back to article UK Home Sec: Give us a snoop-around for WhatApp encryption. Don't worry, we won't go into the cloud

The UK government is once again suggesting encryption has no place in citizens' hands, in the wake of revelations that Westminster attacker Khalid Masood was using WhatsApp shortly before murdering pedestrians with his car, and stabbing a police officer to death. While she stopped short of threatening a Brazilian-style …

  1. DJO Silver badge

    Colour me surprised

    A government minister exhibits a fundamental lack of understanding about how encryption works and the inherent problems with backdoors - I'm shocked.

    1. Anonymous Coward
      Anonymous Coward

      Re: Colour me surprised

      "A government minister"

      It's not really a government minister, it's just Amber Rudd.

      But seeing what real government ministers can come out with these days, I'm beginning to wonder what they're putting in the Westminster tea.

      1. Anonymous Coward
        Anonymous Coward

        Re: Colour me surprised

        Saw a rather good description - I think David Mitchell - talking about how few Home Secretaries are in any way sane. He described his view of them as home-ophobia

        1. Anonymous Coward
          Anonymous Coward

          Re: Colour me surprised

          "[...] talking about how few Home Secretaries are in any way sane. "

          IMHO the last sane Home Secretary was Roy Jenkins in the 1960s. His reforms gave hope of a bright new dawn - that definitely turned out to be a false one when Margaret Thatcher came in. No Home Secretary since then has seemed sane - no matter from which party.

          1. Toni the terrible Bronze badge
            Meh

            Re: Colour me surprised

            Being HomeSec used to be the job they gave the person who wanted to be PM and had a lot of influence but was too much of a nut job to be PM. Things went wrong...

      2. Anonymous Coward
        Anonymous Coward

        Re: Colour me surprised

        It's not really a government minister, it's just Amber Rudd.

        And if you look really, really carefully you can see the wires where she's being operated by Theresa May.

        1. Anonymous Coward
          Anonymous Coward

          Re: Colour me surprised

          >And if you look really, really carefully you can see the wires where she's being operated by Theresa May.

          You really think Theresa May has the IQ to operate a puppet *and* breathe at the same time?

          1. Toni the terrible Bronze badge

            Re: Colour me surprised

            Yes, being loopy doesn't necessarily negate puppetmaster skills

    2. JohnMurray

      Re: Colour me surprised

      It's Amber Rudd.

      Not the brightest spark in the fire.

      She probably needed speech tuition to pronounce "encryption"

    3. Mark 85
      Devil

      Re: Colour me surprised

      Ok... her first. Once she has all her comms unencrypted and open to world + dog.... then after a 1 month consultation and wait to see what happens... maybe everyone else will follow suit. </snark>

      1. Anonymous Coward
        Anonymous Coward

        Re: Colour me surprised

        You are assuming that the rules will extend to alt.gov.

        I doubt that very much....

    4. Dan 55 Silver badge
      Facepalm

      Re: Colour me surprised

      "The best people who understand the necessary hashtags to stop this stuff even being put up" is quite impressive, even for a Tory minister.

      I assume this was "file hashes" starting in Cheltenham and going through too many civil servants before getting to Amber Rudd.

      1. hplasm
        WTF?

        Re: Colour me surprised

        I understand 'the hastags'! Give me huge amounts of cash. Don't expect results though- just look on me as a mini-capita or something.

        A couple of million a month should do it.

        1. Roger Kynaston

          EU tender rules

          I'll put a tender in to manage the hashtags and because of inherent efficiencies of my organisation which commercial confidentiality precludes me from disclosing here I can offer to manage the hashtags for £1.5m a month.

          1. Anonymous Coward
            Anonymous Coward

            Re: EU tender rules

            > I'll put a tender in to manage the hashtags and because of inherent efficiencies of my organisation which commercial confidentiality precludes me from disclosing here I can offer to manage the hashtags for £1.5m a month.

            I'll counter-bid with £15m per month, with a promise to reduce costs in a year's time to just £10m per month.

            My bid will win because, in a year's time, a minister will be able to say that he's 'saved' £5m a month.

      2. 's water music

        Re: Colour me surprised

        >> "The best people who understand the necessary hashtags to stop this stuff even being put up" is quite impressive, even for a Tory minister.

        I assume this was "file hashes" starting in Cheltenham and going through too many civil servants before getting to Amber Rudd.

        I lolled to myself and thought that too but then I started wondering which was more likely, that a tech briefing would get slightly garbled somewhere between page and mouth or that minister would want us to think that the solution to terrorism was as simple as Twitter blocking the hashtags #isis and #deathtowesterndemocracy and that because Twitter wouldn't do it was fair game for the gov to wade in and demand en end to encryption. Now I'm off to have a little cry.

        1. TRT Silver badge

          Re: Colour me surprised

          Well, as the private key is presumably held within the WhatsApp application within Bob's phone, then WhatsApp have the power to have that key copied to them given some order from a judge or court or something. I'm not saying it's an acceptable way to behave, it's just all this talk of over-egging the pudding with multiple encryption etc etc when all they need to do is send a command message to the client app to shove the private key back up the pipe, no? I've never trusted any end-to-end encryption to be secure and I wouldn't ever expect it to be for exactly that reason.You need to decrypt it somewhere, and there's absolutely nothing to stop the app writer copying the key used to decrypt it to somewhere else, or to copy the decrypted message somewhere. Now, if it dumped the message into a file on the local storage in a sandboxed directory and I had a second app which held the keys... But even then I'm relying on the integrity of the author of the second app.

      3. Anonymous Coward
        Happy

        Re: understand the necessary hashtags to stop this stuff

        "The best people who understand the necessary hashtags to stop this stuff even being put up" is quite impressive, even for a Tory minister.

        I assume this was "file hashes" starting in Cheltenham and going through too many civil servants before getting to Amber Rudd.

        Perhaps the Internet being something to do with "hashtags" is a simplification for those who cannot grasp the complex technical intricacy of "a series of tubes". After all, Twitter wouldn't work properly without them, so they must be pretty damned critical to the operation of the Internet.

    5. Blank-Reg
      Paris Hilton

      Re: Colour me surprised

      Same load of old guff as the last bunch and the lot before and before etc etc.

      I swear, it seems as though the home office is stuffed with wormtongues who whisper into the ministers ears and they dutifully plod out and spout forth this nonsense and rightly get mocked for it. Far better to find out who keeps telling these hapless ministers that encryption needs weakening and then drum them out of the place before someone actually tries to push it through

      1. Anonymous Coward
        Anonymous Coward

        Re: Colour me surprised

        "find out who keeps telling these hapless ministers that encryption needs weakening"

        That would be Charles Farr, IIRC.

        1. Toni the terrible Bronze badge
          Joke

          Re: Colour me surprised

          Farr Out! at least hopefully

      2. Anonymous Coward
        Anonymous Coward

        Re: Colour me surprised

        "Far better to find out who keeps telling these hapless ministers that encryption needs weakening and then drum them out of the place before someone actually tries to push it through"

        Like Theresa May wanting a carte blanche to make changes to the EU laws that have to be changed into UK law after BREXIT.

        Nothing drastic you understand - just a free hand to bypass Parliament and rewrite the bits she doesn't like - say some of the privacy and human rights ones she says are EU impositions on our sovereignty.

      3. Captain Badmouth
        Happy

        Re: Colour me surprised

        "it seems as though the home office is stuffed with wormtongues who whisper into the ministers ears and they dutifully plod out and spout forth this nonsense..."

        Anyone across the pond care to remind me of the blind city cop who keeps getting sent into awkward stuations by "the commies on the police board".

        You need to have been around in the late 60's.

    6. Androgynous Cupboard Silver badge

      Re: Colour me surprised

      While I think Rudd is, in general, an idiot, what she is describing is technically possible without introducing any technical weakness.

      Communication is normally encrypted with a symmetric cipher like AES256, and the key exchange is done with public keys: device A generates a session key, encrypts it with device B's public key. Only device B can decrypt it, and, therefore the session.

      However it's possible to encrypt the session key again with a second public key. The corresponding private key could be held by WhatsApp, perhaps itself encrypted with a key known only to law enforcement. WhatsApp (or whoever) stores the encrypted chatter between devices, and can decrypt it with that private key as required.

      This is different to the "decrypt the iphone" debate, which is done with a symmetric cipher. Introducing a weakness there introduces it for everyone, not just law enforcement. But where the encryption involves a key exchange between two devices, then allowing a third-party to decrypt communications can be done and, from a purely technical point-of-view, introduces no weakness in security.

      Obviously there are other issues, not least for the company that is likely to see people abandoning any platform that does this for one that doesn't. But that's a different problem.

      (edit: I should add this mechanism is not something I've just dreamt up, it's used by PGP, Acrobat and probably any system that facilitates the encryption of a document or message for multiple parties)

      1. streaky

        Re: Colour me surprised

        However it's possible to encrypt the session key again with a second public key. The corresponding private key could be held by WhatsApp, perhaps itself encrypted with a key known only to law enforcement. WhatsApp (or whoever) stores the encrypted chatter between devices, and can decrypt it with that private key as required.

        The fact you don't understand this is the introduction of a technical weakness is a problem.

        For starters you double the chances of the [a] key leaking - that's a technical weakness that you've introduced. Secondly it's no longer end to end encrypted it's "end to end and we copied your shit and have the key" - at that point the service is *useless* for privacy and people will go elsewhere.

        These services exist because governments and security services can't keep their nose out people's shit - doubling down on that is not going to make it easier for security services it'll make it harder.

        1. Androgynous Cupboard Silver badge

          Re: Colour me surprised

          No. Not a technical weakness. The symmetric key remains encrypted, buy you now have a choice of two public keys to decrypt it. Brute forcing either is impractical, so no technical weakness is created.

          It is clearly still "end-to-end" encrypted, as the message it encrypted on device A and not decrypted until it's read on device B.

          There is clearly an ability for a third-party to decrypt - that's the point - but it's not a technical weakness. Let's be clear, I'm not advocating this system and I am not keen to allow Amber Rudd to read my messages, but criticising he on the grounds of "it can't be done, technically" is incorrect.

          But if you know better, please explain in detail why this is the case - as I just aded to my post, this method is used by PGP amongst others, so I'm sure they would be delighted to hear your analysis.

          1. streaky

            Re: Colour me surprised

            But if you know better, please explain in detail why this is the case - as I just aded to my post, this method is used by PGP amongst others, so I'm sure they would be delighted to hear your analysis.

            What are you talking about. That's not a thing.

            There is clearly an ability for a third-party to decrypt - that's the point - but it's not a technical weakness

            It's a weakness that's been intentionally added by technical means. It's literally the definition of a technical weakness. It's not even a back door; it's a front door. We copy your data and use it as we see fit is not a private communications service any longer. People leave whatsapp and use stuff with even stronger privacy and crypto strength guarantees so they can't break it when applying massive computation to it. Better for the security services? Nope, I don't think so.

      2. Anonymous Coward
        Anonymous Coward

        Re: Colour me surprised

        "However it's possible to encrypt the session key again with a second public key"

        Thanks for pointing out the obvious.

        Now I'll point out the obvious consequence of that, what happens when someone steals the private key held by wahtsfap, or any number of Govt agencies? Don't forget, the UK food standards agency will require a copy too.

        1. Roland6 Silver badge

          Re: Colour me surprised

          Don't forget, the UK food standards agency will require a copy too.

          And all the other organisations listed in the appendices to the Investigatory Powers Act 2016...

          1. Anonymous Coward
            Meh

            Re: Colour me surprised

            Don't forget, the UK food standards agency will require a copy too.

            And all the other organizations listed in the appendices to the Investigatory Powers Act 2016...

            That will be all UK police forces, MI5, MI6, GCHQ, Ministry of Defence, Department of Health, Home Office, Ministry of Justice, National Crime Agency, Her Majesty's Revenue and Customs, Department for Transport, Department of Work and Pensions, all ambulance trusts in the UK, the Common Services Agency of the Scottish Health Service, the Competition and Markets Authority, Criminal Cases Review Comission, Department for Communities in Northern Ireland, Department of Justice in Northern Ireland, the Financial Conduct Agency, all fire and rescue authorities in the UK, Food Standards Agency, Food Standards Scotland, Gambling Commission, Gangmasters and Labour Abuse Authority, Health and Safety Executive, Independent Police Complaints Commission, NHS Business Services Authority, the Office of Communications, Office of the Police Ombudsman for Northern Ireland, Serious Fraud Office.

        2. Anonymous Coward
          Anonymous Coward

          Re: Colour me surprised

          The FSB, Chinese State Security, CIA and any number of other organisations where people wear cheap suits and dark glasses will pour all their efforts into compromising the key holder organisation. Not to mention every hacker in the world.

          The consequences of any breach would be to destroy or fatally undermine confidence in every transaction made by Britons. We could say goodbye to the City and much of our economy.

          1. Androgynous Cupboard Silver badge

            Re: Colour me surprised

            @Dan 55 - may I call you Dan? No need for surnames here.

            My hypothetical example is really just about key management, specifically that you can design a system where it would be impractical for NSA & law enforcement to electronically hack in to read messages without compliance from WhatsApp. You're asking what happens after they have the key, the answer is - of course - security is potentially compromised.

            @John Robson, @Mike Richards and pretty much everyone else.

            Gents, this is a lot of fun but once you get into bribing this guy or rooting that, frankly we're in the world none of us are experts in. There are easier ways to do this, as TRT points out above. I'm simply describing a process where this could be done technically, through legal, if not necessarily moral, channels, without introducing a weakness exploitable by a third party.

            Signing off now, have to iron out bugs in my OCSP verification code. That's the trouble with crypto, it's all in the f*ing details.

            1. Dan 55 Silver badge

              Re: Colour me surprised

              You're asking what happens after they have the key, the answer is - of course - security is potentially compromised.

              Why, then, are we even having a debate if we all know three-way encryption exists but the point is we all know it can be compromised?

              1. Anonymous Coward
                Anonymous Coward

                Re: Colour me surprised @Dan55

                Compromising encryption once you have the key is traditionally called "decryption".

                1. Dan 55 Silver badge

                  Re: Colour me surprised @Dan55

                  You are making a distinction where there is none. Building a system which allows a third party access to messages means that it can be compromised.

                  The fact that a wonderful cryptographic module only decrypted the messages when it was told to by the rest of the (compromised) system and the encryption on the messages was not brute forced is not important.

              2. Tom Paine

                Re: Colour me surprised

                No, no, no. [Good] encryption (by definition) cannot be compromised. The security of the system, through, can be easily compromised by circumventing the crypto.

                I've had reason in the last few days to memorise this: it's Shamir's Third Law of crypto.

          2. Anonymous Coward
            Anonymous Coward

            Re: Colour me surprised

            Hey, the suit aint cheap and neither are our aviator style glasses

        3. Anonymous Coward
          Anonymous Coward

          Re: Colour me surprised

          @AC

          I think you made a typo

          wahtsfap should be "Wait,Fap" for when Watsapp images leak out

      3. F0rdPrefect
        FAIL

        Re: perhaps itself encrypted with a key known only to law enforcement

        Wonder how long that would remain the case?

        1. Androgynous Cupboard Silver badge

          Re: perhaps itself encrypted with a key known only to law enforcement

          My dear Streaky, PGP is very much a thing, You should google it.

          I think we're at cross purposes here. "A weakness added by technical means" is wordplay and not helpful to this discussion.

          Clearly you are upset at the concept of law enforcement having access to comms that you feel should be encrypted for ever until the end of time. That's not unreasonable, but I'm not interested in legislative or emotional arguments. Yes, people will leave a messaging platform that does this. I already made that point in my first post.

          I'll restate my point for clarity. Encrypted communication between two devices could be "backdoored" for law-enforcement without making it easier for a third-party who snoops on the traffic to decrypt. The argument levelled against "backdooring" is that it opens the door for everyone, not just law enforcement, and I am saying that is simply not the case here.

          As I'm clearly playing devils advocate, here's how I would construct the system.

          Law enforcement generate a keypair and send the public key to Whatsapp, and keep the private key in safe. WhatsApp generate a keypair, and use the public key as I've described. They encrypt the private key with law-enforcement's public key, print it out and put it in a safe, then delete the "plaintext" private key. Or, if you prefer, store parts of the printout in multiple safes in multiple jurisdictions, including bank vaults.

          Now to decrypt any communications you need the private key of law enforcement (in their safe), the encrypted comms (on WhatsApps servers) and access to the safes in WhatsApp's offices, which they're only going to open with a court order. It's safe from NSA hacking, it's safe from NSA and Law enforcement acting together, it's safe from WhatsApp acting on their own.

          Of course no system is impenetrable, but if you think this system (if implemented as described) is vulnerable then please tell me how you would do it, either as an over-zealous government, a corrupt law-enforcement official or a third party. Facts please, not hyperbole.

          1. Zippy's Sausage Factory

            Re: perhaps itself encrypted with a key known only to law enforcement

            @Androgynous Cupboard

            You're assuming that the generated "plaintext" private key is always held securely, and I'm not sure that's the case. The insertion of malware onto the generator platform would be the obvious attack surface, and once this was done the automatic "slurping" of all private keys becomes a trivial matter. (Got any "kompromat" on any WhatsApp employees? Just send them a USB stick...)

            Naturally, while domestic law enforcement might play by the rules, I very much doubt foreign intelligence agencies, hacker collectives or criminal enterprises would have much incentive to do the same.

            1. Androgynous Cupboard Silver badge

              Re: perhaps itself encrypted with a key known only to law enforcement

              @Zippy

              In my example system the generated plaintext private key doesn't have to be stored, it can be deleted. But yes, you're right - there's an assumption that this is done properly, and that the NSA weren't running a side-channel attacks on the computer generating the key, or bribing the WhatsApp employee who generated it, or that Facebook are just a front for the CIA/Alien overlords, and so on. But if any of these are the case, we have bigger problems.

              Designing a system to minimize this risk is complex, and it's also quite good fun as a thought exercise, but it's straying from the (really very simple) technical point I am trying to make: a properly implemented backdoor for law enforcement is technically possible without opening that backdoor to everyone. Sorry. I don't like it much either, for what it's worth.

              1. John H Woods Silver badge

                Re: perhaps itself encrypted with a key known only to law enforcement

                "but it's straying from the (really very simple) technical point I am trying to make"

                I think it is more likely that you are being downvoted for trying to teach your grandmother to suck eggs than that anybody here doubts a form of key escrow is technologically feasible.

          2. streaky

            Re: perhaps itself encrypted with a key known only to law enforcement

            My dear Streaky, PGP is very much a thing, You should google it.

            Nono don't misunderstand, I know it's a thing, I'm telling you it doesn't work like you think it does.

            1. Androgynous Cupboard Silver badge

              Re: perhaps itself encrypted with a key known only to law enforcement

              Christ. Go read (and implement, as I have) RFC2315, in particular section 10 (enveloped data), then come back to me. The key words from that section begin with "For each recipient".

          3. John Robson Silver badge

            Re: perhaps itself encrypted with a key known only to law enforcement

            "The argument levelled against "backdooring" is that it opens the door for everyone, not just law enforcement, and I am saying that is simply not the case here.

            "

            I'm sorry - any key with access to that much data will leak.

            You might be better off suggesting that a messaging provider sets up proper encryption, but that by default it copies all messages directly to GCHQ. At least there would be a shred of honesty in there.

          4. Dan 55 Silver badge

            Re: perhaps itself encrypted with a key known only to law enforcement

            Mr/Ms cupboard,

            It's not really safe. How would messages (now stored on WhatsApp's servers instead of deleted upon reception) be read by law enforcement?

            a) The certificate is kept by WhatsApp and law enforcement log into a special server which means the messages are only protected by a username and password or b) the certificate is given to law enforcement and they are in control of it.

            Both methods can be compromised by malware or leaks.

          5. Anonymous Coward
            Anonymous Coward

            Re: perhaps itself encrypted with a key known only to law enforcement

            @Androgynous Cupboard: it's a shame you've had nothing but downvotes, because your idea seems entirely valid, technically if not morally or commercially.

            PGP has always had a feature to allow you to encrypt a message with multiple public keys. If I want to send a message to Alice and Bob, the message is encryptyed with a message key, and the message key is encrypted twice, with Alice's and Bob's public keys. I can then send the same encrypted message to both of them, and they can both recover the message key and decrypt it. You're talking about exactly the same, except you replace Bob with GCHQ.

            My message to Alice and GCHQ is technically no weaker than the message to Alice and Bob, at least in theory. The big assumption of course is that GCHQ have to be at least as good at keeping their private key secret as Alice and Bob are. Now if GCHQ can't manage to steal Alice's private key (that's why they want a back door), then you might assume it should be equally hard for the Chinese or the Russians to steal GCHQ's private key. But more people will have access to GCHQ's private key, and it's a vastly more valuable target than Bob's.

            1. VanguardG

              Re: perhaps itself encrypted with a key known only to law enforcement

              If the history of spies teaches us anything, its that people will spy for foreign powers for ANY reason, and sometimes just for no real reason besides trying to get something over on the government.

              Has anyone stopped to think that maybe these terrorists use these phones and apps specifically to divert attention from other things? "He used Whatsapp! It must've been for terrorist purposes, we need to be able to view everything anyone shares!" Meanwhile, the rest of his terroristic cell, none of whom have used Whatsapp before, are arranging the next attacker to use Facebook right before attacking. The next one will use Snapchat...then LinkedIn. Causing governments to demand more and more erosion of privacy, increasing distrust of government among the governed. That's the real tactic the terrorists are using here - drive a wedge between the people and the government, and the government will have all it can handle with its own people, letting the terrorists have free rein anywhere else they choose to operate.

              And the government is dutifully following the script.

            2. Vic

              Re: perhaps itself encrypted with a key known only to law enforcement

              The big assumption of course is that GCHQ have to be at least as good at keeping their private key secret as Alice and Bob are

              No - you've made two assumptions :-

              • The one you mention
              • That the message sent to GCHQ is indeed the same as the one you sent to Alice

              The first of these we know to be false straight off the bat - look at the CIA and NSA leaks to show how they actually aren't all that good at keeping secrets. And it gets worse once you need international cooperation - because that means giving all the keys to the Russians, the Syrians, the Iranians, the North Koreans, etc. Failure to do so would mean you don't get their cooperation - and guess where all the traffic goes instead.

              The second is a fundamental flaw in that it requires the bad guys to play by the rules in order to catch them - so Bob sends a message to Alice that says "Attack at Dawn", whereas GCHQ gets one that says "Mary had a little lamb". Bob *swears* both messages have the same content.

              So what we're left with is a system that is fundamentally less secure for everyone and no use whatsoever for catching bad guys.

              Vic.

          6. Anonymous Coward
            Anonymous Coward

            Re: perhaps itself encrypted with a key known only to law enforcement

            Do you remember Snowdon? Perhaps that was too long ago: do you remember the CIA leaks that are currently being dribbled out?

            Here's the thing: information leaks from law enforcement agencies. And when this super-secret key leaks, which it will, *every bit of communication it protected is now plain text*.

            Seriously, you need to think a bit harder about this, because you are looking silly here.

          7. MMalik

            Re: perhaps itself encrypted with a key known only to law enforcement

            "I'll restate my point for clarity. Encrypted communication between two devices could be "backdoored" for law-enforcement without making it easier for a third-party who snoops on the traffic to decrypt."

            You can state "Two plus two make five." as frequently and clearly as you like, but that does not affect the fact that two plus two makes four.

            You are proposing a system with a master backdoor key that can be deliberately stolen or accidentally leaked. A system with a master backdoor key that can be deliberately stolen or accidentally leaked is less secure than a system without a master backdoor key that can be deliberately stolen or accidentally leaked. QED.

      4. MMalik

        Re: Colour me surprised

        Nonsense. This suggestion introduces a gaping hole in security -- all a hacker needs to do is get into the system where the private key is stored (or suborn one of the bureaucratic drones in charge of it) and he has unlimited access to everything.

        The correct solution is for governments to recognize that they'll have to adapt to the new environment and use techniques that aren't affected by end-to-end encryption (hack into suspects' phones and computers to access traffic outside the encryption envelope, plant shoulder-surf spycams to snoop suspects' passwords, good old-fashioned shoe-leather investigation, etc). The government desk jockeys don't like this idea because it means 1)doing actual work instead of just pushing a few buttons and 2)because it involves actual work, they're limited to monitoring actual suspicious characters instead of snooping on everybody. Too bad.

        1. Androgynous Cupboard Silver badge

          Re: Colour me surprised

          Vast numbers of comments on this thread presume that just because a desirable public key is in existence, it will leak. If this were the case the banking system would have crumbled years ago and your digital passports would all have long been cloned, yet mysteriously this isn't the case. "All a hacker needs to do is get into the system" comes from an absurdly simplified view that everything is stored online, no doubt on a Windows 95 box protected with "password" like you see on the telly. That's just not how it works, and (@MMalik et al) if you'd bothered to read my post you would see it's not what I described.

          Properly designed, properly implemented secure systems can and do exist, and the fact we're in the era of both the "Internet of Shit" and some very high profile recent data breaches doesn't negate that. Both Manning and Snowden walked away with data because it was available to download, and because they were trusted to do so; that was the problem. You need to first get that shit offline, and then start with a complete lack of trust between all parties to do this properly. If nothing else I think we can agree we have that already.

          Enough with the "what about the l33t hackerz" replies please. This isn't slashdot.

    7. Oh Homer
      Headmaster

      I wonder how...

      ... our totalitarian rulers propose to ban, circumvent or backdoor open source communication tools like Bitmessage and ChatSecure?

      The problem with such Draconian measures is, as with DRM, that they just inconvenience the law-abiding masses, while the actual criminals/terrorists carry on regardless.

      1. streaky

        Re: I wonder how...

        I'm already using bitmessage and I have the source backed up, so they can do what the f they like. On a technical level the things being discussed are absurd. Nothing said by Rudd passes the laugh test.

    8. This post has been deleted by its author

    9. Anonymous Coward
      Anonymous Coward

      Re: Colour me surprised

      Amber Rudd: Cheltenham Ladies' College, followed by History at Edinburgh.

      Andrew Marr: Loretto School (an independent school in Musselburgh, East Lothian), followed by English at Cambridge.

      And you're surprised that an interview between those two involved no coherent questioning and a total lack of understanding of encryption, secure messaging, and related subjects?

  2. SkippyBing

    Presumably someone briefs her on these things. Obviously they hate her.

    1. gandalfcn Silver badge

      " Obviously they hate her."

      And are aware she knows and understands less than a pissed galah.

      1. Adrian 4

        And are aware that the level of encryption now becoming widespread is a direct result of invasive government spying.

  3. Anonymous Coward
    Anonymous Coward

    Same script, different face

    This little speech was written in anticipation of this latest inevitable attack.

    1. allthecoolshortnamesweretaken

      Re: Same script, different face

      I think they have generic statements ready to be updated and used within minutes. Like news outlets have obituaries etc for A-celebrities etc ready (it always used to be the first job a new intern had to do, update those to keep them current). Or very much something like this.

      1. fidodogbreath

        Re: Same script, different face

        I think they have generic statements ready to be updated and used within minutes.

        That's how the execrable USA PATRIOT act was rammed through. It was written far in advance, and saved until an appropriate crisis occurred.

        1. Bloodbeastterror

          Re: Same script, different face

          "It was written far in advance, and saved until an appropriate crisis occurred."

          Entirely correct.

          Once again I can't recommend highly enough that you read Naomi Klein's The Shock Doctrine. If you get to the end without your blood boiling, you haven't read it properly.

        2. Dan 55 Silver badge

          Re: Same script, different face

          Ex-cyber security chief says Government is 'using' Westminster attack to grab unnecessary spying powers

          Major General Jonathan Shaw said decrypting social media messages would see terrorists use other secure methods to communicate

    2. Voland's right hand Silver badge

      Re: Same script, different face

      So, if he used sms or a call before the act (like for example the Paris attackers) we would have banned SMS?

      Did they have a IQ 80 selection bar on this government or something?

      Also, even if the message was not encrypted - who cares. What would have been interesting would have been his communications if he was under instructions. That is clear - he was not.

      If he was under instruction from IS, Al Qaeda or another similar outfit, he would have chosen a different car. Modern consumer cars even if they look big and "brutal" have significant pedestrian protection as well several other features designed to minimize damage in an accident. It is extremely difficult to kill multiple persons with most of them "on purpose" (the results of the accident show that quite clearly too).

      So the fact that we cannot decrypt that ONE message which she is using a reason for pulling the speech her predecessor long prepared in the drawer for her is irrelevant. The maimed would have still been maimed. The dead would have still be dead regardless of us knowing the content.

      1. Steve the Cynic

        Re: Same script, different face

        "he would have chosen a different car"

        He would indeed. Of the type spelled "lorry". (Sounds facetious, but it's not.)

        1. Anonymous Coward
          Anonymous Coward

          Re: Same script, different face

          "He would indeed. Of the type spelled "lorry"."

          Simple solution for a government minister then - ban all cars and lorries. Even horses and carts can do real damage - so let's make it only pedal bicycles, rickshaws, and possibly put-puts are allowed to be used by the public.

          A useful by-product will be the saving of many of the 1,732 lives lost to Great Britain road accidents in 2015. Not to mention the 186,209 casualties of all severities.

  4. Len Goddard

    Excuses

    Anything serves as an excuse in this ridiculous debate. It is quite sickening.

  5. noddybollock
    Headmaster

    Not done any homework has she.

    1. Voland's right hand Silver badge

      She is just testiculating (talking bollocks while gesticulating wildly).

      I wish I could ignore her.

      Unfortunately, we live in a time when testiculating idiots like her set the rules under which normal people have to live.

  6. Carl Thomas

    Key Escrow

    Like the zombie that just keeps returning, key escrow is back on the radar.

    1. Anonymous Coward
      Anonymous Coward

      Re: Key Escrow

      They could probably persuade trump to throw in the Clipper chip with the trade deal they're cooking up. It'll be a good fit.

      1. Anonymous Coward
        Childcatcher

        Re: Key Escrow

        "They could probably persuade trump to throw in the Clipper chip with the trade deal they're cooking up. It'll be a good fit."

        So how do I load the driver for this Clipper chip thing into say OpenVPN? What happens if I don't?

        Times have moved on since Mr Clinton was running the show across the pond. Nowadays I look sideways at things like iDRAC and iLO. No need to fear the Clipper - those beasts are far more scary.

  7. fidodogbreath

    “there should be no place for terrorists to hide”

    Which, unfortunately, also means there can be no place for passwords to hide during logins, no place for banking or health data to hide in transit, etc.

    Apparently the UK and US government position is that the sheeple have to accept the 100% chance of being cyber crime victims in trade for protection from the .0001% chance of being affected by a terrorist attack.

    1. Anonymous Coward
      Anonymous Coward

      Many wont accept it, get ready for a gov U Turn on this when they realise how impossible this will be, make good PR tho

      1. Anonymous Coward
        Anonymous Coward

        Many won't accept it - but not enough.

        This will be forced on us under the cover of protection from terrorists and paedophiles. Anyone resisting will be labelled a sympathiser. But the biggest problem is that most people won't care.

        1. Anonymous Coward
          Anonymous Coward

          Re: Many won't accept it - but not enough.

          Well many do care but also it would be next to impossible to enforce this type of law. The gov can try to force it on us but they dont even understand what they are doing in the first place so I see them backtracking soon.

        2. amanfromMars 1 Silver badge

          Many don't accept it - and enough is enough and no more nonsense will be tolerated ‽ .

          This will be forced on us under the cover of protection from terrorists and paedophiles. Anyone resisting will be labelled a sympathiser. But the biggest problem is that most people won't care..... Anonymous Coward

          Howdy, AC,

          Governments' bigger and rapidly expanding problem is that more than just a smarter few do care and would have both the inclination and the wherewithal to expose and deride the terrorist/paedophile justifications for such draconian self-preservationisms as all wannabe absolute emperor and glorious leader types profess and express to be vital for the greater general wellbeing, when it really revolves around everything staying very much the same in order to preserve the advantages and riches gained by that and those they take their orders from.

          It aint rocket science to see and understand the smoke and mirrors desperately employed by such oxymorons to maintain an elite exclusive executive class of austere day traders releasing debt into systems to confiscate assets and destroy prime novel futures with the creation of ignorant slaves to fiat paper production .... aka Quantitative Easing for all those Ponzis on Steroids.

          Please note there are no questions trailed there. Such things as are there mentioned, are as is. And they are as nectar of the gods to radical fundamentalists of every hue and cry, too.

      2. Loyal Commenter Silver badge

        get ready for a gov U Turn on this when they realise how impossible this will be

        *cough* brexit *cough*

      3. Toni the terrible Bronze badge

        "Many wont accept it, get ready for a gov U Turn on this when they realise how impossible this will be, make good PR tho"

        Ah, but it will take a while and a few banking scandals and even then they will never admit it was their fault

    2. Mark 85

      Apparently the UK and US government position is that the sheeple have to accept the 100% chance of being cyber crime victims in trade for protection from the .0001% chance of being affected by a terrorist attack.

      I think it's more like we're all suspected criminals and need to be watched. But then if the governments watch us will they have any time left to watch the criminals?

      1. LaeMing
        Go

        Watching the criminals is easy - just install a small shaving mirror on each minister's desk.

      2. mistersaxon

        Deadworld ahoy

        All crime isss committed by the living, therefore life itsself isss a crime. Prepare to be Judged!

        1. Loyal Commenter Silver badge

          Re: Deadworld ahoy

          All crime isss committed by the living, therefore life itsself isss a crime. Prepare to be Judged!

          Fooooolsss! You cannot kill what doesss not liiive!

          1. TRT Silver badge

            Re: Fooooolsss! You cannot kill what doesss not liiive!

            If it bleeds, we can kill it.

        2. Toni the terrible Bronze badge

          Re: Deadworld ahoy

          Now dont be daft there is Satan & all the devilish cohorts - not normally thought to be alive in our sense, then there are Zombies eating peoples Brains while the victim is alive (must be murder)

          1. LaeMing
            Headmaster

            Re: Deadworld ahoy

            A zombie can kill you, but it can't 'murder' you any more than a run-away trolley car can 'murder' you.

      3. Toni the terrible Bronze badge
        Trollface

        Sus Crims

        In a Police State there are only two types of citizen; criminals and criminals that havent yet been caught, so watching everyone is only reasonable.

    3. Mark 65

      Given she wants "no place for terrorists to hide", will she also be banning wardrobes?

      1. 's water music

        Given she wants "no place for terrorists to hide", will she also be banning wardrobes?

        Presumably the wardrobes could be dismantled and recycled as bed skirts. Double win.

      2. I am the liquor
        Big Brother

        "Given she wants "no place for terrorists to hide", will she also be banning wardrobes?"

        And curtains. You don't know what's going on behind drawn curtains. Could be terrorists. If you've nothing to hide, you've nothing to fear.

  8. cantankerous swineherd

    so I write a letter in code, Rudd steams it open. sounds OK to me.

    incidentally, how the actual fuck do we know matey boy used WhatsApp before the attack? a copper went nudge nudge wink wink to a tame journo? they've got his phone and WhatsApp installed?

    1. Ogi

      > incidentally, how the actual fuck do we know matey boy used WhatsApp before the attack? a copper went nudge nudge wink wink to a tame journo? they've got his phone and WhatsApp installed?

      A far more interesting question, that few have asked so far. I asked myself the same question. From what I have gathered, the arrests in Birmingham happened directly because the attacker sent two whats-app messages to contacts at those addresses before he did his deed.

      This leads me to think that they probably had the "metadata" (i.e. they were doing real time scanning of the whatsapp network to see who is messaging who), but are unable to decipher the messages themselves.

      So now they want to decrypt the messages to find out if the people they arrested were in on the attack, or just unfortunate people who he texted last (maybe to say good bye or something).

      Unless they knew in advance an attack was going to happen, I can only assume they are constantly monitoring who is talking to who on whatsapp, and (for the moment at least) it seems they can't actually read the message contents. Facebook can provide them with access to the network, but the enctyption is still client side "end-to-end".

      Perhaps a future version of whatsapp will be crippled by fb, not unlike how MS crippled Skype after they purchased it.

      1. Anonymous Coward
        Anonymous Coward

        "Perhaps a future version of whatsapp will be crippled by fb, not unlike how MS crippled Skype after they purchased it."

        Wont people just move to Signal or Telegram?

        1. Mark 85

          Wont people just move to Signal or Telegram?

          No one would dare by government logic. If it's illegal to use these then by their standards, only crims will use them.

          1. Anonymous Coward
            Anonymous Coward

            I think its unlikely they will make them illegal.

      2. Nick Kew

        Upvote for the thinking, but I don't think constant monitoring is implied. The information more likely came from his phone network's and ISP's logs of his activity (which they'll have demanded and the companies won't have made any serious efforts to oppose), and anywhere that may have led.

        1. Anonymous Coward
          Anonymous Coward

          "he companies won't have made any serious efforts to oppose"

          In this case, why should they oppose?

          1. Nick Kew

            Re: "he companies won't have made any serious efforts to oppose"

            In this case, why should they oppose?

            Because they respect their user's privacy. Because data protection says they can't just give it away.

            I don't know if the spooks can just demand the data, but if they knocked on my door I'd expect them to come armed with an emergency court order (unless my lawyer reassured me otherwise - note that both the door and the lawyer are hypothetical, as I'm not in charge of that kind of data).

            What I think it's unlikely anyone would do is to oppose an application for a court order!

      3. Anonymous Coward
        Anonymous Coward

        Or more likely and prosaically they have his phone and unlocked it and have seen the message, and this entire rumpus is the home office trying to use current events to push their usual agenda.

      4. Nondescript Figure

        RIPA?

        Presumably they've arrested the people he was communicating with - therefore under RIPA they can compel these people to unlock their phones to show the messages? Unless they deleted the messages. But assuming he didn't destroy his phone and they have it... Backing up the phone so you have the original copy and then attempting a brute force on the copies shouldn't take too long to unlock it. Unless EVERYONE deleted the messages on all their devices. In which case you're shit out of luck.

        Maybe instead of focusing on fundamentally weakening encryption they should instead ask the question of why, given all the money and resources and legislation thrown at the security services, they failed so badly in this particular case? The security services have been given almost everything they ask for and still they find a way to point the finger at something else.

        Maybe - like all other crimes - you can't prevent terrorism all the time. Some things slip through the cracks and, although horrifying, we have to learn to accept that much like a road traffic accident there is a small chance that it may happen. We force people to pass tests to drive but we don't have cameras installed in every car monitoring everything the driver does. We don't limit every car to the NSL even though there's ample evidence of people speeding.

      5. Prosthetic Conscience
        Unhappy

        I read somewhere comps knew he was 'connected to whatsapp servers' shortly before the attack. (meaning he had data enabled yay.. top police work) Plus he's a resident in the UK and they are Police of course they'll immediately start following up on leads based on his personal relationships, it doesn't necessarily mean they knew he contacted those people. Also how was his phone unlocked for them to see his contacts? Could've just extrapolated that off SMS history from the providers and saw the numbers also happen to have whatsapp accounts associated with them come to think of it.

    2. Anonymous Coward
      Anonymous Coward

      > "how the actual f*&% do we know matey boy used WhatsApp"

      At this point, I simply assume that anything coming out of a conservative minister's mouth is utter bullshit.

      He'd probably never even heard of WhatsApp

      1. Bloodbeastterror

        Re: > "how the actual f*&% do we know matey boy used WhatsApp"

        "assume that anything coming out of a government minister's mouth is utter bullshit"

        FTFY... :-)

    3. Anonymous Coward
      Anonymous Coward

      incidentally, how the actual fuck do we know matey boy used WhatsApp before the attack?

      WhatsApp is tied to phone numbers, so I presume they have custody of the phone and used WhatsApp meta data to track back the comms.

      Let me repeat this for clarity: you don't always need to have the content of a message. Sometimes the meta data is far more revealing, and that is typically almost never properly protected.

      It's one of the major reasons why I have never even *thought* about installing WhatsApp: earlier versions were known to simply ship your entire address book to their servers instead of just the hashes, and in my opinion it's nobody's business who I have the numbers of (and I certainly don't want to have the new owner have his grubby paws on that data).

      What's more, I'm also not impressed by companies working out potential relationships, and that is something that practically all Messenger apps generate. As soon as an app allows you to select people from your addresses that also use the app you have a potential meta data collection on your hands. Granted, for most people it's hard to use such a service otherwise, but be aware of this risk.

    4. John Watts

      It's entirely possible they found his driving licence in his pocket and tapped in the first four digits of his date of birth when the pin-code came up or traced the greasy geometric smudge mark superimposed on the nine dot grid. You don't always need GCHQ to get past a mobile phone's security.

      Once you're in, you just have to open the most recent conversations (conveniently placed at the top of the list). End-to-end encryption is great but isn't much good when someone's staring at one of the ends.

  9. Norman Nescio Silver badge

    Sigh

    Terrorists will continue to be able to make use of One Time Pads; and indeed pre-arranged code phrases, neither of which are susceptible to cryptanalytic back doors.

    As other commentators have pointed out, knowing who the suspect is communicating with is probably of more importance

    1. John Brown (no body) Silver badge

      Re: Sigh

      Yup, so many ways to hide a message, especially short ones

      Message to Amber Rudd

      148,23,9

      1,5,3

      Now, if I told her that was page, line, word and the title of the book in question, someone could decode it for her and tell her it read "fuck off". (I doubt she could figure it out for herself even with instructions)

      1. creepy gecko

        Re: Sigh

        "Message to Amber Rudd"

        Oddly enough I guessed that "Fuck Off" might be the message.

        I obviously have a career ahead of me as a cryptographer (until the fuckwits in the UK Guvmint make cryptography illegal).

        1. This post has been deleted by its author

      2. davemcwish
        Coat

        Re: How long...

        She watches Sherlock you know so has probably suggested that to the spooks.

        Mines the one with the wrong "A-Z" in the pocket just to confuse them.

    2. gnasher729 Silver badge

      Re: Sigh

      "Terrorists will continue to be able to make use of One Time Pads; and indeed pre-arranged code phrases, neither of which are susceptible to cryptanalytic back doors."

      They don't need one-time pads: Diffie-Hellman and RSA are both quite simple, and modern phones are fast enough to use them with with an implementation created by a slightly talented amateur. It would be slow, but uncrackable. It doesn't have to be fast enough to stream video in real time, right?

  10. Frumious Bandersnatch

    as quoted in the Guardian

    > The home secretary said it was “completely unacceptable” that

    > the government could not read messages protected by end-to-end

    > encryption

    https://www.theguardian.com/technology/2017/mar/26/intelligence-services-access-whatsapp-amber-rudd-westminster-attack-encrypted-messaging

    So not only was the cloud-related stuff as mentioned in the article here a bit fluffy, but so is the secretary's grasp of what "end-to-end" encryption means. If WhatsApp is actually end-to-end, then what the hell is ranting to the company going to achieve: they surely wouldn't be able to decrypt it even if they wanted to.

    1. Dan 55 Silver badge

      Re: as quoted in the Guardian

      The point is that she (or her puppet masters) want end-to-end encryption to be removed.

      Would this have allowed to the government to intervene when he sent the messages and before the incident? Would it bollocks.

      1. gandalfcn Silver badge

        Re: as quoted in the Guardian

        "Would this have allowed to the government to intervene when he sent the messages and before the incident? Would it bollocks."

        But Nige the Flange says it would. Dog. Tail, Wag?

  11. Anonymous Coward
    Anonymous Coward

    Here we go again. The 'Claire Perry Test'

    The 'Perry' test : do MPs know what they are talking about with regards tech stuff.

    Amber Rudd, PC MP. Father stockbroker, mother Marchioness Coynyngham. Amber is a direct descendant of Charles 2, from one of his many bastard children. Cheltenham Ladies College, Edinburgh Uni, read History. Worked for JP Morgan, unbelievably 'aristocracy coordinator' on 4 weddings and a funeral, founded a company to look for Zinc in Peru : didn't find any. Director of 2 companies in Bahamas. Hopeless first attempt at becoming an MP in Liverpool, elevated to tory 'A List' (which gives priority to people without penises) scraped home with paper thin majority in 2010 to the lucky citizens of Hastings. Stumbled around a variety of government departments, basically making a mess of things since then.

    Perry test : failed. Yet again, minister, this time one holding one of the great offices of state, hopelessly out of their depth when talking about something even slightly technological. Not just tech stuff : one has to wonder what this person is doing as home secretary. She's completely fucking useless from what I can tell.

    1. P. Lee

      Re: Here we go again. The 'Claire Perry Test'

      >Perry test : failed. Yet again, minister, this time one holding one of the great offices of state, hopelessly out of their depth when talking about something even slightly technological.

      I think you've missed the point. Government is mostly about keeping the media managers happy while building up business contacts and accumulating favours owed to you by those with the real money. That's why you get the same messages coming out of governments of all stripes. They no longer believe in different things, they just try to keep a couple of USP's so that people will vote for them.

      I doubt she's stupid, she just has the impossible job of saying two contradictory things so that she can sound as if the government is doing something. Techies know that "no place for a "terrorist to hide" is exactly the same as "no place for anything to be private" but surely we also know that the the government is never going to come out and say that. Even if the sensible newspapers agreed with us about the defeat of encryption there would be howls of outrage, calls to ditch the "powerless, lame-duck government" and to "do something!" from those who never have to justify their words or work through the issues. It would be lapped up by those (probably the majority) of people who read newspapers not to be informed, but to confirm their own pre-existing viewpoint.

      Therefore, the requirement is for completely safe righteous indignation. So WhatsApp is picked because (a) its trivial, (b) there is no chance of actually having to achieve anything with it and (c) it isn't anti-Islamic to attack WhatsApp, so you don't get labelled "racist" by the soundbite media.

      Should we dig a little deeper? Was Khalid Masood a "terrorist"? Did he make any demands? Was he using fear to advance a political agenda? The government's own definition states:

      "the use or threat is made for the purpose of advancing a political,

      religious or ideological cause." (https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/228856/7052.pdf)

      He was certainly murderous, but was he doing any of the above? The police have already said that he was working alone, so unless he has a one-man religion or political or ideological group, he wasn't a terrorist and his communication is irrelevant. So we get canned statements which sound vaguely relevant but don't require any action. "All sound and fury, signifying nothing."

      That doesn't mean the government action is harmless, but we do need to not be under the illusion that it has anything to do with Khalid Masood.

      1. Anonymous Coward
        Anonymous Coward

        Re: Here we go again. The 'Claire Perry Test'

        @ P.Lee - agree with virtually everything here, except can we not indulge this man by using his chosen name? He was named Adrian Elms at birth.

      2. Toni the terrible Bronze badge
        Facepalm

        Re: Here we go again. The 'Claire Perry Test'

        I think you are clikely correct about Massod. He was a madman/nut job with suicidal intent who just happened to be Muslim; & therefore must be a terrorist. And so is grist to the Amber-May mill.

        We have had white non-muslim nutters in this country that murdered schoolkids for no sane reason, were they then terrorists? What ISIL/Daesh said later means nothing, they like to claim responsibility.

    2. creepy gecko

      Re: Here we go again. The 'Claire Perry Test'

      @nick_rampart

      ..."founded a company to look for Zinc in Peru : didn't find any"

      I actually LoL'd at this. Thank you for making Monday AM a little easier.

      1. Anonymous Coward
        Anonymous Coward

        Re: Here we go again. The 'Claire Perry Test'

        Do you realise how hard it is not to find zinc in Peru? That takes a special skill.

        1. Anonymous Coward
          Anonymous Coward

          Re: Here we go again. The 'Claire Perry Test'

          "Do you realise how hard it is not to find zinc in Peru? That takes a special skill."

          Unless that's the point for tax avoidance purposes? Fail to find zinc > fail to turn a profit > win a tidy little tax offset courtesy of the actual taxpayers. Or however it actually works.

    3. Doctor Syntax Silver badge

      Re: Here we go again. The 'Claire Perry Test'

      "Not just tech stuff : one has to wonder what this person is doing as home secretary."

      Don't you realise that this is the Home Office's main requirement of a Home Sec? They have to be so devoid of any relevant knowledge that they can parrot whatever they're told without showing any signs of cognitive dissonance and remain totally brainwashed even on being promoted to PM.

    4. Anonymous Coward
      Anonymous Coward

      Re: Here we go again. The 'Claire Perry Test'

      'Not just tech stuff : one has to wonder what this person is doing as home secretary. She's completely fucking useless from what I can tell.'

      The point of a Home Secretary is to act as a plausibly deniable method by which Home Office mandarins can implement their pet schemes. They've had this sort of proposal on the books for years (see also ID cards and key disclosure), they've just been waiting for someone suitable stupid and craven to be appointed to the position.

      There's also definitely something in the water supply to the Home Office that relatively sane people go in and come out raving like Daily Mail columnists on mescaline.

  12. David Pearce

    What happened to his phone? If the police have that they have an end point of the E2EE and even if he deleted messages, they can still be recovered

  13. Anonymous Coward
    Anonymous Coward

    Halcyon visions of yesteryear

    "Rudd invoked an era where a warrant would let law enforcement “steam open envelopes, or just listen in on phones, when they wanted to find out what people were doing”."

    ... and coppers said "'ello, 'ello, 'ello" and looked like George Dixon.Like most of her party, Rudd seems to exist in some weird simulation of a very Tory past overlaid on the present, with a concept of the future that seeks to reconcile the two. Even by the usual barrel scraping HomeSec standards she comes across as abnormally clueless - what on earth was that "situations" stuff peppered across the interview?

    They'll do this eventually because they simply don't get why they shouldn't.

    1. Adam 52 Silver badge

      Re: Halcyon visions of yesteryear

      This is the disingenuous bit that annoys me. Masood wasn't on anyone's watch list. He just a small town thug that came completely out of nowhere. So there wouldn't have been a warrant for his post, email, Facebook or anything.

      1. Doctor Syntax Silver badge

        Re: Halcyon visions of yesteryear

        "Masood wasn't on anyone's watch list. He just a small town thug that came completely out of nowhere."

        The reports I saw said that he was known from being on the fringes of some previous case but wasn't considered important. If this is the case we have yet another instance of the intelligence services being able to follow up on someone they did know about whilst trying to keep an eye on everyone in the country. Maybe a more focussed approach would be more practical.

        1. MJI Silver badge

          Re: Halcyon visions of yesteryear

          But Elms was a really nasty piece of work, but looking at recent events I would say that nutters recruited by extremist nutters is a really important thing to watch.

          Lee Rigby killers and Elms are both of this type.

  14. Your alien overlord - fear me

    Why are terrorists being favoured here? What about drug dealers/users and paedo rings. Shouldn't the gov't be allowed to break into those groups or would it be too embarrassing to find all the MPs/Lords using those services?

    1. Anonymous Coward
      Anonymous Coward

      Leaker!! That's next weeks press release!

      1. John Brown (no body) Silver badge

        "That's next weeks press release!"

        Another El Reg exclusive?

  15. Syntax Error

    Knee

    Knee-jerk reaction from politician and plod. Only to be expected.

    Seems surveillance of the population doesn't always work in preventing terrorism if thats what you call it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Knee

      I used to work for the HO. Surveillance has always been about the part of the population that threatens the people in charge. These are not normally the majority of the people you are allowed to vote for.

      It used to be stroppy labourers after the black death, Catholics, nonconformists generally, Chartists, the Irish, then socialists/communists, pacifists, animal rightists, and now Muslims.

      Anon, although they probably know who I am...

      1. 's water music
        Coat

        Re: Knee

        I used to work for the HO. Surveillance[...]used to be stroppy labourers after the black death, Catholics, nonconformists generally, Chartists, the Irish, then socialists/communists, pacifists, animal rightists, and now Muslims.

        Anon, although they probably know who I am...

        The one with the most long service awards ?

  16. big_D Silver badge

    such applications give terrorists a "place to hide".

    Such applications give normal people a place to communicate without being overheard by hackers...

    And removing encryption would mean the end of the internet. Without it, there would be no online banking, no online retail and no communication tools for businesses or teams.

    If they want to go this route, then they need to ban fertilizer, diesel, petrol, alarm clocks, mobile phone, card, trucks, computers, knives, guns and dozens of other every day items that are essential to everyday life, because they could also be used by terrorists.

    If a politician doesn't understand a subject, such as the applied mathematics used in crypto, they should not be allowed to make such stupid comments about it. Apply that to all areas where they poke their noses in and the world would be a much more sensible, and quieter place.

    1. Neil Barnes Silver badge

      then they need to ban

      don't forget hands, elbows, feet, knees... a knowledge of unarmed combat is *obviously* illegal. Oh, and teeth. you might bite someone to death.

      There is absolutely *nothing* you can do against someone who is determined to kill and is prepared - willing - to kill himself while doing it.

      It's a terrible irony that in order to hold a rational conversation with a member of a government, you first need to remove that member from the conversation.

    2. creepy gecko
      FAIL

      Vehicle hire...

      @big_D

      Over the weekend I read a suggestion from one genius that all car hire companies should have to ask their customers the reasons for hiring a vehicle. Apparently this would prevent future similar terrorist incidents.

      Sales Clerk. "What is the proposed purpose of this vehicle hire?"

      Terrorist. "I am a jihadist, and intend to carry out a terrorist attack against non-believers".

      Sales Clerk. "OK Sir. Can you sign each page at the bottom where I've marked X. The pink copy is yours. You'll need to bring that back when you return the car. If you can take a seat over there for a few minutes, I've just to to ring PC Plod at the police station. Just an administrative thing. Shouldn't take too long."

  17. Anonymous Coward
    Anonymous Coward

    In a crisis, politicians have to be seen to "do something"

    This is "something". It doesn't matter if it is practical or even possible. They can talk about it, wait for the heat to die down, and if asked about it six months from now say "we are studying the issue".

    Even if the ones in charge are not technically competent enough to understand why encryption where the government controls the keys is impractical (especially in a place like the UK where none of the companies making the phones or the software are resident) the wonks working for them do. There will never be a serious effort to revive the Clipper chip - that ship sailed once public key encryption went open source and patent free.

    1. gnasher729 Silver badge

      Re: In a crisis, politicians have to be seen to "do something"

      "Even if the ones in charge are not technically competent enough to understand why encryption where the government controls the keys is impractical"

      I know that with iMessage, Apple doesn't hold any keys. And WhatsApp probably uses the exact same approach, because it is just reasonable: Phone A wants to talk to Phone B. It calls the service, the service calls Phone B and asks for B's public key and sends it to A. A encrypts with B's public key, the service sends it to B, and B decrypts it with B's private key. Nobody but B knows or will ever know the private key. The service in the middle was never, ever capable of decrypting the message.

      There are no keys that WhatsApp could hand over to the government.

      1. Anonymous Coward
        Anonymous Coward

        Re: In a crisis, politicians have to be seen to "do something"

        If the government was going to require key escrow, iMessage et al to centrally manage keys so they could give half to the government or whatever braindead scheme politicians might concoct.

        The argument "but we don't control the keys so we can't give them to you" would be met with "then your product is not approved for sale or use in our country", if a government was inclined to crack down on encryption it couldn't control.

        People would be forced to use open source products, or let the government access their encrypted data.

  18. Anonymous Coward
    Anonymous Coward

    More Tory Stasi Party nonsense

    The state using people being hurt and killed to justify mass surveillance. The 'terrorists' have won.

    1. Anonymous Coward
      Anonymous Coward

      Re: More Tory Stasi Party nonsense

      The RIAA/MPAA have won.

      FTFY.

    2. Toni the terrible Bronze badge

      Re: More Tory Stasi Party nonsense

      Used to be called 'waving the bloody shirt' some decades agho

  19. Lee D Silver badge

    "UK minister wants snoop-around for encrypted messaging"

    Meanwhile, encrypted messaging is designed to be an anti-sneak-around for everyone, including UK ministers.

    I find it funny that, 20-30 years after the PGP cases, and 60 years after the Enigma, we're still having the same conversation.

    And though Whatsapp is "convenient", there's nothing stopping anyone using encryption technology way outside the reach of the security services via ANY service whatsoever.

    Honestly, any decent terrorist who was trying to hide their movements wouldn't be using Whatsapp, they'll just have a bunch of encrypted shared files on some website/cloud that only each individual concerned knows the private key for. Hell, they may well even have their public keys stored in the public key stores on the net.

    If you have any brains, you don't reinvent the wheel, or rely on a third-party service, when your life is on the line.

  20. Anonymous Coward
    Anonymous Coward

    Some saddo with violent tendencies loses the plot and kills people and because he calls himself by an Arabic sounding name it must be a terrorist attack by Islamist extremists. What if he just got a WhatsApp msg from his woman saying she just shagged his best mate? Guys have been known to flip out over such things. Maybe she'll own up and then the security services can stop being outraged because they can't read his messages.

    1. Anonymous Coward
      Anonymous Coward

      AC: "Some saddo.."

      Yeah, of course, argument with his girlfriend and his first thought was "rampage at HoC and stab a copper!"

      Are you really that brainwashed or that much of a virtue signalling SJW that you're running with the "ISIS is nothing to do with islam" rote? The religion of peace can't even live in peace with itself, so can we please cut the bullshit. And just to burn your straw man... No, of course not all muslims are terrorists, just as not all Northern Irish catholics are terrorists. But wake up and smell the coffee, just as a huge number of catholics from N.I. and East Coast US supported the IRA there is equal support within muslim communities for this shit. Don't believe me? I worked in a UK hospital where muslim doctors, yes, fucking doctors, were cheering the twin towers! Just think about that for a moment.

      Back on topic, the gov will continue until encryption is licensed; banks, e-commece stores, the gov obvs. And everything else will be outlawed, once again making criminals of the man on the Clapham Omnibus

      1. Anonymous Coward
        Anonymous Coward

        Re: AC: "Some saddo.."

        Its unlikely that everything else will be outlawed and its unlikely that encryption will be licensed.

      2. 's water music

        Re: AC: "Some saddo.."

        Don't believe me? I worked in a UK hospital where muslim doctors, yes, fucking doctors, were cheering the twin towers! Just think about that for a moment.

        [citation needed]

      3. Roo

        Re: AC: "Some saddo.."

        "Yeah, of course, argument with his girlfriend and his first thought was "rampage at HoC and stab a copper!"

        Raoul Moat.

  21. Anonymous Coward
    Anonymous Coward

    So, whatsapp give you a back door then said terrorists start encrypting the messages they send through whatsapp with their own predetermined encryption (it's not exactly hard is it)

    I can't believe were going through the same debate over and over again. Anyone would think the governments of the western world are looking for total control of information for some reason unrelated to totalitarianism of course.

  22. gnasher729 Silver badge

    Listen to the NSA!

    The NSA will not be suspected by anyone to be a champion for privacy. And the NSA has said repeatedly (for the USA) that weakening encryption, while it would help catching some criminals, would be so damaging both for the citizens, but also for the government, that overall it would be a strong negative for the USA as a whole.

    I doubt that the situation is different in the UK.

    And anyone with a little bit of mathematical knowledge (if you know what a primitive root is, and that every prime number has one, then you are good to re-create RSA) is quite capable of creating slow but bullet proof encryption. You can make the average citizen unsafe, and catch stupid criminals and terrorist, but you can't stop anyone clever.

  23. Anonymous Coward
    Anonymous Coward

    The Investigatory Powers Bill

    The Meeting with Industry on Thursday is just to remind them of the The Investigatory Powers Bill section 217 which obliged ISPs, telcos and other communications providers to let the government know in advance of any new products and services being deployed and allow the government to demand "technical" changes to software and systems.( https://www.theregister.co.uk/2016/11/30/investigatory_powers_act_backdoors/ )

    so you can no longer trust any program or app that has been updated and you do not have the full source code for.

    Terrorists with any tech knowledge will just start using home brewed encryption or will use multi levels of encryption encrypting an encrypted message multiple times with multiple keys makes exponentially harder for anyone wanting to unencrypt messages. (unless you have backdoor to the hardware that sent the message)

    1. Anonymous Coward
      Anonymous Coward

      Re: The Investigatory Powers Bill

      how do you know that is what the meeting is about?

  24. Bernard M. Orwell

    IIRC

    "This leads me to think that they probably had the "metadata" (i.e. they were doing real time scanning of the whatsapp network to see who is messaging who), but are unable to decipher the messages themselves."

    You know, I'm fairly certain that when this mass-monitoring gig first hit the broader news, we were assured by all sorts of gov and TLA types that they only wanted the meta-data and weren't interested, or authorised, to access the actualy *content* of our communications.

    Whatever happened to that undertaking?

    1. Nondescript Figure

      Re: IIRC

      Give them an inch etc.

    2. Roo
      Windows

      Re: IIRC

      "You know, I'm fairly certain that when this mass-monitoring gig first hit the broader news, we were assured by all sorts of gov and TLA types that they only wanted the meta-data and weren't interested, or authorised, to access the actualy *content* of our communications."

      I wouldn't be surprised if that was still the case broadly speaking.

      "Whatever happened to that undertaking?"

      The apparatchiks worked out that unlimited access to people's private communications would allow them to nip challenges to their power in the bud, and make lots of money in the process.

  25. PTW
    Pint

    Usual default for control

    As we all know, the government can't ban encryption, so they'll do what they always do with "necessary evils" e.g. alcohol, tobacco, firearms, drugs. etc and license it.

    Game over, who wants to go to gaol for using Signal/Telegram to message your SO?

    Icon, because it's only Monday morning and now I need one of these ---->

    1. Anonymous Coward
      Anonymous Coward

      Re: Usual default for control

      its unlikely they will be able to license it for many reasons. people will keep using Signal/Telegram and trying to license it will lead to backlash because many use them.

      1. Anonymous Coward
        Anonymous Coward

        Re: Usual default for control

        "it will lead to backlash because many use them."

        It will only lead to a backlash if it is badly managed and it will be spun that it is for "OUR" protection and that you only have something to fear if you are a criminal or a terrorist.

        the majority of "USERS" are not technical and will not realise that they are more at risk from "bad apples" if the encryption is changed to allow for security services to have access.

        Looking at the users at large they don't seem to be worried about their security just look at the lack of general outcry against all the personal information harvested by corporations (Google, Facebook, Apple, Microsoft ETC ETC) yes there is minimal outcry from technically savvy individuals and groups but this is minimal compared to the user base for the systems and the regulators have not made a move so it will carry on and get more intrusive.

        there have been attempts to launch hardened communications, email, chat, etc but when sold as privacy solutions they are less successful often because they are less user friendly or there are incompatibility issues due to the added layer of security.

        services like whatsapp have become popular as the security is an invisible layer to the user it does not impact on their use of the system and it is only one app.

        trying to secure email in a way not to confuse and impact on users due to the cross platform communication requirements would require the implementation of the security in ALL mail clients and browsers and the exchange of public keys in an invisible way to the user so the user does not need to do anything different if the mail they are sending is to an address that's using encryption or not but over time as people upgrade software all communication would become encrypted. (in this case i'm assuming the servers does not need to know the key as envelope data is still visible but if you wish to secure even the routing information it gets even more complicated)

  26. Anonymous Coward
    Anonymous Coward

    This wont stop terrorist acts

    the surveillance wont stop terrorist acts as the prime minister said "he was not on the intelligence services Radar"

    so unless they are monitoring EVERYONE ALL THE TIME then they would not be able to stop this or other acts of criminality where the accused was not being actively investigated beforehand.

    It will if they can force providers to keep logs of ALL conversations NOT just the meta data. AND they can get a Backdoor to the software or hardware allow them to find out what a person of interest was saying and to who AFTER the fact.

    1. Roo
      Windows

      Re: This wont stop terrorist acts

      "so unless they are monitoring EVERYONE ALL THE TIME then they would not be able to stop this or other acts of criminality where the accused was not being actively investigated beforehand."

      They need a lot of man power to make that actually work, the Stasi achieved that by recruiting pretty much the entire population. I'm sure Daily Mail readers will be happy to volunteer, so it's not all bad news for the treasonous control freaks in HMG hell-bent on wrecking this country's ability to trade and feed itself.

  27. Doctor Syntax Silver badge

    It would help of the political interviewers had some technical nous.

    Rudd should have been asked if she was prepared to lead from the front and publish all her credentials for online banking, eBay, Amazon or whatever. As she'd have been bewildered she (and the audience) could have then had it gently explained that this was, in effect, what she was demanding of the rest of the population.

    As it is any politician can walk into any radio or TV studio, spout whatever nonsense their department has fed them and walk out unchallenged about any of it.

    1. Anonymous Coward
      Anonymous Coward

      "As it is any politician can walk into any radio or TV studio, spout whatever nonsense their department has fed them and walk out unchallenged about any of it"

      Exactly, so many 'soft pointless interviews' of late, whether newspapers, 24 hour news, even Radio4. From Ofcom's Sharon White, BT's Chairman, Amber Rudd (as stated), or vacuous nonsense "best deal possible" from Theresa May.

  28. John H Woods Silver badge

    What if. ..

    ... just before the attack, he'd been spotted releasing a carrier pigeon?

    1. Mad Jack

      Re: What if. ..

      One can only assume that Ruddled would then demand all Carrier Pigeons be fitted with portable rectal probes...

      1. TRT Silver badge

        Re: What if. ..

        I suppose he could have sent a message in morse code, by bumping up and down the kerb...

  29. Anonymous Coward
    Anonymous Coward

    Terror Tactics

    There are people who hate us and our freedoms, and want to bring down our society using fear as a tool. Occasionally they are successful in an attack, killing and maiming ordinary people, and get a lot of media coverage. The government then proposes to remove our freedoms using fear as a tool.

    Whose side are you on, Amber Rudd?

  30. Anonymous Coward
    Anonymous Coward

    Whatsapp is a tool. If it was used for evil purposes it's not the fault of the tool or its manufacturer. By this logic you might as well ban mobile phones because one of those was used to run Whatsapp on, right?

  31. Anonymous Coward
    Anonymous Coward

    Telegram would be far easier to access.

    There is an obvious way for a government to get access to the cloudy part of telegram. Get the telco to redirect the activation SMS to a device they control, copy all the messages.

    The access could probably be masked to some extent by careful timing, or blocking the internet on the other devices and then deleting the notifications.

    Of course this would be why the system has a private mode, too.

    I still trust it more than something owned by Facebook though.

  32. Rob Gr

    That was anticipated

    Two things are predicatable after any "terror" related incident (although in this case, one nutter with a knife does not exactly seem to worth even considering as terror):

    1. Right-wing nutters will groundlessly blame it on immigration.

    (check - Nuttal and Farage both - later turns out nutter was UK-born and converted to Islam in UK)

    2. Home Secretary of time will use it as an excuse to try to get more surveillance powers.

    In both cases, there is no basis in evidence for the reaction.

  33. MJI Silver badge

    Why was Elm not in prison?

    A complete nutter and used to go around slicing people for fun.

    Elms should have been on a watch list as a total nutter found by radical nutters a few years ago.

    Plenty out there about his past, a really nasty piece of work.

  34. Anonymous Coward
    Anonymous Coward

    Amber Rudd, a mouthpiece of utter conjecture.

    Amber Rudd - "a mouthpiece of utter conjecture". Anyone who sat through/listened to the Energy and Climate Change Select Committee, when she was in charge - will no doubt agree.

    Theresa May promoted Amber Rudd and Liz Truss to surround herself with incompetence to make her own, look marginally better.

    Of course, we should all be grateful we can all tell a would-be extremist in 2017.

    Tell the difference between ones banging on the outside of our front doors profusely, screaming to enter, from the ones (metaphorically) quietly standing on the inside, having wholesale access to our emails, phone/contact lists, social media, bank accounts, daily whereabouts.

    The former we're told in very simplist terms "acted alone", we'll never lknow if this person was kettled/provoked into doing what they do, by hidden powers that be, at a convenient time to cause political diversion, say, when a crucial Independence vote is taking place in Scotland.

    Given the sheer amount of disinformation the Met Police released following the shooting of the Brazilian Electrician, I'd take the mention of WhatsApp by a 52 year, at best, a statistical rarity.

    1. tiggity Silver badge

      Re: Amber Rudd, a mouthpiece of utter conjecture.

      Ironically enough, I was with one of my friends yesterday, quite a bit older than 52, and they were using What's app to talk to family in Jamaica as whats app incoming call arrived while we were chatting.

      So 52 YO on Whats App not a statistical rarity, as (just like with other chat methods such as Skype in the past) often younger family members / friends will get older folks to use the software they use as it's convenient (and in this case an awful lot cheaper than Jamaica to UK to Jamaica phone calls)

    2. Doctor Syntax Silver badge

      Re: Amber Rudd, a mouthpiece of utter conjecture.

      "I'd take the mention of WhatsApp by a 52 year, at best, a statistical rarity."

      Do not spoil your arguments by throwing in casual, uninformed and irrelevant ageism.

  35. fattybacon

    Journalism

    I've read all the posts so far.. lots of criticism of the minister and the Whitehall wonks and their agendas. No mention of the piss-poor journalism at play. The obvious question even if you could make you a backdoor and give Western governments the key then do you give all governments the key also?

    And considering how often ours lose data then what hope? Additionally, all our IT systems are run by Capita et al. Do they have keys too?

  36. Anonymous Coward
    Anonymous Coward

    It'll all be fine

    Now that the Brexit is coming, those pesky laws of mathematics imposed upon the UK by a tyrannical EU will be repelled.

    Soon, very soon, there'll be unbreakable crypto that only the government can lawfully access, and that access never will be abused nor fall into the wrong hands.

    Hey, I can blame the EU for anything, too!

    1. This post has been deleted by its author

    2. Roo
      Windows

      Re: It'll all be fine

      "Now that the Brexit is coming, those pesky laws of mathematics imposed upon the UK by a tyrannical EU will be repelled."

      The other thing being "repelled" is the finance industry, which is exactly what the EU & US have been trying to achieve for the 200 years or so. Presumably Team Brexit are planning on emigrating to the US or perhaps the Virgin Islands to enjoy their retirement.

  37. This post has been deleted by its author

  38. Anonymous Coward
    Anonymous Coward

    The good news is that the people in Cheltenham who do understand encryption are probably holding their heads in their hands as this old chestnut comes around again. They know you can't have strong encryption with a backdoor and have probably explained it a dozen times before - not least when Cameron made the same proposal shortly after the Charlie Hebdo attacks.

    This is probably more to do with getting the Mail off the government's backs. Dacre and chums have been merrily laying into Internet companies of late as assistants to terrorists (when its really that Google's eating all their ad money). The Tories never want to see an ideological wedge open up between them and the Mail.

    If the government really wants to stop extremism they could consider attacking the various fear-mongering journalists employed by the tabloids who are paid huge amounts of money to tell people around the world that we should be afraid of our own shadows.

  39. Anonymous Coward
    Anonymous Coward

    If the interviewer had been on the ball

    They would have mentioned that all of the necessary algorithms to build an end-to-end encrypted messaging app are in the wild and encoded into any number of libraries. If the government goes after Apple or Facebook and demands back doors (good luck on that by the way), the ink won't have dried on the legislation before an app is released with all the security afforded by strong encryption and no known owner.

    The only people affected by any legislation on back doors will be the law-abiding citizens that the likes of Rudd swear an oath to protect.

  40. Disgruntled of TW
    Pint

    Feeling sorry for her ...

    Her civil servant that is briefing her, or the security consultant, needs to step away from the keyboard and put the computer back in its box labelling it "return to sender". It's not something they should be playing with in public.

    Now, Amber needs to learn when she's being fed a wet trout with English mustard and when it is not appropriate to engage mouth prior to brain having established technically correct facts.

    But this is politics, and they have the power and geeks who understand the technology do not, and that's why books like 1984 get written, and RIPA legislation gets passed.

    There is always ale. Thankfully. I will vote for ale.

  41. steviebuk Silver badge

    Another clueless MP

    Another clueless MP that neither understands how encryption works or even how the Internet works.

    She added: "I know it sounds a bit like we're stepping away from legislation, but we're not. What I'm saying is: The best people, who understand the technology, who understand the necessary hashtags to stop this stuff even being put up, not just taking it down, but stop it getting up in the first place, are going to be them. That's why I'd like to have an industry-wide board set up where they do it themselves."

    She's clearly just heard a few "technical terms" and spitted them out hoping no one would notice she doesn't have a clue what she is talking about.

    I'm going to put lots of "hashtags" in the firewall settings. That will stop all nasty things from happening on the Internet.

  42. Steve Evans

    And all this is justified because some nutter used Whatsapp just before killing 4 people.

    What's the betting his highly encrypted Whatsapp message, which is the current excuse, was just a "Goodbye" to his family?

    And he "only" killed 4 (no disrespect intended). The average road deaths in the UK is 4.7 a day... Every day... She'd be more justified banning cars.

    1. TRT Silver badge

      How many dead in gang related violence so far this year? The police and security services have done a pretty good job in stopping the organised attacks so far, I reckon. Without all the tools Herr Rudd would have them, err, tooled up with as well!

  43. Anonymous Coward
    Anonymous Coward

    Even if (and thats a big IF), all encrypted comms had perfectly safe back doors so the GCHQ and NSA-types could read all messages and criminals no longer existed (and pollution-eating unicorns frolicked through fields of grass outside most major cities), then the "bad guys" would just resort to innocent looking messages on random public discussion boards that were pre-arranged in a F2F meeting.

    I think we could get a lot of fun if they decide to start banning hashtags - although the government might not when they realise that all the hashtags they'd like to use are spiked with ISIS murder porn.

  44. steviebuk Silver badge

    Another reason all her comments are stupid, are because, if I've read correctly, they weren't even monitoring the guy. So the act would of still happened because, if Whatsapp had no encryption, they still wouldn't of seen his comms before hand because they weren't monitoring him.

    If she got her way they'd all just avoid the likes of Whatsapp. Going even as far as creating their own service.

  45. TRT Silver badge
  46. IdioticGenius

    Gov is a bunch of frauds.

    This is the Governments Method

    1) Spy on everything all the time anyway

    2) Pretend more access is needed (especially right after an attack)

    3) Pass a new law for something they were already doing illegally, i.e collecting data for 17 years, and then changing the law to make it "legal"

    https://theintercept.com/2016/10/17/gchq-mi5-investigatory-powers-tribunal-bulk-datasets/

  47. Ol' Grumpy

    Surely putting backdoors in the encryption of applications like WhatsApp will just drive those who wish to avoid potential governmental snooping further underground and switch to other methods?

    1. steviebuk Silver badge

      True and when the crooks find the back doors, and they 100% will, they'll also be using said access.

      The crooks would be the ones that would want this to come to pass.

  48. David Pearce

    As WhatsApp is very popular in Asia and the Middle East, there is a long list of governments who would want access to the messages and metadata. How does May propose to stop these snooping UK users data and contacts?

    I am guessing this is why WhatsApp went end to end in the first place, too many people would ask and what is legal in one country could get you shot somewhere else

  49. Anonymous Coward
    Joke

    I can't help thinking she should be in the Green Party anyway...

    [ X ] Rudd, Amber (Green)

  50. teebie

    "who understand the necessary hashtags to stop this stuff even being put up"

    said Amber Rudd, much to the shame of everyone

  51. Ashto5

    Mission Impossible

    Too many people have too much to lose to allow this through.

    No matter how much access the HMG have they will not be able to stop a nut job.

    You all know that the tech companies have backdoors in their software?

    They just don't tell you.

  52. Anonymous Coward
    Anonymous Coward

    The bit that absolutely amazes me is the number of commentards who seem to think that WhatsApp is secure. -->Facebook<-- paid 19 billion for it. My money is on "end-to-end encryption" being nothing more than a marketing term. I certainly wouldn't trust anything to it that I wouldn't be happy to write on a postcard.

    1. Anonymous Coward
      Anonymous Coward

      "My money is on "end-to-end encryption" being nothing more than a marketing term."

      I imagine that either metadata is transferred to Facebook down a second channel while the text of the message is end to end encrypted, or that FB's definition of an endpoint is "Facebook".

  53. Anonymous Coward
    Anonymous Coward

    Translation

    “If I was talking to Tim Cook, I would say something completely different. I would not say 'open up', we don't want to 'go into the cloud', we don't want to do all sorts of things like that."

    Translation: "Personally I don't use WhatsApp so I don't care if MI5 see those messages, but I do have an iPhone and I don't want MI5 digging around in my iCloud account."

    I doubt she has even heard of Signal...

  54. JaitcH
    FAIL

    Oh, Oh. Another Home Secretary Gets the GCHQ Power Point Session

    Seems that every political nobody who gets appointed Home Secretary visits the Donut in Gloucestershire gets the same old pack of lies which they then repeat ad nauseum in public.

    Privacy is a Human Right.

    Privacy is a fundamental human right recognized in the UN Declaration of Human Rights, the International Covenant on Civil and Political Rights and in many other international and regional treaties. Privacy underpins human dignity and other key values such as freedom of association and freedom of speech. (Britain is a signatory)

    The Human Rights Act is a UK law passed in 1998. It means that you can defend your rights in the UK courts and that public organisations (including the Government, the Police and local councils) must treat everyone equally, with fairness, dignity and respect.

    Pity the Home Secretary doesn't do some reading before opening her mouth.

    1. Toni the terrible Bronze badge

      Re: Oh, Oh. Another Home Secretary Gets the GCHQ Power Point Session

      But they want to repeal at least large sections of the HR Act, and how long before England (after Scotxit) is not a signatory to the human rights declaration. So, that doesn't mean anything to them.

    2. Doctor Syntax Silver badge

      Re: Oh, Oh. Another Home Secretary Gets the GCHQ Power Point Session

      "The Human Rights Act is a UK law passed in 1998....Pity the Home Secretary doesn't do some reading before opening her mouth."

      Yes, but the current PM has been wanting to repeal that ever since she was Home Sec. She's not going to want a Home Sec going against that. Don't pity Amber Rudd; she was doing exactly what was required of her.

      The main thing that was stopping May was being in the EU.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like