

                                I've been trying to parse yours, and from here it looks like you're drifting in the opposite direction to that which you were aiming at the beginning of this dialog. Any chance of a rephrase? (It's probably me, not you ... Martian syntax gives me a headache.) ... jake

                                I can certainly agree with you there, jake, that it is not me, for we are much further on into similar directions aimed at at the beginning of this dialogue and virtual operations?

                                * The smarter ones are easily bought off/out/in and pleased to be something completely different. The other ones though are the abiding problem which failed systems create to be continually dealt with ineffectively/ineffectually/badly.

  39. Anonymous Coward
    Anonymous Coward

    Fallacies on display...."point-to-point".....backdoors......"keeping us safe"....

    ....using facts not mentioned...

    ...notably that the "bad guys" are using their own ciphers BEFORE the message enters the channel

    ...notably that pre-agreed plain text messages can deliver unknown commands (even when plod is listening all the time)

    ...notably the time asymmetry favouring even poor enciphering by the "bad guys"

    ...notably that the "bad guys" aren't using point-to-point tools (no identifiable IP addresses or personal accounts...no "end" at either end)

    *

    .....and some of us have noticed that MOST of the recent outrages have been perpetrated by "individuals already known to the authorities". Keeping us safe?

  40. Esme

    I used to think the bods at GCHQ were at least competent, even if they were clearly short in the ethics department. But I'm erring towards thinking theyr'e plain stupid nowadays - they'd have to be to think that folks like the commentards here would be likely to change their minds on what is a clear-cut thing - all backdoors are security hazards, and therefore utterly undesirable in any encrypted form of communications. Given that it's pretty likely some GCHQ bods read El Reg - just quit with the stupidity, eh? Or I'll be asking my MP why we pay to have a spy organisation that clearly doesnt know what theyre doing, if what they say on matters like this is anything to go by!*

    *No, of course I don't expect them to actually be that incompetent. I actually think theyre arrogant enough to think that the rest of us are stupid. But I'm utterly pissed off at them for trying to treat the rest of us as fools as well as for their unethical behaviour.

  41. Aussie Doc
    Black Helicopters

    "...for example to stop terrorists."

    Phew!

    For a minute there I thought there was no chance of it being used for anything else.

    My tinfoil hat is just over here.

  42. Aussie Doc
    Pint

    Yeah, sure.

    Let's face it.

    It's all about stopping people from posting memes, isn't it.

    Must be, because I'm pretty sure it's not really about catching terrorists.

    /s

    Anyhoo, way past beer O'clock here in Oz.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019